Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Cybersecurity – Attack and Defense Strategies
  • Table Of Contents Toc
Cybersecurity – Attack and Defense Strategies

Cybersecurity – Attack and Defense Strategies - Second Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya
4.6 (24)
Buy this Book
close
close
Cybersecurity – Attack and Defense Strategies

Cybersecurity – Attack and Defense Strategies

4.6 (24)
By: Yuri Diogenes, Dr. Erdal Ozkaya
Buy this Book

Overview of this book

Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book, covering the very latest security threats and defense mechanisms including a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape, with additional focus on new IoT threats and cryptomining. Cybersecurity starts with the basics that organizations need to know to maintain a secure posture against outside threat and design a robust cybersecurity program. It takes you into the mindset of a Threat Actor to help you better understand the motivation and the steps of performing an actual attack – the Cybersecurity kill chain. You will gain hands-on experience in implementing cybersecurity using new techniques in reconnaissance and chasing a user’s identity that will enable you to discover how a system is compromised, and identify and then exploit the vulnerabilities in your own system. This book also focuses on defense strategies to enhance the security of a system. You will also discover in-depth tools, including Azure Sentinel, to ensure there are security controls in each network layer, and how to carry out the recovery process of a compromised system.
Table of Contents (20 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Lock Free Chapter
1
Security Posture
chevron up
Icon
Security Posture
Icon
The current threat landscape
Icon
The credentials – authentication and authorization
Icon
Apps
Icon
Cybersecurity challenges
Icon
Enhancing your security posture
Icon
The Red and Blue Teams
Icon
Summary
Icon
References
2
Incident Response Process
Icon
Incident Response Process
Icon
The incident response process
Icon
Handling an incident
Icon
Post-incident activity
Icon
Incident response in the cloud
Icon
Summary
Icon
References
3
What is a Cyber Strategy?
Icon
Introduction
Icon
Why do we need to build a cyber strategy?
Icon
How to build a cyber strategy
Icon
Best cyber attack strategies (Red Team)
Icon
Best cyber defense strategies (Blue Team)
Icon
Summary
Icon
Further reading
4
Understanding the Cybersecurity Kill Chain
Icon
Understanding the Cybersecurity Kill Chain
Icon
Introducing the Cyber Kill Chain
Icon
Reconnaissance
Icon
Weaponization
Icon
Privilege Escalation
Icon
Exfiltration
Icon
Threat Life Cycle Management
Icon
Tools used in the Cyber Kill Chain Phases
Icon
Cybersecurity Kill Chain Summary
Icon
Lab – Hacking Wireless Network/s via Evil Twin Attack
Icon
Lab Summary
Icon
References
Icon
Further reading
5
Reconnaissance
Icon
Reconnaissance
Icon
External reconnaissance
Icon
Web Browser Enumeration Tools
Icon
Internal reconnaissance
Icon
Summary
Icon
LAB
Icon
References
6
Compromising the System
Icon
Compromising the System
Icon
Analyzing current trends
Icon
Phishing
Icon
Exploiting a vulnerability
Icon
Zero-day
Icon
Performing the steps to compromise a system
Icon
Mobile phone (iOS / Android attacks)
Icon
Lab
Icon
Lab 2: Hack those websites (legally!)
Icon
Summary
Icon
References
Icon
Further reading
7
Chasing a User's Identity
Icon
Chasing a User's Identity
Icon
Identity is the new perimeter
Icon
Strategies for compromising a user's identity
Icon
Summary
Icon
References
8
Lateral Movement
Icon
Lateral Movement
Icon
Infiltration
Icon
Network mapping
Icon
Avoiding alerts
Icon
Performing lateral movement
Icon
Lab
Icon
Summary
Icon
References
Icon
Further reading
9
Privilege Escalation
Icon
Privilege Escalation
Icon
Infiltration
Icon
Avoiding alerts
Icon
Performing Privilege Escalation
Icon
Hands-on example of Privilege Escalation on a Windows target
Icon
Privilege escalation techniques
Icon
Windows Boot Sequence
Icon
Conclusion and lessons learned
Icon
Summary
Icon
Lab 1
Icon
Lab 2
Icon
Lab 3: HackTheBox
Icon
References
10
Security Policy
Icon
Security Policy
Icon
Reviewing your security policy
Icon
Educating the end user
Icon
Policy enforcement
Icon
Monitoring for compliance
Icon
Continuously driving security posture enhancement via security policy
Icon
Summary
Icon
References
11
Network Segmentation
Icon
Network Segmentation
Icon
The defense in depth approach
Icon
Physical network segmentation
Icon
Securing remote access to the network
Icon
Virtual network segmentation
Icon
Zero trust network
Icon
Hybrid cloud network security
Icon
Summary
Icon
Ref
12
Active Sensors
Icon
Active Sensors
Icon
Detection capabilities
Icon
Intrusion detection systems
Icon
Intrusion prevention system
Icon
Behavior analytics on-premises
Icon
Behavior analytics in a hybrid cloud
Icon
Summary
Icon
References
13
Threat Intelligence
Icon
Threat Intelligence
Icon
Introduction to threat intelligence
Icon
Open source tools for threat intelligence
Icon
Microsoft threat intelligence
Icon
Leveraging threat intelligence to investigate suspicious activity
Icon
Summary
Icon
References
14
Investigating an Incident
Icon
Investigating an Incident
Icon
Scoping the issue
Icon
Investigating a compromised system on-premises
Icon
Investigating a compromised system in a hybrid cloud
Icon
Proactive investigation (threat hunting)
Icon
Lessons learned
Icon
Summary
Icon
References
15
Recovery Process
Icon
Recovery Process
Icon
Disaster recovery plan
Icon
Contingency planning
Icon
Live recovery
Icon
Best practices for recovery planning
Icon
Disaster recovery best practices
Icon
Summary
Icon
Resources for DR Planning
Icon
References
Icon
Further reading
16
Vulnerability Management
Icon
Vulnerability Management
Icon
Creating a vulnerability management strategy
Icon
Vulnerability management tools
Icon
Implementation of vulnerability management
Icon
Best practices for vulnerability management
Icon
Vulnerability management tools
Icon
Implementing vulnerability management with Nessus
Icon
LABS
Icon
Summary
Icon
References
17
Log Analysis
Icon
Log Analysis
Icon
Data correlation
Icon
Operating system logs
Icon
Firewall logs
Icon
Web server logs
Icon
Amazon Web Services (AWS) logs
Icon
Azure Activity logs
Icon
Summary
Icon
References
18
Other Books You May Enjoy
Icon
Other Books You May Enjoy
19
Index
Icon
Index

The credentials – authentication and authorization

According to Verizon's 2017 Data Breach Investigations Report [9], the association between threat actor (or just actor), their motives, and their modus operandi vary according to the industry. However, the report states that stolen credentials are the preferred attack vector for financial motivation or organized crime. This data is very important, because it shows that threat actors are going after user's credentials, which leads to the conclusion that companies must focus specifically on authentication and authorization of users and their access rights.

The industry has agreed that a user's identity is the new perimeter. This requires security controls specifically designed to authenticate and authorize individuals based on their job and need for specific data within the network. Credential theft could be just the first step to enable cybercriminals to have access to your system. Having a valid user account in the network will enable them to move laterally (pivot), and at some point find the right opportunity to escalate privilege to a domain administrator account. For this reason, applying the old concept of defense in depth is still a good strategy to protect a user's identity, as shown in the following diagram:

Figure 2: Multi-layer protection for identity

In the previous diagram there are multiple layers of protection, starting with the regular security policy enforcement for accounts, which follow industry best practices such as strong password requirements, including frequent password changes and high password strength.

Another growing trend to protect user identities is to enforce MFA. One method that is seeing increased adoption is the callback feature, where the user initially authenticates using his/her credentials (username and password), and receives a call to enter their PIN. If both authentication factors succeed, they are authorized to access the system or network. We are going to explore this topic in greater detail in Chapter 7, Chasing a User's Identity. Another important layer is continuous monitoring, because at the end of the day, it doesn't matter having all layers of security controls if you are not actively monitoring your identity to understand the normal behavior, and identify suspicious activities. We will cover this in more detail in Chapter 12, Active Sensors.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Cybersecurity – Attack and Defense Strategies
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon