Book Image

Cybersecurity – Attack and Defense Strategies - Second Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya

Book Image

Cybersecurity – Attack and Defense Strategies - Second Edition

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book, covering the very latest security threats and defense mechanisms including a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape, with additional focus on new IoT threats and cryptomining. Cybersecurity starts with the basics that organizations need to know to maintain a secure posture against outside threat and design a robust cybersecurity program. It takes you into the mindset of a Threat Actor to help you better understand the motivation and the steps of performing an actual attack – the Cybersecurity kill chain. You will gain hands-on experience in implementing cybersecurity using new techniques in reconnaissance and chasing a user’s identity that will enable you to discover how a system is compromised, and identify and then exploit the vulnerabilities in your own system. This book also focuses on defense strategies to enhance the security of a system. You will also discover in-depth tools, including Azure Sentinel, to ensure there are security controls in each network layer, and how to carry out the recovery process of a compromised system.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Security Posture

Security Posture

The current threat landscape

The credentials – authentication and authorization

Cybersecurity challenges

Enhancing your security posture

The Red and Blue Teams

Incident Response Process

Incident Response Process

The incident response process

Handling an incident

Post-incident activity

Incident response in the cloud

What is a Cyber Strategy?

Why do we need to build a cyber strategy?

How to build a cyber strategy

Best cyber attack strategies (Red Team)

Best cyber defense strategies (Blue Team)

Further reading

Understanding the Cybersecurity Kill Chain

Understanding the Cybersecurity Kill Chain

Introducing the Cyber Kill Chain

Privilege Escalation

Threat Life Cycle Management

Tools used in the Cyber Kill Chain Phases

Cybersecurity Kill Chain Summary

Lab – Hacking Wireless Network/s via Evil Twin Attack

Further reading

Reconnaissance

External reconnaissance

Web Browser Enumeration Tools

Internal reconnaissance

Compromising the System

Compromising the System

Analyzing current trends

Exploiting a vulnerability

Performing the steps to compromise a system

Mobile phone (iOS / Android attacks)

Lab 2: Hack those websites (legally!)

Further reading

Chasing a User's Identity

Chasing a User's Identity

Identity is the new perimeter

Strategies for compromising a user's identity

Lateral Movement

Lateral Movement

Network mapping

Avoiding alerts

Performing lateral movement

Further reading

Privilege Escalation

Privilege Escalation

Avoiding alerts

Performing Privilege Escalation

Hands-on example of Privilege Escalation on a Windows target

Privilege escalation techniques

Windows Boot Sequence

Conclusion and lessons learned

Lab 3: HackTheBox

Security Policy

Security Policy

Reviewing your security policy

Educating the end user

Policy enforcement

Monitoring for compliance

Continuously driving security posture enhancement via security policy

Network Segmentation

Network Segmentation

The defense in depth approach

Physical network segmentation

Securing remote access to the network

Virtual network segmentation

Zero trust network

Hybrid cloud network security

Active Sensors

Detection capabilities

Intrusion detection systems

Intrusion prevention system

Behavior analytics on-premises

Behavior analytics in a hybrid cloud

Threat Intelligence

Threat Intelligence

Introduction to threat intelligence

Open source tools for threat intelligence

Microsoft threat intelligence

Leveraging threat intelligence to investigate suspicious activity

Investigating an Incident

Investigating an Incident

Scoping the issue

Investigating a compromised system on-premises

Investigating a compromised system in a hybrid cloud

Proactive investigation (threat hunting)

Lessons learned

Recovery Process

Recovery Process

Disaster recovery plan

Contingency planning

Best practices for recovery planning

Disaster recovery best practices

Resources for DR Planning

Further reading

Vulnerability Management

Vulnerability Management

Creating a vulnerability management strategy

Vulnerability management tools

Implementation of vulnerability management

Best practices for vulnerability management

Vulnerability management tools

Implementing vulnerability management with Nessus

Log Analysis

Data correlation

Operating system logs

Web server logs

Amazon Web Services (AWS) logs

Azure Activity logs

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Web server logs

When reviewing web server logs, pay particular attention to the web servers that have web applications interacting with SQL databases.

The IIS Web server log files are located at \WINDOWS\system32\LogFiles\W3SVC1 and they are .log files that can be opened using Notepad. You can also use Excel or Microsoft Log Parser to open this file and perform basic queries.

You can download Log Parser from https://www.microsoft.com/en-us/download/details.aspx?id=24659.

When reviewing the IIS log, pay close attention to the cs-uri-query and sc-status fields. These fields will show details about the HTTP requests that were performed. If you use Log Parser, you can perform a query against the log file to quickly identify whether the system experienced a SQL injection attack. Here is an example:

logparser.exe -i:iisw3c -o:Datagrid -rtp:100 "select date, time, c-ip, cs- uri-stem, cs-uri-query, time-taken, sc-status from C:wwwlogsW3SVCXXXexTEST*.log...