Book Image

Cybersecurity Attacks – Red Team Strategies

By : Johann Rehberger
Book Image

Cybersecurity Attacks – Red Team Strategies

By: Johann Rehberger

Overview of this book

It's now more important than ever for organizations to be ready to detect and respond to security events and breaches. Preventive measures alone are not enough for dealing with adversaries. A well-rounded prevention, detection, and response program is required. This book will guide you through the stages of building a red team program, including strategies and homefield advantage opportunities to boost security. The book starts by guiding you through establishing, managing, and measuring a red team program, including effective ways for sharing results and findings to raise awareness. Gradually, you'll learn about progressive operations such as cryptocurrency mining, focused privacy testing, targeting telemetry, and even blue team tooling. Later, you'll discover knowledge graphs and how to build them, then become well-versed with basic to advanced techniques related to hunting for credentials, and learn to automate Microsoft Office and browsers to your advantage. Finally, you'll get to grips with protecting assets using decoys, auditing, and alerting with examples for major operating systems. By the end of this book, you'll have learned how to build, manage, and measure a red team program effectively and be well-versed with the fundamental operational techniques required to enhance your existing skills.

Related Content you might be interested in

Current Title:

Small book image
Cybersecurity Attacks – Red Team Strategies
Johann Rehberger
Mar, 2020 | 524 pages
Small book image
Adversarial Tradecraft in Cybersecurity
Dan Borges
Jun, 2021 | 246 pages
Small book image
Purple Team Strategies
Simon Thoores | David Routin | Samuel Rossier
Jun, 2022 | 450 pages
Small book image
Cybersecurity Blue Team Strategies
Nikolaos Thymianis | Kunal Sehgal
Feb, 2023 | 208 pages
Table of Contents (17 chapters)
Preface
Preface
A note about terminology
Who this book is for
What this book covers?
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
1
Section 1: Embracing the Red
Section 1: Embracing the Red
Free Chapter
2
Chapter 1: Establishing an Offensive Security Program
Chapter 1: Establishing an Offensive Security Program
Defining the mission – the devil's advocate
Getting leadership support
Locating a red team in the organization chart
The road ahead for offensive security
Providing different services to the organization
Additional responsibilities of the offensive program
Training and education of the offensive security team
Policies – principles, rules, and standards
Rules of engagement
Standard operating procedure
Modeling the adversary
Anatomy of a breach
Modes of execution – surgical or carpet bombing
Environment and office space
Summary
Questions
3
Chapter 2: Managing an Offensive Security Team
Chapter 2: Managing an Offensive Security Team
Understanding the rhythm of the business and planning Red Team operations
Managing and assessing the team
Management by walking around
Managing your leadership team
Managing yourself
Handling logistics, meetings, and staying on track
Growing as a team
Leading and inspiring the team
For the best results – let them loose!
Leveraging homefield advantage
Disrupting the purple team
Summary
Questions
4
Chapter 3: Measuring an Offensive Security Program
Chapter 3: Measuring an Offensive Security Program
Understanding the illusion of control
The road to maturity
Threats – trees and graphs
Defining metrics and KPIs
Test Maturity Model integration (TMMi ®)and red teaming
MITRE ATT&CK™ Matrix
Remembering what red teaming is about
Summary
Questions
5
Chapter 4: Progressive Red Teaming Operations
Chapter 4: Progressive Red Teaming Operations
Exploring varieties of cyber operational engagements
Cryptocurrency mining
Red teaming for privacy
Red teaming the red team
Targeting the blue team
Leveraging the blue team's endpoint protection as C2
Social media and targeted advertising
Targeting telemetry collection to manipulate feature development
Attacking artificial intelligence and machine learning
Operation Vigilante – using the red team to fix things
Emulating real-world advanced persistent threats (APTs)
Performing tabletop exercises
Summary
Questions
6
Section 2: Tactics and Techniques
Section 2: Tactics and Techniques
7
Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases
Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases
Understanding attack and knowledge graphs
Graph database basics
Building the homefield graph using Neo4j
Exploring the Neo4j browser
Creating and querying information
Summary
Questions
8
Chapter 6: Building a Comprehensive Knowledge Graph
Chapter 6: Building a Comprehensive Knowledge Graph
Technical requirements
Case study – the fictional Shadow Bunny corporation
Mapping out the cloud!
Importing cloud assets
Loading CSV data into the graph database
Adding more data to the knowledge graph
Augmenting an existing graph or building one from scratch?
Summary
Questions
9
Chapter 7: Hunting for Credentials
Chapter 7: Hunting for Credentials
Technical requirements
Clear text credentials and how to find them
Leveraging indexing techniques to find credentials
Hunting for ciphertext and hashes
Summary
Questions
10
Chapter 8: Advanced Credential Hunting
Chapter 8: Advanced Credential Hunting
Technical requirements
Understanding the Pass the Cookie technique
Credentials in process memory
Abusing logging and tracing to steal credentials and access tokens
Windows Credential Manager and macOS Keychain
Using optical character recognition to find sensitive information in images
Exploiting the default credentials of local admin accounts
Phishing attacks and credential dialog spoofing
Performing password spray attacks
Summary
Questions
11
Chapter 9: Powerful Automation
Chapter 9: Powerful Automation
Technical requirements
Understanding COM automation on Windows
Achieving objectives by automating Microsoft Office
Automating and remote controlling web browsers as an adversarial technique
Summary
Questions
12
Chapter 10: Protecting the Pen Tester
Chapter 10: Protecting the Pen Tester
Technical requirements
Locking down your machines (shields up)
Improving documentation with custom Hacker Shell prompts
Monitoring and alerting for logins and login attempts
Summary
Questions
13
Chapter 11: Traps, Deceptions, and Honeypots
Chapter 11: Traps, Deceptions, and Honeypots
Technical requirements
Actively defending pen testing assets
Understanding and using Windows Audit ACLs
Notifications for file audit events on Windows
Building a Homefield Sentinel – a basic Windows Service for defending hosts
Monitoring access to honeypot files on Linux
Alerting for suspicious file access on macOS
Summary
Questions
14
Chapter 12: Blue Team Tactics for the Red Team
Chapter 12: Blue Team Tactics for the Red Team
Understanding centralized monitoring solutions that blue teams leverage
Using osquery to gain insights and protect pen testing assets
Leveraging Filebeat, Elasticsearch, and Kibana
Summary
Questions
15
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
16
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review - let other readers know what you think

Preface

An organization must be ready to detect and respond effectively to security events and breaches. Preventive measures alone are not enough in dealing with adversaries. An organization needs to create a well-rounded prevention, detection, and response program.

Security is not a feature that can be added to a system without significant delay and cost.

When it comes to software, it sometimes feels like security engineers are trying to help bolt wings onto an airplane while it's already on the runway and speeding up to take off. At times there are even passengers on the plane already, while on the side we have a few security warriors running along to help magically bolt on wings to avoid disaster.

This book is for all those security warriors and wizards that help secure the world and make sure that the plane takes off, flies, and lands safely and soundly.

As part of this book I will discuss penetration testing, red teaming, and offensive security at large and how to establish such a program within your organization. I do so by providing examples for what worked and what didn't work in my career and what things you might be able to avoid in the first place to get started and be effective fast.

One of the largest purple team operations I had the opportunity to lead had more than three dozen active participants who were hacking, scanning, stealing credentials, hunting, analyzing, forensicating, learning, and most importantly, having fun along the way while significantly positively impacting the company's culture and security posture.

My goal is for organizations that have not yet been exposed to the idea of compromising themselves to benefit from this book by leveraging the benefit of homefield advantage to stay ahead of real-world adversaries.

Mature organizations and security engineers hopefully see similar patterns in their areas.

The first part of this book, titled Embracing the Red, dives into the details, learning, and organizational challenges of how to build, manage, and measure an internal offensive security program. The second part of the book is entirely dedicated to the Tactics and Techniques that a penetration test team should be aware of and leveraging.

Hopefully, the program management parts of this book will support red teamers, pen testers, analysts, defenders, security leaders, and the security community to build strong, collaborative, and effective offensive security programs. Equally, the second part of the book provides insights with practical examples on how the reader can apply homefield advantage in technical terms.

The challenges in front of the security community and the industry are tremendous. The amount of information that needs protection, the amount of data stored in the cloud, the privacy concerns, the threats artificial intelligence holds, and the easy manipulation of the masses via social media are a reflection of how much work is ahead of us.

Having had the chance to interact, work with, and learn from so many security professionals, however, I'm confident that if we work together to share our understanding of the threats, mitigations, and risks, we will continue to rise and meet these challenges.

Previous Section
Next Section