Cybersecurity - Attack and Defense Strategies - Second Edition

(ebook) (audiobook) (audiobook)

Autorzy:: Yuri Diogenes, Dr. Erdal Ozkaya

Cybersecurity - Attack and Defense Strategies - Second Edition Yuri Diogenes, Dr. Erdal Ozkaya - okładka książki

Cybersecurity - Attack and Defense Strategies - Second Edition Yuri Diogenes, Dr. Erdal Ozkaya - okładka audiobooka MP3

Cybersecurity - Attack and Defense Strategies - Second Edition Yuri Diogenes, Dr. Erdal Ozkaya - okładka audiobooks CD

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 634
Dostępne formaty::      PDF

     ePub

     Mobi

Ebook

239,00 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Cybersecurity - Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book, covering the very latest security threats and defense mechanisms including a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape, with additional focus on new IoT threats and cryptomining.

Cybersecurity starts with the basics that organizations need to know to maintain a secure posture against outside threat and design a robust cybersecurity program. It takes you into the mindset of a Threat Actor to help you better understand the motivation and the steps of performing an actual attack - the Cybersecurity kill chain. You will gain hands-on experience in implementing cybersecurity using new techniques in reconnaissance and chasing a user's identity that will enable you to discover how a system is compromised, and identify and then exploit the vulnerabilities in your own system.

This book also focuses on defense strategies to enhance the security of a system. You will also discover in-depth tools, including Azure Sentinel, to ensure there are security controls in each network layer, and how to carry out the recovery process of a compromised system.

Wybrane bestsellery

Yuri Diogenes, Dr. Erdal Ozkaya - pozostałe książki

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook
i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Oceny i opinie klientów: Cybersecurity - Attack and Defense Strategies - Second Edition Yuri Diogenes, Dr. Erdal Ozkaya (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły książki

Tytuł oryginału:: Cybersecurity - Attack and Defense Strategies - Second Edition
ISBN Ebooka:: 978-18-388-2221-7, 9781838822217
Data wydania ebooka:: 2019-12-31 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 33.7MB
Rozmiar pliku ePub:: 69.0MB
Rozmiar pliku Mobi:: 69.0MB

Kategorie:
Hacking » Bezpieczeństwo systemów
Programowanie » Python - Programowanie
Systemy operacyjne » Powershell

Spis treści książki

Preface
- Who this book is for
- What this book covers
- To get the most out of this book
  - Download the color images
  - Conventions used
- Get in touch
  - Reviews
Security Posture
- The current threat landscape
- The credentials authentication and authorization
- Apps
  - Data
- Cybersecurity challenges
  - Old techniques and broader results
  - The shift in the threat landscape
- Enhancing your security posture
  - Cloud Security Posture Management
- The Red and Blue Teams
  - Assume breach
- Summary
- References
Incident Response Process
- The incident response process
  - Reasons to have an IR process in place
  - Creating an incident response process
  - Incident response team
  - Incident life cycle
- Handling an incident
  - Best practices to optimize incident handling
- Post-incident activity
  - Real-world scenario
  - Lessons learned
- Incident response in the cloud
  - Updating your IR process to include cloud
  - Appropriate toolset
  - IR Process from the Cloud Solution Provider (CSP) perspective
- Summary
- References
What is a Cyber Strategy?
- Introduction
- Why do we need to build a cyber strategy?
- How to build a cyber strategy
  - Understand the business
  - Understand threats and risks
  - Document
- Best cyber attack strategies (Red Team)
  - External testing strategies
  - Internal testing strategies
  - Blind testing strategy
  - Targeted testing strategy
- Best cyber defense strategies (Blue Team)
  - Defense in depth
  - Defense in breadth
- Summary
- Further reading
Understanding the Cybersecurity Kill Chain
- Introducing the Cyber Kill Chain
- Reconnaissance
- Weaponization
- Privilege Escalation
  - Vertical privilege escalation
  - Horizontal privilege escalation
- Exfiltration
  - Sustainment
  - Assault
  - Obfuscation
    - Obfuscation Techniques
    - Dynamic code obfuscation
    - Hiding Trails
- Threat Life Cycle Management
  - Data Collection Phase
  - Discovery Phase
  - Qualification Phase
  - Investigation Phase
  - Neutralization Phase
  - Recovery Phase
  - Shared files
- Tools used in the Cyber Kill Chain Phases
  - Nmap
  - Zenmap
  - Metasploit
  - John the Ripper
  - Hydra
  - Wireshark
  - Aircrack-ng
  - Nikto
  - Kismet
  - Airgeddon
  - Deauther Board
    - Mitigations against wireless attacks
  - EvilOSX
- Cybersecurity Kill Chain Summary
- Lab Hacking Wireless Network/s via Evil Twin Attack
  - The Lab Scenario
  - Step 1 Ensure you have all required hardware and software for the "simulated attack"
  - Step 2 Install Airgeddon in Kali
  - Step 3 Configure Airgeddon
  - Step 4 Select target
  - Step 5 Gather the handshake
  - Step 6 Set the phishing page
  - Step 7 Capture the network credentials
- Lab Summary
- References
- Further reading
Reconnaissance
- External reconnaissance
  - Webshag
  - PhoneInfoga
  - Email harvester TheHarvester
- Web Browser Enumeration Tools
  - Penetration Testing Kit
  - Netcraft
  - Dumpster diving
  - Social media
  - Social engineering
    - Pretexting
    - Diversion theft
    - Phishing
    - Keepnet Labs
    - Water holing
    - Baiting
    - Quid pro quo
    - Tailgating
- Internal reconnaissance
  - Airgraph-ng
  - Sniffing and scanning
    - Prismdump
    - Tcpdump
    - Nmap
    - Wireshark
    - Scanrand
    - Masscan
    - Cain and Abel
    - Nessus
    - Metasploit
    - Aircrack-ng
  - Wardriving
  - Hak5 Plunder Bug
  - CATT
  - Canary token links
- Summary
- LAB
  - Google Hacking
    - Part 1: Hacking personal information
    - Part 2: Hacking Servers
- References
Compromising the System
- Analyzing current trends
  - Extortion attacks
  - Data manipulation attacks
  - IoT device attacks
  - Backdoors
  - Mobile device attacks
  - Hacking everyday devices
  - Hacking the cloud
  - The appeal of cloud attacks
    - Cloud Hacking Tools
  - CloudTracker
    - OWASP DevSlop Tool
  - Cloud security recommendations
- Phishing
- Exploiting a vulnerability
  - Hot Potato
- Zero-day
  - WhatsApp vulnerability (CVE-2019-3568)
  - Chrome zero-day vulnerability (CVE-2019-5786)
  - Windows 10 Privilege escalation
  - Windows privilege escalation vulnerability (CVE20191132)
  - Fuzzing
  - Source code analysis
  - Types of zero-day exploits
    - Buffer overflows
    - Structured exception handler overwrites
- Performing the steps to compromise a system
  - Deploying payloads
    - Installing and using a vulnerability scanner
    - Using Metasploit
    - Compromising operating systems
    - Compromising a remote system
    - Compromising web-based systems
- Mobile phone (iOS / Android attacks)
  - Exodus
  - SensorID
  - iPhone hack by Cellebrite
  - Man-in-the-disk
  - Spearphone (loudspeaker data capture on Android)
  - Tap n Ghost
  - Red and Blue Team Tools for Mobile Devices
    - Snoopdroid
    - Androguard
    - Frida
    - Cycript
    - iOS Implant Teardown
- Lab
  - Building a Red Team PC in Windows
- Lab 2: Hack those websites (legally!)
  - bWAPP
  - HackThis!!
  - OWASP Juice Shop Project
  - Try2Hack
  - Google Gruyere
  - Damn Vulnerable Web Application (DVWA)
- Summary
- References
- Further reading
Chasing a Users Identity
- Identity is the new perimeter
- Strategies for compromising a user's identity
  - Gaining access to the network
  - Harvesting credentials
  - Hacking a user's identity
  - Brute force
  - Social engineering
  - Pass the hash
  - Identity theft through mobile devices
  - Other methods for hacking an identity
- Summary
- References
Lateral Movement
- Infiltration
- Network mapping
- Avoiding alerts
- Performing lateral movement
  - Think like a Hacker
  - Port scans
  - Sysinternals
  - File shares
  - Windows DCOM
  - Remote Desktop
  - PowerShell
  - Windows Management Instrumentation
  - Scheduled tasks
  - Token stealing
  - Stolen credentials
  - Removable media
  - Tainted Shared Content
  - Remote Registry
  - TeamViewer
  - Application deployment
  - Network Sniffing
  - ARP spoofing
  - AppleScript and IPC (OS X)
  - Breached host analysis
  - Central administrator consoles
  - Email pillaging
  - Active Directory
  - Admin shares
  - Pass the ticket
  - Pass the hash (PtH)
  - Winlogon
  - Lsass.exe Process
    - Security Accounts Manager (SAM) database
    - Domain Active Directory Database (NTDS.DIT):
    - Credential Manager (CredMan) store:
    - PtH Mitigation Recommendations
- Lab
  - Hunting Malware without antivirus
- Summary
- References
- Further reading
Privilege Escalation
- Infiltration
  - Horizontal Privilege Escalation
  - Vertical Privilege Escalation
- Avoiding alerts
- Performing Privilege Escalation
  - Exploiting unpatched operating systems
  - Access token manipulation
  - Exploiting accessibility features
  - Application shimming
  - Bypassing user account control
  - DLL injection
  - DLL search order hijacking
  - Dylib hijacking
  - Exploration of vulnerabilities
  - Launch daemon
- Hands-on example of Privilege Escalation on a Windows target
- Privilege escalation techniques
  - Dumping the SAM file
  - Rooting Android
  - Using the /etc/passwd file
  - Extra window memory injection
  - Hooking
  - New services
  - Scheduled tasks
- Windows Boot Sequence
  - Startup items
    - Startup 101
  - Sudo caching
    - Additional tools for privilege escalation
    - 0xsp Mongoose v1.7
- Conclusion and lessons learned
- Summary
- Lab 1
- Lab 2
  - Part 1 Retrieving passwords from LSASS
  - Part 2 Dumping Hashes with PowerSploit
- Lab 3: HackTheBox
- References
Security Policy
- Reviewing your security policy
- Educating the end user
  - Social media security guidelines for users
  - Security awareness training
- Policy enforcement
  - Application whitelisting
  - Hardening
- Monitoring for compliance
- Continuously driving security posture enhancement via security policy
- Summary
- References
Network Segmentation
- The defense in depth approach
  - Infrastructure and services
  - Documents in transit
  - Endpoints
- Physical network segmentation
  - Discovering your network
- Securing remote access to the network
  - Site-to-site VPN
- Virtual network segmentation
- Zero trust network
  - Planning zero trust network adoption
- Hybrid cloud network security
  - Cloud network visibility
- Summary
- Ref
Active Sensors
- Detection capabilities
  - Indicators of compromise
- Intrusion detection systems
- Intrusion prevention system
  - Rule-based detection
  - Anomaly-based detection
- Behavior analytics on-premises
  - Device placement
- Behavior analytics in a hybrid cloud
  - Azure Security Center
  - Analytics for PaaS workloads
- Summary
- References
Threat Intelligence
- Introduction to threat intelligence
- Open source tools for threat intelligence
  - Free threat intelligence feeds
- Microsoft threat intelligence
  - Azure Sentinel
- Leveraging threat intelligence to investigate suspicious activity
- Summary
- Refe
Investigating an Incident
- Scoping the issue
  - Key artifacts
- Investigating a compromised system on-premises
- Investigating a compromised system in a hybrid cloud
  - Integrating Azure Security Center with your SIEM for Investigation
- Proactive investigation (threat hunting)
- Lessons learned
- Summary
- References
Recovery Process
- Disaster recovery plan
  - The disaster recovery planning process
    - Forming a disaster recovery team
    - Performing risk assessment
    - Prioritizing processes and operations
    - Determining recovery strategies
    - Collecting data
    - Creating the DR plan
    - Testing the plan
    - Obtaining approval
    - Maintaining the plan
  - Challenges
- Contingency planning
  - IT contingency planning process
    - Development of the contingency planning policy
    - Conducting business impact analysis
    - Identifying the preventive controls
    - Business continuity vs Disaster recovery
    - Developing recovery strategies
- Live recovery
  - Plan maintenance
  - Cyber Incident Recovery Examples from the field
  - Risk management tools
    - RiskNAV
    - IT Risk Management App
- Best practices for recovery planning
- Disaster recovery best practices
  - On-Premises
    - On the cloud
    - Hybrid
    - Cyber-resilient recommendations
- Summary
- Resources for DR Planning
- References
- Further reading
Vulnerability Management
- Creating a vulnerability management strategy
  - Asset inventory
  - Information management
  - Risk assessment
    - Scope
    - Collecting data
    - Analysis of policies and procedures
    - Vulnerability analysis
    - Threat analysis
    - Analysis of acceptable risks
  - Vulnerability assessment
  - Reporting and remediation tracking
  - Response planning
- Vulnerability management tools
  - Asset inventory tools
    - Peregrine tools
    - LANDesk Management Suite
    - StillSecure
    - McAfee's Enterprise
  - Information management tools
  - Risk assessment tools
  - Vulnerability assessment tools
  - Reporting and remediation tracking tools
  - Response planning tools
- Implementation of vulnerability management
- Best practices for vulnerability management
- Vulnerability management tools
  - Intruder
  - Patch Manager Plus
  - InsightVM
  - Azure Threat & Vulnerability Management
- Implementing vulnerability management with Nessus
  - OpenVAS
  - Qualys
  - Acunetix
- LABS
  - Lab 1: Performing an online vulnerability scan with Acunetix
  - Lab 2: Network security scan with GFI LanGuard
- Summary
- References
Log Analysis
- Data correlation
- Operating system logs
  - Windows logs
  - Linux logs
- Firewall logs
- Web server logs
- Amazon Web Services (AWS) logs
  - Accessing AWS logs from Azure Sentinel
- Azure Activity logs
  - Accessing Azure Activity logs from Azure Sentinel
- Summary
- Refere
Other Books You May Enjoy
Index

pokaż cały spis treści