You're reading from Adversarial Tradecraft in Cybersecurity Offense versus defense in real-time computer conflict

Product type Paperback

Published in Jun 2021

Publisher Packt

ISBN-13 9781801076203

Length 246 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Dan Borges

View More author details

Table of Contents (11) Chapters

Preface

1. Theory on Adversarial Operations and Principles of Computer Conflict

2. Preparing for Battle FREE CHAPTER

3. Invisible is Best (Operating in Memory)

4. Blending In

5. Active Manipulation

6. Real-Time Conflict

7. The Research Advantage

8. Clearing the Field

9. Other Books You May Enjoy

10. Index

What this book covers

Chapter 1, Theory on Adversarial Operations and Principles of Computer Conflict: This chapter is all about theory and setting the reader up with guidance for future chapters. This chapter covers topics such as adversarial theory, CIAAAN attributes, game theory, an overview of offense versus defense in computer security, various competitions these principles can be applied in, and seven additional principles of computer conflict.

Chapter 2, Preparing for Battle: This chapter is all about preparing for a competition, operation, or engagement. This chapter covers topics such as team building, long-term planning, operational planning, infrastructure setup, data collection, data management, KPIs, and tool development.

Chapter 3, Invisible is Best (Operating in Memory): This chapter is all about process injection, hiding in memory, and detecting process injection techniques. This chapter covers topics such as the offensive shift to memory operations, process injection with CreateRemoteThread, position-independent shellcode, automating Metasploit, detecting process injection, configuring defensive tools, and detecting malicious activity behaviorally.

Chapter 4, Blending In: This chapter is about the trade-off between in-memory operations and blending into normal activity. This chapter covers topics such as LOLbins, DLL search order hijacking, executable file infection, covert command and control (C2) channels, detecting covert C2, DNS logging, detecting backdoored executables, and various honey techniques.

Chapter 5, Active Manipulation: This chapter is about actively tampering with your opponent's tools and sensors to deceive your opponents. This chapter covers topics such as deleting logs, backdooring frameworks, rootkits, detecting rootkits, and multiple methods for deceiving attackers.

Chapter 6, Real-Time Conflict: This chapter is about gaining the advantage when two operators are actively on the same machine. This chapter covers topics such as situational awareness, manipulating Bash history, keylogging, screenshots, gathering passwords, searching for secrets, triaging a system, performing root cause analysis, killing processes, blocking IP addresses, network quarantine, rotating credentials, and hacking back.

Chapter 7, The Research Advantage: This chapter is about gaining the advantage through research and automation during downtime. This chapter covers topics such as dominant strategies in CTFs, memory corruption, offensive targeting, software supply chain attacks, F3EAD, clandestine exploitation, threat modeling, application research, data logging, and attribution.

Chapter 8, Clearing the Field: This chapter is about ending the conflict and remediating a compromise. This chapter covers topics such as exfiltration with protocol tunneling, steganography in exfiltration, various anonymity networks, program security, rotating offensive tools, fully scoping an intrusion, containing an incident, remediation activities, post-mortem analysis, and forward-looking activities.