You're reading from Cybersecurity Attacks ‚Äì Red Team Strategies A practical guide to building a penetration testing program having homefield advantage

Product type Paperback

Published in Mar 2020

Publisher Packt

ISBN-13 9781838828868

Length 524 pages

Edition 1st Edition

Tools

Neo4j

Concepts

Cybersecurity

Author (1):

Johann Rehberger

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Embracing the Red

2. Chapter 1: Establishing an Offensive Security Program FREE CHAPTER

3. Chapter 2: Managing an Offensive Security Team

4. Chapter 3: Measuring an Offensive Security Program

5. Chapter 4: Progressive Red Teaming Operations

6. Section 2: Tactics and Techniques

7. Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases

8. Chapter 6: Building a Comprehensive Knowledge Graph

9. Chapter 7: Hunting for Credentials

10. Chapter 8: Advanced Credential Hunting

11. Chapter 9: Powerful Automation

12. Chapter 10: Protecting the Pen Tester

13. Chapter 11: Traps, Deceptions, and Honeypots

14. Chapter 12: Blue Team Tactics for the Red Team

15. Assessments

16. Another Book You May Enjoy

Leave a review - let other readers know what you think

Monitoring and alerting for logins and login attempts

If you've ever participated or plan to participate in a red team versus red team operation, then the following information might be quite useful in case your machine gets popped (either by another red team or a real adversary).

If you have SSH (or other remote access endpoints) enabled on hosts, there are some ways to explore and add mitigations in case your keys or password are compromised, or someone leverages an unknown or unpatched vulnerability to login. These are some basic ideas to explore that may trigger some more ideas on your side.

Receiving notifications for logins on Linux by leveraging PAM

Pluggable Authentication Modules (PAMs) are used on Linux and macOS to configure and change login behavior. It is a possible place to add additional logging.

As an example, if, for some reason, you have endpoints such as SSH exposed, PAM can help with additional alerting. You can add additional logging and notifications...