You're reading from Cybersecurity Attacks ‚Äì Red Team Strategies A practical guide to building a penetration testing program having homefield advantage

Product type Paperback

Published in Mar 2020

Publisher Packt

ISBN-13 9781838828868

Length 524 pages

Edition 1st Edition

Tools

Neo4j

Concepts

Cybersecurity

Author (1):

Johann Rehberger

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Embracing the Red

2. Chapter 1: Establishing an Offensive Security Program FREE CHAPTER

3. Chapter 2: Managing an Offensive Security Team

4. Chapter 3: Measuring an Offensive Security Program

5. Chapter 4: Progressive Red Teaming Operations

6. Section 2: Tactics and Techniques

7. Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases

8. Chapter 6: Building a Comprehensive Knowledge Graph

9. Chapter 7: Hunting for Credentials

10. Chapter 8: Advanced Credential Hunting

11. Chapter 9: Powerful Automation

12. Chapter 10: Protecting the Pen Tester

13. Chapter 11: Traps, Deceptions, and Honeypots

14. Chapter 12: Blue Team Tactics for the Red Team

15. Assessments

16. Another Book You May Enjoy

Leave a review - let other readers know what you think

Monitoring access to honeypot files on Linux

In Linux, there are a couple of ways to go about implementing decoy files to alert the red team of suspicious activities on hosts. The simplest way is probably using the inotifywait utility. Its use cases in this regard are limited. In this section, we will explore both inotifywait and auditd. The latter provides a lot of capabilities. First, let's create some credentials that might trick an adversary.

Creating a honeypot RSA key file

A good deception tactic to trick adversaries or other red teamers is to create fake SSH key files (something such as prod_rsa). This might trick someone to promptly try to inspect the file as it might appear to give access to production assets. Consider placing the file in a user's ~/.ssh folder because this is where adversaries will look for credentials.

The following screenshot shows how to use ssh-keygen to create a keypair:

Figure 11.25: Creation of the honeypot...