Preface

• A note about terminology
• Who this book is for
• What this book covers?
• To get the most out of this book
• Download the example code files
• Download the color images
• Conventions used
• Get in touch
• Reviews
• Disclaimer

1. Section 1: Embracing the Red

2. Chapter 1: Establishing an Offensive Security Program FREE CHAPTER

• Defining the mission – the devil's advocate
• Getting leadership support
• Locating a red team in the organization chart
• The road ahead for offensive security
• Providing different services to the organization
• Additional responsibilities of the offensive program
• Training and education of the offensive security team
• Policies – principles, rules, and standards
• Rules of engagement
• Standard operating procedure
• Modeling the adversary
• Anatomy of a breach
• Modes of execution – surgical or carpet bombing
• Environment and office space
• Summary
• Questions

3. Chapter 2: Managing an Offensive Security Team

• Understanding the rhythm of the business and planning Red Team operations
• Managing and assessing the team
• Management by walking around
• Managing your leadership team
• Managing yourself
• Handling logistics, meetings, and staying on track
• Growing as a team
• Leading and inspiring the team
• For the best results – let them loose!
• Leveraging homefield advantage
• Disrupting the purple team
• Summary
• Questions

4. Chapter 3: Measuring an Offensive Security Program

• Understanding the illusion of control
• The road to maturity
• Threats – trees and graphs
• Defining metrics and KPIs
• Test Maturity Model integration (TMMi ®)and red teaming
• MITRE ATT&CK™ Matrix
• Remembering what red teaming is about
• Summary
• Questions

5. Chapter 4: Progressive Red Teaming Operations

• Exploring varieties of cyber operational engagements
• Cryptocurrency mining
• Red teaming for privacy
• Red teaming the red team
• Targeting the blue team
• Leveraging the blue team's endpoint protection as C2
• Social media and targeted advertising
• Targeting telemetry collection to manipulate feature development
• Attacking artificial intelligence and machine learning
• Operation Vigilante – using the red team to fix things
• Emulating real-world advanced persistent threats (APTs)
• Performing tabletop exercises
• Summary
• Questions

6. Section 2: Tactics and Techniques

7. Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases

• Understanding attack and knowledge graphs
• Graph database basics
• Building the homefield graph using Neo4j
• Exploring the Neo4j browser
• Creating and querying information
• Summary
• Questions

8. Chapter 6: Building a Comprehensive Knowledge Graph

• Technical requirements
• Case study – the fictional Shadow Bunny corporation
• Mapping out the cloud!
• Importing cloud assets
• Loading CSV data into the graph database
• Adding more data to the knowledge graph
• Augmenting an existing graph or building one from scratch?
• Summary
• Questions

9. Chapter 7: Hunting for Credentials

• Technical requirements
• Clear text credentials and how to find them
• Leveraging indexing techniques to find credentials
• Hunting for ciphertext and hashes
• Summary
• Questions

10. Chapter 8: Advanced Credential Hunting

• Technical requirements
• Understanding the Pass the Cookie technique
• Credentials in process memory
• Abusing logging and tracing to steal credentials and access tokens
• Windows Credential Manager and macOS Keychain
• Using optical character recognition to find sensitive information in images
• Exploiting the default credentials of local admin accounts
• Phishing attacks and credential dialog spoofing
• Performing password spray attacks
• Summary
• Questions

11. Chapter 9: Powerful Automation

• Technical requirements
• Understanding COM automation on Windows
• Achieving objectives by automating Microsoft Office
• Automating and remote controlling web browsers as an adversarial technique
• Summary
• Questions

12. Chapter 10: Protecting the Pen Tester

• Technical requirements
• Locking down your machines (shields up)
• Improving documentation with custom Hacker Shell prompts
• Monitoring and alerting for logins and login attempts
• Summary
• Questions

13. Chapter 11: Traps, Deceptions, and Honeypots

• Technical requirements
• Actively defending pen testing assets
• Understanding and using Windows Audit ACLs
• Notifications for file audit events on Windows
• Building a Homefield Sentinel – a basic Windows Service for defending hosts
• Monitoring access to honeypot files on Linux
• Alerting for suspicious file access on macOS
• Summary
• Questions

14. Chapter 12: Blue Team Tactics for the Red Team

• Understanding centralized monitoring solutions that blue teams leverage
• Using osquery to gain insights and protect pen testing assets
• Leveraging Filebeat, Elasticsearch, and Kibana
• Summary
• Questions

15. Assessments

• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6
• Chapter 7
• Chapter 8
• Chapter 9
• Chapter 10
• Chapter 11
• Chapter 12

16. Another Book You May Enjoy

• Leave a review - let other readers know what you think