What this book covers

Chapter 1, An Introduction to Cybersecurity, delivers an introduction to cybersecurity through exploring the parallel histories of emergent technology and associated threats. It talks about offensive security versus defensive security and how we got to be where we are today.

Chapter 2, Kali Linux and the ELK Stack, explores the genealogy of Kali versus other flavors of Linux and introduces one of the operating system’s core defensive tools, a group of applications collectively known as the ELK stack. Elasticsearch, Logstash, and Kibana (ELK) are presented along with supporting data shipping components Beats and X-Pack.

Chapter 3, Installing the Kali Purple Linux Environment, provides a comprehensive review of how to acquire, update, and run Kali Purple and its required dependencies regardless of the host operating system presently utilized by the reader. The chapter covers this need for compatibility through the exploration of virtual machines, focusing on the universally accepted and freely available VirtualBox.

Chapter 4, Configuring the ELK Stack, converges the lessons learned from the previous two chapters to walk you through standing up the core components of the ELK stack along with the technology that supports it. The chapter begins by looking at the Elasticsearch database and indexing application and integrating it with the Kibana visual interface before adding Logstash for data enrichment.

Chapter 5, Sending Data to the ELK Stack, continues to build upon the configuration of ELK by exploring how the SIEM solution gets its information through data shippers, along with setting them up to report to the SIEM. The chapter will explore the full picture of how the data flow—how information is enriched by Logstash, indexed and stored in Elasticsearch, and displayed to the SIEM users through Kibana.

Chapter 6, Traffic and Log Analysis, digs a little deeper into the information that may ultimately end up running through the ELK stack or some other SIEM solution by examining a brief overview of packets, before introducing the Malcolm suite of data collection and analysis tools, highlighting Arkime – one of Malcolm’s more prominent data analysis tools.

Chapter 7, Intrusion Detection and Prevention Systems, builds upon Malcolm’s suite of tools introduced in the previous chapter by providing an overview of intrusion detection and prevention systems. It starts by comparing and contrasting the two types of intrusion management styles before focusing on the Suricata IDS/IPS and the Zeek IDS.

Chapter 8, Security Incident and Response, makes a robust effort to explain incident response through the introduction of a Security Orchestration and Automation Response (SOAR) setup using StrangeBee’s Cortex and TheHive. Additional integrations are explained with various intelligence and information threat feeds, such as the Malware Information Sharing Platform (MISP), the Structured Threat Information eXpression (STIX), and Trusted Automated Exchange of Indicator Information (TAXII). This chapter concludes by challenging you to begin independent research and community contributions.

Chapter 9, Digital Forensics, takes a look at Kali Purple’s contribution to digital forensics through malware analysis, along with introductions to some tools that might otherwise be more offensive security-oriented but provide insight into user behavior and mindset.

Chapter 10, Integrating the Red Team and External Tools, brings together the offensive security utilities previously associated with Kali Linux and penetration testing for you to deploy and use against the defensive utilities you’ve been exploring and setting up throughout the rest of the book. This chapter delves into offensive security with popular tools such as OWASP ZAP, Wireshark, Metasploit, Burp Suite, Nmap, sqlmap, Nikto Nessus, Hydra, Medusa, and John the Ripper.

Chapter 11, Autopilot, Python, and NIST Control, wraps up the Defensive Security with Kali Purple book with advanced features such as autopilot automated scripting. Then, it provides a unique take on the Python scripting language, focusing not on learning how to develop code but instead on recognizing it for the purposes of analysis from a cyber defender’s perspective. Finally, the chapter covers the framework upon which Kali Purple was modeled, including a high-level overview of the recently added Govern pillar.