You're reading from Cybersecurity Attacks ‚Äì Red Team Strategies A practical guide to building a penetration testing program having homefield advantage

Product type Paperback

Published in Mar 2020

Publisher Packt

ISBN-13 9781838828868

Length 524 pages

Edition 1st Edition

Tools

Neo4j

Concepts

Cybersecurity

Author (1):

Johann Rehberger

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Embracing the Red

2. Chapter 1: Establishing an Offensive Security Program FREE CHAPTER

3. Chapter 2: Managing an Offensive Security Team

4. Chapter 3: Measuring an Offensive Security Program

5. Chapter 4: Progressive Red Teaming Operations

6. Section 2: Tactics and Techniques

7. Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases

8. Chapter 6: Building a Comprehensive Knowledge Graph

9. Chapter 7: Hunting for Credentials

10. Chapter 8: Advanced Credential Hunting

11. Chapter 9: Powerful Automation

12. Chapter 10: Protecting the Pen Tester

13. Chapter 11: Traps, Deceptions, and Honeypots

14. Chapter 12: Blue Team Tactics for the Red Team

15. Assessments

16. Another Book You May Enjoy

Leave a review - let other readers know what you think

Leveraging the blue team's endpoint protection as C2

Endpoint protection solutions such as Carbon Black, CrowdStrike, and so forth commonly provide a built-in command and control infrastructure. This can be misused by an adversary. The red team does not even have to maintain or run their own infrastructure. The objective of an operation might be to gain administrative access to the portal of these systems.

Since the portals are commonly web-based, tactics such as pass the cookie might be performed by adversaries after compromising blue team members. Once they have access, there are features such as Go Live that an adversary can leverage to gain administrative access to any host in the organization running the agent.

Additionally, organizations have to worry about malicious insiders who might misuse such features.

Does the blue team and SOC have proper detections and monitoring in place to catch compromise or misuse? Who watches the watchers? Requiring rigorous monitoring...