Professional Red teaming : conducting successful cybersecurity engagements /

Use this unique book to leverage technology when conducting offensive security engagements. You will understand practical tradecraft, operational guidelines, and offensive security best practices as carrying out professional cybersecurity engagements is more than exploiting computers, executing scri...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Oakley, Jacob G. (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: [Berkeley, CA] : Apress, 2019.
Temas:
Computer security.
Computer Security
Sécurité informatique.
COMPUTERS > Security > General.
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Intro; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Chapter 1: Red Teams in Cyberspace; Intentions; Advantages; Evaluating Preparedness; Evaluating Defenses; Evaluating Monitoring; Evaluating Responses; Disadvantages; Summary; Chapter 2: Why Human Hackers?; Innovation and Automation; Modeling Technology; Nonpivot Technology; Pivoting and Exploiting Technology; Automation Advantages and Disadvantages; Advantages; Disadvantages; Active; Passive; Example Scenarios; Scenario 1; Scenario 2; Scenario 3; Scenario 4; Threat Hunting; Summary
  • Chapter 3: The State of Modern Offensive SecurityThe Challenge of Advanced Persistent Threats; More Capable; More Time; Infinite Scope; No Rules of Engagement; Environmental Challenges; Regulatory Standards; Limited Innovation; Misconceptions; Adversarial Customers; Technical Personnel; Managerial Personnel; User Personnel; Personnel Conclusion; Effective Red Team Staffing; Summary; Chapter 4: Shaping; Who; Customer Technical Personnel; Customer Operational Personnel; Provider Technical Personnel; Provider Operational Personnel; When; Preventing Incidents; Balancing Scope Attributes; What
  • Motivation of the AssessmentPrior Testing; Existing Security; Scope Footprint; Inorganic Constraints; Summary; Chapter 5: Rules of Engagement; Activity Types; Physical; Social Engineering; External Network; Internal Network; Pivoting; Wireless Network; Category; Escalation of Force; Incident Handling; Tools; Certification Requirements; Personnel Information; Summary; Chapter 6: Executing; Staffing; The Professional Hacker; Best Practices; Check the ROE; Acknowledge Activity; Operational Tradecraft; Operational Notes; Enumeration and Exploitation; Postaccess Awareness; System Manipulation
  • Leaving the TargetExample Operational Notes; Summary; Chapter 7: Reporting; Necessary Inclusions; Types of Findings; Exploited Vulnerabilities; Nonexploited Vulnerabilities; Technical Vulnerabilities; Nontechnical Vulnerabilities; Documenting Findings; Findings Summaries; Individual Findings; Briefing; The No-Results Assessment; Summary; Chapter 8: Purple Teaming; Challenges; People Problems; Customer Needs; Types of Purple Teaming; Reciprocal Awareness; Unwitting Host; Unwitting Attacker; Red-Handed Testing; Catch and Release; The Helpful Hacker; Summary; Chapter 9: Counter-APT Red Teaming
  • CAPTR TeamingWorst-case Risk Analysis and Scoping; Critical Initialization Perspective; Reverse Pivot Chaining; Contrast; Zero Day; Insider Threats; Efficiency; Introduced Risk; Disadvantages; Summary; Chapter 10: Outcome-oriented Scoping; Worst-case Risk Assessment; The Right Stuff; Operational Personnel; Technical Personnel; Assessor Personnel; Example Scope; Centrality Analysis; Summary; Chapter 11: Initialization Perspectives; External Initialization Perspective; DMZ Initialization Perspective; Internal Initialization Perspective; Critical Initialization Perspective

Ejemplares similares