Python for Cybersecurity
eBook - ePub

Python for Cybersecurity

Using Python for Cyber Offense and Defense

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Python for Cybersecurity

Using Python for Cyber Offense and Defense

About this book

Discover an up-to-date and authoritative exploration of Python cybersecurity strategies

Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.

Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:

  • Reconnaissance, resource development, initial access, and execution
  • Persistence, privilege escalation, defense evasion, and credential access
  • Discovery, lateral movement, collection, and command and control
  • Exfiltration and impact

Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Python for Cybersecurity by Howard E. Poston, III in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2022
Print ISBN
9781119850649
eBook ISBN
9781119850656
Edition
1
Topic
Computer Science
Subtopic
Cryptography
Index
Computer Science

CHAPTER 1
Fulfilling Pre-ATT&CK Objectives

Originally, MITRE Pre-ATT&CK was a stand-alone matrix within the MITRE ATT&CK framework. It detailed the various steps that an attacker could take to prepare before attempting to gain initial access to a target environment.
In October 2020, MITRE restructured the ATT&CK framework and condensed MITRE Pre-ATT&CK into two tactics of the ATT&CK matrix. The new version breaks Pre-ATT&CK into Reconnaissance and Resource Development, as shown in Figure 1.1.
Snapshot of MITRE Pre-ATT&CK
Figure 1.1: MITRE Pre-ATT&CK
In this chapter, we will focus on the Reconnaissance tactic of MITRE Pre-ATT&CK. The reason is that while Resource Development can be automated, the details can vary greatly, and this stage of the attack is not visible to the defender. For example, Python could be used for implementing a domain generation algorithm (DGA) for phishing or automating the deployment of web-based services, but these apply only in certain types of attacks and can easily be implemented in other ways.
Reconnaissance, on the other hand, can benefit significantly from automation. Also, Python includes several packages that help with automating reconnaissance, such as scapy and various DNS libraries.
The MITRE Pre-ATT&CK framework includes 10 techniques for Reconnaissance. Here, we will explore the use of Python for the Active Scanning and Search Open Technical Databases techniques.
The code sample archive for this chapter can be found on the Download Code tab at https://www.wiley.com/go/pythonforcybersecurity and contains the following sample code files:
  • PortScan.py
  • HoneyScan.py
  • DNSExploration.py
  • HoneyResolver.py

Active Scanning

Network reconnaissance can be performed by either active or passive means. Active reconnaissance involves interacting with the target environment, while passive reconnaissance can involve eavesdropping on traffic or taking advantage of publicly available sources of information.
As its name suggests, the Active Scanning technique in MITRE ATT&CK is an example of Active Reconnaissance. It involves performing port or vulnerability scans against a target to determine which IP addresses are active, what services they are running, any vulnerabilities that may exist, and similar intelligence.

Scanning Networks with scapy

Nmap is the most used tool for port scanning. It implements several different types of scans and can be used to detect the versions of operating systems and services and to perform custom vulnerability scans.
In this section, we'll implement a couple of simple scans:
  • SYN scan: A SYN scan sends a TCP SYN packet to a port and looks for a SYN/ACK packet in response.
  • DNS scan: A DNS scan tests to see whether a DNS server is running on the target system.
To implement these scans, we'll be using the scapy library in Python. scapy makes it easy to create and send custom packets over the network and to sniff network traffic for responses.

PortScan.py

from scapy.all import * import ipaddress   ports = [25,80,53,443,445,8080,8443]   def SynScan(host):  ans,unans = sr(  IP(dst=host)/  TCP(sport=33333,dport=ports,flags="S")  ,timeout=2,verbose=0)  print("Open ports at %s:" % host)  for (s,r,) in ans:  if s[TCP].dport == r[TCP].sport and r[TCP].flags=="SA":  print(s[TCP].dport)   def DNSScan(host):  ans,unans = sr(  IP(dst=host)/ ...

Table of contents

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Introduction
  5. CHAPTER 1: Fulfilling Pre-ATT&CK Objectives
  6. CHAPTER 2: Gaining Initial Access
  7. CHAPTER 3:Achieving Code Execution
  8. CHAPTER 4: Maintaining Persistence
  9. CHAPTER 5: Performing Privilege Escalation
  10. CHAPTER 6: Evading Defenses
  11. CHAPTER 7: Accessing Credentials
  12. CHAPTER 8: Performing Discovery
  13. CHAPTER 9: Moving Laterally
  14. CHAPTER 10: Collecting Intelligence
  15. CHAPTER 11: Implementing Command and Control
  16. CHAPTER 12: Exfiltrating Data
  17. CHAPTER 13: Achieving Impact
  18. Index
  19. Copyright
  20. Dedication
  21. About the Author
  22. About the Technical Editor
  23. End User License Agreement