eBook - ePub
Cybersecurity Attacks – Red Team Strategies
A practical guide to building a penetration testing program having homefield advantage
Johann Rehberger
This is a test
Buch teilen
- 524 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Cybersecurity Attacks – Red Team Strategies
A practical guide to building a penetration testing program having homefield advantage
Johann Rehberger
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Develop your red team skills by learning essential foundational tactics, techniques, and procedures, and boost the overall security posture of your organization by leveraging the homefield advantage
Key Features
- Build, manage, and measure an offensive red team program
- Leverage the homefield advantage to stay ahead of your adversaries
- Understand core adversarial tactics and techniques, and protect pentesters and pentesting assets
Book Description
It's now more important than ever for organizations to be ready to detect and respond to security events and breaches. Preventive measures alone are not enough for dealing with adversaries. A well-rounded prevention, detection, and response program is required. This book will guide you through the stages of building a red team program, including strategies and homefield advantage opportunities to boost security.
The book starts by guiding you through establishing, managing, and measuring a red team program, including effective ways for sharing results and findings to raise awareness. Gradually, you'll learn about progressive operations such as cryptocurrency mining, focused privacy testing, targeting telemetry, and even blue team tooling. Later, you'll discover knowledge graphs and how to build them, then become well-versed with basic to advanced techniques related to hunting for credentials, and learn to automate Microsoft Office and browsers to your advantage. Finally, you'll get to grips with protecting assets using decoys, auditing, and alerting with examples for major operating systems.
By the end of this book, you'll have learned how to build, manage, and measure a red team program effectively and be well-versed with the fundamental operational techniques required to enhance your existing skills.
What you will learn
- Understand the risks associated with security breaches
- Implement strategies for building an effective penetration testing team
- Map out the homefield using knowledge graphs
- Hunt credentials using indexing and other practical techniques
- Gain blue team tooling insights to enhance your red team skills
- Communicate results and influence decision makers with appropriate data
Who this book is for
This is one of the few detailed cybersecurity books for penetration testers, cybersecurity analysts, security leaders and strategists, as well as red team members and chief information security officers (CISOs) looking to secure their organizations from adversaries. The program management part of this book will also be useful for beginners in the cybersecurity domain. To get the most out of this book, some penetration testing experience, and software engineering and debugging skills are necessary.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Cybersecurity Attacks – Red Team Strategies als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Cybersecurity Attacks – Red Team Strategies von Johann Rehberger im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Cyber Security. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Section 1: Embracing the Red
An organization must be ready to detect and respond to security events and breaches effectively. Preventive measures alone are not enough to deal with adversaries. An organization needs to create a well-rounded prevention, detection, and response program.
Establishing an offensive security program can help improve the security posture of your organization and identify weaknesses in prevention, detection, and response to security incidents.
In the first part of this book, we will discuss establishing, managing, and measuring an internal offensive security program. This part is en titled Embracing the Red to highlight the importance of having dedicated testing efforts in place and building and encouraging a culture of transparency when it comes to identifying and discussing security challenges and weaknesses within an organization. We will dive into details, learnings, and organizational challenges on how to build, manage, and measure an internal offensive security program.
One of the benefits an internal offensive security team can provide compared to a real-world adversary is that of Homefield Advantage and the collaboration between all stakeholders to demonstrate the immediate benefits of improving the security posture of the organization.
Furthermore, we will explore progressive red team operations, such as crypto jacking, dedicated operations to identify privacy violation, pen testing the pen testers, and much more.
This part comprises the following chapters:
- Chapter 1, Establishing an Offensive Security Program
- Chapter 2, Managing an Offensive Security Team
- Chapter 3, Measuring an Offensive Security Program
- Chapter 4, Progressive Red Teaming Operations
Chapter 1: Establishing an Offensive Security Program
Establishing an offensive security program within an organization might seem a challenging task compared to just compromising its assets, but it is one of the most exciting tasks to perform as a penetration tester, lead, or manager. Being there to actively design a strategy for changing the security culture of an entire organization is a great opportunity, and it is rewarding and a lot of fun.
As a leader and manager of an offensive security team, it is critical to set clear principles and a vision and rules for the team. This chapter will discuss the aspects to consider and provide some ideas about how to build a strong foundation.
The following topics will be covered in this chapter:
- Defining a practical mission for a cyber-operational red team program
- Finding support among and influencing leadership to establish a red team program
- Strategies on where in the organization the red team should be situated
- The importance of building an offensive security roadmap
- Understanding the unique skills required for the job, as well as how to attract and retain adversarial engineers and thinkers
- Offering different red teaming services to your organization
- Establishing principles, rules, and standard operating procedures to mature the program
- Modeling the adversary and understanding the anatomy of a breach
- Considerations for open versus closed office spaces and how it impacts security and team culture
Defining the mission – the devil's advocate
At a high level, one of the best ways to look at a red team is to consider it the devil's advocate. The vision is to ensure alternative views are considered and that stakeholders are held accountable. The program is there to provide reality checks at times of forming a consensus. This is done by demonstrating not just the theoretical but the real-world impact of exploiting weaknesses and informing the organization's risk management process and leadership.
In many ways, an offensive program fulfills a security testing function within the organization, a sometimes rare but much-needed function in the modern world of software engineering, full-stack development, and DevOps.
To run an effective internal offensive security program, a simple yet inspiring mission to help communicate the purpose and motivate the team is important. The mission should be about what is being done, there is no reason to dive into how something will be achieved. A mission along the lines of emulating adversarial behavior and finding and exploiting vulnerabilities for defensive purposes is a good starting point.
Highlighting the defensive aspect is important because the goal of a mature red team should be to improve the security posture of the organization and drive cultural change. The red team's main purpose is to help the organization to understand weaknesses, highlight them, and help them to improve and measure those improvements over time. Finding and exploiting an issue by itself does not automatically lead to change. This is the first big pitfall of an offensive program that struggles to help the organization improve. To achieve cultural change and improve the security posture of an organization, a red team needs some form of measurement and a way to communicate KPIs to the organization and management so that informed investments can be made. We will discuss a set of ideas about how to achieve this in Chapter 3, Measuring an Offensive Security Program.
As stated, an important aspect of an offensive security team is to drive cultural change, so including a mission goal related to improving the security posture and the security culture of the organization is also a good idea.
Here are a few points on what your mission might contain:
- Devil's advocate
- Emulate adversaries for defensive purposes
- Measure, communicate, and improve the security of the organization
- Increase the security IQ of the organization
- Break the norm and challenge the effectiveness of the organization
- Provide alternative analyses and "think evil"
- Challenge everything!
A good tactic that can resonate with leadership and management is to reflect your organization's core values in the mission statement as well.
Getting leadership support
To run a successful red team program, it is critical to have active leadership support.
One of the big benefits of an offensive security program and red teaming generally is that they are there to keep everyone honest. Trust but verify. The support of the Chief Security Officer (CSO) is probably easy to get, but the support must be beyond that; it must include the other executive levels of the organization as well. This can't be stressed enough; if you do not have executive buy-in, the effectiveness and outcomes of the program will be limited. Getting long term buy-in might be achieved by using various strategies, including providing data and providing actual breach results, explaining how they impact the organization.
Convincing leadership with data
When looking at data, it is useful to look at the competitive landscape and analyze recent breaches that have occurred in the industry, and the associated impact they have had on organizations. This might include data such as the following:
- Gather evidence related to the cost and impact of breaches in your industry.
- Gather data around past breaches of your organization.
- Gather evidence of other security incidents in your organization.
- If your organization has been through penetration testing or red teaming exercises in the past (for example, for compliance reasons), try to get hold of past findings and results and look at the business impact of the findings to support and encourage further investment.
- If you already have a bug bounty program, results and findings can further highlight that investment is necessary.
Convincing leadership with actions and results
Another approach is to propose a lightweight offensive penetration test to explore if more investments would be useful for the organization. This could be a simple case study, something along the lines of searching the intranet and source code for cleartext passwords. Subsequently, perform risk analysis on the havoc a malicious insider might cause with access to widely available passwords. This could be done internally, or one of the many great security consulting organizations could be hired to highlight potential issues.
Locating a red team in the organization chart
Initially, I would not spend too much time thinking about where in the organization the offensive security team should be located. If you are just starting out, it's most likely that only one full-time person is tasked with offensive security work. The more critical part at that stage is to get executive sign-off and support to perform offensive testing and deliver results. The bias should be toward action at first and to demonstrate a positive impact. In some organizations, the program is entirely outsourced, and only logistics are driven internally, although typically the desire to build an internal team will grow.
A typical organization structure will probably put the offensive security team in either the defense and response part of the company or as a function of a Security Assurance team. I have also seen offensive security teams being put in legal and compliance areas of companies. A lot of this depends on the size and structure of the organization, as well as the size of the offensive security team itself.
A great place, and personally my favorite, is a staffing function that informs leadership (for example, the vice president, CEO, or CISO) as an independent group. This allows for great autonomy and provides leadership direct, unfiltered input into the state of security.
In most cases, however, the team will be buried somewhere deeper down in the organization chart, and that is okay. I don't like it when a penetration test team reports to a defensive team (for instance the blue team lead), as that might provide the wrong impression of its core purpose. The offensive security team is an adversarial team with the goal of helping the organization, but its behavior and actions must maintain a level of independence and freedom.
The road ahead for offensive security
When it comes to successfully managing an offensive security program, it's critical to define an overall roadmap that acts as a foundation and guidance going forward. Think of a high-level plan for the next two or three years. Most likely the program will grow organically if the initial investments are fruitful and the return on investment is made visible. This is what I have observed across different organizations that have implemented an internal offensive security program. In the beginning, start out small, and one or two years later it grows into an actual team of full-time employees. Overall, there are possibly two options initially. One is to ...