▶Book Description
The book will start talking about the security posture before moving to Red Team tactics, where you will learn the basic syntax for the Windows and Linux tools that are commonly used to perform the necessary operations. You will also gain hands-on experience of using new Red Team techniques with powerful tools such as python and PowerShell, which will enable you to discover vulnerabilities in your system and how to exploit them. Moving on, you will learn how a system is usually compromised by adversaries, and how they hack user's identity, and the various tools used by the Red Team to find vulnerabilities in a system.
In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will also learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to create a vulnerability management strategy and the different techniques for manual log analysis.
By the end of this book, you will be well-versed with Red Team and Blue Team techniques and will have learned the techniques used nowadays to attack and defend systems
▶What You Will Learn
⦁Learn the importance of having a solid foundation for your security posture
⦁Understand the attack strategy using cyber security kill chain
⦁Learn how to enhance your defense strategy by improving your security policies, hardening your network, implementing active sensors, and leveraging threat intelligence
⦁Learn how to perform an incident investigation
⦁Get an in-depth understanding of the recovery process
⦁Understand continuous security monitoring and how to implement a vulnerability management strategy
⦁Learn how to perform log analysis to identify suspicious activities
▶Key Features
⦁Gain a clear understanding of the attack methods, and patterns to recognize abnormal behavior within your organization with Blue Team tactics.
⦁Learn to unique techniques to gather exploitation intelligence, identify risk and demonstrate impact with Red Team and Blue Team strategies.
⦁A practical guide that will give you hands-on experience to mitigate risks and prevent attackers from infiltrating your system.
▶Who This Book Is For
This book aims at IT professional who want to venture the IT security domain. IT pentester, Security consultants, and ethical hackers will also find this course useful. Prior knowledge of penetration testing would be beneficial.
▶What this book covers
⦁Chapter 1, Security Posture, defines what constitute a secure posture and how it helps inunderstanding the importance of having a good defense and attack strategy.
⦁Chapter 2, Incident Response Process, introduces the incident response process and the importance to have one. It goes over different industry standards and best practices for handling the incident response.
⦁Chapter 3, Understanding the Cybersecurity Kill Chain, prepares the reader to understand the mindset of an attacker, the different stages of the attack, and what usually takes place in each one of those phases.
⦁Chapter 4, Reconnaissance, speaks about the different strategies to perform reconnaissance and how data is gathered to obtain information about the target for planning the attack.
⦁Chapter 5, Compromising the System, shows current trends in strategies to compromise the system and explains how to compromise a system.
⦁Chapter 6, Chasing a User's Identity, explains the importance of protecting the user's identity to avoid credential theft and goes through the process of hacking the user's identity.
⦁Chapter 7, Lateral Movement, describes how attackers perform lateral movement once they compromise one system.
⦁Chapter 8, Privilege Escalation, shows how attackers can escalate privileges in order to gain administrative access to the network system.
⦁Chapter 9, Security Policy, focuses on the different aspects of the initial defense strategy, which starts with the importance of a well-created security policy and goes over the best practices for security policies, standards, security awareness training, and core security controls.
⦁Chapter 10, Network Segmentation, looks into different aspects of defense in depth, covering physical network segmentation as well as the virtual and hybrid cloud.
⦁Chapter 11, Active Sensors, details different types of network sensors that help the organizations to detect attacks.
⦁Chapter 12, Threat Intelligence, speaks about the different aspects of threat intelligence from the community as well as from the major vendors.
⦁Chapter 13, Investigating an Incident, goes over two case studies, for an on-premises compromised system and for a cloud-based compromised system, and shows all the steps involved in a security investigation.
⦁Chapter 14, Recovery Process, focuses on the recovery process of a compromised system and explains how crucial it is to know what all options are available since live recovery of a system is not possible during certain circumstances.
⦁Chapter 15, Vulnerability Management, describes the importance of vulnerability management to mitigate vulnerability exploitation. It covers the current threat landscape and the growing number of ransomware that exploits known vulnerabilities.
⦁Chapter 16, Log Analysis, goes over the different techniques for manual log analysis since it is critical for the reader to gain knowledge on how to deeply analyze different types of logs to hunt suspicious security activities.
