Immerse yourself in the offensive security mindset to better defend against attacks
InThe Active Defender: Immersion in the Offensive Security Mindset, Senior Information Security Forensic Analyst Dr. Catherine J. Ullman delivers an expert treatment of the Active Defender approach to information security. In the book, you'll learn to understand and embrace the knowledge you can gain from the offensive security community. You'll become familiar with the hacker mindset, which allows you to gain emergent insight into how attackers operate and better grasp the nature of the risks and threats in your environment.
The author immerses you in the hacker mindset and the offensive security culture to better prepare you to defend against threats of all kinds. You'll also find:
Explanations of what an Active Defender is and how that differs from traditional defense models Reasons why thinking like a hacker makes you a better defender Ways to begin your journey as an Active Defender and leverage the hacker mindset
An insightful and original book representing a new and effective approach to cybersecurity,The Active Defender will be of significant benefit to information security professionals, system administrators, network administrators, and other tech professionals with an interest or stake in their organization's information security.
Author(s): Catherine J. Ullman
Publisher: Wiley
Year: 2023
Language: English
Pages: 272
City: Hoboken
Cover
Title Page
Copyright Page
Contents
Foreword
Preface
Introduction
Defense from a Different Perspective
Where We Are Now
How Did We Get Here?
Active Defense
What Keeps Us Stuck?
The Missing Piece
What Is Covered in This Book?
Notes
Chapter 1 What Is an Active Defender?
The Hacker Mindset
Traditional Defender Mindset
Getting from Here to There
Active Defender Activities
Threat Modeling
Threat Hunting
Attack Simulations
Active Defense
“Active Defense” for the Active Defender
Another Take on Active Defense
Active Defense According to Security Vendors
Active > Passive
Active Defense by the Numbers
Active Defense and Staffing
Active Defender > Passive Defender
Relevant Intel Recognition
Understanding Existing Threats
Attacker Behavior
Toward a Deeper Understanding
Return to the Beginning
Summary
Notes
Chapter 2 Immersion into the Hacker Mindset
Reluctance
Media Portrayal
Fear of Government Retribution
The Rock Star Myth
Imposter Syndrome
A Leap of Faith
My First Security BSides
My First DEF CON
Finding the Community
Security BSides
Other Security Conferences
Local Security Meetups
Makerspaces
DEF CON Groups
2600 Meetings
Online Security Communities
Traditional Security Communities
An Invitation
Summary
Notes
Chapter 3 Offensive Security Engagements, Trainings, and Gathering Intel
Offensive Security Engagements
Targeting
Initial Access
Persistence
Expansion
Exfiltration
Detection
Offensive Security Trainings
Conference Trainings
Security Companies
Online Options
Higher Education
Gathering Intel
Tradecraft Intel
Organizational Intel
Summary
Notes
Chapter 4 Understanding the Offensive Toolset
Nmap/Zenmap
Burp Suite/ZAP
sqlmap
Wireshark
Metasploit Framework
Shodan
Social-Engineer Toolkit
Mimikatz
Responder
Cobalt Strike
Impacket
Mitm6
CrackMapExec
evil-winrm
BloodHound/SharpHound
Summary
Notes
Chapter 5 Implementing Defense While Thinking Like a Hacker
OSINT for Organizations
OPSEC
OSINT
Social Engineering
Actively Defending
Threat Modeling Revisited
Framing the Engagement
Reverse Engineering
LOLBins
Rundll32.exe
Regsvr32.exe
MSbuild.exe
Cscript.exe
Csc.exe
Legitimate Usage?
Threat Hunting
Begin with a Question
The Hunt
Applying the Concepts
Proof of Concept
Attack Simulations
Simulation vs. Emulation
Why Test?
Risky Assumptions
Practice Is Key
Tools for Testing
Summary
Notes
Chapter 6 Becoming an Advanced Active Defender
The Advanced Active Defender
Automated Attack Emulations
Using Deceptive Technologies
Honey Tokens
Honeypots
Other Forms of Deception
Working with Offensive Security Teams
But We Need a PenTest!
Potential Testing Outcomes
Scope
Decisions, Decisions
Selecting a Vendor
Purple Teaming – Collaborative Testing
What Is a Purple Team?
Purple Team Exercises
Purple Teams and Advanced Active Defenders
Summary
Notes
Chapter 7 Building Effective Detections
Purpose of Detection
Funnel of Fidelity
Collection
Detection
Triage
Investigation
Remediation
Building Detections: Identification and Classification
Overall Detection Challenges
Attention Problem
Perception Problem
Abstraction Problem
Validation Problem
The Pyramids Return
Lower Levels
Tools
Higher Levels
Testing
Literal Level
Functional Level
Operational Level
Technical Level
Proper Validation: Both Telemetry and Detection
Testing Solutions
Summary
Notes
Chapter 8 Actively Defending Cloud Computing Environments
Cloud Service Models
IaaS
PaaS
SaaS
Cloud Deployment Environments
Private Cloud
Public Cloud
Fundamental Differences
On-Demand Infrastructure
Shared Responsibility Model
Control Plane and Data Plane
Infrastructure as an API
Data Center Mapping
IAM Focus
Cloud Security Implications
Larger Attack Surface
New Types of Exposed Services
Application Security Emphasis
Cloud Offensive Security
Enumeration of Cloud Environments
Initial Access
Post-Compromise Recon
Post-Exploitation Enumeration
Roles, Policies, and Permissions
Persistence/Expansion
Defense Strategies
Summary
Notes
Chapter 9 Future Challenges
Software Supply Chain Attacks
A Growing Problem
Actively Defending
Counterfeit Hardware
Fake CISCO Hardware
Actively Defending
UEFI
Increasing Vulnerabilities
Enter BlackLotus
MSI Key Leak
Actively Defending
BYOVD Attacks
Lazarus Group
Cuba Ransomware Group
Actively Defending
Ransomware
Continuing Evolution
Actively Defending
Frameworks
Cobalt Strike
Silver
Metasploit
Brute Ratel
Havoc
Mythic
Actively Defending
Living Off the Land
Actively Defending
API Security
Defining APIs
API Impact
Security Significance
Actively Defending
Everything Old Is New Again
OWASP Top 10
Old Malware Never (Really) Dies
Actively Defending
Summary
Notes
Index
EULA
