Reader small image

You're reading from  Cybersecurity Attacks ‚Äì Red Team Strategies

Product typeBook
Published inMar 2020
PublisherPackt
ISBN-139781838828868
Edition1st Edition
Tools
Right arrow
Author (1)
Johann Rehberger
Johann Rehberger
author image
Johann Rehberger

Johann Rehberger has over fifteen years of experience in threat analysis, threat modeling, risk management, penetration testing, and red teaming. As part of his many years at Microsoft, Johann established a penetration test team in Azure Data and led the program as Principal Security Engineering Manager. Recently, he built out a red team at Uber and currently works as an independent security and software engineer. Johann is well versed in analysis, design, implementation, and testing of software systems. Additionally, he enjoys providing training and was an instructor for ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK framework and holds a master's in computer security from the University of Liverpool.
Read more about Johann Rehberger

Right arrow

What this book covers?

Section 1: Embracing the Red

Chapter 1, Establishing an Offensive Security Program, covers the reasoning on why an internal red program is important; how it benefits the organization; how to start building out the program, including defining mission, rules, operating procedures; and how to model the adversary.

Chapter 2, Managing an Offensive Security Team, discusses how to establish the rhythm of the business for the offensive security team, and how to manage people and processes and explore opportunities for leveraging the homefield advantage and purple teaming.

Chapter 3, Measuring an Offensive Security Program, dives into details on how to present and measure the progress and maturity of the program. This includes topics such as bug and issue tracking, using the MIRE ATT&CK matrix, attack graphs, and Monte Carlo simulations. The chapter also discusses the illusion of control that many organizations face, which red teams at times fall for as well.

Chapter 4, Progressive Red Teaming Operations, covers interesting and at times unusual ideas for operations, many of which the author has performed. This includes mining cryptocurrency, targeting privacy testing, targeting telemetry and social media, as well as operations that target other red teams.

Section 2: Tactics and Techniques

Chapter 5, Situational Awareness-Mapping Out the Homefield Using Graph Databases, covers the basics of graph databases and how they can aid knowledge discovery.

Chapter 6, Building a Comprehensive Knowledge Graph, explores a fictional corporation and how to map out its on-premises and cloud assets from scratch using Neo4J. This includes learning about the basics of a graph database, how to create nodes and relations, and how to write queries. Furthermore, we will cover how to load JSON and/or CSV data (for example, from an nmap scan) into a graph.

Chapter 7, Hunting for Credentials, covers the basics of credential hunting and how to use indexing techniques to find credentials at scale. This covers built-in operating system indexing as well as tools such as Sourcegraph and Scour.

Chapter 8, Advanced Credential Hunting, covers hunting for credentials in process memory, abusing logging and tracing, learning about pass the cookie and spoofing credential prompts on various operating systems, and password spray attacks that every organization should perform regularly.

Chapter 9, Powerful Automation, covers the details of COM automation on Windows with practical examples on how an adversary might trick users. A large part of this chapter is also dedicated to automating browsers during post-exploitation to steal cookies or remotely take control of a browser.

Chapter 10, Protecting the Pen Tester, focuses entirely on how pen testers and red teamers should protect their assets and machines. This includes improving pen test documentation and logging, as well as practical ideas to lock down machines. We will cover aspects across major operating systems.

Chapter 11, Traps, Deceptions, and Honeypots, shows how, as part of a good red-team strategy, the red team must protect their own assets and monitor for malicious access. This chapter is dedicated to building out a solid monitoring and deception strategy across major operating systems to trick adversaries that might attack your red teams.

Chapter 12, Blue Team Tactics for the Red Team, covers blue team tooling that red teamers should know about to use themselves (for instance, osquery, Elastic Stack, and Kibana) and also to understand the capabilities and gaps of the blue team tooling to better help improve it.

lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
Cybersecurity Attacks – Red Team Strategies
Published in: Mar 2020Publisher: PacktISBN-13: 9781838828868

Author (1)

author image
Johann Rehberger

Johann Rehberger has over fifteen years of experience in threat analysis, threat modeling, risk management, penetration testing, and red teaming. As part of his many years at Microsoft, Johann established a penetration test team in Azure Data and led the program as Principal Security Engineering Manager. Recently, he built out a red team at Uber and currently works as an independent security and software engineer. Johann is well versed in analysis, design, implementation, and testing of software systems. Additionally, he enjoys providing training and was an instructor for ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK framework and holds a master's in computer security from the University of Liverpool.
Read more about Johann Rehberger