Professional Red teaming : conducting successful cybersecurity engagements / Jacob G. Oakley.
By: Oakley, Jacob G [author.].
Publisher: [Berkeley, CA] : Apress, ©2019Description: xix, 210 pages : illustrations ; 26 cm.Content type: text Media type: unmediated Carrier type: volumeISBN: 9781484243084.Subject(s): Computer security | COMPUTERS / Security / General | SecurityGenre/Form: Print books.| Current location | Call number | Status | Date due | Barcode | Item holds |
|---|---|---|---|---|---|
| On Shelf | QA76.9 .A25 O35 2019 (Browse shelf) | Available | AU00000000014278 |
Browsing Alfaisal University Shelves , Shelving location: On Shelf Close shelf browser
|
|
|
|
|
No cover image available |
|
||
| QA76.9.A25 M4877 2021 Mike Meyers' CompTIA security+ certification guide : exam SY0-601 / | QA76.9 .A25 M845 2021 Authentication and access control : practical cryptography methods and tools / | QA76.9.A25 O325 2018 Linux basics for hackers : getting started with networking, scripting, and security in Kali / | QA76.9 .A25 O35 2019 Professional Red teaming : conducting successful cybersecurity engagements / | QA76.9.A25 O94 2021 The Oxford handbook of cyber security / | QA76.9 .A25 P37 2018 Firewalls don't stop dragons : a step-by-step guide to computer security for non-techies / | QA76.9.A25 P375 2019 A leader's guide to cybersecurity : why boards need to lead--and how to do it / |
Includes index.
Intro; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Chapter 1: Red Teams in Cyberspace; Intentions; Advantages; Evaluating Preparedness; Evaluating Defenses; Evaluating Monitoring; Evaluating Responses; Disadvantages; Summary; Chapter 2: Why Human Hackers?; Innovation and Automation; Modeling Technology; Nonpivot Technology; Pivoting and Exploiting Technology; Automation Advantages and Disadvantages; Advantages; Disadvantages; Active; Passive; Example Scenarios; Scenario 1; Scenario 2; Scenario 3; Scenario 4; Threat Hunting; Summary.
Chapter 3: The State of Modern Offensive SecurityThe Challenge of Advanced Persistent Threats; More Capable; More Time; Infinite Scope; No Rules of Engagement; Environmental Challenges; Regulatory Standards; Limited Innovation; Misconceptions; Adversarial Customers; Technical Personnel; Managerial Personnel; User Personnel; Personnel Conclusion; Effective Red Team Staffing; Summary; Chapter 4: Shaping; Who; Customer Technical Personnel; Customer Operational Personnel; Provider Technical Personnel; Provider Operational Personnel; When; Preventing Incidents; Balancing Scope Attributes; What.
Motivation of the AssessmentPrior Testing; Existing Security; Scope Footprint; Inorganic Constraints; Summary; Chapter 5: Rules of Engagement; Activity Types; Physical; Social Engineering; External Network; Internal Network; Pivoting; Wireless Network; Category; Escalation of Force; Incident Handling; Tools; Certification Requirements; Personnel Information; Summary; Chapter 6: Executing; Staffing; The Professional Hacker; Best Practices; Check the ROE; Acknowledge Activity; Operational Tradecraft; Operational Notes; Enumeration and Exploitation; Postaccess Awareness; System Manipulation.
Leaving the TargetExample Operational Notes; Summary; Chapter 7: Reporting; Necessary Inclusions; Types of Findings; Exploited Vulnerabilities; Nonexploited Vulnerabilities; Technical Vulnerabilities; Nontechnical Vulnerabilities; Documenting Findings; Findings Summaries; Individual Findings; Briefing; The No-Results Assessment; Summary; Chapter 8: Purple Teaming; Challenges; People Problems; Customer Needs; Types of Purple Teaming; Reciprocal Awareness; Unwitting Host; Unwitting Attacker; Red-Handed Testing; Catch and Release; The Helpful Hacker; Summary; Chapter 9: Counter-APT Red Teaming.
CAPTR TeamingWorst-case Risk Analysis and Scoping; Critical Initialization Perspective; Reverse Pivot Chaining; Contrast; Zero Day; Insider Threats; Efficiency; Introduced Risk; Disadvantages; Summary; Chapter 10: Outcome-oriented Scoping; Worst-case Risk Assessment; The Right Stuff; Operational Personnel; Technical Personnel; Assessor Personnel; Example Scope; Centrality Analysis; Summary; Chapter 11: Initialization Perspectives; External Initialization Perspective; DMZ Initialization Perspective; Internal Initialization Perspective; Critical Initialization Perspective.
Use this unique book to leverage technology when conducting offensive security engagements. You will understand practical tradecraft, operational guidelines, and offensive security best practices as carrying out professional cybersecurity engagements is more than exploiting computers, executing scripts, or utilizing tools. Professional Red Teaming introduces you to foundational offensive security concepts. The importance of assessments and ethical hacking is highlighted, and automated assessment technologies are addressed. The state of modern offensive security is discussed in terms of the unique challenges present in professional red teaming. Best practices and operational tradecraft are covered so you feel comfortable in the shaping and carrying out of red team engagements. Anecdotes from actual operations and example scenarios illustrate key concepts and cement a practical understanding of the red team process. You also are introduced to counter advanced persistent threat red teaming (CAPTR teaming). This is a reverse red teaming methodology aimed at specifically addressing the challenges faced from advanced persistent threats (APTs) by the organizations they target and the offensive security professionals trying to mitigate them. What You'll Learn: Understand the challenges faced by offensive security assessments Incorporate or conduct red teaming to better mitigate cyber threats Initiate a successful engagement Get introduced to counter-APT red teaming (CAPTR) Evaluate offensive security processes.