更新时间:2021-06-30 15:01:39
封面
Cybersecurity Attacks – Red Team Strategies
Why subscribe?
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
A note about terminology
Who this book is for
What this book covers?
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Section 1: Embracing the Red
Chapter 1: Establishing an Offensive Security Program
Defining the mission – the devil's advocate
Getting leadership support
Convincing leadership with data
Convincing leadership with actions and results
Locating a red team in the organization chart
The road ahead for offensive security
Building a new program from scratch
Inheriting an existing program
People – meeting the red team crew
Penetration testers and why they are so awesome!
Offensive security engineering as a professional discipline
Strategic red teamers
Program management
Attracting and retaining talent
Diversity and inclusion
Morale and team identity
The reputation of the team
Providing different services to the organization
Security reviews and threat modeling support
Security assessments
Red team operations
Purple team operations
Tabletop exercises
Research and development
Predictive attack analysis and incident response support
Additional responsibilities of the offensive program
Security education and training
Increasing the security IQ of the organization
Gathering threat intelligence
Informing risk management groups and leadership
Integrating with engineering processes
I feel like I really know you – understanding the ethical aspects of red teaming
Training and education of the offensive security team
Policies – principles rules and standards
Principles to guide and rules to follow
Acting with purpose and being humble
Penetration testing is representative and not comprehensive
Pentesting is not a substitute for functional security testing
Letting pen testers explore
Informing risk management
Rules of engagement
Adjusting rules of engagement for operations
Geographical and jurisdictional areas of operation
Distribution of handout cards
Real versus simulated versus emulated adversaries
Production versus non-production systems
Avoiding becoming a pawn in political games
Standard operating procedure
Leveraging attack plans to track an operation
Mission objective – what are we setting out to achieve or demonstrate?
Stakeholders and their responsibilities
Codenames
Timelines and duration
Understanding the risks of penetration testing and authorization
Kick-off meeting
Deliverables
Notifying stakeholders
Attack plan during execution – tracking progress during an operation
Reconnaissance tasks and results
Attack scenarios
Covering vulnerability classes
Managing defects and incidents
Purple team sync and triage meetings
Documenting activities
Screenshots and logs
Screen recordings
Peer testing
Wrapping up an operation
Cleaning up and archiving
Eviction and remediation support
Report and summaries
Debrief
Reflecting
Overarching information sharing via dashboards
Contacting the pen test team and requesting services
Modeling the adversary
Understanding external adversaries
Considering insider threats
Motivating factors
