Cybersecurity Attacks:Red Team Strategies
上QQ阅读APP看书,第一时间看更新

Preface

An organization must be ready to detect and respond effectively to security events and breaches. Preventive measures alone are not enough in dealing with adversaries. An organization needs to create a well-rounded prevention, detection, and response program.

Security is not a feature that can be added to a system without significant delay and cost.

When it comes to software, it sometimes feels like security engineers are trying to help bolt wings onto an airplane while it's already on the runway and speeding up to take off. At times there are even passengers on the plane already, while on the side we have a few security warriors running along to help magically bolt on wings to avoid disaster.

This book is for all those security warriors and wizards that help secure the world and make sure that the plane takes off, flies, and lands safely and soundly.

As part of this book I will discuss penetration testing, red teaming, and offensive security at large and how to establish such a program within your organization. I do so by providing examples for what worked and what didn't work in my career and what things you might be able to avoid in the first place to get started and be effective fast.

One of the largest purple team operations I had the opportunity to lead had more than three dozen active participants who were hacking, scanning, stealing credentials, hunting, analyzing, forensicating, learning, and most importantly, having fun along the way while significantly positively impacting the company's culture and security posture.

My goal is for organizations that have not yet been exposed to the idea of compromising themselves to benefit from this book by leveraging the benefit of homefield advantage to stay ahead of real-world adversaries.

Mature organizations and security engineers hopefully see similar patterns in their areas.

The first part of this book, titled Embracing the Red, dives into the details, learning, and organizational challenges of how to build, manage, and measure an internal offensive security program. The second part of the book is entirely dedicated to the Tactics and Techniques that a penetration test team should be aware of and leveraging.

Hopefully, the program management parts of this book will support red teamers, pen testers, analysts, defenders, security leaders, and the security community to build strong, collaborative, and effective offensive security programs. Equally, the second part of the book provides insights with practical examples on how the reader can apply homefield advantage in technical terms.

The challenges in front of the security community and the industry are tremendous. The amount of information that needs protection, the amount of data stored in the cloud, the privacy concerns, the threats artificial intelligence holds, and the easy manipulation of the masses via social media are a reflection of how much work is ahead of us.

Having had the chance to interact, work with, and learn from so many security professionals, however, I'm confident that if we work together to share our understanding of the threats, mitigations, and risks, we will continue to rise and meet these challenges.