Mehr lesen
Inhaltsverzeichnis
Introduction xxxvii
Chapter 1 The Importance of Threat Data and Intelligence 3
Do I Know This Already? Quiz 3
Foundation Topics 6
Intelligence Sources 6
Open-Source Intelligence6
Proprietary/Closed-Source Intelligence 6
Timeliness 7
Relevancy 7
Confidence Levels 7
Accuracy 7
Indicator Management 7
Structured Threat Information eXpression (STIX) 8
Trusted Automated eXchange of Indicator Information (TAXII) 8
OpenIOC 9
Threat Classification 9
Known Threat vs. Unknown Threat 10
Zero-day 10
Advanced Persistent Threat 11
Threat Actors 12
Nation-state 12
Organized Crime 12
Terrorist Groups 12
Hacktivist 12
Insider Threat 12
Intelligence Cycle 13
Commodity Malware 14
Information Sharing and Analysis Communities 15
Exam Preparation Tasks 16
Chapter 2 Utilizing Threat Intelligence to Support Organizational Security 19
Do I Know This Already? Quiz 19
Foundation Topics 21
Attack Frameworks 21
MITRE ATT&CK 21
The Diamond Model of Intrusion Analysis 22
Kill Chain 23
Threat Research 23
Reputational 24
Behavioral 24
Indicator of Compromise (IoC) 25
Common Vulnerability Scoring System (CVSS) 25
Threat Modeling Methodologies 29
Adversary Capability 29
Total Attack Surface 31
Attack Vector 31
Impact 32
Probability 32
Threat Intelligence Sharing with Supported Functions 33
Incident Response 33
Vulnerability Management33
Risk Management 33
Security Engineering 33
Detection and Monitoring34
Exam Preparation Tasks 34
Chapter 3 Vulnerability Management Activities 39
Do I Know This Already? Quiz 39
Foundation Topics 41
Vulnerability Identification 41
Asset Criticality 42
Active vs. Passive Scanning 43
Mapping/Enumeration 44
Validation 44
Remediation/Mitigation 45
Configuration Baseline 45
Patching 46
Hardening 46
Compensating Controls 47
Risk Acceptance 47
Verification of Mitigation 47
Scanning Parameters and Criteria 49
Risks Associated with Scanning Activities 49
Vulnerability Feed 49
Scope 49
Credentialed vs. Non-credentialed 51
Server-based vs. Agent-based 52
Internal vs. External 53
Special Considerations 53
Inhibitors to Remediation 62
Exam Preparation Tasks 63
Chapter 4 Analyzing Assessment Output 67
Do I Know This Already? Quiz 67
Foundation Topics 69
Web Application Scanner 69
Burp Suite 69
OWASP Zed Attack Proxy (ZAP) 69
Nikto 70
Arachni 70
Infrastructure Vulnerability Scanner 71
Nessus 71
OpenVAS 71
Software Assessment Tools and Techniques 72
Static Analysis 73
Dynamic Analysis 74
Reverse Engineering 75
Fuzzing 75
Enumeration 76
Nmap 76
Host Scanning 79
hping 80
Active vs. Passive 82
Responder 82
Wireless Assessment Tools 82
Aircrack-ng 83
Reaver 84
oclHashcat 86
Cloud Infrastructure Assessment Tools 86
ScoutSuite 87
Prowler 87
Pacu 87
Exam Preparation Tasks 88
Chapter 5 Threats and Vulnerabilities Associated with Specialized Technology 93
Do I Know This Already? Quiz 93
Foundation Topics 97
Mobile 97
Unsigned Apps/System Apps 98
Security Implications/Privacy Concerns 99
Device Loss/Theft 100
Rooting/Jailbreaking 100
Push Notification Services 100
Geotagging 100
OEM/Carrier Android Fragmentation 101
Mobile Payment 101
USB 102
Malware 102
Unauthorized Domain Bridging 103
SMS/MMS/Messaging 103
Internet of Things (IoT) 103
IoT Examples 104
Methods of Securing IoT Devices 104
Embedded Systems 105
Real-Time Operating System (RTOS) 105
System-on-Chip (SoC) 105
Field Programmable Gate Array (FPGA) 105
Physical Access Control 106
Systems 106
Devices 107
Facilities 107
Building Automation Systems 109
IP Video 109
HVAC Controllers 111
Sensors 111
Vehicles and Drones 111
