Active Defender - Immersion in the Offensive Security Mindset

Read more

Immerse yourself in the offensive security mindset to better defend against attacks
 
In The Active Defender: Immersion in the Offensive Security Mindset, Principal Technology Architect, Security, Dr. Catherine J. Ullman delivers an expert treatment of the Active Defender approach to information security. In the book, you'll learn to understand and embrace the knowledge you can gain from the offensive security community. You'll become familiar with the hacker mindset, which allows you to gain emergent insight into how attackers operate and better grasp the nature of the risks and threats in your environment.
 
The author immerses you in the hacker mindset and the offensive security culture to better prepare you to defend against threats of all kinds. You'll also find:
* Explanations of what an Active Defender is and how that differs from traditional defense models
* Reasons why thinking like a hacker makes you a better defender
* Ways to begin your journey as an Active Defender and leverage the hacker mindset
 
An insightful and original book representing a new and effective approach to cybersecurity, The Active Defender will be of significant benefit to information security professionals, system administrators, network administrators, and other tech professionals with an interest or stake in their organization's information security.

List of contents

Foreword xxv
 
Preface xxix
 
Introduction xxxiii
 
Chapter 1 What Is an Active Defender? 1
 
The Hacker Mindset 1
 
Traditional Defender Mindset 3
 
Getting from Here to There 4
 
Active Defender Activities 7
 
Threat Modeling 7
 
Threat Hunting 8
 
Attack Simulations 9
 
Active Defense 9
 
"Active Defense" for the Active Defender 10
 
Another Take on Active Defense 10
 
Annoyance 11
 
Attribution 11
 
Attack 11
 
Active Defense According to Security Vendors 11
 
Active > Passive 12
 
Active Defense by the Numbers 13
 
Active Defense and Staffing 13
 
Active Defender > Passive Defender 13
 
Relevant Intel Recognition 13
 
Understanding Existing Threats 14
 
Attacker Behavior 14
 
Pyramid of Pain 15
 
MITRE Att&ck 15
 
TTP Pyramid 15
 
Toward a Deeper Understanding 16
 
Return to the Beginning 16
 
Summary 18
 
Notes 18
 
Chapter 2 Immersion into the Hacker Mindset 21
 
Reluctance 21
 
Media Portrayal 21
 
Fear of Government Retribution 22
 
The Rock Star Myth 22
 
Imposter Syndrome 23
 
A Leap of Faith 23
 
My First Security BSides 24
 
My First DEF CON 24
 
Finding the Community 27
 
Security BSides 27
 
Structured Format 27
 
Unconference Format 28
 
Hybrid Format 28
 
Additional Events 28
 
Other Security Conferences 29
 
CircleCityCon 29
 
GrrCON 29
 
Thotcon 29
 
ShmooCon 30
 
Wild West Hackin' Fest 30
 
DEF Con 30
 
Local Security Meetups 30
 
Infosec 716 31
 
Burbsec 31
 
#misec 31
 
Makerspaces 31
 
DEF CON Groups 32
 
2600 Meetings 32
 
Online Security Communities 33
 
Traditional Security Communities 34
 
An Invitation 34
 
Summary 36
 
Notes 36
 
Chapter 3 Offensive Security Engagements, Trainings, and Gathering Intel 37
 
Offensive Security Engagements 37
 
Targeting 38
 
Initial Access 38
 
Persistence 39
 
Expansion 39
 
Exfiltration 40
 
Detection 40
 
Offensive Security Trainings 40
 
Conference Trainings 41
 
Security BSides 41
 
DEF Con 42
 
GrrCON 42
 
Thotcon 43
 
CircleCityCon 43
 
Wild West Hackin' Fest 43
 
Black Hat 44
 
Security Companies 44
 
Offensive Security 44
 
TrustedSec 44
 
Antisyphon 45
 
SANS 45
 
Online Options 46
 
Hackthebox 46
 
Tryhackme 46
 
Hackthissite 47
 
CTFs 47
 
YouTube 47
 
Higher Education 48
 
Gathering Intel 48
 
Tradecraft Intel 49
 
Project Zero 49
 
AttackerKB 49
 
Discord/Slack 50
 
Twitter 50
 
Organizational Intel 51
 
LinkedIn 51
 
Pastebin 52
 
GitHub 52
 
Message Boards 52
 
Internal Wikis 53
 
Haveibeenpwned 53
 
Summary 54
 
Notes 54
 
Chapter 4 Understanding the Offensive Toolset 55
 
Nmap/Zenmap 57
 
Burp Suite/ZAP 59
 
sqlmap 60
 
Wireshark 61
 
Metasploit Framework 63
 
Shodan 64
 
Social-Engineer Toolkit 66
 
Mimikatz 67
 
Responder 70
 
Cobalt Strike 71
 

About the author

CATHERINE J. ULLMAN is a security researcher, speaker, and Principal Technology Architect, Security at the University at Buffalo. She is a DFIR specialist and expert in incident management, intrusion detection, investigative services, and personnel case resolution. She offers security awareness training in an academic setting and is a well-known presenter at information security conferences, including DEF CON and Blue Team Con.

Summary

Immerse yourself in the offensive security mindset to better defend against attacks

In The Active Defender: Immersion in the Offensive Security Mindset, Principal Technology Architect, Security, Dr. Catherine J. Ullman delivers an expert treatment of the Active Defender approach to information security. In the book, you'll learn to understand and embrace the knowledge you can gain from the offensive security community. You'll become familiar with the hacker mindset, which allows you to gain emergent insight into how attackers operate and better grasp the nature of the risks and threats in your environment.

The author immerses you in the hacker mindset and the offensive security culture to better prepare you to defend against threats of all kinds. You'll also find:
* Explanations of what an Active Defender is and how that differs from traditional defense models
* Reasons why thinking like a hacker makes you a better defender
* Ways to begin your journey as an Active Defender and leverage the hacker mindset

An insightful and original book representing a new and effective approach to cybersecurity, The Active Defender will be of significant benefit to information security professionals, system administrators, network administrators, and other tech professionals with an interest or stake in their organization's information security.