Cybersecurity Ops with bash. Attack, Defend, and Analyze from the Command Line - Helion
ebook
Autor: Paul Troncone, Carl Albing Ph. D.ISBN: 978-14-920-4126-9
stron: 306, Format: ebook
Data wydania: 2019-04-02
Księgarnia: Helion
Cena książki: 186,15 zł (poprzednio: 216,45 zł)
Oszczędzasz: 14% (-30,30 zł)
If you hope to outmaneuver threat actors, speed and efficiency need to be key components of your cybersecurity operations. Mastery of the standard command-line interface (CLI) is an invaluable skill in times of crisis because no other software application can match the CLI’s availability, flexibility, and agility. This practical guide shows you how to use the CLI with the bash shell to perform tasks such as data collection and analysis, intrusion detection, reverse engineering, and administration.
Authors Paul Troncone, founder of Digadel Corporation, and Carl Albing, coauthor of bash Cookbook (O’Reilly), provide insight into command-line tools and techniques to help defensive operators collect data, analyze logs, and monitor networks. Penetration testers will learn how to leverage the enormous amount of functionality built into nearly every version of Linux to enable offensive operations.
In four parts, security practitioners, administrators, and students will examine:
- Foundations: Principles of defense and offense, command-line and bash basics, and regular expressions
- Defensive security operations: Data collection and analysis, real-time log monitoring, and malware analysis
- Penetration testing: Script obfuscation and tools for command-line fuzzing and remote access
- Security administration: Users, groups, and permissions; device and software inventory
Osoby które kupowały "Cybersecurity Ops with bash. Attack, Defend, and Analyze from the Command Line", wybierały także:
- Profesjonalne testy penetracyjne. Zbuduj własne środowisko do testów 67,42 zł, (20,90 zł -69%)
- Spring Security. Kurs video. Metody zabezpieczania aplikacji webowych 69,00 zł, (31,05 zł -55%)
- Bezpieczeństwo systemów informatycznych. Zasady i praktyka. Wydanie IV. Tom 2 99,00 zł, (49,50 zł -50%)
- Hartowanie Linuksa we wrogich środowiskach sieciowych. Ochrona serwera od TLS po Tor 59,00 zł, (29,50 zł -50%)
- Przetwarzanie danych w dużej skali. Niezawodność, skalowalność i łatwość konserwacji systemów 89,00 zł, (44,50 zł -50%)
Spis treści
Cybersecurity Ops with bash. Attack, Defend, and Analyze from the Command Line eBook -- spis treści
- Preface
- Who This Book Is For
- Bash or bash
- Script Robustness
- Workshops
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- Disclaimer
- I. Foundations
- 1. Command-Line Primer
- The Command Line Defined
- Why bash?
- Command-Line Illustrations
- Running Linux and bash on Windows
- Git Bash
- Cygwin
- Windows Subsystem for Linux
- Windows Command Prompt and PowerShell
- Command-Line Basics
- Commands, Arguments, Built-ins, and Keywords
- Standard Input/Output/Error
- Redirection and Piping
- Running Commands in the Background
- From Command Line to Script
- Summary
- Workshop
- 2. Bash Primer
- Output
- Variables
- Positional Parameters
- Input
- Conditionals
- Looping
- Functions
- Function Arguments
- Returning Values
- Pattern Matching in bash
- Writing Your First ScriptDetecting Operating System Type
- Summary
- Workshop
- 3. Regular Expressions Primer
- Commands in Use
- grep
- Common command options
- Command example
- grep and egrep
- grep
- Regular Expression Metacharacters
- The . Metacharacter
- The ? Metacharacter
- The * Metacharacter
- The + Metacharacter
- Grouping
- Brackets and Character Classes
- Back References
- Quantifiers
- Anchors and Word Boundaries
- Summary
- Workshop
- Commands in Use
- 4. Principles of Defense and Offense
- Cybersecurity
- Confidentiality
- Integrity
- Availability
- Nonrepudiation
- Authentication
- The Attack Life Cycle
- Reconnaissance
- Initial Exploitation
- Establish Foothold
- Escalate Privileges
- Internal Reconnaissance
- Lateral Movement
- Maintain Presence
- Complete Mission
- Summary
- Cybersecurity
- II. Defensive Security Operations with bash
- 5. Data Collection
- Commands in Use
- cut
- Common command options
- Command example
- file
- Common command options
- Command example
- head
- Common command options
- reg
- Common command parameters
- Command example
- wevtutil
- Common command parameters
- Common command options
- Command example
- cut
- Gathering System Information
- Executing a Command Remotely Using SSH
- Gathering Linux Logfiles
- Gathering Windows Logfiles
- Gathering System Information
- Gathering the Windows Registry
- Searching the Filesystem
- Searching by Filename
- Searching for Hidden Files
- Searching by File Size
- Searching by Time
- Searching for Content
- Searching by File Type
- Searching by Message Digest Value
- Transferring Data
- Summary
- Workshop
- Commands in Use
- 6. Data Processing
- Commands in Use
- awk
- Common command options
- Command example
- join
- Common command options
- Command example
- sed
- Common command options
- Command example
- tail
- Common command options
- Command example
- tr
- Common command options
- Command example
- awk
- Processing Delimited Files
- Iterating Through Delimited Data
- Processing by Character Position
- Processing XML
- Processing JSON
- Aggregating Data
- Summary
- Workshop
- Commands in Use
- 7. Data Analysis
- Commands in Use
- sort
- Common command options
- Command example
- uniq
- Common command options
- sort
- Web Server Access Log Familiarization
- Sorting and Arranging Data
- Counting Occurrences in Data
- Totaling Numbers in Data
- Displaying Data in a Histogram
- Finding Uniqueness in Data
- Identifying Anomalies in Data
- Summary
- Workshop
- Commands in Use
- 8. Real-Time Log Monitoring
- Monitoring Text Logs
- Log-Based Intrusion Detection
- Monitoring Windows Logs
- Generating a Real-Time Histogram
- Summary
- Workshop
- Monitoring Text Logs
- 9. Tool: Network Monitor
- Commands in Use
- crontab
- Common command options
- schtasks
- Common command options
- crontab
- Step 1: Creating a Port Scanner
- Step 2: Comparing to Previous Output
- Step 3: Automation and Notification
- Scheduling a Task in Linux
- Scheduling a Task in Windows
- Summary
- Workshop
- Commands in Use
- 10. Tool: Filesystem Monitor
- Commands in Use
- sdiff
- Common command options
- Command example
- sdiff
- Step 1: Baselining the Filesystem
- Step 2: Detecting Changes to the Baseline
- Step 3: Automation and Notification
- Summary
- Workshop
- Commands in Use
- 11. Malware Analysis
- Commands in Use
- curl
- Common command options
- Command example
- vi
- Command example
- xxd
- Common command options
- Command example
- curl
- Reverse Engineering
- Hexadecimal, Decimal, Binary, and ASCII Conversions
- Analyzing with xxd
- Hex editor
- Extracting Strings
- Interfacing with VirusTotal
- Searching the Database by Hash Value
- Scanning a File
- Scanning URLs, Domains, and IP Addresses
- Summary
- Workshop
- Commands in Use
- 12. Formatting and Reporting
- Commands in Use
- tput
- Common command parameters
- tput
- Formatting for Display and Print with HTML
- Creating a Dashboard
- Summary
- Workshop
- Commands in Use
- III. Penetration Testing with bash
- 13. Reconnaissance
- Commands in Use
- ftp
- Common command options
- Command example
- ftp
- Crawling Websites
- Automated Banner Grabbing
- Summary
- Workshop
- Commands in Use
- 14. Script Obfuscation
- Commands in Use
- base64
- Common command options
- Command example
- eval
- Command example
- base64
- Obfuscating Syntax
- Obfuscating Logic
- Encrypting
- Cryptography Primer
- Encryption
- Decryption
- Cryptographic key
- Encrypting the Script
- Creating the Wrapper
- Creating Your Own Crypto
- Cryptography Primer
- Summary
- Workshop
- Commands in Use
- 15. Tool: Command-Line Fuzzer
- Implementation
- Summary
- Workshop
- 16. Establishing a Foothold
- Commands in Use
- nc
- Common command options
- Command example
- nc
- Single-Line Backdoors
- Reverse SSH
- Bash Backdoor
- Custom Remote-Access Tool
- Implementation
- Summary
- Workshop
- Commands in Use
- IV. Security Administration with bash
- 17. Users, Groups, and Permissions
- Commands in Use
- chmod
- Common command options
- chown
- Common command options
- getfacl
- Common command options
- groupadd
- Common command options
- setfacl
- Common command options
- useradd
- Common command options
- usermod
- Common command options
- icacls
- Common command options
- net
- Common command options
- chmod
- Users and Groups
- Creating Linux Users and Groups
- Creating Windows Users and Groups
- File Permissions and Access Control Lists
- Linux File Permissions
- Linux access control lists
- Windows File Permissions
- Linux File Permissions
- Making Bulk Changes
- Summary
- Workshop
- Commands in Use
- 18. Writing Log Entries
- Commands in Use
- eventcreate
- Common command options
- logger
- Common command options
- eventcreate
- Writing Windows Logs
- Writing Linux Logs
- Summary
- Workshop
- Commands in Use
- 19. Tool: System Availability Monitor
- Commands in Use
- ping
- Common command options
- Command example
- ping
- Implementation
- Summary
- Workshop
- Commands in Use
- 20. Tool: Software Inventory
- Commands in Use
- apt
- Common command options
- Command example
- dpkg
- Common command options
- Command example
- wmic
- Common command options
- Command example
- yum
- Common command options
- Command example
- apt
- Implementation
- Identifying Other Software
- Summary
- Workshop
- Commands in Use
- 21. Tool: Validating Configuration
- Implementation
- Summary
- Workshop
- 22. Tool: Account Auditing
- Have I Been Pwned?
- Checking for a Breached Password
- Checking for a Breached Email Address
- Batch-Processing Emails
- Summary
- Workshop
- 23. Conclusion
- Index