Details
Python for Cybersecurity
Using Python for Cyber Offense and Defense1. Aufl.
|
19,99 € |
|
| Verlag: | Wiley |
| Format: | |
| Veröffentl.: | 01.02.2022 |
| ISBN/EAN: | 9781119850700 |
| Sprache: | englisch |
| Anzahl Seiten: | 240 |
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.
Beschreibungen
<p><b>Discover an up-to-date and authoritative exploration of Python cybersecurity strategies</b></p> <p><i>Python For Cybersecurity: Using Python for Cyber Offense and Defense</i> delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.</p> <p>Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:</p> <ul> <li>Reconnaissance, resource development, initial access, and execution</li> <li>Persistence, privilege escalation, defense evasion, and credential access</li> <li>Discovery, lateral movement, collection, and command and control</li> <li>Exfiltration and impact</li> </ul> <p>Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, <i>Python For Cybersecurity</i> offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.</p>
<p>Introduction xvii</p> <p><b>Chapter 1 Fulfilling Pre- ATT&CK Objectives 1</b></p> <p>Active Scanning 2</p> <p>Scanning Networks with scapy 2</p> <p>Implementing a SYN Scan in scapy 4</p> <p>Performing a DNS Scan in scapy 5</p> <p>Running the Code 5</p> <p>Network Scanning for Defenders 6</p> <p>Monitoring Traffic with scapy 7</p> <p>Building Deceptive Responses 8</p> <p>Running the Code 9</p> <p>Search Open Technical Databases 9</p> <p>Offensive DNS Exploration 10</p> <p>Searching DNS Records 11</p> <p>Performing a DNS Lookup 12</p> <p>Reverse DNS Lookup 12</p> <p>Running the Code 13</p> <p>DNS Exploration for Defenders 13</p> <p>Handling DNS Requests 15</p> <p>Building a DNS Response 15</p> <p>Running the Code 16</p> <p>Summary 17</p> <p>Suggested Exercises 17</p> <p><b>Chapter 2 Gaining Initial Access 19</b></p> <p>Valid Accounts 20</p> <p>Discovering Default Accounts 20</p> <p>Accessing a List of Default Credentials 21</p> <p>Starting SSH Connections in Python 22</p> <p>Performing Telnet Queries in Python 23</p> <p>Running the Code 24</p> <p>Account Monitoring for Defenders 24</p> <p><b>Introduction to Windows Event Logs 25</b></p> <p>Accessing Event Logs in Python 28</p> <p>Detecting Failed Logon Attempts 28</p> <p>Identifying Unauthorized Access to Default Accounts 30</p> <p>Running the Code 30</p> <p>Replication Through Removable Media 31</p> <p>Exploiting Autorun 31</p> <p>Converting Python Scripts to Windows Executables 32</p> <p>Generating an Autorun File 33</p> <p>Setting Up the Removable Media 34</p> <p>Running the Code 34</p> <p>Detecting Autorun Scripts 34</p> <p>Identifying Removable Drives 35</p> <p>Finding Autorun Scripts 36</p> <p>Detecting Autorun Processes 36</p> <p>Running the Code 36</p> <p>Summary 37</p> <p>Suggested Exercises 37</p> <p><b>Chapter 3 Achieving Code Execution 39</b></p> <p>Windows Management Instrumentation 40</p> <p>Executing Code with WMI 40</p> <p>Creating Processes with WMI 41</p> <p>Launching Processes with PowerShell 41</p> <p>Running the Code 42</p> <p>WMI Event Monitoring for Defenders 42</p> <p>WMI in Windows Event Logs 43</p> <p>Accessing WMI Event Logs in Python 45</p> <p>Processing Event Log XML Data 45</p> <p>Running the Code 46</p> <p>Scheduled Task/Job 47</p> <p>Scheduling Malicious Tasks 47</p> <p>Checking for Scheduled Tasks 48</p> <p>Scheduling a Malicious Task 48</p> <p>Running the Code 49</p> <p>Task Scheduling for Defenders 50</p> <p>Querying Scheduled Tasks 51</p> <p>Identifying Suspicious Tasks 52</p> <p>Running the Code 52</p> <p>Summary 53</p> <p>Suggested Exercises 53</p> <p><b>Chapter 4 Maintaining Persistence 55</b></p> <p>Boot or Logon Autostart Execution 56</p> <p>Exploiting Registry Autorun 56</p> <p>The Windows Registry and Autorun Keys 57</p> <p>Modifying Autorun Keys with Python 60</p> <p>Running the Code 61</p> <p>Registry Monitoring for Defenders 62</p> <p>Querying Windows Registry Keys 63</p> <p>Searching the HKU Hive 64</p> <p>Running the Code 64</p> <p>Hijack Execution Flow 65</p> <p>Modifying the Windows Path 65</p> <p>Accessing the Windows Path 66</p> <p>Modifying the Path 67</p> <p>Running the Code 68</p> <p>Path Management for Defenders 69</p> <p>Detecting Path Modification via Timestamps 69</p> <p>Enabling Audit Events 71</p> <p>Monitoring Audit Logs 73</p> <p>Running the Code 75</p> <p>Summary 76</p> <p>Suggested Exercises 76</p> <p><b>Chapter 5 Performing Privilege Escalation 77</b></p> <p>Boot or Logon Initialization Scripts 78</p> <p>Creating Malicious Logon Scripts 78</p> <p>Achieving Privilege Escalation with Logon Scripts 79</p> <p>Creating a Logon Script 79</p> <p>Running the Code 79</p> <p>Searching for Logon Scripts 80</p> <p>Identifying Autorun Keys 81</p> <p>Running the Code 81</p> <p>Hijack Execution Flow 81</p> <p>Injecting Malicious Python Libraries 82</p> <p>How Python Finds Libraries 82</p> <p>Creating a Python Library 83</p> <p>Running the Code 83</p> <p>Detecting Suspicious Python Libraries 83</p> <p>Identifying Imports 85</p> <p>Detecting Duplicates 85</p> <p>Running the Code 86</p> <p>Summary 86</p> <p>Suggested Exercises 87</p> <p><b>Chapter 6 Evading Defenses 89</b></p> <p>Impair Defenses 90</p> <p>Disabling Antivirus 90</p> <p>Disabling Antivirus Autorun 90</p> <p>Terminating Processes 93</p> <p>Creating Decoy Antivirus Processes 94</p> <p>Catching Signals 95</p> <p>Running the Code 95</p> <p>Hide Artifacts 95</p> <p>Concealing Files in Alternate Data Streams 96</p> <p>Exploring Alternate Data Streams 96</p> <p>Alternate Data Streams in Python 97</p> <p>Running the Code 98</p> <p>Detecting Alternate Data Streams 98</p> <p>Walking a Directory with Python 99</p> <p>Using PowerShell to Detect ADS 100</p> <p>Parsing PowerShell Output 101</p> <p>Running the Code 102</p> <p>Summary 102</p> <p>Suggested Exercises 103</p> <p><b>Chapter 7 Accessing Credentials 105</b></p> <p>Credentials from Password Stores 106</p> <p>Dumping Credentials from Web Browsers 106</p> <p>Accessing the Chrome Master Key 108</p> <p>Querying the Chrome Login Data Database 108</p> <p>Parsing Output and Decrypting Passwords 109</p> <p>Running the Code 109</p> <p>Monitoring Chrome Passwords 110</p> <p>Enabling File Auditing 110</p> <p>Detecting Local State Access Attempts 111</p> <p>Running the Code 113</p> <p>Network Sniffing 114</p> <p>Sniffing Passwords with scapy 114</p> <p>Port- Based Protocol Identification 116</p> <p>Sniffing FTP Passwords 116</p> <p>Extracting SMTP Passwords 117</p> <p>Tracking Telnet Authentication State 119</p> <p>Running the Code 121</p> <p>Creating Deceptive Network Connections 121</p> <p>Creating Decoy Connections 122</p> <p>Running the Code 122</p> <p>Summary 123</p> <p>Suggested Exercises 123</p> <p><b>Chapter 8 Performing Discovery 125</b></p> <p>Account Discovery 126</p> <p>Collecting User Account Data 126</p> <p>Identifying Administrator Accounts 127</p> <p>Collecting User Account Information 128</p> <p>Accessing Windows Password Policies 128</p> <p>Running the Code 129</p> <p>Monitoring User Accounts 130</p> <p>Monitoring Last Login Times 130</p> <p>Monitoring Administrator Login Attempts 131</p> <p>Running the Code 132</p> <p>File and Directory Discovery 133</p> <p>Identifying Valuable Files and Folders 133</p> <p>Regular Expressions for Data Discovery 135</p> <p>Parsing Different File Formats 135</p> <p>Running the Code 136</p> <p>Creating Honeypot Files and Folders 136</p> <p>Monitoring Decoy Content 136</p> <p>Creating the Decoy Content 137</p> <p>Running the Code 138</p> <p>Summary 138</p> <p>Suggested Exercises 139</p> <p><b>Chapter 9 Moving Laterally 141</b></p> <p>Remote Services 142</p> <p>Exploiting Windows Admin Shares 142</p> <p>Enabling Full Access to Administrative Shares 143</p> <p>Transferring Files via Administrative Shares 144</p> <p>Executing Commands on Administrative Shares 144</p> <p>Running the Code 144</p> <p>Admin Share Management for Defenders 145</p> <p>Monitoring File Operations 146</p> <p>Detecting Authentication Attempts 147</p> <p>Running the Code 148</p> <p>Use Alternative Authentication Material 148</p> <p>Collecting Web Session Cookies 149</p> <p>Accessing Web Session Cookies 150</p> <p>Running the Code 150</p> <p>Creating Deceptive Web Session Cookies 151</p> <p>Creating Decoy Cookies 151</p> <p>Monitoring Decoy Cookie Usage 153</p> <p>Running the Code 153</p> <p>Summary 154</p> <p>Suggested Exercises 155</p> <p><b>Chapter 10 Collecting Intelligence 157</b></p> <p>Clipboard Data 158</p> <p>Collecting Data from the Clipboard 158</p> <p>Accessing the Windows Clipboard 159</p> <p>Replacing Clipboard Data 159</p> <p>Running the Code 160</p> <p>Clipboard Management for Defenders 160</p> <p>Monitoring the Clipboard 161</p> <p>Processing Clipboard Messages 161</p> <p>Identifying the Clipboard Owner 161</p> <p>Running the Code 162</p> <p>Email Collection 162</p> <p>Collecting Local Email Data 162</p> <p>Accessing Local Email Caches 163</p> <p>Running the Code 163</p> <p>Protecting Against Email Collection 164</p> <p>Identifying Email Caches 165</p> <p>Searching Archive Files 165</p> <p>Running the Code 166</p> <p>Summary 166</p> <p>Suggested Exercises 166</p> <p><b>Chapter 11 Implementing Command and Control 169</b></p> <p>Encrypted Channel 170</p> <p>Command and Control Over Encrypted Channels 170</p> <p>Encrypted Channel Client 171</p> <p>Encrypted Channel Server 172</p> <p>Running the Code 173</p> <p>Detecting Encrypted C2 Channels 174</p> <p>Performing Entropy Calculations 175</p> <p>Detecting Encrypted Traffic 175</p> <p>Running the Code 176</p> <p>Protocol Tunneling 176</p> <p>Command and Control via Protocol Tunneling 176</p> <p>Protocol Tunneling Client 177</p> <p>Protocol Tunneling Server 177</p> <p>Running the Code 179</p> <p>Detecting Protocol Tunneling 179</p> <p>Extracting Field Data 181</p> <p>Identifying Encoded Data 181</p> <p>Running the Code 181</p> <p>Summary 182</p> <p>Suggested Exercises 182</p> <p><b>Chapter 12 Exfiltrating Data 183</b></p> <p>Alternative Protocols 184</p> <p>Data Exfiltration Over Alternative Protocols 184</p> <p>Alternative Protocol Client 185</p> <p>Alternative Protocol Server 186</p> <p>Running the Code 188</p> <p>Detecting Alternative Protocols 189</p> <p>Detecting Embedded Data 190</p> <p>Running the Code 191</p> <p>Non- Application Layer Protocols 191</p> <p>Data Exfiltration via Non- Application Layer Protocols 192</p> <p>Non- Application Layer Client 193</p> <p>Non- Application Layer Server 193</p> <p>Running the Code 194</p> <p>Detecting Non- Application Layer Exfiltration 195</p> <p>Identifying Anomalous Type and Code Values 196</p> <p>Running the Code 196</p> <p>Summary 197</p> <p>Suggested Exercises 197</p> <p><b>Chapter 13 Achieving Impact 199</b></p> <p>Data Encrypted for Impact 200</p> <p>Encrypting Data for Impact 200</p> <p>Identifying Files to Encrypt 201</p> <p>Encrypting and Decrypting Files 202</p> <p>Running the Code 202</p> <p>Detecting File Encryption 203</p> <p>Finding Files of Interest 204</p> <p>Calculating File Entropies 204</p> <p>Running the Code 205</p> <p>Account Access Removal 205</p> <p>Removing Access to User Accounts 205</p> <p>Changing Windows Passwords 207</p> <p>Changing Linux Passwords 207</p> <p>Running the Code 207</p> <p>Detecting Account Access Removal 208</p> <p>Detecting Password Changes in Windows 209</p> <p>Detecting Password Changes in Linux 210</p> <p>Running the Code 211</p> <p>Summary 211</p> <p>Suggested Exercises 212</p> <p>Index 213</p>
<p><b>HOWARD E. POSTON III</b> is a freelance consultant and content creator with a professional focus on blockchain and cybersecurity. He has over ten years’ experience in programming with Python and has developed and taught over a dozen courses teaching cybersecurity. He is a sought-after speaker on blockchain and cybersecurity at international security conferences.
<p><b>REAL-WORLD CYBERSECURITY APPLICATIONS FOR PYTHON</b> <p>The Python programming language is easy to learn, tremendously powerful, and increasingly being used for sophisticated cybersecurity applications. Python is capable of delivering both offensive and defensive cybersecurity automation, reducing the cost in time and money for network security professionals engaged in defending small and large systems. <p>In<i> Python<sup>®</sup> for Cybersecurity: Using Python for Cyber Offense and Defense,</i> veteran blockchain and cybersecurity educator Howard Poston offers readers a structured and hands-on introduction to the use of Python in the context of computer security. Using the MITRE ATT&CK framework as a set of guideposts, the book explores the lifecycle of a cyberattack and how Python code can be used to overcome critical challenges and threats at each stage of the attack process. <p>Perfect for cybersecurity professionals—including SOC analyst penetration testers, and Chief Information Security Officers—Python for Cybersecurity will also earn a place in the libraries of Python programmers and cybersecurity enthusiasts seeking an incisive and practical exploration of the cybersecurity applications of one of the world’s most popular programming languages. <p>Along with real-world use cases and fully functional code examples, the book provides readers with Python applications in a wide variety of areas, including: <ul><li> <b>INTELLIGENCE COLLECTION AND RECONNAISSANCE</b></li> <li><b>VULNERABILITY EXPLOITATION AND LATERAL MOVEMENT</b></li> <li><b>COMMAND AND CONTROL</b></li> <li><b>PERSISTENCE AND PRIVILEGE ESCALATION</b></li> <li><b>EXTRACTION AND ENCRYPTION OF VALUABLE DATA</b></li></ul>
Diese Produkte könnten Sie auch interessieren:
MDX Solutions
von: George Spofford, Sivakumar Harinath, Christopher Webb, Dylan Hai Huang, Francesco Civardi
53,99 €
