Details

The Art of Attack

The Art of Attack

Attacker Mindset for Security Professionals
1. Aufl.

von: Maxie Reynolds

19,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 08.07.2021
ISBN/EAN: 9781119805472
Sprache: englisch
Anzahl Seiten: 304

In den Warenkorb
Als Gutschein
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

Titelbeschreibung

<p><b>Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers</b></p> <p>In <i>The Art of Attack: Attacker Mindset for Security Professionals,</i> experienced physical pentester and social engineer Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to use it to their advantage. Adopting this mindset will result in the improvement of security, offensively and defensively, by allowing you to see your environment objectively through the eyes of an attacker.</p> <p>The book shows you the laws of the mindset and the techniques attackers use, from persistence to "start with the end" strategies and non-linear thinking, that make them so dangerous. You'll discover:</p> <ul> <li>A variety of attacker strategies, including approaches, processes, reconnaissance, privilege escalation, redundant access, and escape techniques</li> <li>The unique tells and signs of an attack and how to avoid becoming a victim of one</li> <li>What the science of psychology tells us about amygdala hijacking and other tendencies that you need to protect against</li> </ul> <p>Perfect for red teams, social engineers, pentesters, and ethical hackers seeking to fortify and harden their systems and the systems of their clients, <i>The Art of Attack</i> is an invaluable resource for anyone in the technology security space seeking a one-stop resource that puts them in the mind of an attacker.</p>

Inhaltsverzeichnis

<p>About the Author v</p> <p>Acknowledgments vii</p> <p>Introduction xv</p> <p><b>Part I: the Attacker Mindset 1</b></p> <p><b>Chapter 1: What Is the Attacker Mindset? 3</b></p> <p>Using the Mindset 6</p> <p>The Attacker and the Mindset 9</p> <p>AMs Is a Needed Set of Skills 11</p> <p>A Quick Note on Scope 13</p> <p>Summary 16</p> <p>Key Message 16</p> <p><b>Chapter 2: Offensive vs. Defensive Attacker Mindset 17</b></p> <p>The Offensive Attacker Mindset 20</p> <p>Comfort and Risk 22</p> <p>Planning Pressure and Mental Agility 23</p> <p>Emergency Conditioning 26</p> <p>Defensive Attacker Mindset 31</p> <p>Consistency and Regulation 31</p> <p>Anxiety Control 32</p> <p>Recovery, Distraction, and Maintenance 34</p> <p>OAMs and DAMs Come Together 35</p> <p>Summary 35</p> <p>Key Message 36</p> <p><b>Chapter 3: The Attacker Mindset Framework 37</b></p> <p>Development 39</p> <p>Phase 1 43</p> <p>Phase 2 47</p> <p>Application 48</p> <p>Preloading 51</p> <p>“Right Time, Right Place” Preload 51</p> <p>Ethics 52</p> <p>Intellectual Ethics 53</p> <p>Reactionary Ethics 53</p> <p>Social Engineering and Security 57</p> <p>Social Engineering vs. AMs 59</p> <p>Summary 60</p> <p>Key Message 60</p> <p><b>Part II: the Laws and Skills 63</b></p> <p><b>Chapter 4: The Laws 65</b></p> <p>Law 1: Start with the End in Mind 65</p> <p>End to Start Questions 66</p> <p>Robbing a Bank 68</p> <p>Bringing It All together 70</p> <p>The Start of the End 71</p> <p>Clarity 71</p> <p>Efficiency 72</p> <p>The Objective 72</p> <p>How to Begin with the End in Mind 73</p> <p>Law 2: Gather, Weaponize, and Leverage Information 75</p> <p>Law 3: Never Break Pretext 77</p> <p>Law 4: Every Move Made Benefits the Objective 80</p> <p>Summary 81</p> <p>Key Message 82</p> <p><b>Chapter 5: Curiosity, Persistence, and Agility 83</b></p> <p>Curiosity 86</p> <p>The Exercise: Part 1 87</p> <p>The Exercise: Part 2 89</p> <p>Persistence 92</p> <p>Skills and Common Sense 95</p> <p>Professional Common Sense 95</p> <p>Summary 98</p> <p>Key Message 98</p> <p><b>Chapter 6: Information Processing: Observation and Thinking Techniques 99</b></p> <p>Your Brain vs. Your Observation 102</p> <p>Observation vs. Heuristics 107</p> <p>Heuristics 107</p> <p>Behold Linda 108</p> <p>Observation vs. Intuition 109</p> <p>Using Reasoning and Logic 112</p> <p>Observing People 114</p> <p>Observation Exercise 116</p> <p>AMs and Observation 122</p> <p>Tying It All Together 123</p> <p>Critical and Nonlinear Thinking 124</p> <p>Vector vs. Arc 127</p> <p>Education and Critical Thinking 128</p> <p>Workplace Critical Thinking 128</p> <p>Critical Thinking and Other Psychological Constructs 129</p> <p>Critical Thinking Skills 130</p> <p>Nonlinear Thinking 131</p> <p>Tying Them Together 132</p> <p>Summary 133</p> <p>Key Message 134</p> <p><b>Chapter 7: Information Processing in Practice 135</b></p> <p>Reconnaissance 136</p> <p>Recon: Passive 145</p> <p>Recon: Active 149</p> <p>Osint 150</p> <p>OSINT Over the Years 150</p> <p>Intel Types 153</p> <p>Alternative Data in OSINT 154</p> <p>Signal vs. Noise 155</p> <p>Weaponizing of Information 158</p> <p>Tying Back to the Objective 160</p> <p>Summary 170</p> <p>Key Message 170</p> <p><b>Part III: Tools and Anatomy 171</b></p> <p><b>Chapter 8: Attack Strategy 173</b></p> <p>Attacks in Action 175</p> <p>Strategic Environment 177</p> <p>The Necessity of Engagement and Winning 179</p> <p>The Attack Surface 183</p> <p>Vulnerabilities 183</p> <p>AMs Applied to the Attack Vectors 184</p> <p>Phishing 184</p> <p>Mass Phish 185</p> <p>Spearphish 186</p> <p>Whaling 187</p> <p>Vishing 190</p> <p>Smishing/Smshing 195</p> <p>Impersonation 196</p> <p>Physical 199</p> <p>Back to the Manhattan Bank 200</p> <p>Summary 203</p> <p>Key Message 203</p> <p><b>Chapter 9: Psychology in Attacks 205</b></p> <p>Setting The Scene: Why Psychology Matters 205</p> <p>Ego Suspension, Humility & Asking for Help 210</p> <p>Humility 215</p> <p>Asking for Help 216</p> <p>Introducing the Target- Attacker Window Model 217</p> <p>Four TAWM Regions 218</p> <p>Target Psychology 221</p> <p>Optimism Bias 225</p> <p>Confirmation Bias and Motivated Reasoning 228</p> <p>Framing Effect 231</p> <p>Thin- Slice Assessments 233</p> <p>Default to Truth 236</p> <p>Summary 239</p> <p>Key Message 239</p> <p><b>Part IV: AFTER AMs 241</b></p> <p><b>Chapter 10: Staying Protected— The Individual 243</b></p> <p>Attacker Mindset for Ordinary People 243</p> <p>Behavioral Security 246</p> <p>Amygdala Hijacking 250</p> <p>Analyze Your Attack Surface 252</p> <p>Summary 256</p> <p>Key Message 256</p> <p><b>Chapter 11: Staying Protected— The Business 257</b></p> <p>Indicators of Attack 258</p> <p>Nontechnical Measures 258</p> <p>Testing and Red Teams 261</p> <p>Survivorship Bias 261</p> <p>The Complex Policy 263</p> <p>Protection 264</p> <p>Antifragile 264</p> <p>The Full Spectrum of Crises 266</p> <p>AMs on the Spectrum 268</p> <p>Final Thoughts 269</p> <p>Summary 270</p> <p>Key Message 271</p> <p>Index 273</p>

Autorenportrait

<P><B>MAXIE REYNOLDS</B> is Technical Team Lead for Social-Engineer, LLC leading their efforts as a physical pentester and social engineer. She is a certified Ethical Hacker, Digital Forensic Investigator, and Social Engineer. She holds degrees in Computer Science, Underwater Robotics, and is qualified in Quantum Computing. She has worked as a physical pentester for banks, transport agencies, and other industries.</P>

Back cover copy

<P><B>Elevate your ethical social engineering and hacking skills with a proven set of techniques</B></P> <P>Unethical social engineers use deception to manipulate people into doing things contrary to their best interests. Whether this means attempting to discover passwords or gaining access to data, assets or physical locations, they use dishonest techniques to their benefit. Ethical social engineers and hackers, on the other hand, are paid by companies to use social engineering and attacker mindset (AMs) to legitimately probe systems, processes, and people for weaknesses so those vulnerabilities can be addressed, and future damages prevented. <P>In <I>The Art of Attack,</I> accomplished social engineer and physical pentester Maxie Reynolds delivers an inside look at the attacker mindset, how best to use it and how to defend against it. The book explores the principles of the attacker mindset, including where to start an attack, persistence, non-linear thinking, observation techniques as well as the skills and laws of the mindset. It delves into processes, how to engage in reconnaissance and privilege escalation, and how to obtain redundant access, all without being detected. <P><I>The Art of Attack</I> is an invaluable resource for social engineers, pentesters, red teams and anyone in cybersecurity. You’ll discover how to: <UL><LI><B> Discover strategic tools you need to build your attacker mindset, including attack formation, process, recon, and more.</LI> <LI> Utilize the skills and laws of attacker mindset.</LI> <LI>Detect the unique tells of an attack and how to avoid becoming a victim of one.</B></LI></UL>

Country of final manufacture

US

Diese Produkte könnten Sie auch interessieren:

MDX Solutions
MDX Solutions
von: George Spofford, Sivakumar Harinath, Christopher Webb, Dylan Hai Huang, Francesco Civardi
PDF ebook
53,99 €
Concept Data Analysis
Concept Data Analysis
von: Claudio Carpineto, Giovanni Romano
PDF ebook
107,99 €
Handbook of Virtual Humans
Handbook of Virtual Humans
von: Nadia Magnenat-Thalmann, Daniel Thalmann
PDF ebook
150,99 €