Adversarial Tradecraft in Cybersecurity

Adversarial Tradecraft in Cybersecurity

This book provides some theories and tools to prepare readers for the fast-paced and subversive world of cyber conflict. This book is designed to give competitors in various infosec attack and defense competitions a serious advantage, through providing theory, scripts, and techniques that will put the opponent on the backfoot. These same strategies can easily be applied to a real-world cyber incident, giving incident responders new tricks to deceive and best attackers. This book draws from years of competition experience, many well-accepted industry concepts, and existing open source tools rather than reinventing the wheel each chapter. The goal of Adversarial Tradecraft in Cybersecurity is to dive deep into both deceptive attacker techniques and detections. This text starts with a chapter on theory to help prepare readers for the following chapters, followed by a chapter focused on setting up supporting infrastructure. After that, the book works through various escalating techniques that may be leveraged by either side in a cyber conflict. Chapters 3 through 8 cover tactics, techniques, and tools that both sides can leverage to get the advantage in a conflict. Chapter 8 specifically goes into how to resolve a conflict and remediate an intrusion such that the attacker doesn’t maintain access. A synopsis of each chapter can be found below, covering some of the high-level topics included in the book.

Who this book is for

This book is for intermediate cybersecurity practitioners, from defensive teams to offensive teams. This book can still be utilized by beginners, but it may require the aid of some heavy googling to get the required background information on topics I cover quickly. This book is designed to give practitioners an advantage in attack and defense competitions, such as the Collegiate Cyber Defense Competition (CCDC), although many of these techniques can be used in a real conflict or breach scenario.

What this book covers

Chapter 1, Theory on Adversarial Operations and Principles of Computer Conflict: This chapter is all about theory and setting the reader up with guidance for future chapters. This chapter covers topics such as adversarial theory, CIAAAN attributes, game theory, an overview of offense versus defense in computer security, various competitions these principles can be applied in, and seven additional principles of computer conflict.

Chapter 2, Preparing for Battle: This chapter is all about preparing for a competition, operation, or engagement. This chapter covers topics such as team building, long-term planning, operational planning, infrastructure setup, data collection, data management, KPIs, and tool development.

Chapter 3, Invisible is Best (Operating in Memory): This chapter is all about process injection, hiding in memory, and detecting process injection techniques. This chapter covers topics such as the offensive shift to memory operations, process injection with CreateRemoteThread, position-independent shellcode, automating Metasploit, detecting process injection, configuring defensive tools, and detecting malicious activity behaviorally.

Chapter 4, Blending In: This chapter is about the trade-off between in-memory operations and blending into normal activity. This chapter covers topics such as LOLbins, DLL search order hijacking, executable file infection, covert command and control (C2) channels, detecting covert C2, DNS logging, detecting backdoored executables, and various honey techniques.

Chapter 5, Active Manipulation: This chapter is about actively tampering with your opponent’s tools and sensors to deceive your opponents. This chapter covers topics such as deleting logs, backdooring frameworks, rootkits, detecting rootkits, and multiple methods for deceiving attackers.

Chapter 6, Real-Time Conflict: This chapter is about gaining the advantage when two operators are actively on the same machine. This chapter covers topics such as situational awareness, manipulating Bash history, keylogging, screenshots, gathering passwords, searching for secrets, triaging a system, performing root cause analysis, killing processes, blocking IP addresses, network quarantine, rotating credentials, and hacking back.

Chapter 7, The Research Advantage: This chapter is about gaining the advantage through research and automation during downtime. This chapter covers topics such as dominant strategies in CTFs, memory corruption, offensive targeting, software supply chain attacks, F3EAD, clandestine exploitation, threat modeling, application research, data logging, and attribution.

Chapter 8, Clearing the Field: This chapter is about ending the conflict and remediating a compromise. This chapter covers topics such as exfiltration with protocol tunneling, steganography in exfiltration, various anonymity networks, program security, rotating offensive tools, fully scoping an intrusion, containing an incident, remediation activities, post-mortem analysis, and forward-looking activities.


  • 关于本书的内容介绍、目录、详情等请在 AmazonGoolge Books 等售书网站搜索查看,本站仅展示封面作为参考。
  • 如无特殊说明,本站提供的所有pdf均为文字版(aka True PDF or Digitally Created PDF)。
  • 本站已经列出的所有图书均可以找到。
  • 收到PDF链接之后建议尽快下载或者保存到自己的百度网盘,防止链接过期失效。


扫描下方二维码添加微信号 bookyage 回复本书编号 220458 即可,我们会尽快(一般24小时之内)将本书PDF文件以百度网盘链接的形式发送给您。