Book description
By incorporating cyber threat intelligence, adversary emulation provides a form of cybersecurity assessment that mimics advanced persistent threat (APT) tactics, techniques, and procedures (TTPs). This comprehensive guide introduces an empirical approach with strategies and processes collected over a decade of experience in the cybersecurity field. You'll learn to assess resilience against coordinated and stealthy threat actors capable of harming an organization.
Author Drinor Selmanaj demonstrates adversary emulation for offensive operators and defenders using practical examples and exercises that actively model adversary behavior. Each emulation plan includes different hands-on scenarios, such as smash-and-grab or slow-and-deliberate. This book uses the MITRE ATT&CK knowledge base as a foundation to describe and categorize TTPs based on real-world observations and provides a common language that's standardized and accessible to everyone.
You'll learn how to:
- Map cyber threat intelligence to ATT&CK
- Define adversary emulation goals and objectives
- Research adversary emulation TTPs using ATT&CK knowledge base
- Plan adversary emulation activity
- Implement adversary tradecraft
- Conduct adversary emulation
- Communicate adversary emulation findings
- Automate adversary emulation to support repeatable testing
- Execute FIN6, APT3, and APT29 emulation plans
Publisher resources
Table of contents
- Preface
- I. Understanding Adversary Emulation
- 1. Introduction
- 2. Advanced Persistent Threats
- 3. Dissecting Frameworks and Strategies
- 4. The Adversary’s Modus Operandi
-
5. In-the-Wild Use of ATT&CK TTPs
-
Step-by-Step Procedures
- Executing a Spearphishing Attachment
- Demystifying Command and Scripting Interpreter
- Modify SSH Authorized Keys
- Deobfuscate/Decode Files or Information
- How Threat Actors Conceal Their Artifacts
- Password Spray All Domain Users
- Delving into Network Communications
- OS Credential Dumping
- Uncovering Local and Domain Users
- How to Propagate Through Removable Media
- Abusing Alternate Authentication Protocols
- Harnessing Automation
- SSH for Exfiltration over Alternative Protocol
- Data Held Hostage Using GPG
- Active Learning Experience
-
Putting Theory to the Test
- Network and Host Exploration
- Brute-Forcing with Hydra
- Executing Malicious Payload in Froxlor
- Fabricating Logfiles to Inject Malicious Code
- Execution via Command and Scripting Interpreter
- Discovery Through Command-Line Analysis
- Jumping Across Remote Services
- Hijacking Linux Shared Directories
- Capability Development for Resource Creation
- Compromising System Security with PAM Backdoor
- Stealthy Data Archiving
- Application Layer Protocol for Command and Control
- Alternative Protocol Exfiltration
- Ransomware Impact
- Summary
-
Step-by-Step Procedures
- 6. The Power of Visualization
- 7. Cyber Threat Intelligence
- II. Adversary Emulation Operations
- 8. Establishing Goals for Adversary Emulation
- 9. Researching Adversary Tradecraft
- 10. Engagement Planning
- 11. Implementing Adversary Tradecraft
- 12. Executing Adversary Tradecraft
- 13. Adversary Emulation Resources
- III. Hands-on Adversary Emulation
- 14. FIN6 Emulation Plan
- 15. APT3 Emulation Plan
- 16. APT29 Emulation Plan
- About the Author
Product information
- Title: Adversary Emulation with MITRE ATT&CK
- Author(s):
- Release date: April 2024
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781098169473
You might also like
book
Evading EDR
Nearly every enterprise uses an Endpoint Detection and Response (EDR) agent to monitor the devices on …
video
Linux Fundamentals, 2nd Edition
10+ Hours of Video Instruction More than 10 hours of video instruction to get you up …
book
Hacking Kubernetes
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide …
book
Hacking APIs
An Application Programming Interface (API) is a software connection that allows applications to communicate and share …