Python for Cybersecurity - Howard E Poston

. .

Auteur(s) : Howard E Poston

Editeur : Wiley

Langue : Anglais

Parution : 01/03/2022

Format : Moyen, de 350g à 1kg

Nombre de pages : 240

Expédition : 413

Dimensions : 23.4 x 19.1 x 1.5

ISBN : 1119850649

Résumé :

Discover an up-to-date and authoritative exploration of Python cybersecurity strategies

Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.

Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:

• Reconnaissance, resource development, initial access, and execution
• Persistence, privilege escalation, defense evasion, and credential access
• Discovery, lateral movement, collection, and command and control
• Exfiltration and impact

Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.

...

Biographie:

HOWARD E. POSTON III is a freelance consultant and content creator with a professional focus on blockchain and cybersecurity. He has over ten years' experience in programming with Python and has developed and taught over a dozen courses teaching cybersecurity. He is a sought-after speaker on blockchain and cybersecurity at international security conferences....

Sommaire:

Introduction xvii

Chapter 1 Fulfilling Pre- ATT&CK Objectives 1

Active Scanning 2

Scanning Networks with scapy 2

Implementing a SYN Scan in scapy 4

Performing a DNS Scan in scapy 5

Running the Code 5

Network Scanning for Defenders 6

Monitoring Traffic with scapy 7

Building Deceptive Responses 8

Running the Code 9

Search Open Technical Databases 9

Offensive DNS Exploration 10

Searching DNS Records 11

Performing a DNS Lookup 12

Reverse DNS Lookup 12

Running the Code 13

DNS Exploration for Defenders 13

Handling DNS Requests 15

Building a DNS Response 15

Running the Code 16

Summary 17

Suggested Exercises 17

Chapter 2 Gaining Initial Access 19

Valid Accounts 20

Discovering Default Accounts 20

Accessing a List of Default Credentials 21

Starting SSH Connections in Python 22

Performing Telnet Queries in Python 23

Running the Code 24

Account Monitoring for Defenders 24

Introduction to Windows Event Logs 25

Accessing Event Logs in Python 28

Detecting Failed Logon Attempts 28

Identifying Unauthorized Access to Default Accounts 30

Running the Code 30

Replication Through Removable Media 31

Exploiting Autorun 31

Converting Python Scripts to Windows Executables 32

Generating an Autorun File 33

Setting Up the Removable Media 34

Running the Code 34

Detecting Autorun Scripts 34

Identifying Removable Drives 35

Finding Autorun Scripts 36

Detecting Autorun Processes 36

Running the Code 36

Summary 37

Suggested Exercises 37

Chapter 3 Achieving Code Execution 39

Windows Management Instrumentation 40

Executing Code with WMI 40

Creating Processes with WMI 41

Launching Processes with PowerShell 41

Running the Code 42

WMI Event Monitoring for Defenders 42

WMI in Windows Event Logs 43

Accessing WMI Event Logs in Python 45

Processing Event Log XML Data 45

Running the Code 46

Scheduled Task/Job 47

Scheduling Malicious Tasks 47

Checking for Scheduled Tasks 48

Scheduling a Malicious Task 48

Running the Code 49

Task Scheduling for Defenders 50

Querying Scheduled Tasks 51

Identifying Suspicious Tasks 52

Running the Code 52

Summary 53

Suggested Exercises 53

Chapter 4 Maintaining Persistence 55

Boot or Logon Autostart Execution 56

Exploiting Registry Autorun 56

The Windows Registry and Autorun Keys 57

Modifying Autorun Keys with Python 60

Running the Code 61

Registry Monitoring for Defenders 62

Querying Windows Registry Keys 63

Searching the HKU Hive 64

Running the Code 64

Hijack Execution Flow 65

Modifying the Windows Path 65

Accessing the Windows Path 66

Modifying the Path 67

Running the Code 68

Path Management for Defenders 69

Detecting Path Modification via Timestamps 69

Enabling Audit Events 71

Monitoring Audit Logs 73

Running the Code 75

Summary 76

Suggested Exercises 76

Chapter 5 Performing Privilege Escalation 77

Boot or Logon Initialization Scripts 78

Creating Malicious Logon Scripts 78

Achieving Privilege Escalation with Logon Scripts 79

Creating a Logon Script 79

Running the Code 79

Searching for Logon Scripts 80

Identifying Autorun Keys 81

Running the Code 81

Hijack Execution Flow 81

Injecting Malicious ...