subscription.packtpub.com
Open in
urlscan Pro
2606:4700:10::6816:af
Public Scan
URL:
https://subscription.packtpub.com/book/security/9781838828868/4/ch04lvl1sec37/defining-metrics-and-kpis
Submission: On July 14 via manual from MY — Scanned from DE
Submission: On July 14 via manual from MY — Scanned from DE
Form analysis 1 forms found in the DOM
https://subscription.packtpub.com/search
<form action="https://subscription.packtpub.com/search" class="form-inline"><input required="" name="query" placeholder="Search titles …" type="text" class="mr-sm-2 form-control"><button type="submit"
class="btn"><i class="fa fa-search" aria-hidden="true"></i></button></form>Text Content
Browse Library Advanced Search Browse LibraryAdvanced SearchSign InStart Free Trial Cybersecurity Attacks – Red Team Strategies More info and buy Hide related titles Related titles David Routin | Simon Thoores | Samuel Ro... Purple Team Strategies Dan Borges (2021) Adversarial Tradecraft in Cybersecurity Hinne Hettema (2022) Agile Security Operations Preface * Preface * A note about terminology * Who this book is for * What this book covers? * To get the most out of this book * Download the example code files * Download the color images * Conventions used * Get in touch * Reviews * Disclaimer 1 Section 1: Embracing the Red * Section 1: Embracing the Red 2 Chapter 1: Establishing an Offensive Security Program * Chapter 1: Establishing an Offensive Security Program * Defining the mission – the devil's advocate * Getting leadership support * Locating a red team in the organization chart * The road ahead for offensive security * Providing different services to the organization * Additional responsibilities of the offensive program * Training and education of the offensive security team * Policies – principles, rules, and standards * Rules of engagement * Standard operating procedure * Modeling the adversary * Anatomy of a breach * Modes of execution – surgical or carpet bombing * Environment and office space * Summary * Questions 3 Chapter 2: Managing an Offensive Security Team * Chapter 2: Managing an Offensive Security Team * Understanding the rhythm of the business and planning Red Team operations * Managing and assessing the team * Management by walking around * Managing your leadership team * Managing yourself * Handling logistics, meetings, and staying on track * Growing as a team * Leading and inspiring the team * For the best results – let them loose! * Leveraging homefield advantage * Disrupting the purple team * Summary * Questions 4 Chapter 3: Measuring an Offensive Security Program * Chapter 3: Measuring an Offensive Security Program * Understanding the illusion of control * The road to maturity * Threats – trees and graphs * Defining metrics and KPIs * Test Maturity Model integration (TMMi ®)and red teaming * MITRE ATT&CK™ Matrix * Remembering what red teaming is about * Summary * Questions 5 Chapter 4: Progressive Red Teaming Operations * Chapter 4: Progressive Red Teaming Operations * Exploring varieties of cyber operational engagements * Cryptocurrency mining * Red teaming for privacy * Red teaming the red team * Targeting the blue team * Leveraging the blue team's endpoint protection as C2 * Social media and targeted advertising * Targeting telemetry collection to manipulate feature development * Attacking artificial intelligence and machine learning * Operation Vigilante – using the red team to fix things * Emulating real-world advanced persistent threats (APTs) * Performing tabletop exercises * Summary * Questions 6 Section 2: Tactics and Techniques * Section 2: Tactics and Techniques 7 Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases * Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases * Understanding attack and knowledge graphs * Graph database basics * Building the homefield graph using Neo4j * Exploring the Neo4j browser * Creating and querying information * Summary * Questions 8 Chapter 6: Building a Comprehensive Knowledge Graph * Chapter 6: Building a Comprehensive Knowledge Graph * Technical requirements * Case study – the fictional Shadow Bunny corporation * Mapping out the cloud! * Importing cloud assets * Loading CSV data into the graph database * Adding more data to the knowledge graph * Augmenting an existing graph or building one from scratch? * Summary * Questions 9 Chapter 7: Hunting for Credentials * Chapter 7: Hunting for Credentials * Technical requirements * Clear text credentials and how to find them * Leveraging indexing techniques to find credentials * Hunting for ciphertext and hashes * Summary * Questions 10 Chapter 8: Advanced Credential Hunting * Chapter 8: Advanced Credential Hunting * Technical requirements * Understanding the Pass the Cookie technique * Credentials in process memory * Abusing logging and tracing to steal credentials and access tokens * Windows Credential Manager and macOS Keychain * Using optical character recognition to find sensitive information in images * Exploiting the default credentials of local admin accounts * Phishing attacks and credential dialog spoofing * Performing password spray attacks * Summary * Questions 11 Chapter 9: Powerful Automation * Chapter 9: Powerful Automation * Technical requirements * Understanding COM automation on Windows * Achieving objectives by automating Microsoft Office * Automating and remote controlling web browsers as an adversarial technique * Summary * Questions 12 Chapter 10: Protecting the Pen Tester * Chapter 10: Protecting the Pen Tester * Technical requirements * Locking down your machines (shields up) * Improving documentation with custom Hacker Shell prompts * Monitoring and alerting for logins and login attempts * Summary * Questions 13 Chapter 11: Traps, Deceptions, and Honeypots * Chapter 11: Traps, Deceptions, and Honeypots * Technical requirements * Actively defending pen testing assets * Understanding and using Windows Audit ACLs * Notifications for file audit events on Windows * Building a Homefield Sentinel – a basic Windows Service for defending hosts * Monitoring access to honeypot files on Linux * Alerting for suspicious file access on macOS * Summary * Questions 14 Chapter 12: Blue Team Tactics for the Red Team * Chapter 12: Blue Team Tactics for the Red Team * Understanding centralized monitoring solutions that blue teams leverage * Using osquery to gain insights and protect pen testing assets * Leveraging Filebeat, Elasticsearch, and Kibana * Summary * Questions 15 Assessments * Chapter 1 * Chapter 2 * Chapter 3 * Chapter 4 * Chapter 5 * Chapter 6 * Chapter 7 * Chapter 8 * Chapter 9 * Chapter 10 * Chapter 11 * Chapter 12 16 Another Book You May Enjoy * Another Book You May Enjoy * Leave a review - let other readers know what you think You're currently viewing a free sample. Access the full title and Packt library for free now with a free trial. DEFINING METRICS AND KPIS Measuring the effectiveness of an offensive security program and how it helps the organization remove uncertainty around its actual security posture and risks is one of the more difficult questions to explore and answer. When it comes to metrics, we need to distinguish between what I refer to as internal versus external adversarial metrics. TRACKING THE BASIC INTERNAL TEAM COMMITMENTS Internal metrics are those that the pen test team use to measure and hold themselves accountable. Some organizations call these commitments or objectives and key results (OKRs). Initially, the metrics might be quite basic, and comparable to project management KPIs: * Performing x number of penetration tests over a planning cycle and delivering them on time * Committing to performing a series of training sessions in H2 * Delivering a new Command and Control toolset in Q4 * Delivering a custom C2 communication channel by Q1 * Growing the team by two more pen... Unlock full access CONTINUE READING WITH A SUBSCRIPTION PACKT GIVES YOU INSTANT ONLINE ACCESS TO A LIBRARY OF OVER 7,500 PRACTICAL EBOOKS AND VIDEOS, CONSTANTLY UPDATED WITH THE LATEST IN TECH Start a 7-day FREE trial Previous Section End of Section 5 Next Section -------------------------------------------------------------------------------- Your notes and bookmarks All Bookmarks Notes --------------------------------------------------------------------------------