Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

A
AAAA records, 24–25, 355
acceptable use policy (AUP), 271, 285, 452, 459
access points, deploying multiple, 117, 385
AccessChk (Sysinternals), 209, 425
AccessEnum, 209, 425
accidental threats, 291, 461
account management policy, 280, 456
active defense, 124, 389
Active Directory (AD), 19, 164, 168, 354, 408, 409
active fingerprinting, 358
active scanning, 24, 355
Activity Monitor, 187, 416, 439
address space location randomization (ASLR), 155, 224–225, 404, 431
administrative controls, 379
Adobe Flash, 99, 379
Advanced Encryption Standard (AES), 57, 275, 366, 454
advanced persistent threat (APT), 3–4, 27, 174, 184, 211, 239, 258, 266, 297, 348, 356, 411, 415, 426, 439, 446, 450, 463
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, 160, 161, 406, 407
adverse events, 228, 433
AES-256, 124, 389
AES-GCM, 46, 362
African Network Information Center (AFRINIC), 23, 355
agent-based, out-of-band NAC solution, 155–156, 304, 404, 465–466
agent-based monitoring, 69, 89, 95, 369, 376, 378
agent-based NAC solutions, 201, 422
agent-based scanning, 35, 359
Agile model, 112, 121, 141, 383, 387, 398
air gap, 118, 132, 228, 383, 386, 393, 433
Akamai, 27, 356
analysis
- availability, 154, 294, 403, 462
- behavioral, 110, 252, 261, 358, 382, 444, 448
- business impact analysis (BIA), 82, 86, 320, 375, 471
- code, 402
- dynamic code, 116, 385, 441
- forensic, 230, 434
- heuristic, 187, 204, 290, 416, 423, 461
- information impact, 258, 446–447
- malware, 177, 252, 412, 444
- manual review and, 123, 388
- signature, 95, 378
- static, 109, 115, 180, 197, 203, 382, 385, 413, 420, 422, 441
- static code, 384
- trend, 186, 416
- URL, 196–197, 204–205, 420, 423
- wireless, 9, 350
Angry IP Scanner, 24, 355
annual reviews, 275, 454
annualized loss expectancy (ALE), 272, 283–284, 341, 453, 458, 477
annualized rate of occurrence (ARO), 272, 283–284, 453, 458
antimalware tool, 205, 424
anti-tamper protection, 134, 394
Apache, 12, 351
API keys, 120, 128, 135, 387, 391, 395
application-based multifactor authentication, 306, 466
approved scanning vendor (ASV) scan, 71, 370
apt command, 220, 430
ARP tables, 68, 369
artificial intelligence (AI), 191, 418, 423
Asia-Pacific Network Information Centre (APINC), 23, 355
asset inventory, 88, 376
asset tagging, 117, 385
asset value (AV), 341, 477
at command, 178–179, 413
atomic execution, 130, 135, 140, 392, 394, 397
attack surface, 404
attack vectors, 418
attribute-based access control (ABAC), 122–123, 125, 139–140, 388, 390, 397
attrition, as an attack vector for classifying threats, 428
audits, 226–227, 429, 432
authenticated scans, 97–98, 231, 379, 435
authentication
- context-based, 119, 306, 386, 466
- multifactor authentication (MFA), 112, 118, 122, 137, 383, 386, 388, 395, 399
- plain-text, 65, 368
- requiring, 350
- token-based multifactor, 306, 466
- two-factor, 113, 383
auth.log file, 155, 231, 310, 404, 435, 468
automated patching, 396
automated testing sandbox, 381
automated vulnerability scanning, 138, 396
availability analysis, 154, 294, 403, 462
awareness campaigns, 190–191, 417–418

B
background screening, 266, 450
back-off algorithm, 160–161, 406
backups, 229, 232, 236, 279, 342, 367, 434, 435, 438, 456, 478
banner grabbing, 10, 59, 350, 366
basic input/output system (BIOS), 126, 298, 390, 463
bcrypt, 109, 145, 382, 400
beaconing, 342, 478
behavioral analysis, 110, 252, 261, 358, 382, 444, 448
behavior-based detection, 154, 404
binary diffing, 153, 403
binary file, 200, 421
birthday attacks, 98, 379
BitLocker, 255, 426, 445
blackholing, DNS, 185, 415
blacklisting, 158, 184, 405, 407–408, 415
blind SQL injection, 42, 308, 361, 377, 467
block size, 296, 463
blocking
- logins, 288, 460
- web browsing, 87, 375
boot log, 109, 382
Border Gateway Protocol (BGP), 118, 133, 385–386, 394
bounds checking, 73, 371
Bring Your Own Device (BYOD), 86, 168, 238, 307–308, 375, 409, 438, 467
brute-force attacks, 14, 160–161, 179, 246, 348, 349, 352, 390, 399, 406, 413, 428, 441
BSSID, 232, 435
buffer overflows, 13, 50, 69–70, 72–73, 254, 351, 364, 370, 371, 445
buffer overwriting, 222, 430–431
bug, 361
built-in editing tools, 414
Burp Proxy, 343, 479
bus encryption, 134, 393, 394
business impact analysis (BIA), 82, 86, 320, 375, 471
business partnership agreements (BPAs), 86, 320, 375, 471

C
call list, 260, 447
canonical name (CNAME), 31, 358
canonicalization, 222, 430–431
CAPEC, 161, 407
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), 399
captive portals, 160, 406
cell phone forensics, 228, 433
CERT/CC, 248, 442
Certificate Authority (CA), 96, 378
certificates, digital, 30, 92, 96, 97, 124, 131, 239, 357, 377, 379, 389, 392, 393, 474, 479
certutil utility, 223–224, 431
chain-of-custody tracking, 213, 221, 231, 427, 430, 435
change control processes, managing, 68, 372
change management, 72, 80, 120, 370–371, 373, 387, 479
checksum, 108, 298, 309, 381, 463, 467–468
chmod command, 214, 427
Chrome (Google), 73, 246–247, 371, 442
cipher support, 40–41, 57, 361, 366
clearing, 434
client-server platform, 399
clock synchronization, 302, 465
cloning, 410
closed source intelligence, 3, 348
cloud access security brokers (CASBs), 123, 203, 388, 423
Cloud Formation, 8, 350
Cloudflare, 27, 356
CloudSploit, 16, 353
clusters, 10, 238, 240, 351, 439
code
- analysis of, 402
- testing, 38, 360
code of conduct/ethics, 280, 456
collision, 98, 379
command history, 250, 443
commodity malware, 5, 349
Common Platform Enumeration (CPE), 10, 17, 195, 350, 353, 419–420
Common Vulnerability Scoring System (CVSS), 161, 195, 323, 407, 419–420, 472
communication, in remediation workflow, 72, 370–371
community cloud, 8, 349
compensating controls, 71, 370
Computer Security Incident Handling Guide (NIST), 235, 437
containerization, 77, 120–121, 372, 387, 401
containment, 303, 343, 465, 479
content distribution networks (CDNs), 27, 356
context-based authentication, 119, 306, 386, 466
continual service improvement (CSI), 287, 459
continuous delivery (CD), 196, 204, 420, 423
continuous integration (CI), 196, 420
continuous monitoring, 93, 94–95, 377, 378
continuous scanning, 294, 462
Control Objectives for Information and Related Technologies (COBIT), 271, 280, 325, 452, 456, 473
Controller Area Network bus (CAN bus), 16, 353, 464
cookie management, 44, 362
copyrights, 237, 438
corporate policy, 91, 376
corporate-owned, personally enabled (COPE) strategy, 86, 307–308, 375, 467
crash carts, 442
credential stuffing, 14, 352
credentialed scanning, 43, 44, 81, 91, 95, 97–98, 362, 373, 377, 378, 379
credit cards, 425–426
cross-site scripting (XSS) attack, 125, 140, 339, 389, 398, 477
cryptolocker, 392
CVSS vector, 60, 366

D
data
- at rest, 194, 419
- sharing, 285, 458
data carving, 218, 429
data classification, 61, 266, 273, 288, 322, 337, 367, 450, 453, 460, 472, 476
data collection, 139, 396
data disposal, 322, 472
data encoding, 116, 385
data encryption key (DEK), 147–148, 401
Data Encryption Standard (DES) algorithm, 57, 366
data enrichment, 185, 194, 415, 419
Data Execution Prevention (DEP), 155, 251, 404, 443
data exfiltration, 279–280, 356, 413, 456
data flows, 27, 356
data loss prevention (DLP), 88, 124, 167, 185–186, 202, 270, 273, 341, 376, 389, 409, 415, 422, 452, 453, 477–478
data masking, 267, 450
data ownership, 288, 290, 460, 461
data privacy, 61, 367
data remanence, 61, 367
data retention, 61, 276, 288, 322, 329, 367, 454, 460, 472, 474
data sovereignty, 269, 451
database servers
- logs for, 64–65, 368
- ports for, 38, 320, 360, 471
database vulnerability scan, 367
datacenter, 272, 453
datacenter firewalls, 22, 355
DBAN, 475
debuggers, 177, 412, 414
deception technology, 124, 389
decompilers, 177, 412
decomposition diagram, 111, 382
Defense Microelectronics Activity (DMEA), 147, 401
degaussing, 229, 434
demilitarized zone (DMZ), 12, 351
DemoHost2, 25, 355
denial-of-service (DoS) attacks, 15, 120, 135, 212, 352, 364, 387, 395, 426, 461
deprovisioning, 275, 454
destruction, 434
detection systems, 142–143, 399
deterministic sampling, 186, 416
DevOps model, 138, 396
DevSecOps model, 126, 149, 389, 390, 402
Diamond Model of Intrusion Analysis, 5–6, 349
dig command, 30, 314, 357, 469
digital certificates, 30, 92, 96, 97, 124, 131, 239, 357, 377, 379, 389, 392, 393, 474, 479
disassemblers, 177, 412, 414
disaster recovery plans (DRPs), 82, 374
disclosure, as a GAPP privacy practice, 431
discretionary access control (DAC), 120, 122–123, 125, 139–140, 387, 388, 390, 397
DiskView, 254, 445
disposition, 115, 141, 150, 384, 398, 402
dissemination component, in intelligence cycle, 4, 348
distributed denial-of-service (DDoS) attacks, 17, 284, 353, 458
DNS blackholing, 185, 415
DNS brute-force attack, 3, 6–7, 348, 349
DNS sinkholes, 165, 173, 197, 408, 411, 420
Docker, 128, 137, 148, 391, 395–396, 401
documents, 228, 283, 433, 458
$ character, 116, 385
domain controllers (DCs), 168, 409
domain generation algorithms (DGAs), 197, 408, 420
Domain Name System (DNS), querying, 22, 354
domain names, 166, 408
domain registration information, 34, 359
DomainKeys Identified Mail (DKIM), 405–406
drive adapters, as components of forensic toolkits, 259, 447
drives
- encrypting, 213, 426–427
- purging, 218, 428
- self-encrypting drives (SEDs), 131, 134, 147–148, 393, 394, 401
dual control, as a personnel control, 276, 282, 286, 328, 455, 457, 459, 474
due diligence, 279–280, 456
dynamic code analysis, 116, 385, 441

E
economic impact, 250–251, 443
edge router, 136–137, 395
eFuse (IBM), 129, 147, 309, 392, 401, 467
802.1x protocol, 155, 404
email
- embedded links in, 177, 412
- forwarding, 172, 411
email headers, 159, 229, 236, 406, 434, 437
email signatures, 412
embedded systems, 399
emergency change procedure, 80, 261–262, 373, 448
Encapsulating Security Payload (ESP), 183, 415
encryption, 133, 213, 352, 356, 393, 417, 426–427, 472
end-of-life (EOL), 80, 373
endpoint detection and response (EDR), 171, 203, 410, 422
endpoint security software, 187, 417
endpoints, 14, 352
end-to-end encryption, 27, 356
engagement, 276–277, 279, 455
enumeration, 369
Eraser, 218, 429
error log, 217, 428
escalation list, 447
escalation of privilege vulnerability, 47, 363
event indicators, 319–320, 471
evidence production, 472
exceptions, in policy documents, 280, 456, 459, 479
exposure factor (EF), 272, 341, 452–453, 477
Extensible Authentication Protocol (EAP), 161, 407
external scan, 71, 163, 326, 370, 407, 473

F
Facebook, 247, 442
Fagan inspection, 114, 146, 204, 384, 400, 423
false positives, 3, 42, 63, 64, 348, 361, 367–368
Family Educational Rights and Privacy Act (FERPA), 38, 268, 280–281, 360, 451, 456
fast-flux DNS networks, 339, 477
fault injection, 111, 318–319, 383, 470–471
feasibility phase, of projects, 150, 402
Federal Information Processing Standard (FIPS), 119, 386
Federal Information Security Management Act (FISMA), 95, 248, 378, 442
feedback component, in intelligence cycle, 4, 348
fences, 276, 455
fiber links, 255, 445
field-programmable gate arrays (FPGAs), 13, 351
file command, 220, 429
File System audit, 245, 441
File Transfer Protocol (FTP), 84, 324, 374, 472
filesystem, 204, 423
FileVault, 211, 426
filtering beacons, 426
fingerprinting software, 66, 350, 368
Firefox (Mozilla), 72–73, 83, 371, 374
firewall logs, 187, 416, 464
firewalls
- about, 32, 358, 373
- configuring, 49, 363
- defined, 118, 386
- rules for, 87–88, 304, 327, 331, 376, 465, 474
- upgrading, 79, 372
FireWire, 445
firmware, 125–126, 129, 132, 144, 390, 392, 393, 399
flow logs, 226, 432
forensic analysis and techniques, 230, 434
forensic artifacts, 423
forensic examiners, 237, 438
forensic images, importing, 291, 461
forensic SIM, 226, 432
Framework Core (NIST Cybersecurity Framework), 286, 459
Framework Profiles, 286, 459
frameworks, 469
FTK Imager Light, 223, 245, 431, 441
full interruption tests, 448
full-disk encryption (FDE), 13, 113, 167, 270–271, 273, 341, 352, 383, 409, 452, 453, 477–478
function as a service (FaaS), 6, 349
functional impact, severity classification and, 334, 475
fuzz testing (fuzzing), 111, 114, 116, 145, 318–319, 383, 384, 385, 396, 400, 470–471

G
General Data Protection Regulation (GDPR), 275, 454
GET command, 200, 421
getfacl command, 426
Google Chrome, 72–73, 246–247, 371, 442
GPS systems, 228, 433
Gramm-Leach-Bliley Act (GLBA), 268, 280–281, 282, 307, 451, 456, 457, 467
greater than/less than brackets (<>), 116, 385
grep command, 65, 177, 368, 412
Group Policy Objects (GPOs), 168, 409
groups command, 474
guidelines, in policy documents, 283, 458

H
hacktivists, 201, 422
hardware security modules (HSMs), 107, 108, 128, 129, 133, 134, 381, 391, 392, 394
hardware write blockers, 213, 427
hash function, 96, 378
Hashcat, 351
hashing, 118, 235, 386, 437
head command, 214, 427
Health Insurance Portability and Accountability Act (HIPAA), 38, 267, 268, 277, 280–281, 282, 291–292, 307, 360, 450, 451, 455, 456, 457, 462, 467
heuristic analysis, 187, 204, 290, 416, 423, 461
hibernation files, 242, 333, 439–440, 475
high-priority vulnerabilities, 374
holographic stickers, 131, 393
honeynet, 120, 387
honeypots, 107, 120, 297, 306, 381, 387, 463, 466
host enumeration, 369
host firewalls, 61, 77, 79, 113–114, 367, 372, 384
host intrusion prevention systems (HIPSs), 14, 185–186, 188, 352, 415, 417
host-based solution, 14, 352
hosts, accessing, 7, 349
Hping, 13, 351
HTTP TRACK/TRACE methods, 86, 375
HTTP/HTTPS traffic vulnerabilities, 59, 154, 366, 403
hybrid cloud, 8, 349

I
ICANN, 22, 354
ICMP protocol, 412
identification phase, 258, 447
identity and access management (IAM) systems, 139, 397
identity provider (IDP), 127, 138, 147, 327, 391, 396, 401, 473
IDS logs, 65, 368
ifconfig command, 322, 439, 471, 472
impact score, 367
impersonation attacks, 428
incremental mode, 217, 428
indicators of compromise (IOCs), 191, 348, 418
industrial control systems (ICSs), 42, 361
information asset value, 44, 362
information impact analysis, 258, 446–447
information leakage vulnerability, 36, 359
information sharing and analysis centers (ISACs), 4–5, 236, 349, 437
Information Technology Infrastructure Library (ITIL), 269, 273, 451, 455
infrastructure as a service (IaaS), 27–28, 262, 279–280, 356, 449, 456
infrsatructure as code (IAC) computing, 350
input validation, 79, 116, 143, 372, 385, 399, 479
insurance, 271, 272, 452, 453
integrated circuit (IC), 111, 382
integrated development environment (IDE), 132, 393
intelligence criteria, 348
intelligence cycle, 4, 348
interactive logins, 70–71, 370
interception proxies, 343, 479
internal audit, 268, 451
internal scan, 48, 71, 326, 363, 370, 473
Internet Explorer, 75, 309–310, 371, 468
intrusion detection systems (IDSs), 87–88, 116, 182, 270, 376, 385, 414, 452
intrusion prevention systems (IPSs), 32, 182, 187, 270, 314, 333, 358, 361, 367, 414, 416, 422, 452, 469, 475
IP addresses, 79, 193, 239, 310, 339, 373, 412, 419, 439, 468, 477
IP port, 19, 354
IP ranges, 6, 184, 349, 399, 415
IP reputation, 225–226, 432
ipconfig command, 322, 439, 472
iPhone backups, 236, 438
IPP port, 19, 354
IPsec, 50, 129, 364, 389, 391, 392
IPsSec, 398
iptables, 169–171, 410
IPv6 records, 24–25, 355
IR life cycle, phases in, 232, 435
ISO 9000, 270, 452
ISO 17799, 270, 452
ISO 27001, 270, 286, 342, 452, 459, 478
ISO 30170, 270, 452
isolating, 112, 237, 383, 438
IT Infrastructure Library (ITIL), 325, 473

J
John the Ripper, 260, 338, 447, 476
jump boxes, 108–109, 381, 415
jump host/box, 122, 388
jump kit, 246, 442

K
Kerberos, 30, 357, 388, 462–463
kernel-mode drivers, 53, 364
keychain, 236, 438
keys, access associated with, 9, 350
kill command, 170, 410
knowledge-based factors, 305, 340, 466, 477
Kubernetes, 148, 401

L
LACNIC, 23, 355
Lambda service (Amazon), 6, 349
LANMAN hashes, 17, 353
latency, 11–12, 351
least privilege, 276, 286, 455, 459
level 5 vulnerabilities, 91, 377
level-based access control, 109, 382
Lightweight Directory Access Protocol (LDAP), 72, 96, 139, 371, 378, 397
link failure, 290, 461
Linux
- about, 174–175, 211, 412, 426
- permissions, 216, 427
- processors and, 137, 395–396
- syslogs, 140, 397
live forensics imaging, 243–244, 440–441
load balancers, 29, 100–101, 357, 380
local scans, 213, 426
Lockheed Martin's Cyber Kill Chain, 299, 464
log files, 123–124, 388
logging, 116, 168, 343, 385, 409, 478–479
logins, blocking, 288, 460
logs, 188, 252, 417, 444
LOIC, 164, 407–408
ls command, 168, 409

M
MAC address, 15, 30, 117, 158, 161, 170–171, 216, 229, 239, 352, 357, 385, 405, 407, 410, 422, 427, 434, 439
machine learning (ML), 191, 195, 204, 418, 419, 423
macOS drive, 218, 429
malloc() function, 13, 351
malware, 5, 177, 191, 194, 200, 237, 252, 349, 412, 418, 419, 421, 438, 444
managed detection response (MDR) system, 414
management, primary role of, 231, 435
mandatory access control (MAC), 109, 120, 122–123, 125, 139–140, 382, 387, 388, 390, 397
mandatory vacation, as a personnel control, 273, 281, 453, 457
man-in-the-middle (MitM) attacks, 343, 428, 479
manual review and analysis, 123, 388
mapping and enumeration, 369
MD5 hash, 209, 425
measured boot, 117, 132–133, 385, 393
media sanitization, 229, 434
memorandums of understanding (MOUs), 82, 86, 320, 374, 375, 471
memory pressure, 250, 443
memory protection, 79, 372
memory usage monitoring, 221–222, 430
memstat command, 168, 409
metadata, 209, 425, 441–442
MetaScan, 254, 445
metrics, 297–298, 463
Microsoft
- Internet Information Server (IIS), 47, 57, 363, 365–366
- MBSA, 442
- storing Office files, 249–250, 442–443
- support for Internet Explorer, 72–73, 371
Microsoft SQL, 3, 27, 61, 348, 356, 357, 365
Microsoft SQL Server, 96, 378
mitigation service, 17, 353
mobile device management (MDM), 86, 375
mobile devices, 77, 372
Modbus protocol, 13, 299, 351, 464
Mozilla Firefox, 72–73, 83, 371, 374
multifactor authentication (MFA), 112, 118, 122, 137, 383, 386, 388, 395, 399
mutation testing, 111, 318–319, 383, 470–471
MX records, 31, 358
MySQL, 3, 156, 348, 405

N
National Software Reference Library (NSRL), 438
Nessus (Tenable), 89, 343, 376, 479
Netcat, 8–9, 24, 250, 305, 308, 350, 355, 443, 466, 467
NetFlow, 64–65, 187, 198, 214, 368, 416, 421, 427
netstat command, 8, 319, 322, 349–350, 471, 472
network access control (NAC), 161, 179, 341, 407, 413, 478
network address translation (NAT), 160, 301, 406, 464
Network Admission Control. see network access control (NAC)
network cards, 462
network firewalls, 18, 353, 409, 465
network flows, 189, 417, 421
network segmentation, 79, 112, 135, 137, 139, 148, 215, 266, 372, 383, 384, 395, 396, 401, 427, 450, 474
Network Time Protocol (NTP) server, 51–52, 364
Network Transfer Protocol (NTP), 326–327, 473
NetworkMiner, 31, 358
networks, scanning, 21, 354
Nikto scan, 33, 358
NIST
- Computer Security Incident Handling Guide, 235, 437
- Cybersecurity Framework, 279, 456
- recoverability effort categories, 226, 432
Nmap, 8, 10, 17, 20, 24, 28, 29–30, 32, 35, 291, 298, 311, 350, 351, 353, 354, 355, 357, 358, 359, 461–462, 463, 468
nmap command, 26, 356
nondisclosure agreements (NDAs), 281, 457
notifications, 154, 403–404
NTP synchronization, 292, 462

O
OAuth, 122, 139, 150, 267, 307, 388, 397, 402, 450, 467
observable occurrences, 314, 469
one-time password (OTP), 122, 388
Online Certificate Status Protocol (OCSP), 161, 406–407
on-site network scan, 32, 358
Open Indicators of Compromise (OpenIOC) format, 3, 348
open source intelligence, 3, 348
Open Web Application Security Project (OWASP), 126, 390
OpenFlow, 119, 386
OpenID, 122, 150, 388, 402
OpenSSH, 330–331, 362, 474
OpenSSL, 59, 366
OpenVAS, 257, 446
operating systems
- about, 165, 408
- fingerprinting, 334, 475
- identifying, 354
- upgrading, 62, 367
Ophcrack, 220, 430
OPTIONS method, 50, 363
Oracle, 3, 96, 348, 378
Oracle databases
- about, 161–162, 407
- ports for, 336–337, 476
- servers for, 56, 365
organizational unique identifier (OUI), 435
original equipment manufacturers (OEMs), 107, 381
OSINT, 19, 33–34, 354, 359
output encoding, 126, 140, 390, 398
outsourcing, 228, 433
overflowing, 261, 448
over-the-shoulder code review, 114, 384

P
packers, 162, 407
packet capture, 307, 467
packet sniffing, 214, 427
Pacu, 16, 353
page file, 232, 435
pair programming, 114, 384
parameterized queries, 116, 127, 140, 385, 391, 397, 401
pass-around code reviews, 114, 384
passive defenses, 107, 381
passive fingerprinting, 32, 358
passive network mapping, 24, 89, 355, 376
passive reconnaissance, 24, 355
passphrases, 254–255, 445
password crackers, 260, 338, 447, 476
password hashes, 342, 478
password policy, 374
password reuse, 144, 399
password spraying attack, 14, 352
password-hashing algorithm, 382
passwords, 145, 209, 400, 425
patch deployment, 58, 91–92, 366, 370, 375, 377
patch management, 31, 36, 62–63, 67, 99, 227, 290, 335, 358, 359–360, 367, 369, 379, 433, 461, 476, 479
patents, 237, 438
Payment Card Industry Data Security Standard (PCI DSS), 38, 41, 58, 79, 100, 167, 266, 273, 277, 282, 284, 285, 307, 328–329, 338, 360, 361, 366, 372, 380, 408, 435, 450, 453, 455, 457, 458, 467, 474, 476–477
peer-to-peer botnets, 444
penetration testing, 38, 276–277, 309, 360, 455, 457, 467
pepper, 137, 395
permissions, 67, 88, 216, 369, 376, 427
permissions inventory, 12, 351
personally identifiable information (PII), 230–231, 242, 277, 435, 440, 455
phishing attacks, 160, 406
PHP language, 322–323, 472
phpinfo file, 94, 377
physical access, 128, 391
physical inventory, 133, 394
ping scan, 32, 358
ping sweep, 34, 359
pivot, preparing to, 26, 356
plain-text authentication, 65, 368
platform as a service (PaaS), 6, 349
playbooks, in incident response, 254, 305, 445, 466
pluggable authentication module (PAM), 239, 438–439
PNG processing, 58, 366
Point-to-Point Tunneling Protocol (PPTP), 50, 124, 364, 389
poisoning vulnerability, 375
policies, 312, 469
POODLE vulnerability, 54, 365
port 22, 176–177, 197, 317, 412, 420, 470
port 23, 38, 317, 360, 470
port 80, 154, 403
port 139, 50, 363
port 389, 72, 371
port 443, 56, 365
port 445, 50, 363
port 636, 96, 378
port 1433, 56, 96, 365, 378
port 1521, 96, 378
port 3306, 156, 405
port 3389, 28, 39, 180, 356, 360, 413
port scanning, 17, 33–35, 353, 355, 359, 426
ports
- about, 3, 348, 354
- for database servers, 38, 320, 360, 471
- open, 28, 30–31, 357
- for remote desktop protocol services, 38, 360
- security of, 158, 405
- for web servers, 38, 320, 360, 471
Post Office Protocol v3 (POP3), 64, 368
Postgres, 3, 30, 348, 357
postincident communication, 260, 447–448
postmortem forensics, 243–244, 440–441
PowerShell, 153–154, 403
preparation phase, of incident response, 211, 425
pretexting, 19, 354
printers, 71–72, 370
private cloud, 8, 349
private key, 148–149, 402
privilege escalation, 15, 245, 352, 441
privileged accounts, 122, 139, 388, 397
proactive network segmentation, 209–210, 425
process flow, 447
Process Monitor, 231–232, 435
processor monitoring, 135, 395
processor security extensions, 148, 401
profiling, 245, 354, 441
proprietary breaches, 440
proprietary intelligence, 3, 348
proprietary protocols, 144, 399
protected health information (PHI), 248, 277, 280–281, 442, 455, 456
Prowler, 16, 353
proxies, 11, 351
ps command, 65, 158, 368, 405
PS tools, 156, 404–405
pseudocode, 242, 440
public cloud, 8, 349
purging, 212, 218, 267, 341, 426, 428, 434, 450, 478
purpose limitation, 268, 451
PuTTY, 76, 371–372

Q
qualitative risk assessment, 274, 454
quantitative risk assessment, 274, 454
quarantine networks, 160, 406
query parameterization, 116, 127, 140, 385, 391, 397, 401

R
rainbow table attacks, 14, 220, 352, 430
random sampling, 186, 416
Rank Software, 416
Rapid Application Development (RAD), 112, 121, 383, 387
RAW images, 234, 436
real-time operating system (RTOS), 13, 351, 464
reconnaissance and intelligence gathering, 62, 367
Red Hat Linux, 83, 374
redirect attack, 307, 467
redundant system, 79, 136, 372, 395
reformatting, 426
registry changes/anomalies, 166–167, 194–195, 222, 258, 304–305, 408, 419, 429, 430, 446, 461, 466
regression testing, 111, 145, 382, 400
regular expressions, 143–144, 399
relying party (RP), 127, 391
remediation workflow, 46, 48, 51, 52, 55–56, 60, 85, 92, 94–95, 361, 362, 363, 364, 365, 366–367, 369, 374–375, 377, 378
remote attestation, 382
Remote Authentication Dial-In User Service (RADIUS), 30, 296, 357, 462–463
remote code execution, 376
Remote Desktop Protocol (RDP), 38, 39, 155, 180, 320, 360, 404, 413, 471
remote server logs, 402
reporting, 94, 378
Representational State Transfer (REST), 142, 398
reputational source, 5, 349
requirements, as component in intelligence cycle, 4, 348
resource exhaustion, 322, 471–472
Resource Monitor (resmon), 221, 430, 439
Responder, 13, 351
REST-based web services, 128, 135, 391, 395
restoration, of application and service issues, 233, 242, 436, 440
reverse engineering, 396, 398
reverse image search tools, 255, 445
RIPE, 23, 355
risk acceptance, 270, 272–273, 274, 452, 453, 454
risk appetite, 98, 379
risk assessment, 275, 454
risk avoidance, 268, 270, 451, 452
risk identification process, 454
risk mitigation, 270, 452
risk tolerance, 98, 379
risk transference, 268, 270, 451, 452
role-based access control (RBAC), 109, 120, 122–123, 125, 139–140, 382, 387, 388, 390, 397
rootkits, 15, 352
rotation list, 447
route command, 465
routers, 118, 386, 395
RSA encryption keys, 115, 384, 392
rules, 163, 164, 407
rules of engagement (RoE), 282, 457
runas command, 65, 368
runtime packers, 162, 407

S
salt, 137, 395
SAM, 248–249, 258, 442, 446
sampling, 416
sandboxing, 108, 110, 179–180, 203, 310, 340–341 381, 382, 412, 422, 468, 477
Sarbanes-Oxley (SOX) Act, 38, 268, 280–281, 282, 360, 451, 456, 457, 467
scalability, as a benefit of cloud computing, 120, 387
Scalpel, 321, 332–333, 471, 475
scans
- log for, 157, 405
- scheduling, 101, 380
- sensitivity of, 68–69, 72, 78, 369, 371, 372
- standard, 59, 366
scheduling scans, 101, 380
ScoutSuite, 16, 353
scripts, 423, 446, 448
Secure Boot, 134, 135, 145, 394, 399–400
Secure Enclave, 392
Secure Shell (SSH) protocol, 188, 378, 417
Secure Sockets Layer (SSL), 50, 273, 364, 453
Secure/Multipurpose Internet Mail Extensions (S/MIME), 168, 409
security. see specific topics
security artifacts, 115, 384
Security Assertion Markup Language (SAML), 122, 133, 139, 150, 161, 388, 393, 397, 402, 406–407
Security Content Automation Protocol (SCAP), 174, 191, 195, 411, 418, 419–420, 423
security information and event management (SIEM) systems, 154, 186, 192, 205, 403, 416, 418–419, 424, 443
security operations center (SOC), 228, 433
Security Orchestration, Automation, and Response (SOAR) tool, 176, 182, 192, 193, 334, 412, 414, 418–419, 475
security patches, 47, 363, 367
security screws, 147, 401
security through obscurity, 116, 385
security updates, 66, 368–369, 372
segmentation, 79, 112, 135, 137, 139, 148, 215, 266, 372, 383, 384, 395, 396, 401, 427, 450, 474
self-encrypting drives (SEDs), 131, 134, 147–148, 393, 394, 401
self-signed certificates, 18, 353
sensitive personal information (SPI), 455
separation of duties, as a personnel control, 274, 281, 282, 287, 453, 454, 455, 456, 459–460
server logs, 87–88, 376
server-based scanning, 44, 89, 362, 376
serverless computing, 146, 387, 400
servers, upgrading, 371
service level agreements (SLAs), 82, 86, 320, 374, 375, 471
service ports, 356
service provider (SP), 127, 391
service-oriented architectures (SOA), 127, 391
session hijacking, 160, 406, 465
session IDs, 142, 398
setfacl command, 426
severity classification, 36, 37, 51, 52, 55, 83, 87, 98, 99–100, 312, 316–317, 359, 360, 364, 365, 369, 374, 375, 379, 398, 450, 469, 470
sFlow (sampled flow), 198, 421
shadowed rule, 300, 464
SharePoint, 41, 361
sharing data, 285, 458
shim cache, 318, 470
shutdown scripts, 256, 446
Signal protocol, 217, 428
signature analysis, 95, 378
signature-based detections, 197–198, 290, 421, 461
signatures, 325, 473
Simple Network Management Protocol (SNMP), 31, 38, 214, 313, 316, 357–358, 360, 427, 469, 470
simultaneous hosts per scan, 43–44, 362
single crack mode, 428
single loss expectancy (SLE), 283–284, 341, 453, 458, 477
single quotation mark ('), 116, 385
single sign-on (SSO) systems, 122, 138, 388, 396
sinkholes, DNS, 165, 173, 197, 408, 411, 420
slack space, 232, 256, 436, 446
SMB, 72, 371
SMS messages, 119, 386
SMTP, 159, 406
snapshotting, 217, 428
sniffing tool, 24, 355
SNMP command, 302, 465
SOAP messages, 391
Social Security Number (SSN), 278, 455
software as a service (SaaS), 14, 145, 299, 352, 400, 464
software development life cycle (SDLC), 115, 141, 384, 398
software-defined networking (SDN), 119, 137, 145–146, 386, 396, 400
software-defined wide area network (SDWAN), 421
source data, modifying, 252, 444
spear phishing, 190–191, 417–418
SPF records, 31, 358, 405–406
Spiral model, 121, 141, 149, 387, 398, 402
spoofing, 357, 410, 428
SQL injection attack, 15, 25–26, 47, 50, 52, 53, 69–70, 86, 116, 124, 125, 140, 180–181, 352, 356, 363, 364, 369, 375, 385, 389, 397, 414
SQL queries, 147, 223, 401, 431
SQL Server, 45, 362
SSH access, 159, 176–177, 406, 412
SSH communication, 262, 448
SSH key, 148–149, 402
SSH logins, 253, 444
SSH port forwarding, 33, 358
SSH traffic, 420
SSH tunneling, 33, 358
SSID, 210, 425
standards, in policy documents, 286, 459
Start of Authority (SOA), 31, 358
stat command, 474
static analysis, 109, 115, 180, 197, 203, 382, 385, 413, 420, 422, 441
static code analysis, 384
stolen cookie, 304, 465
strcpy() function, 16, 353
stress testing, 110, 145, 318–319, 382, 383, 400, 470–471
strings command, 173, 328, 411, 474
Structured Threat Information Expression (STIX), 3, 161, 190, 192, 193, 195, 196, 348, 406–407, 417, 418, 419–420
su command, 65, 368
subnet, 406
succession planning, as a personnel control, 279, 286, 456, 459
sudo command, 65, 189, 205, 368, 417, 424
Super Timeline, 235, 437
supervisory control and data acquisition (SCADA) systems, 13, 42, 79, 351, 361, 372
symbols, 385
symmetric encryption, 133, 394
SYN floods, 157, 405
SYN packets, 336, 476
SYN scan, 299, 464
SYN-based port scan, 296, 462
Sysinternals suite for Windows, 209, 425
system binary kits, 238, 438
System on a Chip (SoC), 13, 351, 464
system restore, 245, 441

T
tabletop exercises, 262, 269, 448, 451
TACACS+, 296, 462–463
tag-out, 19, 354
tail command, 214, 427
Tamper Data, 343, 479
tamper-proof seals, 251–252, 443
tarpits, 107, 381
TCP ports, 19, 26, 27, 28, 30, 319, 354, 356, 357, 418, 471
TCP SYN scan, 8, 311, 350, 468
TCP transport protocol, 406
TCP/80, 144, 399
tcpdump, 215, 427
team members, changes in, 269, 451
telnet, 8–9, 20, 350, 354, 360
Tenable's Nessus vulnerability scanner, 88–89, 343, 376, 479
testing
- about, 162, 407
- code, 38, 360
- environment for, 99, 379
- full interruption tests, 448
- fuzz testing (fuzzing), 111, 114, 116, 145, 318–319, 383, 384, 385, 396, 400, 470–471
- mutation, 111, 318–319, 383, 470–471
- penetration, 38, 276–277, 309, 360, 455, 457, 467
- regression, 111, 145, 382, 400
- stress, 110, 145, 318–319, 382, 383, 400, 470–471
- unit, 149, 150, 402
- user acceptance testing (UAT), 110, 115, 145, 149, 382, 384, 400, 402
- for vulnerability scanners, 23–24, 355
testing and integration phase, of software development life cycle, 150, 402
third-party AV tool, 126, 390
threat actors, 161, 222, 348, 407, 430
threat intelligence, sharing, 8, 349
threat intelligence feeds, 153, 267, 403, 450
threat profiles, 191, 418
Tier 3 risk management program, 335, 476
time to live (TTL), 20, 354
time zone settings, 421
time-of-check/time-of-use (TOC/TOU) attack, 16, 352
token-based multifactor authentication, 306, 466
tokenization, 267, 450
top command, 168, 170, 409, 410
top tool, 403
traceroute command, 465, 471
trade secrets, 237, 438
trademarks, 237, 438
Transport Layer Security (TLS), 18, 86, 124, 127, 140, 167, 199, 273, 341, 353, 375, 389, 391, 397–398, 409, 421, 453, 466, 477–478
trend analysis, 186, 416
Tripwire, 156, 186–187, 204, 404, 416, 423
trouble ticket system, 373
Trusted Automated Exchange of Indicator Information (TAXII), 3, 161, 192, 193, 196, 204, 348, 406–407, 418, 420, 423
trusted execution, 140, 397
trusted execution environments (TEEs), 129, 130, 392
trusted foundries, 107, 142, 321, 381, 398, 471
Trusted Foundry Program, 111, 147, 382, 401
Trusted Platform Module (TPM), 107, 115, 134, 145, 321, 381, 384, 394, 399–400, 471
two-factor authentication, 113, 383
two-person control, 281, 457

U
Ubuntu, 414
UDP scan, 28, 29, 357
uncredentialed scanning, 44, 301, 362, 464
Unicode encoding, 125, 389
Unified Extensible Firmware Interface (UEFI), 129, 135, 392, 394
unit testing, 149, 150, 402
Unix, 174–175, 412
updating/upgrading
- firewalls, 79, 372
- operating systems, 62, 367
- servers, 371
- vulnerability scanners, 373
URL analysis, 196–197, 204–205, 420, 423
US-CERT, 248, 442
user acceptance testing (UAT), 110, 115, 145, 149, 382, 384, 400, 402
user accounts, 85, 374, 441
user and event/entity behavior analytics (UEBA), 156, 182, 192, 203, 405, 414, 418–419, 422

V
validating
- NIST guidelines on, 443, 521
- output, 146–147, 401
version control, 479
virtual desktop infrastructure (VDI), 121, 387
virtual desktops, 138, 396
virtual machines (VMs), 223, 422, 431
virtual private cloud (VPC), 120, 135, 384, 387, 395
virtual private networks (VPNs), 113–114, 129, 148, 167, 187, 341, 383, 384, 392, 401, 409, 417, 477–478
virtualization, 43, 120–121, 362, 387, 413
virtualization platforms, 40, 54, 83, 101, 361, 365, 374, 380
VirusTotal, 111, 153, 254, 382, 403, 445
VLAN hopping, 118, 385–386
VM escape attack, 36, 359
VMware, 40, 118, 361, 385–386
volatility, order of, 235, 248, 305, 334, 437, 442, 466, 475
volume encryption, 13, 352
vulnerability feeds, 348
vulnerability scanners
- about, 369
- deploying, 44, 362
- updating, 373

W
Waterfall model, 121, 141, 387, 398
watermarking, 276, 454
Wayback Machine, 10, 350
web application firewall (WAF), 124, 389
web browsing, 19, 87, 164, 354, 375, 399, 408
web content filtering, 67, 369
web proxy, 125, 389
web server logs, 64–65, 368
web servers, 38, 320, 360, 399, 471
wget, 8–9, 350
whitelisting, 158, 161, 180, 405, 407, 414
Whois, 22, 24, 354, 355
Wi-Fi Protected Setup (WPS), 16, 353
wildcard certificate, 131, 142, 392, 398
Windows Event Viewer, 140, 397
Windows file servers, 20, 354
Windows Performance Monitor, 153, 403
Windows Update, 81, 373–374
wireless analysis, 9, 350
wireless evil twin attacks, 250, 443
Wireshark, 24, 181, 200, 215, 298–299, 355, 414, 421, 427, 463
wmic, 153–154, 403
workloads, 121, 387
WPA2 Enterprise, 291, 461
write blockers, 298, 463

X
X.509 certificates, 63, 368
XML, 3, 348
XML injection attack, 15, 352
XSS vulnerability, 12, 351

Z
Zed Attack Proxy (ZAP), 343, 479
Zenmap, 25, 355
zero wipe, 13, 352, 383
zero-day threats and vulnerabilities, 290, 433, 461
zone transfers, 24, 355

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Index

Create new playlist

Sign In

Sign Up

Table of Contents for
Index