Index
A
Addressing defensible security assessments
Addressing defensible systems administration
Advanced persistent threat (APT)
Adversary as a Service (AaaS)
Antagonist functions
APT attacker
APT emulation
Assessor recommendations
Attacker capability development
attacker types
demand
mitigation
payload deployment
response options
retaliation and recovery
target selection
Auditing
Automated communication with TCP port randomization prevention
Automated worm with bad automation logic
B
Bad cost benefit
Box thinking
Business intelligence professional
Business strategy
By-mail scams
C
CAPTR Reporting
cost benefit
mathematical analysis
safety
web/reverse risk relationships
CAPTR team engagement
CAPTR teamer assessment
CAPTR teaming
CAPTR team methodology
CAPTR team model
CAPTR team paradigm
CAPTR team recommendations
Case files backup
Certification frameworks
Chief Information Security Officer (CISO)
CISO’s budgetary allocation
Code vulnerability
Computer resource-ineffective
Confidential attorney–client privileged information
Control
Cost benefit
analysis
attacker
cybersecurity things
definition
evaluation
implications
good evaluation
poor evaluation
risk and effort
Litmus test
organizations
selling
target
TransExperiafax
Cost expenditures
Counter-APT Red Teaming
Counter-APT Red Teaming (CAPTR Teaming)
critical initialization perspective
outcome-oriented scoping
strategic cybersecurity
strategic offensive cybersecurity paradigm
survivability
use of critical perspective
worst-case risk assessment
Critical assets
Crypto-wallet application
Crypto-wallet user site
Crypto-wallet user’s password
CVSS calculator
Cyber-attack campaigns
Cyberattacks
Cyber hunting
Cyber investigation
classic approach
strategic approach
Cyber resources
Cybersecurity
assessment methodologies
assets
attacks
box
consumers
craft
definition
employers
engineer
forums and websites
implementations
industry
infinite game
innovation and theory
insurance
mitigation
practice
professionals
program
resiliency technologies
resources
risk mitigation
roles and responsibilities
services/products
solutions
strategy
taxonomy
theater
things
Trade Levels
vendors
vulnerabilities
Cybersecurity analyst
Cybersecurity analyst vs. cybersecurity engineer
Cybersecurity game
actions
analysis
infinite
knowledge and beliefs
modeling
payoffs
players
simultaneous game
states
subgame analysis
Cybersecurity implementation assessment
controlled and realistic environment
defensible configuration
defensible operation
defensible emulation
human operation
measurable results and metrics
performance
evaluation mediums
environment nature
experiment design
lab network with real attackers
lab network with simulated attackers
real network and operators with real attackers
real network and operators with simulated attackers
human actors
human involvement
requirements identification
technologies
Cybersecurity-related risks
Cyber sniff test
Cyber threats
Cyclical recalibration
D
Defender capability development
Defense capability development
Defensible emulation
Defensive cybersecurity
Defensive oriented cybersecurity implementations
Degraded environments
Department of Defense (DoD)
Deployment
Devices
DevSecOps
DoD taxonomy
actional subsets
proactive
reactive
analogy
adversary emulation
architects
auditors
create
detective
intelligence creators
investigative
operate
shopping mall industry
cybersecurity roles
analyze
architect
audit
create
detective
emulate
investigative
operate
functional subsets
antagonist functions
data functions
framework functions
system functions
Dynamic attack surface
E
Electronic warfare (EW) emissions
Email scams
Environmental variables
ETERNALBLUE
EW jamming
Experimentation
addressing defensibility requirements
CAPTR team recommendations audit, Systems Administration Auditor
CAPTR team recommended changes verification
control network
control network cloned
experiment design
experiment metrics
experiment summary
lab design
lab network operating systems
personnel requirements
Red team assessment
Red team recommendations audit
target determination
F
Federally funded research and development centers (FFRDCs)
Federal Risk and Authorization Management Program (FedRAMP)
Finite game
Framework functions
Functional LANs
G
Game theory
analysis of cybersecurity
and cybersecurity
to cybersecurity
definition
evolution of strategy
models
terminology
H
High-capability attacker
Host organization
Human-involved attack tradecraft
Human-involved operations
Human tradecraft-driven assessment
Hunting
I, J, K
ICO event
Inconveniences
Infinite cybersecurity
finite battles
information and access
money
ransomware attacks
time
Infinite game
In-house cybersecurity expertise
Initial coin offerings (ICOs)
Initial public offering (IPO)
Insurance
Intelligence creation
Intelligencer assessments
Internet
Internet-based worm OUTSIDE
Internet provider
Intrusion detection system (IDS)
L
Lab network
Lab network layout
Lab network operating systems
Law enforcement
Linux-based operating systems
Litmus Test
Low-capability attacker
M
Mail-security issue
Malicious actor
MDT NIC Adapter
MDT randomization
Meme-worthy scam
Messaging, social media
Metallurgy/plastic flooring
Military resiliency
Mitigation
Moving target defense (MTD)
N
National Institute of Standards and Technology (NIST)
Nation-state-level APTs
Nature
Negotiation
Network Interface Card (NIC)
Network security
Network traffic
Newhost
NIC adapters
NIST-provided CVSS calculator
Non-cyber decisions
Non-cybersecurity
Non-cyber solutions
Non-emulated actors
Non-theoretical efforts
O
Offensive cybersecurity assessment
Offensively oriented cybersecurity implementations
Offensive security assessment
Operational personnel
Operational thinking
Optimized attacker
Organizational expertise
Organizational leadership
Organization’s cybersecurity resources
Organization’s organic and native expertise
Organization’s strategic goals
P
Payload activation
Payload deployment
Payoff
Payoff negotiation
Penetration testing
Point-of-sale machine
Productization
Professional networking profiles
Q
Qualified cyber operations
R
Randomized SMBv1 TCP Ports
Ransom demand
Ransomware
Ransomware attacks
Ransomware game
Real attackers
Real environment
Real-world organization
Reassessment
Recommended changes analyzed
Recovery
Red team assessment
Red Team Auditor
Reputation
Reputation decay
Resilience
Response game
Responsibilities
Responsibility boundaries
Retaliation
Retention problem
Reverse pivot chaining
analysis of local intelligence
local assessment
reverse pivoting
Reverse pivoting
Reverse red teaming
CAPTR Reporting
SeeCAPTR Reporting
reverse pivot chaining
SeeReverse pivot chaining
Risk management
Risk Management Framework (RMF)
S
Satellite Internet provider
Satellite Internet vendor
SCADA devices
Scammers
Security assessments
Security information and event management (SIEM)
Security operations center (SOC)
Security paradigms
Security professionals
Security-related documents
Self-assessment
Selling cost benefit
Server Message Block version one protocol (SMBv1)
Shopping mall taxonomy
SIM swapping
SMBv1 protocol
Social media
Software-defined radio (SDR)
Software requirements
Strategic cybersecurity
classic approach
strategic approach
Strategic defensive security, architecture
classic approach
strategic approach
Strategic defensive security monitoring and detection
classic approach
strategic approach
Strategic goals
Strategic/theoretical gains
Subgame analysis
System bear hashing
Systems administration
Systems Administration Auditor
T
Technology-specific solutions
Theoretical cybersecurity
academics with experience
application visualization
cybersecurity point of view
description
experiment
foundational issue
implications
innovation
journeyman type perspective
NIC adapter
observation
process
technologies
zero-day
Threat hunting
Time
Tradecraft concepts
Traditional cybersecurity
Traditional identity
Traditional (military) red team mentality
Traditional offensive security assessments
Traditional red teaming
TransExperiafax
Tribal knowledge
U
Unrealistic target networks
U.S. CYBERCOM
Use-at-your-own-risk
US Postal Service (USPS)
V
Virtualized solutions
Virtual Private Network (VPN)
von Neumann-Morgenstern utility function
Vyos operating system
W, X, Y
Wannacry campaign
Wetware
Worm INSIDE
Worm with MS17-010
Z
Zero-day
Zero-day attacks prevention
Zero-day-using worm
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.