Cyber Operations: Building, Defending, and Attacking Modern Computer Networks
Format: PDF / Kindle (mobi) / ePub
Learn to set up, defend, and attack computer networks. This book focuses on networks and real attacks, offers extensive coverage of offensive and defensive techniques, and is supported by a rich collection of exercises and resources.
You'll learn how to configure your network from the ground up, starting by setting up your virtual test environment with basics like DNS and active directory, through common network services, and ending with complex web applications involving web servers and backend databases.
Key defensive techniques are integrated throughout the exposition. You will develop situational awareness of your network and will build a complete defensive infrastructure—including log servers, network firewalls, web application firewalls, and intrusion detection systems.
Of course, you cannot truly understand how to defend a network if you do not know how to attack it, so you will attack your test systems in a variety of ways beginning with elementary attacks against browsers through privilege escalation to a domain administrator, or attacks against simple network servers through the compromise of a defended e-commerce site.
The author, who has coached his university’s cyber defense team three times to the finals of the National Collegiate Cyber Defense Competition, provides a practical, hands-on approach to cyber security.
What you’ll learn
- How to securely set up a complete network, from its infrastructure through web applications
- How to integrate defensive technologies such as firewalls and intrusion detection systems into your network
- How to attack your network with tools like Kali Linux, Metasploit, and Burp Suite
- How to gain situational awareness on your network to detect and prevent such attacks
Who this book is for
This book is for beginning and intermediate professionals in cyber security who want to learn more about building, defending, and attacking computer networks. It is also suitable for use as a textbook and supplementary text for hands-on courses in cyber operations at the undergraduate and graduate level.
Table of Contents
Chapter 1. System Setup
Chapter 2. Basic Offense
Chapter 3. Operational Awareness
Chapter 4. DNS & BIND
Chapter 5. Enumerating the Network
Chapter 6. Active Directory
Chapter 7. Attacking the Domain
Chapter 8. Logging
Chapter 9. Network Services
Chapter 10. Malware
Chapter 11. Apache and ModSecurity
Chapter 12. IIS and ModSecurity
Chapter 13. Web Attacks
Chapter 14. Firewalls
Chapter 15. MySQL
Chapter 16. Snort
Chapter 17. PHP
Chapter 18. Web Applications
malware generated so far is that these programs do nothing other than provide the shell back to the attacker. Most users that execute a program expect it to do something, and a user faced with a program that does nothing may terminate it, leaving the attacker without a shell. One approach to the problem is to include the malicious code within another functioning program. Msfvenom has the ability to do just this. The attacker starts with a known program, say a copy of PuTTY for Windows, and
detailed configuration. Select the standard configuration. Figure 15-2.Selecting the configuration type for the installation of MySQL 5.1.61 on Windows Server 2012 Next, the administrator chooses whether to install MySQL as a service; a service name can be chosen and the service set to start on boot (Figure 15-3). The system’s path variable can be updated to include the MySQL binaries, allowing them to be run from the command line without specifying the full path. Figure 15-3.Installing MySQL
seen on the network; it can also detect port scans, ARP spoofing, and sensitive data such as credit card numbers or social security numbers. One tool to manage the output from Snort is Barnyard2; this can read the alerts raised by Snort and store the result in a variety of formats including in an MySQL database. Installation Snort can be installed on all of the systems described in this text. On Linux systems, one approach is to compile Snort from source. Consider, for example, Snort 220.127.116.11
/etc/init.d/functions, so the function call may fail. To resolve these issues, one approach is to modify the script to remove the dependency on the interface and to provide the full path to Barnyard2. Moreover, because the configuration file barnyard2.conf specifies the use of a daemon, the location of the output logs, and the location of the waldo file, the collection of command-line switches can be reduced. For example, this section can be replaced with content like prog="barnyard2"
TCPLogView http://www.nirsoft.net/utils/tcp_log_view.html with Sysinternals TCPView. 5.Wireshark is vulnerable to direct attack. Install Wireshark 1.4.4 on a Windows system, and use the Metasploit module exploit/windows/misc/wireshark_packet_dect to gain a shell on the target. 6.Install the Microsoft Network Monitor, available from http://www.microsoft.com/en-us/download/details.aspx?id=4865 . Use it to capture packets during a Metasploit attack against a browser using the reverse HTTPS