One of the most immediate and significant fall-outs of the breach was its impact on the leadership. In 2014, Target’s CEO Gregg Steinhafel became the first CEO of a major corporation to lose his job as a direct result of a data breach. This unprecedented move sent shock-waves through the corporate world, signalling that cybersecurity was no longer just an IT issue—it had become a top-level executive concern. Steinhafel’s resignation marked a pivotal moment, underscoring that CEOs and senior leadership could be held accountable for security failures, a shift that has only strengthened in the years since. The breach brought a sobering realization: cybersecurity wasn’t just a technical matter but a business risk that could have existential consequences.

The breach also made cybersecurity a board-level issue for companies globally. Until that point, boardrooms typically didn’t allocate significant time to discussing cybersecurity risks, often leaving these concerns to the IT department. However, Target’s experience changed that. The breach highlighted the fact that cybersecurity risks could not only cause financial loss but also irreparably damage a company’s reputation. Boards of directors began to realize that their fiduciary duties extended to cybersecurity oversight. As a result, we saw a dramatic shift in corporate governance, with boards regularly including cybersecurity risks in their risk management strategies. This breach, in many ways, sparked the ongoing conversation about the board’s responsibility for overseeing cybersecurity in organizations.

Before the breach, Target did not have a Chief Information Security Officer (CISO). This absence proved to be a costly oversight. Without a dedicated executive focused on cybersecurity, there was insufficient attention on the organisation’s security controls and risk management practices. The breach prompted not just Target but many other organizations to take the role of a CISO more seriously. The event triggered a surge in CISO hiring across industries, with companies recognizing that the absence of this role left them vulnerable to emerging cyber threats. The role of the CISO has since evolved into a critical executive position, responsible not just for security but for ensuring that cybersecurity is aligned with the business’s overall objectives and risk appetite.

Another major fallout (rather a sliver-lining) was the acceleration of the shift to chip-and-PIN technology for credit and debit cards. In 2013, while chip-and-PIN technology existed, it was not widely adopted in the United States. The Target breach exposed just how vulnerable magnetic stripe cards were to fraud, particularly in large-scale breaches like this one. In the aftermath, credit card companies expedited the rollout of chip-and-PIN cards, which offer more robust protection.

In many ways, the Target data breach can be seen as a turning point for the cybersecurity industry. It highlighted weaknesses that companies could no longer afford to ignore, and it spurred organisations to take concrete steps toward strengthening their defences.

The lessons from the Target data breach remain highly relevant. The breach taught companies the importance of proactive cybersecurity measures, the dangers of neglecting security at the executive level, and the need for robust protections in payment systems. More importantly, it demonstrated that the consequences of a data breach extend far beyond IT departments—they can reshape entire industries.

How do you think the role of a CISO has evolved since the Target data breach?

About two years back, I bought a cheap Microsoft Office 365 account. The deal was really attractive almost 90% discount, 5 devices, lifetime access, latest updates and 5 TB OneDrive storage. I know what you might be thinking, this sounds too good to be true. Uday! how can you fall for it? I accept my mistake. Turns out, I am not the only one who fell for the lure as we’ll see (not trying to justify my decision) .

What happened after I bought the account?

Soon after I made the payment, I received an email with the credentials of a brand new Microsoft Office 365 account. The account was not tied to any of my email addresses instead the seller, created the account with new email address tied to a custom domain that they owned.

I logged in to the account to verify if everything was as promised. Surprise, surprise…(well, not really) I found out that the OneDrive storage that I received was just 100 GB instead of the promised 5 TB. I reached out to the given support email address highlighting the issue and asked them for a refund. I know what’s going on in your mind, exepcting refund from a dubious website, what were you thinking, Uday! I agree. Forget the refund, I did not even receive a response from them.

So I changed the password of the account and let it be.

I also knew from a “past experience” that the lifetime access claim is only valid until Microsoft does not find out about this. Once they do find out, they block all accounts associated with the domain name, leaving them effectively useless.

What happened two years after I bought the account?

I almost forgot about this account, until a few days back. I was going through my inbox and found the mail with it’s credentials. I thought let’s login and see whats the status of this account. Obviously, I couldn’t login with those credentials because I had changed the password but I was only able to recall that after two hours of failed efforts to regain access to this account.

Now, you might ask, why I wasn’t able to recover this account even after spending two hours? Good question.

Turns out, the permission to reset password of such accounts lies only with the administrator of the Microsoft 365 tenant and Microsoft doesn’t give out the administrator email ID that easily. So as a user I did not have any recourse other than to really strain my memory and recall the password.

Finally, I logged in to the account with the password that I had set. As soon as I logged on, I received a notification that this account has been blocked and I could not access most of the services associated with it. No surprise there.

Being a curious cat, I searched to see if the domain name associated with the account was available to purchase (maybe I’d get lucky). Much to my surpise, it was available to purchase and that too at normal rate. Interesting! right? I purchased it right away.

What happened after I purchased the domain name?

Two things happened:

• I got the administrator email ID.

• I found out how many people fell for this lure (remember, I mentioned that I wasn’t the only one).

How I got the administrator email ID?

If you have a Microsoft 365 tenant of your own, you can add a custom domain name to it. If that domain name exists within another Microsoft 365 tenant, Microsoft won’t let you add it to your tenant until it is removed from the previous tenant. To help you with that, Microsoft provides the administrator email ID associated with that other tenant. The idea being that you can directly reach out to the other tenant administrator and sort it out without Microsoft’s intervention.

How I found out how many people fell for this lure?

After I bought the domain name, I set a catch-all to catch emails sent to any email address associated with that domain name. Catch-all allows domain name owners to receive emails sent to any email address associated with their domain name, whether they exists or not.

Within a week, the catch-all caught over 12,000 emails. After analysing their header inforamtion, I identified 5,000+ unique email addresses associated with that domain name. This means that potentially 5,000+ people had also fell for this lure.

Just for the sake of curiosity, lets assume that the average price for one such account is Rs. 300. Therefore, by selling it to 5,000 people the seller clocked in Rs. 15,00,000 (USD 17,241 @ Rs. 87/USD) approximately.

How are these sellers able to create such accounts?

Based on what I have observed, the accounts being sold belong to Microsoft 365 tenants of educational institutions. Microsoft offers Microsoft 365 at discounted prices to educational institutions. These plans include most of the features. Somehow these sellers are able to obtain access to these tenants (their motives and methods are out of scope for this post) and use them for their own gains.

Why am I asking you to stay away from these accounts?

• The Microsoft 365 tenant administrator can access all data (email, OneDrive files, etc.) and devices associated with these accounts irrespective of what they mention on their website.

• Another person can take over the Microsoft 365 tenant if it is not secured properly. For example, the administrator email ID I received was assoicated with another custom domain name. I searched for the availability of that domain name. However, this time I lucked out. That domain name was already registred.

  Let’s pause for a moment and think through it. Imagine what could have happened had I been able to register that domain name?

  I probably would have been able to take-over their entier Mircrosoft 365 tenant and everything associated with it, including the user data.

• I was also able to identify services that were signed-up for using these email addresses. This means that using a simple password reset, one could possibly take over those accounts as well. Also, had the administrator allowed users to reset their password, one would have been able to take over these Microsoft accounts as well and access all of their data.

• Access to these accounts can be blocked at any time. This can happen either when Microsoft finds out about the abuse of their services or when the domain is added to another Microsoft 365 tenant. For example, I can still add this domain to my Microsoft 365 tenant by reaching out to Microsoft. However, before releasing the domain from the previous tenant, Microsoft will either make all accounts associated with this domain inoperative or map them to a different domain name within the previous tenant. Note that, the catch-all will still keep catching emails sent to any email address associated with this domain name.

Hopefully, after reading this post you will stay away from cheap Microsoft 365 accounts. If not, well, you have been warned.

Please note: This is not a vulnerability within Microsoft 365 or Office 365. The vulnerability lies in us, the tendency to fall for luring offers.

Continuing on my quest to learn more about red team operations, I picked up the book, Red Team - How to Succeed By Thinking Like the Enemy by Micah Zenko. This time I am not guilty of judging the book by its cover because this book has been on my reading list for some time. I had been delaying reading it because this is not a technical book and has little to do with cyber red team operations. I decided to give it a read as part of my 100 Days of Red Team challange.

It provides a deep exploration of red teaming as a strategic practice. It illustrates how organizations across various domains—military, intelligence, cybersecurity, and business—use red team exercises to identify vulnerabilities, challenge assumptions, overcome group think and anticipate threats. The author has presented a well-researched analysis of red team methodologies, their effectiveness, and challenges they face.

Content Overview

This book is divided into six parts. First part discusses best practices for the success of a red team and for obtaining true value out of a red team exercise. Parts two to five discuss red team case studies across, military, intelligence, homeland security and private sector domain. Part six addresses some misconceptions about red team exercises and also talks about how red teaming might evolve in future.

The book traces the origins of red teaming, linking it to historical practices like the Devil’s Advocate in the Vatican, and explores its modern applications. The author has categorized different types of red team exercises, including simulations, vulnerability probes, and alternative analysis, explaining how they operate within various institutions. Through extensive case studies, the book highlights both successful and failed red team exercises, drawing insights from organizations like the CIA, NYPD, and corporate entities. A key theme is the role of leadership in enabling or hindering red team effectiveness. The authour has also discussed best practices for setting up and running a red team, as well as common pitfalls that can render these efforts ineffective.

Salient Features

• Covers red teaming beyond cybersecurity, including its application in business, military, intelligence, and homeland security.

• Features numerous real-world case studies that provide valuable insights into the benefits and challenges of red teaming.

• Emphasizes the importance of management buy-in for the success of red team initiatives.

• Helps readers understand red teaming as a broader strategic concept rather than merely a cybersecurity testing technique.

• Offers insights into the role of leadership and organizational culture in determining the effectiveness of red teams.

• Provides practical takeaways for both practitioners and decision-makers interested in leveraging red teaming.

Not so salient Features

• While the book effectively illustrates the benefits of red teaming through case studies, it could have provided more guidance on cultivating a red team mindset.

• The focus is more on describing red team outcomes rather than offering a structured methodology for developing red team capabilities.

My rating 4.5 / 5.0

Join my Cyber Security book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Professional Red Teaming by Jacob G. Oakley

• Adversarial Tradecraft in Cybersecurity by Dan Borges

• The Cybersecurity Manager's Guide by Todd Barnum

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

Continuing on my quest to learn more about red team operations, I picked up the book, Professional Red Teaming by Jacob G. Oakley. Once again, I am guilty of judging the book by its cover. This time it turned out to be okayish choice. This book aims to help readers navigate the intricacies of conducting professional red team offensive security engagements, focusing on operational guidelines, tradecraft, and the human aspects of offensive security. It also introduces a novel concept—Counter-APT Red Teaming (CAPTR)—designed to tackle advanced persistent threats (APTs) and offers a comprehensive framework for evaluating offensive security processes.

Please note that even though this book covers certain technical aspects of offensive security engaements, this is not a technical book. It focuses more on the management and process aspect of offensive security engagements.

Content Overview

The book is organized into 15 chapters that address various facets of offensive security engagements:

1. Foundations of Red Teaming: Chapters 1-3 provide an overview of red team operations, the importance of human hackers over automation, and the limitations of modern offensive security engagements compared to real-world adversaries.

2. Process and Execution: Chapters 4-8 cover the theoretical and procedural aspects of engagements, including scoping, drafting rules of engagement, execution phases, reporting, and the role of purple teaming.

3. CAPTR Teaming: Chapters 9-12 introduce and elaborate on CAPTR—a reverse red teaming methodology—with detailed steps such as scoping, initialization, and execution.

4. Evaluation and Experimentation: Chapters 13-15 focus on comparing traditional red teaming with CAPTR through a structured framework and a fictional experiment to illustrate their effectiveness.

Salient Features

• The concept of CAPTR and Reverse Red Teaming is innovative and provides a fresh perspective on addressing APTs, making it potentially valuable for organizations.

• The book emphasizes the challenges posed by people during offensive security engagements, including the dynamic between adversarial blue and red teams.

• Chapters 4-8 are a goldmine for understanding the lifecycle of offensive security engagements, with actionable insights on scoping, execution, and reporting.

• The inclusion of a sample format for operational notes and examples from the author's professional experiences make the content insightful.

• The guidance is relevant for both internal red teams and external service providers, catering to diverse professional needs.

Not so salient Features

• The interchangeable use of the terms, red teaming and penetration testing, can mislead readers, especially professionals who understand the critical differences between the two. Referring to them collectively as "offensive security engagements" could have resolved this ambiguity.

• Certain scenarios, such as assuming an organization undergoing a red team exercise lacks a vulnerability management program, seem disconnected from reality.

• The tone, particularly in the initial chapters, leans heavily toward criticism, which may not resonate well with all readers.

• The book contains some spelling and grammatical inconsistencies, which may distract readers at times. Addressing these issues in future editions would enhance the overall reading experience and professionalism of the content.

My rating 3.5 / 5.0

Join my Cyber Security book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Adversarial Tradecraft in Cybersecurity by Dan Borges

• The Cybersecurity Manager's Guide by Todd Barnum

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

In my quest to deepen my understanding of red team operations and adversary emulation, I stumbled upon the book, Adversarial Tradecraft in Cybersecurity by Dan Borges. To be honest, its title immediately caught my attention (yes, I am guilty of judging the book by cover but it turned out to be a good decision ). This book provides actionable guidance for both attackers and defenders. I got it through the Humble Bundle by Packt. It was published in June 2021.

Content Overview

Each chapter is divided into two subsections, offensive and defensive perspectives, making it a comprehensive guide for professionals on both sides of the cybersecurity spectrum.

The book begins with an introduction to adversarial operations and the principles of computer conflict, exploring core concepts like deception, humanity. It guides readers through the essentials of planning, setting up infrastructure, and equipping teams with the necessary tools.

It then covers techniques, from both, offensive and defensive perspectives, to gain a tactical edge by remaining undetected, blending into the opponent’s techniques, and discerning the motivations and capabilities of other actors. It also delves into tampering with opponents' abilities to detect your presence and using advanced research to conclude operations effectively.

Throughout the text, the book covers practical examples that cater to a wide audience, from penetration testers and red teamers to incident responders and security engineers.

Salient Features

• Each chapter presents both offensive and defensive viewpoints, providing a holistic understanding of adversarial operations.

• The content is grounded in the author’s extensive experience, offering valuable, actionable insights.

• The book introduces a plethora of tools spanning offensive, defensive, and forensic domains, many of which were new to me.

• It highlights the importance of deception strategies in both offense and defense, a critical yet often underemphasized aspect of cybersecurity.

• The book offers numerous techniques and strategies applicable to offense-defense game type scenarios.

• It serves as a valuable resource for experienced cybersecurity professionals, including CISOs and managers, and is excellent for a quick refresher on key concepts, tools, and techniques.

Not so salient Features

• The book’s breadth of concepts can be daunting for newcomers to the field, despite clear explanations.

• Many strategies are tailored to simulated offense-defense game type scenarios and may have constrained applicability in practical settings.

• While informative, the book could have been structured better to enhance readability and flow.

My rating 4.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• The Cybersecurity Manager's Guide by Todd Barnum

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

I recently came across this book, Web Application Security by Andrew Hoffman, while searching for material to read on how to secure web applications. There are many books available on this topic. I picked this one specifically because of it's recent publication date. It was published in March 2020 (about 5 month back, at the time of writing).

Content overview

The tagline of the book, "Exploitation and Countermeasures for Modern Web Applications", says it all. The book is divided into three parts Recon, Offense and Defense, each part is then divided into chapters covering specific areas of web application security.

It starts by providing a glimpse into the history of software security and the evolution of web related attacks as we see them today. It lays the foundation for the first part, Recon. In this part the author describes various techniques for mapping a web application. One important lesson I learnt from this part is that recon is not just limited to the web application per se. When mapping out the web application, one needs to look at aspects such as:

• Structure of the application

• Subdomains

• APIs

• Third-party components

• Architecture

The second part of the book, Offense, covers the most common attacks related to web applications:

• Cross-site scripting (XSS)

• Cross-site request forgery (CSRF)

• XML External Entity (XXE)

• Injection

• Denial of Service (DoS and DDoS)

• Exploiting third-party components

In Defense (third part of this book), the author looks at securing web applications from a developer's point of view (one of the things I liked about this book). This part covers the following:

• Securing application architecture

• Secure code reviews

• Vulnerability discovery and management

• Defense techniques for each attack mentioned in the Offense section

Salient features

Here are a few things I liked about this book:

• It focuses on holistic view of securing web applications.

• Each offense technique is mapped to appropriate defense(s).

• Developer focused Defense part of the book.

• Author's focus on the importance of taking notes and his preferred notes format (you can find this out by reading the book).

• This book is good for developers, information security managers, beginners in web application security.

Not so salient features

Here are a few things I did not like about this book:

• Given the title and tag line, I thought it would be fairly more technical. It did not live up to those expectations.

• The offense part misses out on key web application attacks such as Local File Inclusion (LFI), Remote File Inclusion (RFI), Path Traversal, Insecure Direct Object Reference etc.

• Author has included examples for a fictitious website, a hands-on lab would have been nice.

My rating: 4.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• The Cybersecurity Manager's Guide by Todd Barnum

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

I recently came across this book, Container Security by Liz Rice, while searching for material to read on how to secure containerized applications. This was the only book I could find on the topic, so I picked it up without thinking further. It was published in April 2020.

Content overview

The book's tagline, "Fundamental Technology Concepts that Protect Containerized Applications", provides an apt description of the content. It starts with basic concepts which are necessary to understand before we set out to secure containers. Even though the book is divided into 14 chapters, they can be rolled up into following three broad categories:

• How containers work or, more aptly, what makes containers possible? - Chapters 2-5. In these chapters the author provides a brief introduction to various Linux components, such as Namespaces, Control Groups, Sys calls, Permissions, Capabilities etc. that work together to enable the technology we know as Containers. After all, a container is still a Linux process running on the host machine. This part ends by giving a bird's eye view of virtual machines and how containers are different from VMs.

• Securing various aspects of containers - Chapters 6-13. In each of these chapters the author describes a facet of containers and also provides recommendations on securing it. For example, in chapter 6 she describes how container images are built and also provides security best practices to protect container images. This part also covers concepts like rootless containers, Kata containers, Unikernels etc.

• Container security threats, recommendations and checklist - Chapter 1, 14 and security checklist. In the first chapter the author covers various threats associated with containers and provides mitigations to address them. The author has also provided a container threat model in this chapter. In chapter 14, the author maps various vulnerabilities associated with containers to OWASP Top 10. Finally, at the end of the book the author has also provided a security checklist based on her recommendations throughout the book.

Salient features

Here are a few things I liked about this book:

• Good coverage of container threats and security best practices.

• It builds the foundation by describing how containers work on the ground. This understanding is fundamental for learning how to secure containers.

• The author had provided a lot of useful commands for enumerating containers (they are spread throughout the book and not covered specifically under this heading).

• The author has also provided various tools that can be used to secure containers.

• It is written in an easy to understand manner despite being technical in nature.

• Security checklist at the end of the book.

• At 180 pages, it's short and concise. Packed with a lot of useful information.

• This book is good for developers working on containerized applications, cloud security professionals, security managers and red teamers.

Not so salient features

Here are a few things I did not like about this book:

• None.

My rating: 5.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• The Cybersecurity Manager's Guide by Todd Barnum

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Web Application Security by Andrew Hoffman

What is Mona.py?

• A pycommand for Immunity Debugger, designed and developed to aid the exploit development process

• Automates various tasks such as address search, pattern generation and comparison, egg hunter generation etc.

• Replaces pvefindaddr

• Developed by Corelanc0d3r (Peter Van Eeckhoutte)

• Official link: http://bit.ly/mona-py

Command 1: Set workingfolder

• Sets the working directory for mona to store command output and related files:

  • !mona config -set workingfolder c:\logs\%p

• This will tell mona to write the output to subfolders of c:\logs. The %p variable will be replaced with the process name currently being debugged.

• If you want to further group output, you can even use the %i variable in the workingfolder parameter. This variable will get replaced with the process ID of the application being debugged.

Command 2: bytearray

• Generates an array of hex bytes from \x00 to \xff (except for the excluded ones):

  • !mona bytearray

• Produces two files: text and binary

• Takes two flags:

  • -b – to exclude bytes from array

  • -r – to output array in the reverse order (\xff..\x00)

• Use compare command to automate the comparison process:

  • !mona compare –f <filename> -a <address>

Command 3: pc, po & findmsp

• Generates a cyclic pattern (Metasploit pattern) of a given size and length:

  • !mona pc <length>

• Locates given four bytes in a cyclic pattern and returns the offset:

  • !mona po <bytes>

• Find instances of the cyclic pattern:

  • !mona findmsp

• Optional argument:

  • -distance Sets the distance from ESP to begin search from

Command 4: egg

• Creates an egghunter routine with a default tag (w00t):

  • !mona egg

• Optional arguments:

  • -t : tag (ex: w00t). Default value is w00t

  • -c : enable checksum routine. Only works in conjunction with parameter -f

  • -f : file containing the shellcode

  • -depmethod : method can be “virtualprotect”, “copy” or “copy_size”

  • -depreg : sets the register that contains a pointer to the API function to bypass DEP. By default this register is set to ESI

  • -depsize : sets the size for the dep bypass routine

  • -depdest : this register points to the location of the egghunter itself.

Command 5: jmp

• Searches for pointers that will lead to execution of the code located at the address pointed by a given register:

  • !mona jmp –r <register>

• Default module criteria : skip aslr and rebase modules. The search will include OS modules by default, but this can be overruled by using the -cm os=false global option.

Command 6: seh

• Searches for pointers to routines that will lead to code execution in a SEH overwrite exploit:

  • !mona seh

• By default, it will attempt to bypass SafeSEH by excluding pointers from rebase, aslr and safeseh protected modules.

• The optional -all parameter, if specified, will also search for pointers in memory locations outside of loaded modules.

Watch the video

Learn the art of exploit development

If you want to learn the art of exploit development check out our Hands-on courses:

• Hands-on Exploit Development

• Hands-on Exploit Development (Advanced)

• Immunity Debugger for Exploit Devs - YCSC Lab Essentials

I recently picked up this book, Red Team Development and Operations by Joe Vest and James Tubberville, while searching for material to read on Red Teaming. While this is not the only book on the subject, I was intrigued by the 'Zero-Day Edition' (along with this content, of course). Also, it was published recently (at the time of writing), in January 2020.

Content Overview

The authors have designed this book to be a 'practical guide'. This means that the concepts and tips from this book can be directly applied to real-world red team engagements. The content is organized to align with various phases of a red team engagement.

There are six sections in this book:

• Introduction - This section establishes the context for rest of the book. It describes basics such as threats, vulnerability assessments, penetration testing, red teaming, red team goals, red team organization etc. It also lists out differences between a vulnerability assessment, a penetration test and a red team engagement.

• Engagement Planning - As the name suggests, this section describes the planning phase in detail. The authors cover various areas, such as scoping, team size, costs, roles and responsibilities, rules of engagement, scenario models, execution phases etc., that go into planning a red team engagement. There's a lot of information packed in this chapter as the authors believe planning is the most important phase of an engagement.

• Engagement Execution - This section covers the execution phase of a red team engagement. Authors' focus in this section is on data collection, activity and operator logs, understanding and implementing an adversary's TTPs, command and control center etc.

• Engagement Culmination - This section describes activities that should be performed after the execution phase. These include verifying operator logs, removing any sensitive artifacts, executive and technical briefings.

• Engagement Reporting - Finally, the authors describe how an engagement report should be prepared. What should be included and what not. The authors emphasize that a red team engagement report should be a chronological story-driven report.

• Summary and Conclusion - This section contains the closing remarks from the authors and a summary of earlier chapters.

Salient features

Here are a few things I liked about this book:

• I got to learn some new red teaming concepts such as C2 tiers, C2 re-directors, domain fronting, de-confliction, two person integrity etc.

• It is written in a simple and easy to understand manner.

• Authors have included some interesting puzzles (thought exercises) at the end of the book.

• The companion website provides a lot of ready-to-use material.

• Provides a good starting point for understanding and conducting a red team engagement.

• It is good for penetration testers, new red teamers, information security managers and executives of organizations opting for a red team engagement.

Not so salient features

Here are a few things I did not like about this book:

• There are too many things covered for a book of this length and size.

• It gets repetitive at certain points, to the extent that same text is copy-pasted in multiple sub-sections.

• It just dips into technical aspects of red teaming, there's no deep-dive.

• I found the content organization to be a bit haphazard.

My rating 4.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

UPDATE (14/12/2024): I updated the book’s rating from 3.6 to 4.0. I recently re-read this book and realised that despite its drawbacks, it packs lots of useful insights .

Other book reviews

• The Cybersecurity Manager's Guide by Todd Barnum

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

1. Chosen-Ciphertext Attacks

In a chosen-ciphertext attack, the attacker can choose a piece of ciphertext and obtain its decrypted plaintext. This is especially dangerous because the attacker can manipulate the ciphertext to trick the system into revealing information about the encryption key or algorithm. Chosen-ciphertext attacks are often used in practical applications, such as in padding oracle attacks. Defenses against these attacks include the use of authenticated encryption, which ensures both confidentiality and integrity of the message.

2. Chosen-Plaintext Attacks

Chosen-plaintext attacks involve the attacker selecting specific plaintexts and obtaining the corresponding ciphertexts. This enables the attacker to study how the encryption algorithm transforms specific data, potentially revealing weaknesses in the algorithm or the key. Adaptive chosen-plaintext attacks, where the attacker iteratively adjusts the plaintext based on results, can be particularly dangerous. Robust cryptographic algorithms that mask predictable transformations reduce the likelihood of success in such attacks.

3. Key and Algorithm Attacks

Key and algorithm attacks target the cryptographic algorithms themselves, aiming to uncover vulnerabilities in their design or implementation. Attackers may exploit weaknesses in how keys are generated, distributed, or managed, potentially bypassing encryption without needing to break the algorithm itself. This can include attacks such as poor random number generation or weak key lengths, making it easier for an adversary to guess the key. These attacks highlight the importance of using robust, thoroughly vetted cryptographic algorithms and ensuring secure key management practices.

4. Ciphertext-Only Attacks

In a ciphertext-only attack, the attacker has access only to the encrypted data (ciphertext) and attempts to deduce the corresponding plaintext or the encryption key. This type of attack is especially challenging because the attacker has minimal information. However, if the encryption algorithm or key has flaws, or if statistical analysis can reveal patterns, the attacker may succeed. Strong encryption methods that produce highly randomized ciphertexts help mitigate this risk.

5. Differential Cryptanalysis

Differential cryptanalysis is a sophisticated method used primarily against block ciphers. It involves analyzing how small differences in plaintext inputs result in differences in ciphertext outputs. By studying these patterns, an attacker can deduce information about the key. Differential cryptanalysis is most effective when the cryptographic algorithm lacks sufficient complexity or randomness. Many modern encryption algorithms, like AES, are designed with countermeasures to thwart differential cryptanalysis, including the use of S-boxes that obscure predictable patterns.

6. Brute Force Attacks

Brute force attacks rely on sheer computational power to try every possible key until the correct one is found. While this method is time-consuming and resource-intensive, it remains feasible if the key length is too short. Modern advances in computing power, including the use of GPUs and quantum computing, have made brute force attacks more threatening. To defend against brute force attacks, encryption keys must be long and complex, making it exponentially harder for attackers to test all potential combinations.

7. Known-Plaintext Attacks

In known-plaintext attacks, the attacker has access to both the plaintext and its corresponding ciphertext. By analyzing the relationship between the two, the attacker may be able to determine the key used for encryption. This type of attack is particularly concerning when certain parts of a message are predictable or when standard templates are used. Modern encryption techniques such as block cipher modes of operation, which add randomness to the encryption process, help protect against known-plaintext attacks.

Conclusion

Understanding these cryptographic attacks is crucial for developing more secure systems. Cryptography must be continuously strengthened to stay ahead of adversaries, and organizations should always use the latest and most secure algorithms to protect sensitive data. From key and algorithm vulnerabilities to complex cryptanalysis techniques, staying informed about these attacks is the first step toward robust security.

How do you think quantum computing will impact the future of cryptographic security?

A few months back, I read this book The Cybersecurity Manager's Guide by Todd Barnum. It provides practical insights into the challenging role of cybersecurity management. The book promised to offer insights into aligning security goals with business objectives. It was published in March 2021.

Content Overview

The book is divided into twelve chapters that start by addressing foundational concepts, such as the eight domains of cybersecurity. Chapter three describes the following seven steps or areas that a cybersecurity manager should focus on to drive a successful cybersecurity program:

• Step 1: Cultivate Relationships

• Step 2: Ensure Alignment

• Step 3: Use the Four Cornerstones to Lay the Groundwork for Your Program

• Step 4: Create a Communications Plan

• Step 5: Give Your Job Away

• Step 6: Build Your Team

• Step 7: Measure What Matters

Chapters four to ten cover each of these focus areas in more detail. The last two chapters provide guidance on collaborating with the internal audit team to further the cybersecurity program and ideas for CISOs build trust and cultivate positive relationships throughout the organization.

Salient Features

• The author leverages his experience to offer actionable advice. The book is full of real-world examples and case studies from author’s own career.

• It is written in an easy-to-understand language making it a valuable resource for managers transitioning into cybersecurity roles.

• Rather than focusing solely on technology, the book emphasizes the importance of aligning cybersecurity strategies with overall business objectives.

• This book is ideal for mid- to senior-level managers looking to enhance their understanding of cybersecurity management, as well as new cybersecurity managers seeking practical guidance.

Not so salient Features

• The book does not dive into technical aspects of cybersecurity, which may leave more experienced technical professionals wanting.

• While practical, the book could have benefited from a deeper dive into long-term strategic planning for cybersecurity management.

My rating 4.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

I have been researching cloud security off late. Recently, the book, Penetration Testing Azure for Ethical Hackers by David Okeyode , Karl Fosaaen, showed up on my Twitter feed. The book had good reviews so I decided to pick it up.  It was published in November 2021.

Content Overview

This book is divided in to eight chapters which can largely be categorized into four parts:

• Introduction to Azure and lab building

• Enumeration and initial access to Azure resources

• Exploitation of Azure resources for privilege escalation and lateral movement

• Establishing persistence

Each chapter has hands-on exercises which the reader can perform on a live Azure Subscription. The exercises can be performed using the Free Trial subscription of Azure and do not require any payment on the reader's part. The authors have provided scripts to automatically provision resources for lab scenarios for each chapter. This makes it easy to follow along the exercises. The authors have also provided clean up scripts at the end of each chapter.

In terms of tools, the book covers usage of Azure PowerShell module, Azure Active Directory PowerShell module, Azure CLI (on a Linux machine), Powerzure, Microburst etc. The book does not cover the extensive usage of these tools but it's enough to get readers started. Authors have also referenced a lot of free and useful Microsoft resources which could aid in enumerating the cloud environment.

The exploitation part of the book focuses how misconfigurations in RBAC roles (reader, contributor and owner) can be exploited to escalate privileges and move laterally within the network. The authors have also touched upon moving from Azure to on-premise and vice-versa.

Salient Features

Here are a few things I liked about this book:

• The hands-on exercises made it fun to go through this book.

• Being new to cloud security, I learnt about various Azure and AAD misconfigurations that can prove dangerous for an organization.

• The companion GitHub repository provides access to deployment templates and lab scripts used within the book.

• Provides a good starting point for understanding and conducting Azure penetration testing.

• It is good for penetration testers, red teamers, information security managers and senior executives. They can simulate real-world attacks using tactics, techniques, and procedures (TTPs) that adversaries use in cloud breaches.

Not so salient Features

Here are a few things I did not like about this book:

• It does not map attacks to either MITRE ATT&CK framework or a Red Team Operations Attack Lifecycle.

My rating 4.5 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

In continuance of my research in cloud security, I picked up another book on Azure security. The book was Pentesting Azure Applications - The Definitive Guide to Testing and Securing Deployments by Matt Burrough. I got it as part of the Humble Book Bundle.  It was published in July 2018 and was the only book available focusing on Azure security for some time.

Content Overview

This book is divided into eight chapters covering various services. It starts by building the importance of scoping cloud penetration testing assessments. It then provides an overview of various ways penetration testers can access an Azure environment (along with some best practices). This is followed by techniques to perform reconnaissance using Azure PowerShell module and Azure CLI. From this point onward, it provides deep dive into various Azure services using the following structure:

• Service deep-dive

• Security best practices

• Common misconfigurations / vulnerability points

• Pentester's view of the service

Azure services covered in this book are: Storage services (blob, files, tables and queues), VMs, App Services, Web Apps, Automation services, Network services (firewall, WAF and VPN), Authentication mechanisms (credentials, access tokens, certificates), SQL servers etc.  The last chapter is focused on defending Azure environment and provides an overview of Azure Security Center, Operations Management Suite, Secure DevOps kit and custom log handling.

In terms of tools, the book covers usage of Azure PowerShell module, Azure CLI, Storage Explorer etc. Each chapter provides commands and scripts to enumerate Azure services. The author has also provided references to free and useful Microsoft resources to develop a better understanding of Azure.

Salient Features

Here are a few things I liked about this book:

• It does not assume familiarity with Azure on reader's end. The author has covered each service in sufficient detail to establish the context as to why it important from a penetration tester's perspective.

• All enumeration is performed using custom developed scripts which are well-explained in the book.

• The companion GitHub repository provides access to enumeration scripts used within the book.

• It provides security best practices and Defender's tips throughout chapters.

• It is good for cloud engineers and architects, security consultants, security architects, security mangers and developers.

Not so salient Features

• Surprisingly, the book misses out some of the core areas of pentester's interest such as Azure Active Directory, Azure RBAC and various access management roles.

• In my opinion, the book is wrongly titled. It should have been titled as 'Practical Azure Security' or something similar.

• It needs revision and a new edition. There have been a lot of changes in Azure ever since it's publication.

My rating 3.9 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

After taking some time to finish my eLearnSecurity Certified Reverse Engineer certification, I decided to pick up another book. This time I chose API security as the topic and went for Hacking APIs: Breaking Web Application Programming Interfaces by Corey Ball. It was published in April 2022 by No Starch Press.

Content Overview

This book is divided into four parts, covering fundamentals of web applications and APIs to real-world API hacking. It focuses on pentesting REST APIs and GraphQL APIs.  The first few chapters provide a birds-eye view of how web applications and APIs work and most common vulnerabilities that plague APIs (aka OWASP Top 10 API 2019). If you want to dive deep into inner workings of modern web applications and REST APIs, check out these books The Tangled Web by Michal Zalewski and The Design of Web APIs by Arnaud Lauret, respectively.

The next set of chapters describe the process of setting up the lab to follow along with rest of the book. This includes setting up a Kali Linux machine, installing required tools and extensions (Burp Suite, Postman, WFuzz, Arjun, Kiterunner, Nikto, OWASP ZAP, FoxyProxy and OWASP Amass) and setting up vulnerable endpoints or web applications. The author has demonstrated most attacks on crAPI and Damn Vulnerable GraphQL Application (DVGA). Other vulnerable web applications mentioned in the book include, OWASP DevSlop's Pixi and OWASP Juice Shop.

In the next part (and this is where this book gets really interesting), it delves into penetration testing API endpoints from discovery, fuzzing and endpoint analysis to performing various attacks (it's really hands-on so better get your lab setup as described in earlier chapters). Each chapter in this part covers the relevant theory followed by a demonstration of the attack technique. You can easily replicate the techniques shown in your own lab.

In the last part, there is a chapter on evasion techniques (it's pretty basic but a good starting point) and  a chapter on pentesting DVGA,  a GraphQL based web application.

Salient Features

Here are a few things I liked about this book:

• The hands-on labs made it fun to go through this book.

• It covers various features of BurpSuite, Postman and Wfuzz throughout chapters. I learnt a lot about Postman through this book.

• The author has provided API Hacking Checklist as an additional resource.

• It provides a good starting point for understanding OWASP API Top 10 and practicing various attacks.

• It is good for beginners, penetration testers, red teamers and bug bounty hunters.

• The author has created a Discord server and a free course associated with this book.

Not so salient Features

• It covers only the black-box approach of attacking APIs. It would have been good if the author included vulnerable code samples and explained the root cause of vulnerabilities.

My rating 4.5 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Pentesting Azure Applications by Matt Burrough

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

I recently got a refurbished HP Mini PC and thought of installing Hyper-V instead of my usuals (VMWare Workstation or ESXi). The installation was straightforward but that was the only easy part about this.

I wanted to setup Remnux on it, so I downloaded the Remnux OVA, converted it to Hyper-V format and created a VM (@Cyrus, if you are reading this, please listen to people in the comments section of your video and show us how to get internet working in Remnux Hyper-V VM). The first thing you are advised to do upon launching a Remnux VM is to upgrade it. So I ran the remnux upgrade command, only to find out that internet is not accessible via the VM (despite using Default Switch). To give you a sense of comparison, the same thing worked flawlessly on VMWare Workstation 17. I tried to troubleshoot it but lost interest since it was taking more time than I expected.

Then, I wanted to copy-paste text from host to Remnux VM but that didn’t work either. Turns out, it required Enhanced Session Mode and to enable that there a series of steps that one must follow. Spend 15 mins to get something working that works out of the box in other virtualization software, nah!

Ended up removing Hyper-V and installing VMWare Workstation Pro 17 (which is now free for personal use, by the way).

A part of my work involves working with Cyber Threat Intelligence (CTI) so I wanted to brush up my CTI knowledge and learn new concepts (maybe!). I picked up Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón (published in October 2020 by Packt Publishing Limited). This book has been on my reading list for some time. It also allowed me to dive into a different topic.

Content Overview

One thing I soon realized after reading few chapters of this book was that it should have been titled, "Data-Driven Threat Hunting and Threat Intelligence".  The author has dedicated more than 92% of the content to threat hunting and only one chapter to CTI. There is nothing wrong with this but one would expect more coverage of CTI related topics in a book that is primarily known as "Practical Threat Intelligence".

Book Layout

• Cyber Threat Intelligence - This part covers the basics of CTI and threat hunting. It also talks about various data sources that feed a threat hunting exercise. This section also contains a primer on various computer science topics (OS, Networking, Wifi, Windows etc.).

• Understanding the Adversary - It is mostly focused on Adversary Emulation and covers MITRE ATT&CK framework in detail along with the MITRE ATT&CK Navigator tool. This section also includes a case study of Formbook malware where the author maps various TTPs related to this malware to the MITRE ATT&CK Framework. It then talks about creating a data model for emulating an adversary, planning and performing an adversary emulation exercise. It takes APT3 as a case study to create an adversary emulation plan.

• Working with a Research Environment - Covers creating a lab environment (from scratch!) for threat hunting in later chapters using VMWare ESXi, Ubuntu, ELK stack, HELK and Windows VMs. The author has also covered performing tests from Atomic Red Team library and using the ELK stack to detect events associated with adversarial activity. This section also covers using MTIRE ATT&CK's APT29 emulation to perform threat hunting in the lab environment. The author has provided a walk-through of threat hunts for various TTPs of this APT group. Finally, it discusses the importance of good documentation and automating successful hunts.

• Communicating to Succeed - The last part discusses how to measure and refine the quality of data collected for a threat hunt. It also talks about interpreting the results of a threat hunt, defining metrics to measure and improve the performance and effectiveness of the threat hunting team and threat hunt exercises. The last chapter discuses when to get the incident response team involved and how to effectively communicate results of threat hunting exercises to the senior management.

Salient Features

• It is a good introduction to threat hunting with a good balance of theory and practical.

• This book provides a holistic view of threat hunting.

• The lab setup and threat hunting walk-through are well described and easy to follow.

• The author has included exercises to map some of the TTPs manually.

• I learnt about a lot of tools such as MITRE CALDERA, Qusar RAT, DeTT&CT, The Threat Hunter Playbook, SIGMA rules, OSSEM project etc.

• This book is good for security analysts, red teams, blue teams, security managers and beginners in threat hunting.

Not so salient Features

• Very less coverage of Cyber Threat Intelligence.

• I agree with author's philosophy of creating a lab environment from scratch but providing AWS or Azure templates to automate the lab deployment would have been nice. It would be helpful for people who are short on time.

My rating 4.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Hacking APIs by Corey Ball

• Pentesting Azure Applications by Matt Burrough

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

The Humble Bundle recently launched a Cyber Warfare book bundle. The bundle contained 24 books but Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham intrigued me so I decided to pick this book as my next read. It was published in February 2020 by Packt Publishing. This is not the only book on this subject. Other books on my reading list include Inside Cyber Warfare by Jeffrey Carr (O'Reilly), The Art of Cyberwarfare by Jon DiMaggio (No Starch Press) and Cyberjutsu by Ben McCarty (No Starch Press).

Content Overview

The book is divided into ten chapters and the author has re-enforced two messages multiple times throughout the book. First, perimeter security is dead and second, kill the password. While I don't agree with the author's view of these two security controls but I get the philosophy behind his thinking. The traditional way of looking at cybersecurity will no longer work. Organizations need to take a holistic view of their infrastructure and implement overlapping security controls for it's protection (aka defense in depth).

Book Layout

The book can be divided in to four sections:

• Evolution of cyber warfare - This section encompasses first two chapters of the book. In these chapters, the author covers a brief history of cyber warfare and why traditional controls like perimeter security and passwords fail.

• Emerging attack vectors for modern cyber warfare - This section encompasses chapters three to six. I found this section to be the most interesting and informative part of the book. Here the author discusses how technologies like drones, deep fakes, artificial intelligence, machine learning, social media, mobile ransomware etc. are emerging as new attack vectors of the modern warcraft.

• Cyber warfare defense  - This section encompasses chapters seven to nine. It primarily covers strategies, tools and controls to defend against cyber attacks. Here the author has also drawn a parallel between a physical war and a cyber war by using Iraq-USA war as an example. Tools mentioned by the author include Infection Monkey and SNAP_R. Controls include micro-segmentation, software-defined networks, software-defined data centers, application whitelisting and multi-factor authentication. In this section, the author also advocates user surveillance as means of intelligence collection (another view I don't agree with).

• Survivability and Impacts - This section encompasses chapter ten. In this section, the author states five laws to survive a cyber attack. These laws are distilled version of the content of previous chapters. At the end, the author has covered impacts (some actual, some potential) of a full-blown cyber war between nations.

Salient Features

• I liked the section on emerging attack vectors for modern cyber warfare. It was thought-provoking.

• I got to learn about new tools such as Infection Monkey and technologies such as heartbeat-based authentication.

• It presents a multi-dimensional view of cyber warfare (technical attacks, influence attacks, misinformation attacks, deep fakes based attacks etc.).

• It is good for senior executives, leaders and cyber security professionals in general.

Not so salient Features

• Perimeter security is dead, kill the password and users are stupid is the resounding theme across the book.

• It takes an idealistic view of implementing security controls.

• Author's arguments involving technical controls needs more research.

• Except for chapters three to six, I won't recommend it to readers who are technically well-versed in cybersecurity.

My rating 3.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Practical Threat Intelligence and Data-driven threat hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Pentesting Azure Applications by Matt Burrough

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

Designed by Harold Finch (played by Micheal Emerson) an average employee by the day and a genius computer scientist by the night. He built the Machine to watch acts of terror and alert the authorities beforehand. But it sees everything even acts of small crime. Based on it's observations, it churns out social security numbers of either victims or perpetrators. The Machine was originally developed for government use, however, seeing it's potential misuse if placed in wrong hands, Finch hid it and turned into a vigilante. With the help of the Machine, Finch and his team John Reese (played by Jim Cviezel), Sameen Shaw (played by Sarah Shahi), Root (played by Amy Acker) and Detective Lionel Fusco (played by Kevin Chapman) have took it upon themselves to protect/incriminate the Person of Interest and prevent the Machine from falling into the wrong hands.

It's hard to come by a TV show like this. The show has got an Imdb rating of 8.5 and has won People's Choice Award (2012) in the category of Favorite New Drama. It is a must watch for those of you who crave good entertainment in the field of computers. The story line is gripping and the added benefit is that the viewers get to learn something new about computer science and information technology in nearly every episode.

You can purchase seasons 1-5 from following links:

• Person of Interest Season 1

• Person of Interest Season 2

• Person of Interest Season 3

• Person of Interest Season 4

• Person of Interest Season 5

Image Credits: Deviantart.com

After completing the CCSP certification, I decided to switch gears and pick-up a book focusing on red teaming or adversary emulation. I chose How to Hack Like a LEGEND by Sparc Flow. This book is part of the series, Hack The Planet. The first edition of this book was independently published by the author in 2018. However, a newer edition of this book is expected to be released in October 2022 by No Starch Press. The Early Access version of the new edition is available here.

Content Overview

"This is not your typical tech book." as the author describes it. I agree, it reads like a novel. This book narrates the story of a hacker who wants to unearth the shady dealings of an offshore accounting firm, G&S Trust (this is the same approach that I have taken in my course Red Team Adversary Emulation where we set out to breach into a Fin Tech firm, Tax First Labz). In the book, the hacker sets out to identify an exploitable vulnerability in the G&S Trust network but to no avail. This forces him to look at the supply chain angle. So he sets out to breach a company in the supply chain of G&S Trust and soon finds an attractive target. What happens next? You will need to read the book to find out.

Book Layout

The book is divided into four parts:

• Starting Blocks - This section encompasses first four chapters. In these chapters, the hacker sets up his hacking infra, performs recon, identifies a weak link in the supply chain and sets up a phishing campaign to collect credentials from the target supply chain company.

• First Dive In - This section encompasses chapters five to seven. In these chapters, the hacker uses the collected credentials to break-in and realizes that his actions are being watched. He then goes on to identify the security tools in action and possible ways to defeat them.

• Back to the Arena - This section encompasses chapters eight to twelve. In these chapters, the hacker delves into a few OPSEC techniques to defeat security monitoring tools, creates custom payloads and demonstrates installing a backdoor in the source code of the software used by G&S Trust.

• Salvation - This section encompasses chapters thirteen to fourteen. In these chapters, the hacker finally gains access to G&S Trust, breaks into various machines to collect data and finally gets his hands on the evidence he was looking for.

Salient Features

• This book demonstrates a real-life supply chain attack. This helped me in understanding the true mechanics of a supply chain attack.

• The author has given due importance to OPSEC techniques (which is not found in many of the "hacking" books out there).

• Though it doesn't explicitly cover topics such as red reaming or adversary emulation, it demonstrates them practically.

• It is a good resource for OSCP, OSEP, CRTP, CRTE and CRTO aspirants.

• It is good for beginners, penetration testers, red teams and blue teams.

• If you are curious about how real-world breaches happen, go for this book.

Not so salient Features

• A mapping of the hacker's TTPs to the MITRE ATT&CK Framework would have been nice (this is more of a suggestion to the author for the next edition of this book).

• I would have loved a self-hosted hands-on lab to practice the techniques demonstrated in the book.

My rating 4.5 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-driven threat hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Pentesting Azure Applications by Matt Burrough

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman

It's been some time since I posted my last review, so here comes the next one. This one is for the book Ethical Hacking by Daniel G. Graham. It's been a couple of months since I finished this book. That's the time it takes (at least for me) to truly absorb all the information presented in this book. It was published in October 2021 by No Starch Press. I got it as part of No Starch Press Humble Bundle.

Content Overview

This book is divided into five + 1 parts, covering network fundamentals, cryptography basics and attacks, social engineering techniques, exploitation and post-exploitation attacks. Before diving into concepts, the author has dedicated a chapter to setup a basic lab to enable readers to try out various techniques demonstrated in this book. Throughout the book the author has listed challenging exercises for readers to build upon the concepts learnt through this book.

Book Layout

The book is divided into five + 1 parts:

• Setting Up - This chapter covers setting up a basic lab that will be used throughout the book to demonstrate various attacks. The lab mostly uses open-source technologies like Virtual Box, Metasploitable (as the victim machine), pfSense and Ubuntu.

• Network Fundamentals - This section encompasses chapters two to four. It covers basics of MAC addresses, IP addresses, ARP tables etc. It demonstrates how to perform and detect an ARP spoofing attack. It then covers basics of network layers, packet structures and explains how to capture and analyze network traffic using WireShark. It closes by teaching how to create custom TCP shells.

• Cryptography - This section encompasses chapters five and six. It describes certain cryptography algorithms in detail (including the math behind them). It also explains how Diffie-Hellman, ECC algorithms work. Throughout this section there is an extensive usage of openssl to generate various keys.

• Social Engineering - This section encompasses chapters seven and eight. It covers how to craft a phishing campaign (email, domain names, website etc.). It also demonstrates how modern technologies such as DeepFake videos and machine learning models can be used for phishing. It then delves into information gathering about the target organization using various Open Source Intelligence (OSINT) tools and techniques. Tools covered in this section include, Maltego, Masscan, Shodan, Google Dorks etc.

• Exploitation - This section encompasses chapters nine to thirteen. It demonstrates how to write exploits from scratch and uses Heartbleed vulnerability as an example. It then discusses the theory of fuzzing and how to perform fuzzing using tools and techniques such as AFL, Symbolic Execution, Dynamic Symbolic Execution, Angr and Spike. It then explains how to build Linux and Android Trojans using metasploit. It also covers how to be OPSEC (operation security) safe by adding anti-virus evasion techniques or embedding a rootkit into the Linux kernel. Next, it covers exploiting common web application vulnerabilities and cracking passwords.

• Controlling The Network - This section encompasses chapters fourteen to sixteen. It covers post exploitation tactics such as privilege escalation, lateral movement and attacking Active Directory infrastructure (pass-the-ticket, DCSync, Golden ticket attacks).

Salient Features

• It focuses on building custom tools (TCP shells, Trojans, Rootkits etc.) which helps in understanding how they work behind the scenes.

• It was interesting to learn some novel techniques like back-dooring a .deb package, phishing using DeepFake technology etc.

• It covers modern technologies such as ECC, DeepFake etc.

• In some ways it can be considered as the much-awaited updated version of Georgia Weidman's Penetration Testing book by No Starch Press.

• It is good for beginners in cybersecurity, ethical hacking and offensive security.

• The author has created a Discord server associated with this book.

Not so salient Features

• A cloud-based template of the lab would have been nice.

• It goes into a little more depth of certain topics than required.

• I would have loved a self-hosted hands-on lab to practice the techniques demonstrated in the book.

My rating 4.5 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-driven threat hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Pentesting Azure Applications by Matt Burrough

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman