Python for Cybersecurity

Using Python for Cyber O ffense and Defense

H Poston

$49.95

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

John Wiley & Sons Inc
04 March 2022

Web programming; Computer science

Discover an up-to-date and authoritative exploration of Python cybersecurity strategies Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today. Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:

Reconnaissance, resource development, initial access, and execution Persistence, privilege escalation, defense evasion, and credential access Discovery, lateral movement, collection, and command and control Exfiltration and impact Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.

By: H Poston
Imprint: John Wiley & Sons Inc
Country of Publication: United States
Dimensions: Height: 235mm, Width: 188mm, Spine: 12mm
Weight: 402g
ISBN: 9781119850649
ISBN 10: 1119850649
Pages: 240
Publication Date: 04 March 2022
Audience: Professional and scholarly , Undergraduate
Format: Paperback
Publisher's Status: Active

Introduction xvii Chapter 1 Fulfilling Pre- ATT&CK Objectives 1 Active Scanning 2 Scanning Networks with scapy 2 Implementing a SYN Scan in scapy 4 Performing a DNS Scan in scapy 5 Running the Code 5 Network Scanning for Defenders 6 Monitoring Traffic with scapy 7 Building Deceptive Responses 8 Running the Code 9 Search Open Technical Databases 9 Offensive DNS Exploration 10 Searching DNS Records 11 Performing a DNS Lookup 12 Reverse DNS Lookup 12 Running the Code 13 DNS Exploration for Defenders 13 Handling DNS Requests 15 Building a DNS Response 15 Running the Code 16 Summary 17 Suggested Exercises 17 Chapter 2 Gaining Initial Access 19 Valid Accounts 20 Discovering Default Accounts 20 Accessing a List of Default Credentials 21 Starting SSH Connections in Python 22 Performing Telnet Queries in Python 23 Running the Code 24 Account Monitoring for Defenders 24 Introduction to Windows Event Logs 25 Accessing Event Logs in Python 28 Detecting Failed Logon Attempts 28 Identifying Unauthorized Access to Default Accounts 30 Running the Code 30 Replication Through Removable Media 31 Exploiting Autorun 31 Converting Python Scripts to Windows Executables 32 Generating an Autorun File 33 Setting Up the Removable Media 34 Running the Code 34 Detecting Autorun Scripts 34 Identifying Removable Drives 35 Finding Autorun Scripts 36 Detecting Autorun Processes 36 Running the Code 36 Summary 37 Suggested Exercises 37 Chapter 3 Achieving Code Execution 39 Windows Management Instrumentation 40 Executing Code with WMI 40 Creating Processes with WMI 41 Launching Processes with PowerShell 41 Running the Code 42 WMI Event Monitoring for Defenders 42 WMI in Windows Event Logs 43 Accessing WMI Event Logs in Python 45 Processing Event Log XML Data 45 Running the Code 46 Scheduled Task/Job 47 Scheduling Malicious Tasks 47 Checking for Scheduled Tasks 48 Scheduling a Malicious Task 48 Running the Code 49 Task Scheduling for Defenders 50 Querying Scheduled Tasks 51 Identifying Suspicious Tasks 52 Running the Code 52 Summary 53 Suggested Exercises 53 Chapter 4 Maintaining Persistence 55 Boot or Logon Autostart Execution 56 Exploiting Registry Autorun 56 The Windows Registry and Autorun Keys 57 Modifying Autorun Keys with Python 60 Running the Code 61 Registry Monitoring for Defenders 62 Querying Windows Registry Keys 63 Searching the HKU Hive 64 Running the Code 64 Hijack Execution Flow 65 Modifying the Windows Path 65 Accessing the Windows Path 66 Modifying the Path 67 Running the Code 68 Path Management for Defenders 69 Detecting Path Modification via Timestamps 69 Enabling Audit Events 71 Monitoring Audit Logs 73 Running the Code 75 Summary 76 Suggested Exercises 76 Chapter 5 Performing Privilege Escalation 77 Boot or Logon Initialization Scripts 78 Creating Malicious Logon Scripts 78 Achieving Privilege Escalation with Logon Scripts 79 Creating a Logon Script 79 Running the Code 79 Searching for Logon Scripts 80 Identifying Autorun Keys 81 Running the Code 81 Hijack Execution Flow 81 Injecting Malicious Python Libraries 82 How Python Finds Libraries 82 Creating a Python Library 83 Running the Code 83 Detecting Suspicious Python Libraries 83 Identifying Imports 85 Detecting Duplicates 85 Running the Code 86 Summary 86 Suggested Exercises 87 Chapter 6 Evading Defenses 89 Impair Defenses 90 Disabling Antivirus 90 Disabling Antivirus Autorun 90 Terminating Processes 93 Creating Decoy Antivirus Processes 94 Catching Signals 95 Running the Code 95 Hide Artifacts 95 Concealing Files in Alternate Data Streams 96 Exploring Alternate Data Streams 96 Alternate Data Streams in Python 97 Running the Code 98 Detecting Alternate Data Streams 98 Walking a Directory with Python 99 Using PowerShell to Detect ADS 100 Parsing PowerShell Output 101 Running the Code 102 Summary 102 Suggested Exercises 103 Chapter 7 Accessing Credentials 105 Credentials from Password Stores 106 Dumping Credentials from Web Browsers 106 Accessing the Chrome Master Key 108 Querying the Chrome Login Data Database 108 Parsing Output and Decrypting Passwords 109 Running the Code 109 Monitoring Chrome Passwords 110 Enabling File Auditing 110 Detecting Local State Access Attempts 111 Running the Code 113 Network Sniffing 114 Sniffing Passwords with scapy 114 Port- Based Protocol Identification 116 Sniffing FTP Passwords 116 Extracting SMTP Passwords 117 Tracking Telnet Authentication State 119 Running the Code 121 Creating Deceptive Network Connections 121 Creating Decoy Connections 122 Running the Code 122 Summary 123 Suggested Exercises 123 Chapter 8 Performing Discovery 125 Account Discovery 126 Collecting User Account Data 126 Identifying Administrator Accounts 127 Collecting User Account Information 128 Accessing Windows Password Policies 128 Running the Code 129 Monitoring User Accounts 130 Monitoring Last Login Times 130 Monitoring Administrator Login Attempts 131 Running the Code 132 File and Directory Discovery 133 Identifying Valuable Files and Folders 133 Regular Expressions for Data Discovery 135 Parsing Different File Formats 135 Running the Code 136 Creating Honeypot Files and Folders 136 Monitoring Decoy Content 136 Creating the Decoy Content 137 Running the Code 138 Summary 138 Suggested Exercises 139 Chapter 9 Moving Laterally 141 Remote Services 142 Exploiting Windows Admin Shares 142 Enabling Full Access to Administrative Shares 143 Transferring Files via Administrative Shares 144 Executing Commands on Administrative Shares 144 Running the Code 144 Admin Share Management for Defenders 145 Monitoring File Operations 146 Detecting Authentication Attempts 147 Running the Code 148 Use Alternative Authentication Material 148 Collecting Web Session Cookies 149 Accessing Web Session Cookies 150 Running the Code 150 Creating Deceptive Web Session Cookies 151 Creating Decoy Cookies 151 Monitoring Decoy Cookie Usage 153 Running the Code 153 Summary 154 Suggested Exercises 155 Chapter 10 Collecting Intelligence 157 Clipboard Data 158 Collecting Data from the Clipboard 158 Accessing the Windows Clipboard 159 Replacing Clipboard Data 159 Running the Code 160 Clipboard Management for Defenders 160 Monitoring the Clipboard 161 Processing Clipboard Messages 161 Identifying the Clipboard Owner 161 Running the Code 162 Email Collection 162 Collecting Local Email Data 162 Accessing Local Email Caches 163 Running the Code 163 Protecting Against Email Collection 164 Identifying Email Caches 165 Searching Archive Files 165 Running the Code 166 Summary 166 Suggested Exercises 166 Chapter 11 Implementing Command and Control 169 Encrypted Channel 170 Command and Control Over Encrypted Channels 170 Encrypted Channel Client 171 Encrypted Channel Server 172 Running the Code 173 Detecting Encrypted C2 Channels 174 Performing Entropy Calculations 175 Detecting Encrypted Traffic 175 Running the Code 176 Protocol Tunneling 176 Command and Control via Protocol Tunneling 176 Protocol Tunneling Client 177 Protocol Tunneling Server 177 Running the Code 179 Detecting Protocol Tunneling 179 Extracting Field Data 181 Identifying Encoded Data 181 Running the Code 181 Summary 182 Suggested Exercises 182 Chapter 12 Exfiltrating Data 183 Alternative Protocols 184 Data Exfiltration Over Alternative Protocols 184 Alternative Protocol Client 185 Alternative Protocol Server 186 Running the Code 188 Detecting Alternative Protocols 189 Detecting Embedded Data 190 Running the Code 191 Non- Application Layer Protocols 191 Data Exfiltration via Non- Application Layer Protocols 192 Non- Application Layer Client 193 Non- Application Layer Server 193 Running the Code 194 Detecting Non- Application Layer Exfiltration 195 Identifying Anomalous Type and Code Values 196 Running the Code 196 Summary 197 Suggested Exercises 197 Chapter 13 Achieving Impact 199 Data Encrypted for Impact 200 Encrypting Data for Impact 200 Identifying Files to Encrypt 201 Encrypting and Decrypting Files 202 Running the Code 202 Detecting File Encryption 203 Finding Files of Interest 204 Calculating File Entropies 204 Running the Code 205 Account Access Removal 205 Removing Access to User Accounts 205 Changing Windows Passwords 207 Changing Linux Passwords 207 Running the Code 207 Detecting Account Access Removal 208 Detecting Password Changes in Windows 209 Detecting Password Changes in Linux 210 Running the Code 211 Summary 211 Suggested Exercises 212 Index 213

HOWARD E. POSTON III is a freelance consultant and content creator with a professional focus on blockchain and cybersecurity. He has over ten years’ experience in programming with Python and has developed and taught over a dozen courses teaching cybersecurity. He is a sought-after speaker on blockchain and cybersecurity at international security conferences.