Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Foreword
Acknowledgments
Introduction
Chapter 1 State of the Advanced Cyber Threat
Have You Heard About the APT?
APT Defined
What Makes a Threat Advanced and Persistent?
Examples of Advanced and Persistent Threats
Moonlight Maze
Stakkato
Titan Rain
Stormworm
GhostNet
Byzantine Hades/Foothold/Candor/Raptor
Operation Aurora
Stuxnet
Russian Business Network
New Generation of Botnets and Operators
Operation Payback
Conclusion
Chapter 2 What Is Deception?
How Does Deception Fit in Countering Cyber Threats?
Six Principles of Deception
Focus
Objective
Centralized Planning and Control
Security
Timeliness
Integration
Traditional Deception
Feints—Cowpens
Demonstrations—Dorchester Heights
Ruses—Operation Mincemeat (the Unlikely Story of Glyndwr Michael)
Displays—A Big Hack Attack
Why Use Deception?
The First US Army Group Deception
Russian Maskirovka
Deception Maxims
“Magruder’s Principle”—Exploitation of a COG’s Perception or Bias
“Limitations to Human Information Processing”
“Multiple Forms of Surprise”
“Jones’ Dilemma”
“Choice of Types of Deception”
“Husbanding of Deception Assets”
“Sequencing Rule”
“Importance of Feedback”
“Beware of Possible Unwanted Reactions”
“Care in the Design of Planned Placement of Deceptive Material”
Understanding the Information Picture
Half-Empty Version
Half-Full Version
A Question of Bias
Totally Full Version
Step-Beyond Version
Two-Steps-Beyond Version
Conclusion
Chapter 3 Cyber Counterintelligence
Fundamental Competencies
Applying Counterintelligence to the Cyber Realm
Sizing Up Advanced and Persistent Threats
Attack Origination Points
Numbers Involved in the Attack
Risk Tolerance
Timeliness
Skills and Methods
Actions
Objectives
Resources
Knowledge Source
Conclusion
Chapter 4 Profiling Fundamentals
A Brief History of Traditional Criminal Profiling
The Emergence of Cyber Profiling
Acquiring an Understanding of the Special Population
The Objectives of Profiling
The Nature of Profiling
Basic Types of Profiling
Two Logical Approaches to Profiling: Inductive vs. Deductive
Information Vectors for Profiling
Time
Geolocation
Skill
Motivation
Weapons and Tactics
Socially Meaningful Communications and Connections
Conclusion
References
Chapter 5 Actionable Legal Knowledge for the Security Professional
How to Work with a Lawyer
What You Should Know About Legal Research
Online Legal Resources
Common Legal Terms
The Role of Statutes in Our Legal System
How to Find a Law
Do Your Background Homework
Reading the Law
Communicating with Lawyers
Ethics in Cyberspace
Conclusion
Chapter 6 Threat (Attacker) Tradecraft
Threat Categories
Targeted Attacks
Opportunistic Attacks
Opportunistic Turning Targeted
Evolution of Vectors
Meet the Team
Criminal Tools and Techniques
Tailored Valid Services
Academic Research Abuse
Circles of Trust
Injection Vectors
Conclusion
Chapter 7 Operational Deception
Deception Is Essential
Tall Tale 1
Postmortem
Tall Tale 2
Postmortem
Tall Tale 3
Postmortem
Tall Tale 4
Honeypot 1
Postmortem
Conclusion
Chapter 8 Tools and Tactics
Detection Technologies
Host-Based Tools
Antivirus Tools
Digital Forensics
Security Management Tools
Network-Based Tools
Firewalls
Intrusion Detection/Prevention Systems
Deception Technologies
Honeywalls
Honeynets as Part of Defense-in-Depth
Research vs. Production Honeynets
Honeynet Architectures
Honeywall Accreditation
Content Staging
Content Filling
Honeynet Training
Honeynet Objectives
Honeynet Risks and Issues
Check Yourself Before You’re Wrecked
What’s the Status of Your Physical Security?
How Does Your Wireless Network Look?
What’s Traveling on Your Network?
What About Your Host/Server Security?
How Are Your Passwords?
How’s Your Operational Security?
Crimeware/Analysis Detection Systems
What Happened on Your Box?
What Did That Malicious Software Do?
Conclusion
Chapter 9 Attack Characterization Techniques
Postincident Characterization
Another Tall Tale
Discovery
Malware
Aftermath
Real-World Tactics
Engaging an Active Threat
Traffic, Targets, and Taxonomy
Aftermath
Conclusion
Chapter 10 Attack Attribution
A Brief Note About Levels of Information Present in Objects
Profiling Vectors
Time
Motivations
Social Networks
Skill Level
Vector Summary
Strategic Application of Profiling Techniques
Example Study: The Changing Social Structure of the Hacking Community
Micro- and Macro-Level Analyses
The Rise of the Civilian Cyber Warrior
The Balance of Power
Potential Civilian Cyber Warrior Threats
Conclusion
References
Chapter 11 The Value of APTs
Espionage
Costs of Cyber Espionage
Value Network Analysis
APTs and Value Networks
The RSA Case
The Operation Aurora Case
APT Investments
APTs and the Internet Value Chain
It’s All Good(s)
Bitcoin in the Future?
Conclusion
Chapter 12 When and When Not to Act
Determining Threat Severity
Application Vulnerability Scenario
Targeted Attack Scenario
What to Do When It Hits the Fan
Block or Monitor?
Isolating the Problem
Distinguishing Threat Objectives
Responding to Actionable Intelligence
Cyber Threat Acquisition
Distinguishing Between Threats
Processing Collected Intelligence
Determining Available Engagement Tactics
Engaging the Threat
Within Your Enterprise
External to Your Enterprise
Working with Law Enforcement
To Hack or Not to Hack (Back)
To What End?
Understanding Lines (Not to Cross)
Conclusion
Chapter 13 Implementation and Validation
Vetting Your Operations
Vetting Deceptions
Vetting Perceptual Consistency in a Deception
Vetting Engagements
Putting This Book to Use with Aid from Professionals
How to Evaluate Success
Getting to the End Game
Conclusion
Glossary
Index
← Prev
Back
Next →
← Prev
Back
Next →