Jacob G. Oakley - Böcker

Use this unique book to leverage technology when conducting offensive security engagements. You will understand practical tradecraft, operational guidelines, and offensive security best practices as carrying out professional cybersecurity engagements is more than exploiting computers, executing scripts, or utilizing tools.Professional Red Teaming introduces you to foundational offensive security concepts. The importance of assessments and ethical hacking is highlighted, and automated assessment technologies are addressed. The state of modern offensive security is discussed in terms of the unique challenges present in professional red teaming.Best practices and operational tradecraft are covered so you feel comfortable in the shaping and carrying out of red team engagements. Anecdotes from actual operations and example scenarios illustrate key concepts and cement a practical understanding of the red team process.You also are introduced to counter advanced persistent threat red teaming (CAPTR teaming). This is a reverse red teaming methodology aimed at specifically addressing the challenges faced from advanced persistent threats (APTs) by the organizations they target and the offensive security professionals trying to mitigate them. What You’ll LearnUnderstand the challenges faced by offensive security assessmentsIncorporate or conduct red teaming to better mitigate cyber threatsInitiate a successful engagementGet introduced to counter-APT red teaming (CAPTR)Evaluate offensive security processesWho This Book Is ForOffensive security assessors and those who want a working knowledge of the process, its challenges, and its benefits. Current professionals will gain tradecraft and operational insight and non-technical readers will gain a high-level perspective of what it meansto provide and be a customer of red team assessments.

Understand the challenges of implementing a cyber warfare strategy and conducting cyber warfare. This book addresses the knowledge gaps and misconceptions of what it takes to wage cyber warfare from the technical standpoint of those with their hands on the keyboard. You will quickly appreciate the difficulty and complexity of executing warfare within the cyber domain. Included is a detailed illustration of cyber warfare against the backdrop of national and international policy, laws, and conventions relating to war.Waging Cyber War details technical resources and activities required by the cyber war fighter. Even non-technical readers will gain an understanding of how the obstacles encountered are not easily mitigated and the irreplaceable nature of many cyber resources.You will walk away more informed on how war is conducted from a cyber perspective, and perhaps why it shouldn’t be waged. And you will come to know how cyber warfare has been covered unrealistically, technically misrepresented, and misunderstood by many.What You’ll LearnUnderstand the concept of warfare and how cyber fits into the war-fighting domainBe aware of what constitutes and is involved in defining war and warfare as well as how cyber fits in that paradigm and vice versaDiscover how the policies being put in place to plan and conduct cyber warfare reflect a lack of understanding regarding the technical means and resources necessary to perform such actionsKnow what it means to do cyber exploitation, attack, and intelligence gathering; when one is preferred over the other; and their specific values and impacts on each otherBe familiar with the need for, and challenges of, enemy attributionRealize how to develop and scope a target in cyber warfareGrasp the concept of self-attribution: what it is, the need to avoid it, and its impactSee what goes into establishing the access from which you will conduct cyber warfare against an identified targetAppreciate how association affects cyber warfareRecognize the need for resource resilience, control, and ownershipWalk through the misconceptions and an illustrative analogy of why cyber warfare doesn't always work as it is prescribedWho This Book Is ForAnyone curious about warfare in the era of cyber everything, those involved in cyber operations and cyber warfare, and security practitioners and policy or decision makers. The book is also for anyone with a cell phone, smart fridge, or other computing device as you are a part of the attack surface.

There is a distinct lack of theoretical innovation in the cybersecurity industry. This is not to say that innovation is lacking, as new technologies, services, and solutions (as well as buzzwords) are emerging every day. This book will be the first cybersecurity text aimed at encouraging abstract and intellectual exploration of cybersecurity from the philosophical and speculative perspective. Technological innovation is certainly necessary, as it furthers the purveying of goods and services for cybersecurity producers in addition to securing the attack surface of cybersecurity consumers where able. The issue is that the industry, sector, and even academia are largely technologically focused. There is not enough work done to further the trade—the craft of cybersecurity. This book frames the cause of this and other issues, and what can be done about them. Potential methods and directions are outlined regarding how the industry can evolve to embrace theoretical cybersecurity innovation as it pertains to the art, as much as to the science. To do this, a taxonomy of the cybersecurity body of work is laid out to identify how the influences of the industry’s past and present constrain future innovation. Then, cost-benefit analysis and right-sizing of cybersecurity roles and responsibilities—as well as defensible experimentation concepts—are presented as the foundation for moving beyond some of those constraining factors that limit theoretical cybersecurity innovation. Lastly, examples and case studies demonstrate future-oriented topics for cybersecurity theorization such as game theory, infinite-minded methodologies, and strategic cybersecurity implementations.What you’ll learnThe current state of the cybersecurity sector and how it constrains theoretical innovationHow to understand attacker and defender cost benefit The detect, prevent, and accept paradigmHow to build your own cybersecurity boxSupporting cybersecurity innovation through defensible experimentationHow to implement strategic cybersecurityInfinite vs finite game play in cybersecurityWho This Book Is ForThis book is for both practitioners of cybersecurity and those who are required to, or choose to, employ such services, technology, or capabilities.

Space is one of the fastest growing military, government and industry sectors. Because everything in today’s world exists within or connected to cyberspace, there is a dire need to ensure cybersecurity is addressed in the burgeoning field of space operations.This revised and expanded edition will prime the reader with the knowledge needed to understand the unique challenges to space operations which affect the implementation of cybersecurity. Further, the reader will have foundational knowledge on what impacts cyber threats can have on space systems and how cybersecurity must rise to meet them.The author, who spent years in the United States Marine Corps, originally involved in satellite communications is now a seasoned cyber security practitioner who has provided cyber security vision and strategy to a large portfolio of systems and programs, many focused specifically in space. A published academic and experienced professional, he brings a practical, real-world and tempered approach to securing the final frontier. What You Will LearnBasic concepts of how different space vehicles operate in general.How such systems and their components integrate into cyberspace.A clear picture of the potential damage available via cyber-attacks to such systems. Basic efforts to mitigate such cyber threats will be presented through the various portions of space operations.Foundational issues at the intersection of the space and cyber domainsWho This Book Is ForThis book is written for anyone curious about warfare in the era of cyber everything, those involved in cyber operations and cyber warfare, as well as security practitioners and policy or decision makers who are on the sending or receiving end of such activity.