eBook - ePub
Python for Cybersecurity
Using Python for Cyber Offense and Defense
Howard E. Poston, III
This is a test
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Python for Cybersecurity
Using Python for Cyber Offense and Defense
Howard E. Poston, III
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Discover an up-to-date and authoritative exploration of Python cybersecurity strategies
Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.
Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:
- Reconnaissance, resource development, initial access, and execution
- Persistence, privilege escalation, defense evasion, and credential access
- Discovery, lateral movement, collection, and command and control
- Exfiltration and impact
Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Python for Cybersecurity als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Python for Cybersecurity von Howard E. Poston, III im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Cryptography. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
CHAPTER 1
Fulfilling Pre-ATT&CK Objectives
Originally, MITRE Pre-ATT&CK was a stand-alone matrix within the MITRE ATT&CK framework. It detailed the various steps that an attacker could take to prepare before attempting to gain initial access to a target environment.
In October 2020, MITRE restructured the ATT&CK framework and condensed MITRE Pre-ATT&CK into two tactics of the ATT&CK matrix. The new version breaks Pre-ATT&CK into Reconnaissance and Resource Development, as shown in Figure 1.1.
Figure 1.1: MITRE Pre-ATT&CK
In this chapter, we will focus on the Reconnaissance tactic of MITRE Pre-ATT&CK. The reason is that while Resource Development can be automated, the details can vary greatly, and this stage of the attack is not visible to the defender. For example, Python could be used for implementing a domain generation algorithm (DGA) for phishing or automating the deployment of web-based services, but these apply only in certain types of attacks and can easily be implemented in other ways.
Reconnaissance, on the other hand, can benefit significantly from automation. Also, Python includes several packages that help with automating reconnaissance, such as
scapy and various DNS libraries.The MITRE Pre-ATT&CK framework includes 10 techniques for Reconnaissance. Here, we will explore the use of Python for the Active Scanning and Search Open Technical Databases techniques.
The code sample archive for this chapter can be found on the Download Code tab at
https://www.wiley.com/go/pythonforcybersecurity and contains the following sample code files:PortScan.pyHoneyScan.pyDNSExploration.pyHoneyResolver.py
Active Scanning
Network reconnaissance can be performed by either active or passive means. Active reconnaissance involves interacting with the target environment, while passive reconnaissance can involve eavesdropping on traffic or taking advantage of publicly available sources of information.
As its name suggests, the Active Scanning technique in MITRE ATT&CK is an example of Active Reconnaissance. It involves performing port or vulnerability scans against a target to determine which IP addresses are active, what services they are running, any vulnerabilities that may exist, and similar intelligence.
Scanning Networks with scapy
Nmap is the most used tool for port scanning. It implements several different types of scans and can be used to detect the versions of operating systems and services and to perform custom vulnerability scans.
In this section, we'll implement a couple of simple scans:
- SYN scan: A SYN scan sends a TCP SYN packet to a port and looks for a SYN/ACK packet in response.
- DNS scan: A DNS scan tests to see whether a DNS server is running on the target system.
To implement these scans, we'll be using the
scapy library in Python. scapy makes it easy to create and send custom packets over the network and to sniff network traffic for responses.PortScan.py
from scapy.all import *import ipaddressports = [25,80,53,443,445,8080,8443]def SynScan(host):ans,unans = sr(IP(dst=host)/TCP(sport=33333,dport=ports,flags="S"),timeout=2,verbose=0)print("Open ports at %s:" % host)for (s,r,) in ans:if s[TCP].dport == r[TCP].sport and r[TCP].flags=="SA":print(s[TCP].dport)def DNSScan(host):ans,unans = sr(IP(dst=host)/...
Inhaltsverzeichnis
- Cover
- Table of Contents
- Title Page
- Introduction
- CHAPTER 1: Fulfilling Pre-ATT&CK Objectives
- CHAPTER 2: Gaining Initial Access
- CHAPTER 3:Achieving Code Execution
- CHAPTER 4: Maintaining Persistence
- CHAPTER 5: Performing Privilege Escalation
- CHAPTER 6: Evading Defenses
- CHAPTER 7: Accessing Credentials
- CHAPTER 8: Performing Discovery
- CHAPTER 9: Moving Laterally
- CHAPTER 10: Collecting Intelligence
- CHAPTER 11: Implementing Command and Control
- CHAPTER 12: Exfiltrating Data
- CHAPTER 13: Achieving Impact
- Index
- Copyright
- Dedication
- About the Author
- About the Technical Editor
- End User License Agreement
Zitierstile für Python for Cybersecurity
APA 6 Citation
Poston, H. (2022). Python for Cybersecurity (1st ed.). Wiley. Retrieved from https://www.perlego.com/book/3255563/python-for-cybersecurity-using-python-for-cyber-offense-and-defense-pdf (Original work published 2022)
Chicago Citation
Poston, Howard. (2022) 2022. Python for Cybersecurity. 1st ed. Wiley. https://www.perlego.com/book/3255563/python-for-cybersecurity-using-python-for-cyber-offense-and-defense-pdf.
Harvard Citation
Poston, H. (2022) Python for Cybersecurity. 1st edn. Wiley. Available at: https://www.perlego.com/book/3255563/python-for-cybersecurity-using-python-for-cyber-offense-and-defense-pdf (Accessed: 15 October 2022).
MLA 7 Citation
Poston, Howard. Python for Cybersecurity. 1st ed. Wiley, 2022. Web. 15 Oct. 2022.