Python for Cybersecurity
eBook - ePub

Python for Cybersecurity

Using Python for Cyber Offense and Defense

Howard E. Poston, III

  1. English
  2. ePUB (adapté aux mobiles)
  3. Disponible sur iOS et Android
eBook - ePub

Python for Cybersecurity

Using Python for Cyber Offense and Defense

Howard E. Poston, III

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

Discover an up-to-date and authoritative exploration of Python cybersecurity strategies

Python For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.

Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:

  • Reconnaissance, resource development, initial access, and execution
  • Persistence, privilege escalation, defense evasion, and credential access
  • Discovery, lateral movement, collection, and command and control
  • Exfiltration and impact

Each chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Python for Cybersecurity est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Python for Cybersecurity par Howard E. Poston, III en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Computer Science et Cryptography. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Wiley
Année
2022
ISBN
9781119850656
Édition
1
Sujet
Computer Science
Sous-sujet
Cryptography

CHAPTER 1
Fulfilling Pre-ATT&CK Objectives

Originally, MITRE Pre-ATT&CK was a stand-alone matrix within the MITRE ATT&CK framework. It detailed the various steps that an attacker could take to prepare before attempting to gain initial access to a target environment.
In October 2020, MITRE restructured the ATT&CK framework and condensed MITRE Pre-ATT&CK into two tactics of the ATT&CK matrix. The new version breaks Pre-ATT&CK into Reconnaissance and Resource Development, as shown in Figure 1.1.
Snapshot of MITRE Pre-ATT&CK
Figure 1.1: MITRE Pre-ATT&CK
In this chapter, we will focus on the Reconnaissance tactic of MITRE Pre-ATT&CK. The reason is that while Resource Development can be automated, the details can vary greatly, and this stage of the attack is not visible to the defender. For example, Python could be used for implementing a domain generation algorithm (DGA) for phishing or automating the deployment of web-based services, but these apply only in certain types of attacks and can easily be implemented in other ways.
Reconnaissance, on the other hand, can benefit significantly from automation. Also, Python includes several packages that help with automating reconnaissance, such as scapy and various DNS libraries.
The MITRE Pre-ATT&CK framework includes 10 techniques for Reconnaissance. Here, we will explore the use of Python for the Active Scanning and Search Open Technical Databases techniques.
The code sample archive for this chapter can be found on the Download Code tab at https://www.wiley.com/go/pythonforcybersecurity and contains the following sample code files:
  • PortScan.py
  • HoneyScan.py
  • DNSExploration.py
  • HoneyResolver.py

Active Scanning

Network reconnaissance can be performed by either active or passive means. Active reconnaissance involves interacting with the target environment, while passive reconnaissance can involve eavesdropping on traffic or taking advantage of publicly available sources of information.
As its name suggests, the Active Scanning technique in MITRE ATT&CK is an example of Active Reconnaissance. It involves performing port or vulnerability scans against a target to determine which IP addresses are active, what services they are running, any vulnerabilities that may exist, and similar intelligence.

Scanning Networks with scapy

Nmap is the most used tool for port scanning. It implements several different types of scans and can be used to detect the versions of operating systems and services and to perform custom vulnerability scans.
In this section, we'll implement a couple of simple scans:
  • SYN scan: A SYN scan sends a TCP SYN packet to a port and looks for a SYN/ACK packet in response.
  • DNS scan: A DNS scan tests to see whether a DNS server is running on the target system.
To implement these scans, we'll be using the scapy library in Python. scapy makes it easy to create and send custom packets over the network and to sniff network traffic for responses.

PortScan.py

from scapy.all import * import ipaddress   ports = [25,80,53,443,445,8080,8443]   def SynScan(host):  ans,unans = sr(  IP(dst=host)/  TCP(sport=33333,dport=ports,flags="S")  ,timeout=2,verbose=0)  print("Open ports at %s:" % host)  for (s,r,) in ans:  if s[TCP].dport == r[TCP].sport and r[TCP].flags=="SA":  print(s[TCP].dport)   def DNSScan(host):  ans,unans = sr(  IP(dst=host)/ ...

Table des matiĂšres

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Introduction
  5. CHAPTER 1: Fulfilling Pre-ATT&CK Objectives
  6. CHAPTER 2: Gaining Initial Access
  7. CHAPTER 3:Achieving Code Execution
  8. CHAPTER 4: Maintaining Persistence
  9. CHAPTER 5: Performing Privilege Escalation
  10. CHAPTER 6: Evading Defenses
  11. CHAPTER 7: Accessing Credentials
  12. CHAPTER 8: Performing Discovery
  13. CHAPTER 9: Moving Laterally
  14. CHAPTER 10: Collecting Intelligence
  15. CHAPTER 11: Implementing Command and Control
  16. CHAPTER 12: Exfiltrating Data
  17. CHAPTER 13: Achieving Impact
  18. Index
  19. Copyright
  20. Dedication
  21. About the Author
  22. About the Technical Editor
  23. End User License Agreement
Normes de citation pour Python for Cybersecurity

APA 6 Citation

Poston, H. (2022). Python for Cybersecurity (1st ed.). Wiley. Retrieved from https://www.perlego.com/book/3255563/python-for-cybersecurity-using-python-for-cyber-offense-and-defense-pdf (Original work published 2022)

Chicago Citation

Poston, Howard. (2022) 2022. Python for Cybersecurity. 1st ed. Wiley. https://www.perlego.com/book/3255563/python-for-cybersecurity-using-python-for-cyber-offense-and-defense-pdf.

Harvard Citation

Poston, H. (2022) Python for Cybersecurity. 1st edn. Wiley. Available at: https://www.perlego.com/book/3255563/python-for-cybersecurity-using-python-for-cyber-offense-and-defense-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Poston, Howard. Python for Cybersecurity. 1st ed. Wiley, 2022. Web. 15 Oct. 2022.