ebook img

Cybersecurity Field Manual PDF

308 Pages·2·2.895 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cybersecurity Field Manual

0 Cybersecurity Field Manual CFM 2: Electric Boogaloo 1 Contents Contributors ............................................................................. 7 Introduction ............................................................................. 8 Structure of this Book ............................................................ 10 Choose Your Own Adventure – Career Paths ....................... 12 Career Path 1 – Penetration Tester ........................................ 15 Career Path 2 – Cyber Risk Consultant ................................. 23 Career Path 3 – Malware/Exploit Developer ........................ 30 Career Path 4 – Reverse Engineering ................................... 36 Career Path 5 – Information Assurance / Auditing .............. 42 Career Path 6 – SOC Analyst ................................................. 48 Career Path 7 – Threat Hunter .............................................. 52 Career Path 8 – Project Manager........................................... 56 Career Path 9 – Cybersecurity Sales ...................................... 61 A Word of Advice: Don’t Follow These Too Blindly! ........... 65 “But I’m Still in High School!” – Advice for Those Still in Full-Time Education ............................................................. 67 “But I’m Still at College/University!” -Advice for Degree/Masters Students ..................................................... 73 Advice for Those in the Military............................................ 75 The Lay of the Land – A Bird’s Eye View of the UK Cyber Market ................................................................................... 79 2 The Lay of the Land – A Bird’s Eye View of the U.S Cyber Market ................................................................................... 81 Developing Your Own Work Experience – Homelabs and Getting Hands-On ................................................................ 84 Networking and Network Security: What You Actually NEED to Know .................................................................... 100 Dinner Party Networking Theory .................................... 100 The OSI 7 Layer Model .................................................... 101 Layer 1: The Physical Layer ............................................. 102 Layer 2: The Data Link Layer .......................................... 102 Layer 3: The Network Layer ............................................ 106 Layer 4: The Transport Layer ........................................... 112 Layer 5: The Session Layer ............................................... 113 Layer 6: The Presentation Layer ...................................... 114 Layer 7: The Application Layer ........................................ 115 More Interesting Forms of Communication (Radio, Cellular, Satellite) ............................................................. 124 Radio Communication (RF) and Why You Should Care . 124 Cellular Communications (Phones, 5G etc) and Why You Should Care ...................................................................... 127 Satellite Communications and Why You Should Care ..... 134 Dinner Party Encryption and Cryptography (Security) ... 139 Systems Architecture and Solutions: What You Actually NEED to Know .................................................................... 145 3 Trusts and Trust Relationships ........................................ 156 Privileges, Permissions and Provisioning ........................ 158 Virtual Insanity – An Introduction to Virtualisation and Virtual Environments ....................................................... 160 Head in the (Public and Enterprise) Clouds – An Intro to Cloud Computing ............................................................. 165 Tried to SELECT an SQL joke here – An Intro to Databases and Database Management Systems (DBMS) ............................................................................ 170 Memory, Assembly Language, Coding and Scripting: What You Actually NEED to Know .............................................. 175 Scripting Languages vs. General-Purpose Programming Languages ............................................. 175 Scripting Language 1: Bash .......................................... 177 Scripting Language 2: Python ...................................... 181 Scripting Language 3: PowerShell ................................ 187 Memory and Machine Language – Some Assembly Required ....................................................................... 192 Memory (All Alone In The Mooonliiiiiggghhhttt) ....... 193 Kernel Space vs. User Space ......................................... 195 The Heap ..................................................................... 200 BSS (Block Started by Symbol) Segment ..................... 201 Data Segment................................................................ 201 Assembly Language ..................................................... 202 4 Compliance, Law and Frameworks – What You Actually NEED to Know: .................................................................. 206 Structure of Pentesting / Reporting – What You Actually NEED to Know: .................................................................. 235 Scoping ........................................................................ 236 Reconnaissance and Information Gathering .............. 237 Vulnerability Analysis .................................................. 240 Exploitation .................................................................. 241 Post-Exploitation and Privilege Escalation ................ 242 Reporting ..................................................................... 243 An Introduction to Social Engineering ............................... 244 A Quick Introduction to The SOC Triage Process ............. 250 The Threat Hunting Process .............................................. 253 Differences Between Web Application and Infrastructure Testing ................................................. 258 Structure of a Penetration Test Report ........................ 258 The Executive Summary ............................................. 260 The Conclusion ............................................................ 263 Other General Report-Writing Tips ............................ 264 Getting the Job: The Final Hurdle ...................................... 266 General Advice for Technical Interviews .................... 272 “So, what are your salary expectations?” - Answering This Question .............................................................. 274 5 Dealing with Feedback ................................................ 280 Emotional Intelligence in InfoSec and Wider I.T. ...... 282 Cultivating and Maintaining A Thirst For Knowledge – A True Essential ....................................................... 286 Staving Off Burnout: Another Essential Skill .............. 293 The Importance of Networking (Not the IP kind!) .... 295 Contract Work vs. Permanent Work ............................ 299 Dealing with Impostor Syndrome ................................ 301 Engaging with The Information Security Community 304 Closing Thoughts ........................................................ 306 6 Contributors Many thanks to people who have given time, help and expertise to make this book more accurate and for supporting me to write it (some wished to stay anonymous): James Riley Matthew Lashner (and his colleague Sutton Grater) Harriet Walker Ross Brereton Honestly, the most thanks go to my wonderful wife Cember Friend who gave me the confidence to even start writing all this crap down in the first place. She’s an amazing human being, and I’m glad I get the utter pleasure of being married to her. 7 Introduction Cybersecurity, like many other fields, is currently in the middle of what can only be described as a gargantuan boom period. In the US it is thought that there will be 1.8 million unfilled cybersecurity jobs by 2022. In fact, we can expect this number to increase to 3.5 million worldwide by 2021. This has caused what is commonly termed in the media as the cybersecurity skills gap. There are more theories as to what is causing this crippling shortage of qualified personnel than there are to where Bigfoot lives. Are the courses at universities not being thorough enough or poorly put together? Maybe. Is it that HR and recruitment personnel are looking for the “perfect” candidate that doesn’t exist with 10 years of experience in a piece of tech that launched last year (#unicornfarming)? Maybe. Is it companies that refuse to pay a solid market rate for qualified professionals not responding to apparent market pressures? Maybe. 8 There are a myriad of reasons that both the UK and US have pretty acute skill shortages in what has become a critical area of concern for critical national infrastructure, defence and the private sector (especially finance and credit companies), but that’s not what we’re here to talk about. You’re here because you’re either sick of your current job and looking to make a change into an exciting, vibrant field that changes by the week – giving you that shot in the arm that’s been lacking in your current career (my reason for doing it). Or maybe you’re a lock-picking puzzle enthusiast and Capture the Flag addict who wants to make their hobby a job and get paid for finding the golden thread to pull that gets you inside the perimeter and that sweet, sweet rush of dopamine. There are plenty of them out there! Maybe you’re one of those people who just lives and breathes software and will happily spend their evenings writing shellcode and watching bytes occupy memory registers, fuzzing inputs and parameters to make software do something it shouldn’t. We call those people crazy. Or maybe you don’t even know; it just sounds cool and you like money - can’t blame you for that! Either way, the point of this book is to make sure you are adequately informed to know whether you want the pot of gold at the end of this rainbow – enjoy! 9

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.