The Art of Attack – Attacker Mindset for Security Professionals de M. Reynolds

The Art of Attack – Attacker Mindset for Security Professionals

M. Reynolds

en Limba Engleză Paperback – 15 sep 2021

Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers
In The Art of Attack: Attacker Mindset for Security Professionals, experienced physical pentester and social engineer Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to use it to their advantage. Adopting this mindset will result in the improvement of security, offensively and defensively, by allowing you to see your environment objectively through the eyes of an attacker.
The book shows you the laws of the mindset and the techniques attackers use, from persistence to "start with the end" strategies and non-linear thinking, that make them so dangerous. You'll discover:

A variety of attacker strategies, including approaches, processes, reconnaissance, privilege escalation, redundant access, and escape techniques
The unique tells and signs of an attack and how to avoid becoming a victim of one
What the science of psychology tells us about amygdala hijacking and other tendencies that you need to protect against

Perfect for red teams, social engineers, pentesters, and ethical hackers seeking to fortify and harden their systems and the systems of their clients, The Art of Attack is an invaluable resource for anyone in the technology security space seeking a one-stop resource that puts them in the mind of an attacker.

Citește tot Restrânge

Notă biografică

MAXIE REYNOLDS is Technical Team Lead for Social-Engineer, LLC leading their efforts as a physical pentester and social engineer. She is a certified Ethical Hacker, Digital Forensic Investigator, and Social Engineer. She holds degrees in Computer Science, Underwater Robotics, and is qualified in Quantum Computing. She has worked as a physical pentester for banks, transport agencies, and other industries.

Cuprins

About the Author v Acknowledgments vii Introduction xv Part I: The Attacker Mindset 1 Chapter 1: What is the Attacker Mindset? 3 Using the Mindset 6 The Attacker and the Mindset 9 AMs is a Needed Set of Skills 11 A Quick Note on Scope 13 Summary 16 Key Message 16 Chapter 2: Offensive vs. Defensive Attacker Mindset 17 The Offensive Attacker Mindset 20 Comfort and Risk 22 Planning Pressure and Mental Agility 23 Emergency Conditioning 26 Defensive Attacker Mindset 31 Consistency and Regulation 31 Anxiety Control 32 Recovery, Distraction, and Maintenance 34 OAMs and DAMs Come Together 35 Summary 35 Key Message 36 Chapter 3: The Attacker Mindset Framework 37 Development 39 Phase 1 43 Phase 2 47 Application 48 Preloading 51 "Right Time, Right Place" Preload 51 Ethics 52 Intellectual Ethics 53 Reactionary Ethics 53 Social Engineering and Security 57 Social Engineering vs. AMs 59 Summary 60 Key Message 60 Part II: The Laws and Skills 63 Chapter 4: The Laws 65 Law 1: Start with the End in Mind 65 End to Start Questions 66 Robbing a Bank 68 Bringing It All together 70 The Start of the End 71 Clarity 71 Efficiency 72 The Objective 72 How to Begin with the End in Mind 73 Law 2: Gather, Weaponize, and Leverage Information 75 Law 3: Never Break Pretext 77 Law 4: Every Move Made Benefits the Objective 80 Summary 81 Key Message 82 Chapter 5: Curiosity, Persistence, and Agility 83 Curiosity 86 The Exercise: Part 1 87 The Exercise: Part 2 89 Persistence 92 Skills and Common Sense 95 Professional Common Sense 95 Summary 98 Key Message 98 Chapter 6: Information Processing: Observation and Thinking Techniques 99 Your Brain vs. Your Observation 102 Observation vs. Heuristics 107 Heuristics 107 Behold Linda 108 Observation vs. Intuition 109 Using Reasoning and Logic 112 Observing People 114 Observation Exercise 116 AMs and Observation 122 Tying It All Together 123 Critical and Nonlinear Thinking 124 Vector vs. Arc 127 Education and Critical Thinking 128 Workplace Critical Thinking 128 Critical Thinking and Other Psychological Constructs 129 Critical Thinking Skills 130 Nonlinear Thinking 131 Tying Them Together 132 Summary 133 Key Message 134 Chapter 7: Information Processing in Practice 135 Reconnaissance 136 Recon: Passive 145 Recon: Active 149 OSINT 150 OSINT Over the Years 150 Intel Types 153 Alternative Data in OSINT 154 Signal vs. Noise 155 Weaponizing of Information 158 Tying Back to the Objective 160 Summary 170 Key Message 170 Part III: Tools and Anatomy 171 Chapter 8: Attack Strategy 173 Attacks in Action 175 Strategic Environment 177 The Necessity of Engagement and Winning 179 The Attack Surface 183 Vulnerabilities 183 AMs Applied to the Attack Vectors 184 Phishing 184 Mass Phish 185 Spearphish 186 Whaling 187 Vishing 190 Smishing/Smshing 195 Impersonation 196 Physical 199 Back to the Manhattan Bank 200 Summary 203 Key Message 203 Chapter 9: Psychology in Attacks 205 Setting The Scene: Why Psychology Matters 205 Ego Suspension, Humility & Asking for Help 210 Humility 215 Asking for Help 216 Introducing the Target-Attacker Window Model 217 Four TAWM Regions 218 Target Psychology 221 Optimism Bias 225 Confirmation Bias and Motivated Reasoning 228 Framing Effect 231 Thin-Slice Assessments 233 Default to Truth 236 Summary 239 Key Message 239 Part IV: After AMs 241 Chapter 10: Staying Protected--The Individual 243 Attacker Mindset for Ordinary People 243 Behavioral Security 246 Amygdala Hijacking 250 Analyze Your Attack Surface 252 Summary 256 Key Message 256 Chapter 11: Staying Protected--The Business 257 Indicators of Attack 258 Nontechnical Measures 258 Testing and Red Teams 261 Survivorship Bias 261 The Complex Policy 263 Protection 264 Antifragile 264 The Full Spectrum of Crises 266 AMs on the Spectrum 268 Final Thoughts 269 Summary 270 Key Message 271 Index 273