Название: Adversary Emulation with MITRE ATT&CK: Bridging the Gap between the Red and Blue Teams
Автор: Drinor Selmanaj
Издательство: O’Reilly Media, Inc.
Год: 2024
Страниц: 402
Язык: английский
Формат: epub
Размер: 10.5 MB

By incorporating cyber threat intelligence, adversary emulation provides a form of cybersecurity assessment that mimics advanced persistent threat (APT) tactics, techniques, and procedures (TTPs). This comprehensive guide introduces an empirical approach with strategies and processes collected over a decade of experience in the cybersecurity field. You'll learn to assess resilience against coordinated and stealthy threat actors capable of harming an organization.

Author Drinor Selmanaj demonstrates adversary emulation for offensive operators and defenders using practical examples and exercises that actively model adversary behavior. Each emulation plan includes different hands-on scenarios, such as smash-and-grab or slow-and-deliberate. This book uses the MITRE ATT&CK knowledge base as a foundation to describe and categorize TTPs based on real-world observations, and provides a common language that's standardized and accessible to everyone.

You'll learn how to:

Map Cyber Threat Intelligence to ATT&CK
Define Adversary Emulation goals and objectives
Research Adversary Emulation TTPs using ATT&CK knowledge base
Plan Adversary Emulation activity
Implement Adversary tradecraft
Conduct Adversary Emulation
Communicate Adversary Emulation findings
Automate Adversary Emulation to support repeatable testing
Execute FIN6, APT3, and APT29 emulation plans

Who This Book Is For:
This book is primarily intended for practitioners responsible for enhancing cybersecurity. That said, it can also be a useful guide for a red/blue team, a pentester, an information security officer, or anyone who wants to strengthen their hands-on skills by emulating adversary behavior. Individuals interested in learning more about the MITRE ATT&CK framework and looking for additional learning material for various cybersecurity certifications will also find this book helpful. This book is not a beginner’s guide, so if you are new to the cybersecurity industry, I recommend that you start by reading up on operating systems, security, and the fundamentals of cybersecurity.