Think Like a Hacker is designed to take an IT professional with an interest in cybersecurity on a journey through how an attacker thinks about a network, while posing new theoretical models on how to analyze their network through the lens of a targeted attacker.
This book is not be your typical security book that focuses on tools and how to use them, but rather an introduction to the underlying capabilities enabled by a hacker’s toolset. Additionally, readers will be introduced to concepts of systems design to help your organization defend against targeted attacks from the perspective of authentication and authorization rather than discussing how to “bolt on” security products after the fact as a stop-gap protection for a vulnerable enterprise.
For those unfamiliar with my work I offer my prologue as an introduction. If you find it intriguing, please consider purchasing a copy of the upcoming book at release.
UPDATE: Book is available on Amazon and Amazon Europe in both paperback and Kindle formats
Prologue
Information security has become one of the most rapidly changing and advancing fields within information technology, in large part due to targeted attacks. As we become a more connected society, hackers become more connected to our confidential information, financial institutions, and other sensitive systems.
Why is it that we can’t seem to keep these attackers out of our networks? Many organizations spend millions of dollars annually in software licenses, employee salaries, and consulting fees to limit the likelihood that their organization is compromised next – yet they continue to be compromised.
Today’s compromises easily circumvent protections which were implemented to defend networks prior to the advent of targeted attacks. Targeted attack became relevant in 2005 when the world was introduced to Stuxnet. Touted as the first “weapons grade” malware, Stuxnet was the first known malware that transcended a cyber-attack into the physical world. Since then, the world has been introduced to numerous variants of remote access Trojans, ransomware, wipers, credential theft tools, and various other forms of malware which enable an attacker to rapidly take control of and impact a target network.
As software developers know, vulnerability is preventable yet inevitable. While our understanding of secure software development improves, so do our processes for developing such software, resulting in finished products of higher quality. Professionally-trained software developers undergo rigorous training regarding the risks associated with buffer overflows, integer underflows, injection attacks, and the numerous other forms of software vulnerabilities which can be exploited to enable execution of arbitrary code.
Improvements in secure software development have led to software manufacturers incorporating regular updating as part of their software package, reduced number of zero-day software vulnerabilities (those that the manufacturer has not yet patched), and a reduction in the overall number of critical vulnerabilities throughout the world. Despite these improvements, we’ve seen an alarming increase in the number of networks compromised by attackers worldwide. Why is that?
Hackers have found another form of vulnerability which runs unbridled throughout most enterprises. This class of vulnerability isn’t typically monitored and managed by the security development lifecycle (SDL), though it should be. These vulnerabilities reside in system design rather than software design, and they’re largely responsible for enabling hackers to rapidly translate a single compromised host into compromise of an entire enterprise.
Cybersecurity is SDL for the systems engineers of the world. Hackers have learned that egregious delegation of administration runs rampant throughout enterprises. Hackers have also reaffirmed that humans remain vulnerable regardless of the amount of training they are provided. If hackers can get one user to launch their malcode, the entire enterprise can fall.
In this book, we will discuss the cybersecurity problem space, examine how a hacker looks at a target network, and theorize on how to remediate and prevent compromise in the future. We will work together to train your mind to see your enterprise through the eyes of a hacker – as a series of access points and forms of authorization. Together, we will review the benefits and drawbacks behind authentication and authorization design and discuss how we can improve information security during the design phase, rather than trying to patch vulnerabilities in a production system after the fact. Let’s take a journey together and learn how to think like a hacker.