What do you think?
Rate this book
Learning By Practicing - Hack & Detect: Leveraging the Cyber Kill Chain for Practical Hacking and its Detection via Network Forensics
This book leverages the Cyber Kill Chain to teach you how to hack and detect, from a network forensics perspective. Thus lots of packet and log analysis!
There are lots of books that teach you how to hack. So the main purpose of this book is not really about hacking. However, the problem with many of those books, is they don’t teach you how to detect your activities. This means, you the reader have to go read another book, in order to understand the traces of network evidence, indicators of compromise (IoC), events of interests (EoI) and the breadcrumbs which are left behind, as part of your activities related to system compromise. Therefore, this book is truly meant to help you the reader detect sooner, whenever someone compromises your network. Remember, it is not if you will be compromised but when. This statement is assuming you have not already been compromised.
To ensure you enjoy this book, it is written from the perspective of storytelling. While most technology related books are done from a how-to guide style, this one is not. However, the objectives remain the same. I believe tying the technical material in with a story, will add more context, make the message clearer and the learning process easier.
An important note, as Neysa (Threat Actor) hacks, she plans to use the Lockheed Martin Cyber Kill Chain model as her framework. By leveraging the Cyber Kill Chain, she anticipates she can operate similar to an advanced persistent threat (APT). Where possible, she will follow the model exactly as it is. However, where needed, she may deviate while still being focused on achieving the actions and objectives as identified by the Cyber Kill Chain.
For each of the attacks Neysa (Threat Actor) performs, where possible, Nakia (newly hired Cybersecurity Ninja) will leverage her Cybersecurity Ninja awesomeness, to detect Neysa’s actions.
More importantly, for each of the attacks that Nakia detects, she must provide answers to the who, what, when, where, why and how to Saadia, the owner of SecurityNik Inc. These are critical questions every incident handler must answer. Now, the reality is, in many cases you may not be able to tell “why” it happened, as you don’t typically know your adversaries motive. However, Nakia will do her best to provide the necessary guidance, thus ensuring she gives Saadia actionable intelligence to decide on the way forward.
Looking to follow along without building a lab? I got you! Grab the full set of pcaps, logs, etc from my GitHub page at
Looking for sample chapters? You're covered here too!!:
www.securitynik.com
There are lots of books that teach you how to hack. So the main purpose of this book is not really about hacking. However, the problem with many of those books, is they don’t teach you how to detect your activities. This means, you the reader have to go read another book, in order to understand the traces of network evidence, indicators of compromise (IoC), events of interests (EoI) and the breadcrumbs which are left behind, as part of your activities related to system compromise. Therefore, this book is truly meant to help you the reader detect sooner, whenever someone compromises your network. Remember, it is not if you will be compromised but when. This statement is assuming you have not already been compromised.
To ensure you enjoy this book, it is written from the perspective of storytelling. While most technology related books are done from a how-to guide style, this one is not. However, the objectives remain the same. I believe tying the technical material in with a story, will add more context, make the message clearer and the learning process easier.
An important note, as Neysa (Threat Actor) hacks, she plans to use the Lockheed Martin Cyber Kill Chain model as her framework. By leveraging the Cyber Kill Chain, she anticipates she can operate similar to an advanced persistent threat (APT). Where possible, she will follow the model exactly as it is. However, where needed, she may deviate while still being focused on achieving the actions and objectives as identified by the Cyber Kill Chain.
For each of the attacks Neysa (Threat Actor) performs, where possible, Nakia (newly hired Cybersecurity Ninja) will leverage her Cybersecurity Ninja awesomeness, to detect Neysa’s actions.
More importantly, for each of the attacks that Nakia detects, she must provide answers to the who, what, when, where, why and how to Saadia, the owner of SecurityNik Inc. These are critical questions every incident handler must answer. Now, the reality is, in many cases you may not be able to tell “why” it happened, as you don’t typically know your adversaries motive. However, Nakia will do her best to provide the necessary guidance, thus ensuring she gives Saadia actionable intelligence to decide on the way forward.
Looking to follow along without building a lab? I got you! Grab the full set of pcaps, logs, etc from my GitHub page at
Looking for sample chapters? You're covered here too!!:
www.securitynik.com
410 pages, Paperback
Published November 12, 2018
16 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
July 20, 2020
This is a book I recommend to every level of security professionals. It provides good detailed information on both the attacker and the blue team activities. The nice thing about the book is it is not a mere raw technical explanation but told like a story. We human beings learn a lot with stories, that's what our ancestors were doing around a campfire for hundreds of thousands of years in the African Savannah right?
This story line boosts the learning significantly in my opinion. Because sometimes the technical details can get boring and you can get a tunnel vision on technical details if you provide the information without a context. That is something Nik handled very well with this book.
You can compare the style of this book with the style adopted in "The Phoenix Project" and the precursor "The Goal" and of course to the style of Socrates.
The technical details and the explanations of commands executed is also something very nice with the book. Sometimes it can get difficult for the practitioner to understand every command executed but Nik explains every one of them very clearly and neutralizes confusion.
The packet analysis sections in the book also go into real good detail which is important.
Mapping the activities of the attacker to the kill chain is something special in this book. MITRE ATT&CK is getting more popular day by day and explaining an attack in a story like prose helps the readers to gain perspective.
Overall, this is a very good read for security professionals on every level.
This story line boosts the learning significantly in my opinion. Because sometimes the technical details can get boring and you can get a tunnel vision on technical details if you provide the information without a context. That is something Nik handled very well with this book.
You can compare the style of this book with the style adopted in "The Phoenix Project" and the precursor "The Goal" and of course to the style of Socrates.
The technical details and the explanations of commands executed is also something very nice with the book. Sometimes it can get difficult for the practitioner to understand every command executed but Nik explains every one of them very clearly and neutralizes confusion.
The packet analysis sections in the book also go into real good detail which is important.
Mapping the activities of the attacker to the kill chain is something special in this book. MITRE ATT&CK is getting more popular day by day and explaining an attack in a story like prose helps the readers to gain perspective.
Overall, this is a very good read for security professionals on every level.
Displaying 1 of 1 review