How do you set up, defend, and attack computer networks? This book is a gentle introduction to cyber operations for a reader with a working knowledge of Windows and Linux operating systems and basic TCP/ IP networking. It is the result of more than 10 years of teaching a university capstone course in hands-on cyber security.
It begins by showing how to build a range of Windows and Linux workstations, including CentOS, Mint, OpenSuSE, and Ubuntu systems. These can be physical or virtual systems built with VMWare Workstation or VirtualBox. Kali Linux is introduced and Metasploit is used to attack the browsers on these systems. A range of attacks are demonstrated, including attacks against Internet Explorer, Firefox, Java, and Adobe Flash Player. These attacks all leave traces on the target and the network that can be found by a savvy defender, and these methods are demonstrated.
This interplay between set up, attack, and defense forms the core of the book. It continues through the process of setting up realistic networks with DNS servers and Windows Active Directory. These networks are then attacked, and techniques to escalate privileges from local user to domain user to domain administrator are developed. These attacks leave tracks in the system logs that can be traced by defenders familiar with Windows and Linux logs. Of course, networks are built to provide services to users, so the book continues with an introduction to common services, including SSH, FTP, Windows file sharing, and Remote Desktop.
An attacker that has gained access to a system wants to retain that access, so persistence mechanisms and malware are introduced, then defensive techniques and methods to detect, analyze, and remove Metasploit persistence scripts.
Next are web servers, both IIS and Apache. These are configured, including using signed SSL/TLS certificates, attacked via a range of techniques, and defended with tools such as ModSecurity. Real networks do not use a flat network topology, so network firewalls based on IPFire are introduced to separate the network into components and filter traffic in and out of the network. Databases are included in the network, and intrusion detection systems used to defend the network. The book concludes with an introduction to PHP- and PHP-based web applications including WordPress, Joomla, and Zen Cart.