The Art of Attack

Оглавление

Maxie Reynolds. The Art of Attack

Table of Contents

List of Illustrations

Guide

Pages

The Art of Attack. Attacker Mindset for Security Professionals

About the Author

Acknowledgments

Introduction

Who Is This Book For?

What This Book Covers

Chapter 1 What Is the Attacker Mindset?

Using the Mindset

The Attacker and the Mindset

AMs Is a Needed Set of Skills

A Quick Note on Scope

Summary

Key Message

Chapter 2 Offensive vs. Defensive Attacker Mindset

The Offensive Attacker Mindset

Comfort and Risk

Planning Pressure and Mental Agility

Emergency Conditioning

Defensive Attacker Mindset

Consistency and Regulation

Anxiety Control

Recovery, Distraction, and Maintenance

OAMs and DAMs Come Together

Summary

Key Message

Chapter 3 The Attacker Mindset Framework

Development

Phase 1

Phase 2

Application

Preloading

“Right Time, Right Place” Preload

Ethics

Intellectual Ethics

Reactionary Ethics

Social Engineering and Security

Social Engineering vs. AMs

Summary

Key Message

Chapter 4 The Laws

Law 1: Start with the End in Mind

End to Start Questions

Robbing a Bank

Bringing It All together

The Start of the End

Clarity

Efficiency

The Objective

How to Begin with the End in Mind

Law 2: Gather, Weaponize, and Leverage Information

Law 3: Never Break Pretext

Law 4: Every Move Made Benefits the Objective

Summary

Key Message

Chapter 5 Curiosity, Persistence, and Agility

Curiosity

The Exercise: Part 1

The Exercise: Part 2

Persistence

Skills and Common Sense

Professional Common Sense

Summary

Key Message

Chapter 6 Information Processing: Observation and Thinking Techniques

Your Brain vs. Your Observation

Observation vs. Heuristics

Heuristics

Behold Linda

Observation vs. Intuition

Using Reasoning and Logic

Observing People

Observation Exercise

AMs and Observation

Tying It All Together

Critical and Nonlinear Thinking

Vector vs. Arc

Education and Critical Thinking

Workplace Critical Thinking

Critical Thinking and Other Psychological Constructs

Critical Thinking Skills

Nonlinear Thinking

Tying Them Together

Summary

Key Message

Chapter 7 Information Processing in Practice

Reconnaissance

Recon: Passive

Recon: Active

OSINT

OSINT Over the Years

Intel Types

Alternative Data in OSINT

Signal vs. Noise

Weaponizing of Information

Tying Back to the Objective

Summary

Key Message

Chapter 8 Attack Strategy

Attacks in Action

Strategic Environment

The Necessity of Engagement and Winning

The Attack Surface

Vulnerabilities

AMs Applied to the Attack Vectors

Phishing

Mass Phish

Spearphish

Whaling

Vishing

Smishing/Smshing

Impersonation

Physical

Back to the Manhattan Bank

Summary

Key Message

Chapter 9 Psychology in Attacks

Setting The Scene: Why Psychology Matters

Ego Suspension, Humility & Asking for Help

Humility

Asking for Help

Another Chess Parallel: Opening Selection

Introducing the Target-Attacker Window Model

Four TAWM Regions

Target Psychology

Optimism Bias

Confirmation Bias and Motivated Reasoning

Framing Effect

Thin-Slice Assessments

Default to Truth

Summary

Key Message

Chapter 10 Staying Protected—The Individual. Attacker Mindset for Ordinary People

Behavioral Security

Amygdala Hijacking

Analyze Your Attack Surface

Summary

Key Message

Chapter 11 Staying Protected—The Business

Indicators of Attack

Nontechnical Measures

Testing and Red Teams

Survivorship Bias

The Complex Policy

Protection

Antifragile

The Full Spectrum of Crises

AMs on the Spectrum

Final Thoughts

Summary

Key Message

Index

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Maxie Reynolds

Maxie was born and grew up in Scotland, dabbled as a stuntwoman, and achieved some success as a model in both the UK and the United States. She has a degree in computer science, a degree in underwater robotics, and is educated in quantum computing. She is also a published author, and in her spare time she works with the Innocent Lives Foundation and National Child Protection Taskforce.

.....

Here's the bottom line of scope: you don't have to do everything scope permits. You cannot do a single thing it prohibits. Ensure you understand scope before you embark on the work. Make sure it uses clear language, and make sure you clarify anything you are unsure of.

Collectively, as a team, we've broken into hundreds of servers and physically compromised many of the world's most tightly guarded corporate and government facilities, including banks, corporate headquarters, and defense sites. However, I am always struck by how James Bond–like people think the job is. Each job is a long process that looks at legalities, operational conflicts that have to be worked around, and deliverables.

.....