• Complain

Bradley - OS X Incident Response Scripting and Analysis

Here you can read online Bradley - OS X Incident Response Scripting and Analysis full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2016, publisher: Elsevier Science & Technology Books, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

No cover
  • Book:
    OS X Incident Response Scripting and Analysis
  • Author:
  • Publisher:
    Elsevier Science & Technology Books
  • Genre:
  • Year:
    2016
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

OS X Incident Response Scripting and Analysis: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "OS X Incident Response Scripting and Analysis" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Written for analysts who are looking to expand their understanding of a lesser-known operating system, this book focuses exclusively on OS X attacks, incident response, and forensics, and covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. --

OS X Incident Response Scripting and Analysis — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "OS X Incident Response Scripting and Analysis" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
OS X Incident Response Scripting and Analysis Jaron Bradley Technical Editor - photo 1
OS X Incident Response
Scripting and Analysis
Jaron Bradley
Technical Editor
Alexandru Radocea
Table of Contents Copyright Syngress is an imprint of Elsevier 50 Hampshire - photo 2
Table of Contents
Copyright

Syngress is an imprint of Elsevier

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, USA

Copyright 2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Disclaimer

The opinions expressed in this book come solely from the author and do not necessarily express the views or opinions of his employer.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-804456-8

For information on all Syngress publications visit our website at https://www.elsevier.com/

Acquisition Editor Chris Katsaropoulos Editorial Project Manager Anna - photo 3

Acquisition Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Production Project Manager: Mohana Natarajan

Cover Designer: Mark Rogers

Typeset by Thomson Digital

Acknowledgments

The StackOverflow Community for being a fantastic resource. draw.io for being free and awesome. Andrew Case and the Volatility team for the awesome work they do supporting OS X memory analysis. The guys over at the Rekall Team for supplying the community with a live memory analysis framework and the amazing pmem applications. Anyone who has ever written a blog post or write-up related to OS X security, administration, developer tutorials or unique findings. Kris Merritt for letting me join such an awesome team and putting me in a position where I can learn more about this topic. Brody Nisbet and William Pauley for their recommendations and assistance in cleaning up the introduction chapter. A big thanks to Christopher Schmitt and Adrian Maniatis for their assistance with writing and cleaning up my sloppy Python code. A big thanks to Patrick Wardle at Synack for all the amazing research hes been working on and presenting across different conferences as well as writing and maintaining the tools at objective-see.com. I referred to your documents, slides, and videos countless times while writing this book. A huge thanks to my technical reviewer Alex Radocea for his wisdom and guidance on all things OS X and his willingness to work with me nonstop while living in a polar opposite timezone. I could not have done this book without you. Finally, a thank you to my beautiful wife, for encouraging me to take on a new challenge.

Chapter 1
Introduction
Abstract

This chapter begins by discussing why we will see OS X targeted more in the upcoming years as it gains popularity. We then dive into what defines the incident response process. It then goes on to discuss what the Cyber Kill Chain is as well as how it can apply to the OS X operating system. This chapter finishes by describing the scenario that is used for the analysis sections throughout the rest of the chapters.

Keywords
OS X Kill Chain
Cyber Kill Chain
OS X Incident Response
Is there really a threat to OS X?
In 1986 a man named Clifford Stoll was appointed as a systems manager at Berkeley University and tasked with finding the source of an odd accounting error in their system usage logs. You see, back then each researcher had to pay for the time they spent on the internet while at the University. The timer would start when they logged in and stop when they logged out. Stoll noticed that a user named Hunter was constantly leaving a small balance without paying it. When he searched for Hunter in the school records, he discovered nobody by that name attended Berkeley. Refusing to let this error go unnoticed, Stoll began investigating what was reasonably suspected to be a software glitch. His persistence and analytical skills eventually led to the discovery of a German adversary who was obtaining and selling sensitive US military data to Russias Committee for State Security, the KGB. The German, a man named Markus Hess, was using guest credentials to move across systems in the Berkeley environment (as well as other environments) and stealing emails, research, and other valuable data that he encountered. Root permissions were easily acquired from the guest account thanks to a privilege escalation exploit in the GNU Emacs editor.
Stoll documented this intrusion and his findings in his book The Cuckoos Egg , the tale of the first recorded incident in cyber espionage history. AT&Ts Unix platform was one of the most popular operating systems at the time of this incident. Microsoft had released DOS about 5 years earlier and Mac OS had only existed for 2 years. Berkeley Universitys labs were used extensively for research and their systems were Unix based.
So why is this story relevant? The Berkley intrusion showed us that the operating systems targeted in intrusion campaigns were not based on operating system type, but rather their popularity. Adversaries have always adapted their attack methods as needed, but due to the rise of Microsofts market share in later years, it made sense that attackers focused the majority of their efforts on studying and exploiting Windows systems. Now times are changing. Although Windows continues to dominate the majority of workstations, OS X is making a rise in workplace environments. CEOs are swapping out their old Windows machines for sleek new MacBooks. Companies are offering traveling employees the lightweight MacBook Air. iPads, iPhones, and Apple TVs are being used in the work environment for convenient sharing and conference meetings. Start-ups, web design, and marketing companies are trying to create Mac only based environments. Apple devices are on the rise inside major corporations and although OS X malware is seen infrequently inside targeted intrusions, there are signs that show we will be seeing more of it in the future. Incident responders and security analysts spend years learning the internal operations of the Windows operating system. How will responders perform analysis on a fundamentally different system? To continue effectively fighting the adversary we need to stay one step ahead of them. Working in the incident response field you will find that although vulnerabilities, exploits, and technology change, many adversary tactics and goals stay the same. This is true even across different operating systems.
Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «OS X Incident Response Scripting and Analysis»

Look at similar books to OS X Incident Response Scripting and Analysis. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «OS X Incident Response Scripting and Analysis»

Discussion, reviews of the book OS X Incident Response Scripting and Analysis and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.