Cesar Bravo - Mastering Defensive Security: Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Cesar Bravo

BIRMINGHAMMUMBAI

Copyright 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Shrilekha Malpani

Senior Editor: Arun Nadar

Content Development Editor: Yasir Ali Khan

Technical Editor: Nithik Cheruvakodan

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Jyoti Chauhan

First published: October 2021

Production reference: 1211021

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80020-816-2

www.packt.com

To all the brave people that decided to pursue a career in cybersecurity, and their countless efforts and sacrifices to keep the world safe!

Throughout my careerwhich reads like a coming-of-age tale from cyberpunk hacker to cybersecurity CEOI have grown to see this industry evolve and mature in a similar fashion. For many of us with humble hacking origins common in that early era, the institutional knowledge of attack and defense comes as second nature.

As new threats continuously emerge, the need for a robust security culture is underscored by the billions lost to breaches. The importance of this collective wisdom distilled in an actionable manner for the next generation of cyber defenders is all too apparent.

This book's author, Cesar Bravo, takes you beyond the theory. His practical approach bridges the gap between concept and application.

Bravo leverages his profound experience as a cybersecurity expert to lay out a comprehensive understanding of risk, compliance, and the foundational concepts so crucial to the application of defensive techniques.

Moreover, the critical intersection of man and machinewhere breakdowns in physical security most often occuris uniquely covered alongside the frameworks and strategies necessary to become a vigilant defender.

If you are a cyber professional looking to master defensive security, this book is for you!

Darren Kitchen

Founder, Hak5

Cesar Bravo is a researcher and inventor who has more than 100 inventions related to cybersecurity that are being patented in the US, Germany, China, and Japan. Those inventions include cybersecurity hardware, secure IoT systems and devices, and even cybersecurity systems for autonomous cars.

He loves to share knowledge and he has been working with several universities to teach cybersecurity at all levels, from introductory courses for non-IT people up to a master's degree in cybersecurity (for which he has also served as a thesis director).

In recent years, Cesar has become a recognized speaker (including delivering a TEDx talk), giving international presentations about cybersecurity and innovation in the UK, Germany, Mexico, the US, and Spain.

First, I want to thank all my students, who always encourage me with their questions and comments to become a better professional.

To my peer masters in cybersecurity, who took the challenge to learn about new topics and explore a new universe of possibilities, I am super grateful and proud of all of you.

To the cybersecurity community, who invest countless hours to stay up to date with new threats to make the world a better and more secure place to live, for you that live and work in the shadow of your desk, let me say that YOU are the real heroes!

And to my family and friends, who have always supported and encouraged me to become the best version of myself, to all of you, THANK YOU!

Smith Gonsalves is the director and principal consultant of CyberSmithSECURE, a boutique consulting firm that specializes in providing cybersecurity services to MNCs worldwide. He has been known and recognized in the industry as one of India's youngest cyber evangelists and information security professionals of the time. His key area of work is in the instrumentation of orchestrating cyber capabilities for safeguarding high-end enterprises and institutions. Smith is a Cert-In Certified Auditor and has completed industry-nominated certifications including CISA, OSCP, CEH, CHFI, and TOGAF during his 7+ years of experience.

Yasser Ali is a cybersecurity consultant and red teamer at Dubai Electricity & Water Authority (DEWA).

Yasser has an extensive background in consultancy and advisory services. His experience in vulnerability research, pentesting, and reviewing standards and best practices has made Yasser a highly sought-after expert for enterprises.

Yasser's passion is mostly spent on the development of red teaming labs and offensive training where cybersecurity professionals sharpen their skills and learn new tradecraft-emulating techniques, tactics, and procedures (TTPs) used by adversaries.

Yasser was showcased in the BBC documentary movie How Hackers Steal Your ID. He is a specialized trainer and is regularly invited to participate in global information security conferences and discussion panels.

I wish to thank Shagun, Ali Mehdi, and the Packt team for their time and for allowing me the opportunity to review this book.

Big thanks to all security researchers and InfoSec communities such as HackerOne, Hackers Academy, and Malcrove. Without their contribution, innovation, and willingness to break the rules but not the law and to help one another, cybersecurity wouldn't be what it is today.

Lastly, a special heartfelt thanks to my caring and loving parents and siblings for always supporting me.