This book shows how to assess a network’s vulnerabilities, zero in on targets, and effectively block intruders. Using the tested security techniques and real-world case studies featured in this one-of-a-kind guide, IT security pros will be able to expose, pursue, and prosecute the perpetrators of advanced persistent threats (APTs). Useful to everyone who works in or whose work is influenced by the world of IT and cyber security, this book focuses on intelligence analysis, cyber counterintelligence, and operational implementations of how to objectively analyze the details of an intrusion in order to generate highly accurate assessments of adversaries.
The team of expert authors shows how to establish the goals and scope of a reverse deception campaign, set up digital traps, misdirect and divert attackers, configure honeypots, mitigate encrypted crimeware, and identify malicious software groups. They also provide full coverage of legal and ethical issues, operational vetting, and security team management.
Sean M. Bodmer, CISSP, CEH, is a senior threat intelligence analyst at Damballa, Inc., a crimeware detection, security provider, and research firm consulting to Fortune 500 and 1,000 companies. He analyzes and tracks thousands of strings of network activity each week, scanning for malicious activity and focuses on attribution of each criminal and campaign. Sean is a frequent speaker on network security concepts and practices, including at DoD conferences, and has been invited to speak and train cyber counterintelligence courses around the world. He’s the co-author of Hacking Exposed: Malware & Rootkits.
Max Kilger, Ph.D., is specialist in profiling and behavioral analysis of the black hat community and hackers. He is a founding member of the Honeynet Project, is currently on their board of directors, and serves as their chief membership officer and chief profiler. Dr. Kilger is a frequent national and international speaker to the intelligence community, military, federal law enforcement, and information security forums.
Gregory Carpenter, CISM, has earned numerous professional awards including the Joint Task Force for Global Network Operations Officer of the Quarter, recognition in the Who’s Who in International Business, and serves on the U.S. Government’s Cross Domain Solution Working Group, the Joint Wireless Working Group, and many others.
Jade Jones, JD, has 15 years practice experience. Areas of expertise include Information Operations and Space Law. He is a civilian with the Department of Defense and a Navy JAG Commander in the Reserves.
Chapter 1 is excerpted below.