Description

Book Synopsis


Table of Contents

Introduction xvii

Chapter 1 Fulfilling Pre- ATT&CK Objectives 1

Active Scanning 2

Scanning Networks with scapy 2

Implementing a SYN Scan in scapy 4

Performing a DNS Scan in scapy 5

Running the Code 5

Network Scanning for Defenders 6

Monitoring Traffic with scapy 7

Building Deceptive Responses 8

Running the Code 9

Search Open Technical Databases 9

Offensive DNS Exploration 10

Searching DNS Records 11

Performing a DNS Lookup 12

Reverse DNS Lookup 12

Running the Code 13

DNS Exploration for Defenders 13

Handling DNS Requests 15

Building a DNS Response 15

Running the Code 16

Summary 17

Suggested Exercises 17

Chapter 2 Gaining Initial Access 19

Valid Accounts 20

Discovering Default Accounts 20

Accessing a List of Default Credentials 21

Starting SSH Connections in Python 22

Performing Telnet Queries in Python 23

Running the Code 24

Account Monitoring for Defenders 24

Introduction to Windows Event Logs 25

Accessing Event Logs in Python 28

Detecting Failed Logon Attempts 28

Identifying Unauthorized Access to Default Accounts 30

Running the Code 30

Replication Through Removable Media 31

Exploiting Autorun 31

Converting Python Scripts to Windows Executables 32

Generating an Autorun File 33

Setting Up the Removable Media 34

Running the Code 34

Detecting Autorun Scripts 34

Identifying Removable Drives 35

Finding Autorun Scripts 36

Detecting Autorun Processes 36

Running the Code 36

Summary 37

Suggested Exercises 37

Chapter 3 Achieving Code Execution 39

Windows Management Instrumentation 40

Executing Code with WMI 40

Creating Processes with WMI 41

Launching Processes with PowerShell 41

Running the Code 42

WMI Event Monitoring for Defenders 42

WMI in Windows Event Logs 43

Accessing WMI Event Logs in Python 45

Processing Event Log XML Data 45

Running the Code 46

Scheduled Task/Job 47

Scheduling Malicious Tasks 47

Checking for Scheduled Tasks 48

Scheduling a Malicious Task 48

Running the Code 49

Task Scheduling for Defenders 50

Querying Scheduled Tasks 51

Identifying Suspicious Tasks 52

Running the Code 52

Summary 53

Suggested Exercises 53

Chapter 4 Maintaining Persistence 55

Boot or Logon Autostart Execution 56

Exploiting Registry Autorun 56

The Windows Registry and Autorun Keys 57

Modifying Autorun Keys with Python 60

Running the Code 61

Registry Monitoring for Defenders 62

Querying Windows Registry Keys 63

Searching the HKU Hive 64

Running the Code 64

Hijack Execution Flow 65

Modifying the Windows Path 65

Accessing the Windows Path 66

Modifying the Path 67

Running the Code 68

Path Management for Defenders 69

Detecting Path Modification via Timestamps 69

Enabling Audit Events 71

Monitoring Audit Logs 73

Running the Code 75

Summary 76

Suggested Exercises 76

Chapter 5 Performing Privilege Escalation 77

Boot or Logon Initialization Scripts 78

Creating Malicious Logon Scripts 78

Achieving Privilege Escalation with Logon Scripts 79

Creating a Logon Script 79

Running the Code 79

Searching for Logon Scripts 80

Identifying Autorun Keys 81

Running the Code 81

Hijack Execution Flow 81

Injecting Malicious Python Libraries 82

How Python Finds Libraries 82

Creating a Python Library 83

Running the Code 83

Detecting Suspicious Python Libraries 83

Identifying Imports 85

Detecting Duplicates 85

Running the Code 86

Summary 86

Suggested Exercises 87

Chapter 6 Evading Defenses 89

Impair Defenses 90

Disabling Antivirus 90

Disabling Antivirus Autorun 90

Terminating Processes 93

Creating Decoy Antivirus Processes 94

Catching Signals 95

Running the Code 95

Hide Artifacts 95

Concealing Files in Alternate Data Streams 96

Exploring Alternate Data Streams 96

Alternate Data Streams in Python 97

Running the Code 98

Detecting Alternate Data Streams 98

Walking a Directory with Python 99

Using PowerShell to Detect ADS 100

Parsing PowerShell Output 101

Running the Code 102

Summary 102

Suggested Exercises 103

Chapter 7 Accessing Credentials 105

Credentials from Password Stores 106

Dumping Credentials from Web Browsers 106

Accessing the Chrome Master Key 108

Querying the Chrome Login Data Database 108

Parsing Output and Decrypting Passwords 109

Running the Code 109

Monitoring Chrome Passwords 110

Enabling File Auditing 110

Detecting Local State Access Attempts 111

Running the Code 113

Network Sniffing 114

Sniffing Passwords with scapy 114

Port- Based Protocol Identification 116

Sniffing FTP Passwords 116

Extracting SMTP Passwords 117

Tracking Telnet Authentication State 119

Running the Code 121

Creating Deceptive Network Connections 121

Creating Decoy Connections 122

Running the Code 122

Summary 123

Suggested Exercises 123

Chapter 8 Performing Discovery 125

Account Discovery 126

Collecting User Account Data 126

Identifying Administrator Accounts 127

Collecting User Account Information 128

Accessing Windows Password Policies 128

Running the Code 129

Monitoring User Accounts 130

Monitoring Last Login Times 130

Monitoring Administrator Login Attempts 131

Running the Code 132

File and Directory Discovery 133

Identifying Valuable Files and Folders 133

Regular Expressions for Data Discovery 135

Parsing Different File Formats 135

Running the Code 136

Creating Honeypot Files and Folders 136

Monitoring Decoy Content 136

Creating the Decoy Content 137

Running the Code 138

Summary 138

Suggested Exercises 139

Chapter 9 Moving Laterally 141

Remote Services 142

Exploiting Windows Admin Shares 142

Enabling Full Access to Administrative Shares 143

Transferring Files via Administrative Shares 144

Executing Commands on Administrative Shares 144

Running the Code 144

Admin Share Management for Defenders 145

Monitoring File Operations 146

Detecting Authentication Attempts 147

Running the Code 148

Use Alternative Authentication Material 148

Collecting Web Session Cookies 149

Accessing Web Session Cookies 150

Running the Code 150

Creating Deceptive Web Session Cookies 151

Creating Decoy Cookies 151

Monitoring Decoy Cookie Usage 153

Running the Code 153

Summary 154

Suggested Exercises 155

Chapter 10 Collecting Intelligence 157

Clipboard Data 158

Collecting Data from the Clipboard 158

Accessing the Windows Clipboard 159

Replacing Clipboard Data 159

Running the Code 160

Clipboard Management for Defenders 160

Monitoring the Clipboard 161

Processing Clipboard Messages 161

Identifying the Clipboard Owner 161

Running the Code 162

Email Collection 162

Collecting Local Email Data 162

Accessing Local Email Caches 163

Running the Code 163

Protecting Against Email Collection 164

Identifying Email Caches 165

Searching Archive Files 165

Running the Code 166

Summary 166

Suggested Exercises 166

Chapter 11 Implementing Command and Control 169

Encrypted Channel 170

Command and Control Over Encrypted Channels 170

Encrypted Channel Client 171

Encrypted Channel Server 172

Running the Code 173

Detecting Encrypted C2 Channels 174

Performing Entropy Calculations 175

Detecting Encrypted Traffic 175

Running the Code 176

Protocol Tunneling 176

Command and Control via Protocol Tunneling 176

Protocol Tunneling Client 177

Protocol Tunneling Server 177

Running the Code 179

Detecting Protocol Tunneling 179

Extracting Field Data 181

Identifying Encoded Data 181

Running the Code 181

Summary 182

Suggested Exercises 182

Chapter 12 Exfiltrating Data 183

Alternative Protocols 184

Data Exfiltration Over Alternative Protocols 184

Alternative Protocol Client 185

Alternative Protocol Server 186

Running the Code 188

Detecting Alternative Protocols 189

Detecting Embedded Data 190

Running the Code 191

Non- Application Layer Protocols 191

Data Exfiltration via Non- Application Layer Protocols 192

Non- Application Layer Client 193

Non- Application Layer Server 193

Running the Code 194

Detecting Non- Application Layer Exfiltration 195

Identifying Anomalous Type and Code Values 196

Running the Code 196

Summary 197

Suggested Exercises 197

Chapter 13 Achieving Impact 199

Data Encrypted for Impact 200

Encrypting Data for Impact 200

Identifying Files to Encrypt 201

Encrypting and Decrypting Files 202

Running the Code 202

Detecting File Encryption 203

Finding Files of Interest 204

Calculating File Entropies 204

Running the Code 205

Account Access Removal 205

Removing Access to User Accounts 205

Changing Windows Passwords 207

Changing Linux Passwords 207

Running the Code 207

Detecting Account Access Removal 208

Detecting Password Changes in Windows 209

Detecting Password Changes in Linux 210

Running the Code 211

Summary 211

Suggested Exercises 212

Index 213

Python for Cybersecurity

    Product form

    £19.54

    Includes FREE delivery

    RRP £22.99 – you save £3.45 (15%)

    Order before 4pm today for delivery by Mon 29 Jun 2026.

    A Paperback / softback by Howard E. Poston

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Python for Cybersecurity by Howard E. Poston

      Publisher: John Wiley & Sons Inc
      Publication Date: 05/05/2022
      ISBN13: 9781119850649, 978-1119850649
      ISBN10: 1119850649
      Also in:
      Computing Programming and scripting languages: general Web programming

      Description

      Book Synopsis


      Table of Contents

      Introduction xvii

      Chapter 1 Fulfilling Pre- ATT&CK Objectives 1

      Active Scanning 2

      Scanning Networks with scapy 2

      Implementing a SYN Scan in scapy 4

      Performing a DNS Scan in scapy 5

      Running the Code 5

      Network Scanning for Defenders 6

      Monitoring Traffic with scapy 7

      Building Deceptive Responses 8

      Running the Code 9

      Search Open Technical Databases 9

      Offensive DNS Exploration 10

      Searching DNS Records 11

      Performing a DNS Lookup 12

      Reverse DNS Lookup 12

      Running the Code 13

      DNS Exploration for Defenders 13

      Handling DNS Requests 15

      Building a DNS Response 15

      Running the Code 16

      Summary 17

      Suggested Exercises 17

      Chapter 2 Gaining Initial Access 19

      Valid Accounts 20

      Discovering Default Accounts 20

      Accessing a List of Default Credentials 21

      Starting SSH Connections in Python 22

      Performing Telnet Queries in Python 23

      Running the Code 24

      Account Monitoring for Defenders 24

      Introduction to Windows Event Logs 25

      Accessing Event Logs in Python 28

      Detecting Failed Logon Attempts 28

      Identifying Unauthorized Access to Default Accounts 30

      Running the Code 30

      Replication Through Removable Media 31

      Exploiting Autorun 31

      Converting Python Scripts to Windows Executables 32

      Generating an Autorun File 33

      Setting Up the Removable Media 34

      Running the Code 34

      Detecting Autorun Scripts 34

      Identifying Removable Drives 35

      Finding Autorun Scripts 36

      Detecting Autorun Processes 36

      Running the Code 36

      Summary 37

      Suggested Exercises 37

      Chapter 3 Achieving Code Execution 39

      Windows Management Instrumentation 40

      Executing Code with WMI 40

      Creating Processes with WMI 41

      Launching Processes with PowerShell 41

      Running the Code 42

      WMI Event Monitoring for Defenders 42

      WMI in Windows Event Logs 43

      Accessing WMI Event Logs in Python 45

      Processing Event Log XML Data 45

      Running the Code 46

      Scheduled Task/Job 47

      Scheduling Malicious Tasks 47

      Checking for Scheduled Tasks 48

      Scheduling a Malicious Task 48

      Running the Code 49

      Task Scheduling for Defenders 50

      Querying Scheduled Tasks 51

      Identifying Suspicious Tasks 52

      Running the Code 52

      Summary 53

      Suggested Exercises 53

      Chapter 4 Maintaining Persistence 55

      Boot or Logon Autostart Execution 56

      Exploiting Registry Autorun 56

      The Windows Registry and Autorun Keys 57

      Modifying Autorun Keys with Python 60

      Running the Code 61

      Registry Monitoring for Defenders 62

      Querying Windows Registry Keys 63

      Searching the HKU Hive 64

      Running the Code 64

      Hijack Execution Flow 65

      Modifying the Windows Path 65

      Accessing the Windows Path 66

      Modifying the Path 67

      Running the Code 68

      Path Management for Defenders 69

      Detecting Path Modification via Timestamps 69

      Enabling Audit Events 71

      Monitoring Audit Logs 73

      Running the Code 75

      Summary 76

      Suggested Exercises 76

      Chapter 5 Performing Privilege Escalation 77

      Boot or Logon Initialization Scripts 78

      Creating Malicious Logon Scripts 78

      Achieving Privilege Escalation with Logon Scripts 79

      Creating a Logon Script 79

      Running the Code 79

      Searching for Logon Scripts 80

      Identifying Autorun Keys 81

      Running the Code 81

      Hijack Execution Flow 81

      Injecting Malicious Python Libraries 82

      How Python Finds Libraries 82

      Creating a Python Library 83

      Running the Code 83

      Detecting Suspicious Python Libraries 83

      Identifying Imports 85

      Detecting Duplicates 85

      Running the Code 86

      Summary 86

      Suggested Exercises 87

      Chapter 6 Evading Defenses 89

      Impair Defenses 90

      Disabling Antivirus 90

      Disabling Antivirus Autorun 90

      Terminating Processes 93

      Creating Decoy Antivirus Processes 94

      Catching Signals 95

      Running the Code 95

      Hide Artifacts 95

      Concealing Files in Alternate Data Streams 96

      Exploring Alternate Data Streams 96

      Alternate Data Streams in Python 97

      Running the Code 98

      Detecting Alternate Data Streams 98

      Walking a Directory with Python 99

      Using PowerShell to Detect ADS 100

      Parsing PowerShell Output 101

      Running the Code 102

      Summary 102

      Suggested Exercises 103

      Chapter 7 Accessing Credentials 105

      Credentials from Password Stores 106

      Dumping Credentials from Web Browsers 106

      Accessing the Chrome Master Key 108

      Querying the Chrome Login Data Database 108

      Parsing Output and Decrypting Passwords 109

      Running the Code 109

      Monitoring Chrome Passwords 110

      Enabling File Auditing 110

      Detecting Local State Access Attempts 111

      Running the Code 113

      Network Sniffing 114

      Sniffing Passwords with scapy 114

      Port- Based Protocol Identification 116

      Sniffing FTP Passwords 116

      Extracting SMTP Passwords 117

      Tracking Telnet Authentication State 119

      Running the Code 121

      Creating Deceptive Network Connections 121

      Creating Decoy Connections 122

      Running the Code 122

      Summary 123

      Suggested Exercises 123

      Chapter 8 Performing Discovery 125

      Account Discovery 126

      Collecting User Account Data 126

      Identifying Administrator Accounts 127

      Collecting User Account Information 128

      Accessing Windows Password Policies 128

      Running the Code 129

      Monitoring User Accounts 130

      Monitoring Last Login Times 130

      Monitoring Administrator Login Attempts 131

      Running the Code 132

      File and Directory Discovery 133

      Identifying Valuable Files and Folders 133

      Regular Expressions for Data Discovery 135

      Parsing Different File Formats 135

      Running the Code 136

      Creating Honeypot Files and Folders 136

      Monitoring Decoy Content 136

      Creating the Decoy Content 137

      Running the Code 138

      Summary 138

      Suggested Exercises 139

      Chapter 9 Moving Laterally 141

      Remote Services 142

      Exploiting Windows Admin Shares 142

      Enabling Full Access to Administrative Shares 143

      Transferring Files via Administrative Shares 144

      Executing Commands on Administrative Shares 144

      Running the Code 144

      Admin Share Management for Defenders 145

      Monitoring File Operations 146

      Detecting Authentication Attempts 147

      Running the Code 148

      Use Alternative Authentication Material 148

      Collecting Web Session Cookies 149

      Accessing Web Session Cookies 150

      Running the Code 150

      Creating Deceptive Web Session Cookies 151

      Creating Decoy Cookies 151

      Monitoring Decoy Cookie Usage 153

      Running the Code 153

      Summary 154

      Suggested Exercises 155

      Chapter 10 Collecting Intelligence 157

      Clipboard Data 158

      Collecting Data from the Clipboard 158

      Accessing the Windows Clipboard 159

      Replacing Clipboard Data 159

      Running the Code 160

      Clipboard Management for Defenders 160

      Monitoring the Clipboard 161

      Processing Clipboard Messages 161

      Identifying the Clipboard Owner 161

      Running the Code 162

      Email Collection 162

      Collecting Local Email Data 162

      Accessing Local Email Caches 163

      Running the Code 163

      Protecting Against Email Collection 164

      Identifying Email Caches 165

      Searching Archive Files 165

      Running the Code 166

      Summary 166

      Suggested Exercises 166

      Chapter 11 Implementing Command and Control 169

      Encrypted Channel 170

      Command and Control Over Encrypted Channels 170

      Encrypted Channel Client 171

      Encrypted Channel Server 172

      Running the Code 173

      Detecting Encrypted C2 Channels 174

      Performing Entropy Calculations 175

      Detecting Encrypted Traffic 175

      Running the Code 176

      Protocol Tunneling 176

      Command and Control via Protocol Tunneling 176

      Protocol Tunneling Client 177

      Protocol Tunneling Server 177

      Running the Code 179

      Detecting Protocol Tunneling 179

      Extracting Field Data 181

      Identifying Encoded Data 181

      Running the Code 181

      Summary 182

      Suggested Exercises 182

      Chapter 12 Exfiltrating Data 183

      Alternative Protocols 184

      Data Exfiltration Over Alternative Protocols 184

      Alternative Protocol Client 185

      Alternative Protocol Server 186

      Running the Code 188

      Detecting Alternative Protocols 189

      Detecting Embedded Data 190

      Running the Code 191

      Non- Application Layer Protocols 191

      Data Exfiltration via Non- Application Layer Protocols 192

      Non- Application Layer Client 193

      Non- Application Layer Server 193

      Running the Code 194

      Detecting Non- Application Layer Exfiltration 195

      Identifying Anomalous Type and Code Values 196

      Running the Code 196

      Summary 197

      Suggested Exercises 197

      Chapter 13 Achieving Impact 199

      Data Encrypted for Impact 200

      Encrypting Data for Impact 200

      Identifying Files to Encrypt 201

      Encrypting and Decrypting Files 202

      Running the Code 202

      Detecting File Encryption 203

      Finding Files of Interest 204

      Calculating File Entropies 204

      Running the Code 205

      Account Access Removal 205

      Removing Access to User Accounts 205

      Changing Windows Passwords 207

      Changing Linux Passwords 207

      Running the Code 207

      Detecting Account Access Removal 208

      Detecting Password Changes in Windows 209

      Detecting Password Changes in Linux 210

      Running the Code 211

      Summary 211

      Suggested Exercises 212

      Index 213

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account