Offensive and Defensive Cyber Security Strategies PDF

Offensive and Defensive Cyber Security Strategies The aim of this book is to explore the definitions and fundamentals of offensive security versus defensive security and describe the different tools and technologies for protecting against cyber threats. The book offers strategies of practical aspects of cybersecurity, covers the main disciplines needed to understand cybersecurity, and demonstrates ethical and legal concepts of cyber activities. It presents important concepts relevant for cybersecurity strategies, including the concept of cybercrime, cyber defense, protection of IT systems, and analysis of risks. Dr. Mariya Ouaissa is currently Assistant Professor in Cybersecurity and Networks at the Faculty of Sciences Semlalia, Cadi Ayyad University, Marrakech, Morocco. She received her Ph.D. in 2019 in computer science and networks from Moulay Ismail University, Meknes, Morocco. She is a Networks and Telecoms Engineer and graduated in 2013 from the National School of Applied Sciences, Khouribga, Morocco. She has served and continues to serve on technical program and organizer committees of several conferences and events and has organized many symposiums/workshops/conferences as General Chair and also as a reviewer of numerous international journals. Dr. Ouaissa has made contributions in the fields of information security and privacy, Internet of Things security, and wireless and constrained networks security. She has published over 70 papers (book chapters, international journals, and conferences/workshops), 20 edited books, and 8 special issues as guest editor. Dr. Mariyam Ouaissa is currently Assistant Professor of Networks and Systems at ENSA, Chouaib Doukkali University, El Jadida, Morocco. She received her Ph.D. degree in 2019 from the National Graduate School of Arts and Crafts, Meknes, Morocco, and her engineering degree in 2013 from the National School of Applied Sciences, Khouribga, Morocco. Dr. Ouaissa’s research is multidisciplinary and focuses on the Internet of Things, M2M, WSN, vehicular communications and cellular networks, security networks, congestion overload problems, and the resource allocation management and access control. She has published more than 50 research papers (including book chapters, peer-reviewed journal articles, and peer-reviewed conference manuscripts), 15 edited books, and 6 special issues as guest editor. She has served on program committees and organizing committees of several conferences and events and has organized many symposiums/workshops/conferences as General Chair and TPC Chair. Cyber Shorts Series Discover concise and focused books on specific cybersecurity topics with Cyber Shorts. This book series is designed for students, professionals, and enthusiasts seeking to explore specialized areas within cybersecurity. From blockchain to zero-day to ethical hacking, each book provides real-world examples and practical insights. Ransomware Penetration Testing and Contingency Planning Ravindra Das Deploying the Zero Trust Framework in MSFT Azure Ravindra Das Generative AI Phishing and Cybersecurity Metrics Ravindra Das A Reference Manual for Data Privacy Laws and Cyber Frameworks Ravindra Das Offensive and Defensive Cyber Security Strategies Fundamentals, Theory and Practices Mariya Ouaissa and Mariyam Ouaissa For more information about this series, please visit: www.routledge.com/Cyber-Shorts/book- series/CYBSH Offensive and Defensive Cyber Security Strategies Fundamentals, Theory and Practices Mariya Ouaissa and Mariyam Ouaissa Designed cover image: © Shutterstock First edition published 2025 by CRC Press 2385 NW Executive Center Drive, Suite 320, Boca Raton FL 33431 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2025 Mariya Ouaissa and Mariyam Ouaissa Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. For works that are not available on CCC please contact [email protected] Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. ISBN: 9781032823416 (hbk) ISBN: 9781032833804 (pbk) ISBN: 9781003509080 (ebk) DOI: 10.1201/9781003509080 Typeset in Sabon LT Pro by Apex CoVantage, LLC Contents Preface vii About the authors ix 1 Fundamentals of cybersecurity strategies 1 2 Offensive cybersecurity tools and technologies 26 3 Defensive cybersecurity tools and technologies 45 4 Threat modeling and risk management 61 5 Cybersecurity incident response and digital forensics 75 6 Use of AI and blockchain in cybersecurity 95 Index 105 v Preface Cybersecurity has become a critical issue for businesses, organizations, and individuals in today’s digital age. With the increasing reliance on technology and the Internet, it is essential to have efficient measures in place to protect systems and networks from cyber threats. There are two main approaches to cybersecurity: offensive security and defensive security. Offensive security refers to the practice of actively attacking and exploiting computer systems and networks to test their defenses and identify vulnerabilities. Defensive security, on the other hand, refers to protecting computer systems and net- works from attack by identifying and mitigating vulnerabilities and imple- menting measures to prevent or detect unauthorized access or activity. In cybersecurity, strategies are broadly divided into two categories: offen- sive and defensive. While both approaches are vital, they offer different perspectives on protecting, detecting, and responding to threats. The key is employing the right strategy at the right time in order to protect against attackers, maintain business continuity in the face of cyberattacks, optimize resources, and adhere to regulatory compliance. Offensive cybersecurity, commonly called “OffSec,” focuses on actively seeking out systems’ vulnerabilities, flaws, and weaknesses before attack- ers can exploit them. The premise behind OffSec is simple: to best defend oneself, one must think and act like an attacker. This proactive approach includes strategies like penetration testing (or pentesting), red teaming, phishing simulations, and vulnerability assessments. While offensive cyber- security aims to identify vulnerabilities by actively simulating cyberattacks, defensive cybersecurity, or “DefSec,” focuses on building and maintaining resilient systems that can prevent, detect, and respond to threats as they arise. This approach emphasizes layers of protection, including firewalls, antivirus software, intrusion detection systems (IDS), intrusion prevention systems (IPS), and incident response teams. The primary goal is to prevent, detect, and mitigate threats. The aim of this book is to explore the definitions and fundamentals of offensive security and defensive security, and we will also consider the differ- ent tools and technologies for protecting against cyber threats. vii viii Preface The book offers strategies of practical aspects of cybersecurity and cov- ers the main disciplines needed to understand cybersecurity. This book also demonstrates ethical and legal concepts of cyber activities. The book presents important concepts relevant for cybersecurity strate- gies, including the concept of cybercrime, cyber defense, protection of IT systems, and analysis of risks. Let us take a closer look at the specific themes and contributions of each chapter: The first and foundational chapter, Chapter 1, provides an overview of cybersecurity concepts and fundamentals, the main challenges in different components of infrastructure, cybersecurity frameworks, and regulations. Chapter 2 examines the evolution of offensive cybersecurity tools and technologies in the contemporary digital landscape by exploring the methods and means used by malicious actors to compromise system. In Chapter 3, we delve into the essential tools and technologies of defensive cybersecurity, aiming at shielding digital assets from cyber threats and attacks. The chapter provides a detailed examination of various defense mechanisms, such as intrusion detection systems, intrusion prevention systems, firewalls, antivirus software, encryption tools, and endpoint security solutions. Chapter 4 conducts a comprehensive overview of threat modeling and risk management in cybersecurity. Integrating threat modeling and risk management is essential for a robust security strategy. By combin- ing these two practices, organizations can not only identify and assess potential threats but also proactively manage risks, ensuring stronger protection of their assets and information. Chapter 5 covers strategies and techniques for managing cybersecurity incidents and conducting digital investigations. It includes the essen- tial steps of incident response. Additionally, it explores digital forensic methods for collecting, analyzing, and preserving electronic evidence, ensuring its integrity for use in forensic investigations. The final chapter, Chapter 6, presents the real-world applications, challenges, and future prospects of the convergence of AI, IoT, and blockchain for robust and adaptable cybersecurity in the face of evolv- ing threats. Each chapter serves as a piece of the larger puzzle, contributing valuable insights, innovations, techniques, and tools to the complex landscape of cybersecurity. We invite you to journey through this book, exploring the cut- ting-edge developments, challenges, and promising possibilities that await. About the authors Dr. Mariya Ouaissa is currently Assistant Professor in Cybersecurity and Net- works at the Faculty of Sciences Semlalia, Cadi Ayyad University, Marrakech, Morocco. She received her Ph.D. in 2019 in computer science and networks at the Laboratory of Modelisation of Mathematics and Computer Science from the ENSAM-Moulay Ismail University, Meknes, Morocco. She is a Net- works and Telecoms Engineer and graduated in 2013 from the National School of Applied Sciences, Khouribga, Morocco. She is a co-founder and IT consultant at the IT Support and Consulting Center. She was working for the School of Technology of in Meknes, Morocco, as a visiting professor from 2013 to 2021. She is a member of the International Association of Engineers and the International Association of Online Engineering, and, since 2021, she has been an “ACM Professional Member.” She is Expert Reviewer with the Academic Exchange Information Centre (AEIC) and Brand Ambassador with Bentham Science. She has served and continues to serve on technical program and organizer committees of several conferences and events and has organized many symposiums/workshops/conferences as General Chair and also as a reviewer of numerous international journals. Dr. Ouaissa has made contributions in the fields of information security and privacy, Internet of Things security, and wireless and constrained networks security. Her main research topics are IoT, M2M, D2D, WSN, cellular networks, and vehicular networks. She has published over 50 papers (book chapters, international journals, and conferences/workshops), 15 edited books, and 8 special issues as guest editor. Dr. Mariyam Ouaissa is currently Assistant Professor of Networks and Systems at ENSA, Chouaib Doukkali University, El Jadida, Morocco. She received her Ph.D. degree in 2019 from the National Graduate School of Arts and Crafts, Meknes, Morocco, and her engineering degree in 2013 from the National School of Applied Sciences, Khouribga, Morocco. She is a communication and networking researcher and practitioner with indus- try and academic experience. Dr. Ouaissa’s research is multidisciplinary and focuses on the Internet of Things, M2M, WSN, vehicular communications ix x About the authors and cellular networks, security networks, congestion overload problems, and the resource allocation management and access control. She is serving as a reviewer for international journals and conferences, including IEEE Access and Wireless Communications and Mobile Computing. Since 2020, she has been a member of the “International Association of Engineers IAENG” and the “International Association of Online Engineering,” and since 2021, she has been an “ACM Professional Member.” She has published more than 50 research papers (including book chapters, peer-reviewed journal articles, and peer-reviewed conference manuscripts), 13 edited books, and 6 special issues as guest editor. She has served on program committees and organizing com- mittees of several conferences and events and has organized many sympo- siums/workshops/conferences as General Chair and TPC Chair. Chapter 1 Fundamentals of cybersecurity strategies 1.1 INTRODUCTION Today, the world is more interconnected than ever. The global economy relies on people’s ability to communicate across time zones and access cru- cial information from anywhere. Cybersecurity enhances productivity and innovation by providing the confidence needed to work and communicate online securely. Cybersecurity encompasses all measures that ensure the protection and integrity of data, whether sensitive or not, within a digital infrastructure. It involves a set of processes, best practices, and technology solutions that help protect critical systems and networks from digital attacks. Capitaliz- ing on the surge in data and the growing number of people working and connecting remotely, malicious actors have devised sophisticated methods to access resources, steal data, sabotage businesses, and extort money. The number of attacks rises each year, with adversaries continuously develop- ing new techniques to avoid detection. An effective cybersecurity program integrates people, processes, and technology solutions to mitigate the risk of business interruption, financial loss, and reputational damage in the event of an attack. Individuals and organizations face different types of digital threats every day. These threats can include computer attacks or acts of espionage aimed at stealing personal data, targeted attacks to gain economic advantage, or cyberterrorism intended to create insecurity and distrust in large groups. A cyberattack refers to an action designed to target a computer or any ele- ment of a computerized information system (IS) with the aim of modifying, destroying, or stealing data, as well as exploiting or harming a network. It includes any type of offensive action that targets computer systems, infra- structure, networks, or even personal computers, using various methods to steal, modify, or destroy data or systems. This chapter offers a thorough analysis of the fundamentals of cybersecu- rity, focusing particularly on technical cyberattacks. The aim is to provide a comprehensive overview of cybersecurity and the principal frameworks and DOI: 10.1201/9781003509080-1 1 2 Fundamentals of cybersecurity strategies regulations used in different scenarios. The structure of this chapter is orga- nized as follows. Section 1.2 provides a description of technical cyberattacks. Section 1.3 presents the anatomy of a cyberattack. Sections 1.4 and 1.5 describe the fundamentals and frameworks of cybersecurity. In Section 1.6, we discuss implementing cybersecurity measures. Compliance and regula- tions are covered in Section 1.7. Finally, Sections 1.8 and 1.9 present the main professions and future trends in cybersecurity, respectively. Conclu- sions are drawn in Section 1.10. 1.2 UNDERSTANDING CYBER THREATS Cyberattacks have seen a significant increase in recent years due to techno- logical advancements and the digitalization of almost all areas of social life. The advent of teleworking, e-commerce, cloud computing, and other online activities has greatly expanded the attack surface. Indeed, computer systems present numerous vulnerabilities that can be exploited by hackers, whether at the network, software, or infrastructure level. A cyberattack occurs when a malicious actor exploits weakness in a computer system, network, or soft- ware. These attacks can take various forms, such as denial of service (DoS), espionage, data destruction, ransomware, and phishing. Cyberattacks pose the greatest threat to any institution or individual in a highly digitalized world, as they target all sectors of society, including governments, the private sector, as well as civil and military organizations. In this section, we focus on identifying the most common types and techniques of cyberattacks. 1.2.1 Malware Malware consists of computer programs designed to disrupt the normal operation of a system or cause damage to data. The purpose of malware is determined by its malicious intent, acting against the victim’s requirements for the system. These types of software have become tools for both hackers and governments to steal personal, financial, or business data. Malware can encrypt or delete sensitive data, modify or hijack functions, spy on victim activity, or even generate money. Additionally, it can be used for sabotage or politically motivated purposes. There are various types of malware, includ- ing spyware, ransomware, and others. 1.2.1.1 Virus The virus infiltrates applications such as Microsoft Word or Excel by embed- ding itself into the application’s initialization sequence. Upon opening the application, the virus executes its instructions before relinquishing control to Fundamentals of cybersecurity strategies 3 the application. Subsequently, the virus duplicates itself and affixes to other codes within the computer system. 1.2.1.2 Trojan horses This program hides inside seemingly useful software and usually performs malicious functions. Unlike other viruses, Trojan does not replicate itself. In addition to launching attacks against a system, Trojan can establish a back- door that attackers can exploit. For example, Trojan can be programmed to open a high-numbered port for a hacker to listen in and then execute an attack. 1.2.1.3 Drive-by download attack This attack entails the discreet insertion of a malicious script into a website’s code. When users visit the site, a covert download is initiated automati- cally. Drive-by download attacks are a prevalent technique for distributing malware. Hackers target vulnerable websites and embed a malicious script into the HTTP or PHP code of a page. This script can either install malware directly onto the visitor’s computer or redirect the visitor to a site controlled by the hackers. 1.2.1.4 Logic bomb This type of malware is added to an application and triggered by a specific event, such as a logical condition or a specific date and time. 1.2.1.5 Worms Unlike viruses, worms do not rely on attaching to host files; they are stand- alone programs capable of spreading autonomously across networks and computers. Typically transmitted through email attachments, worms com- monly exploit the method of sending copies of themselves to each email con- tact stored on the infected computer. In addition to carrying out nefarious actions, worms spreading across the Internet and overwhelming mail servers can instigate DoS attacks against network nodes. 1.2.1.6 Ransomware This type of malware restricts access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While basic ransomware may lock the system in a way that a knowledgeable person can easily fix, more advanced ransomware employs a technique called “crypto-viral extortion.” 4 Fundamentals of cybersecurity strategies This method encrypts the victim’s files, making them nearly impossible to recover without the decryption key. With ransomware, the victim’s system is effectively held hostage until the ransom is paid to the attacker. After the payment is made, the attacker provides instructions on how the victim can regain control of their computer. 1.2.1.7 Adware These software applications are used by businesses for marketing purposes. Advertising banners are displayed while a program is running. Adware may be automatically downloaded to your system when you browse a website and may appear in pop-up windows or in a bar that automatically appears on your computer screen. 1.2.1.8 Spyware These programs are installed to gather information about users, their comput- ers, or their browsing habits. They monitor activities without the user’s knowl- edge and send the data to a remote operator. Additionally, they can download and install other malicious programs from the Internet. While spyware func- tions similarly to adware, it is typically a separate program that installs covertly when a free application is installed. This spyware collects and transmits per- sonal information without the user’s knowledge or consent. 1.2.2 DoS attack DoS attack aims to inundate a system’s resources to the extent that it becomes incapable of responding to legitimate service requests. Similarly, a Distrib- uted Denial of Service (DDoS) attack operates with the intention of depleting a system’s resources. However, a DDoS attack occurs when a large number of host machines are infected with malware and controlled by the attacker. These machines, called “botnets,” simultaneously flood the target with ille- gitimate requests, overwhelming its resources. With a DoS attack, the target site is saturated with illegitimate requests. Since the site must respond to every request, its resources are consumed by all the responses, rendering it incapable of serving legitimate users. This often results in the site shutting down completely (Figure 1.1). 1.2.2.1 TCP SYN flood attack In this assault, the attacker takes advantage of buffer space usage during the TCP session initiation handshake. By inundating the target system’s process- ing queue with connection requests from their own machine, the attacker Fundamentals of cybersecurity strategies 5 Figure 1.1 DDoS attack does not respond when the target attempts to establish connections. Conse- quently, the target system times out while awaiting a response, potentially resulting in a crash or rendering it unusable due to the congested connection queue. 1.2.2.2 Teardrop attack This type of attack induces overlapping of the length and fragmentation offset fields within consecutive Internet Protocol (IP) packets at the targeted host. As the targeted system endeavors to reconstruct the packets, it encoun- ters failure and confusion, ultimately leading to a crash. 1.2.2.3 Smurf attack In this attack, the perpetrator falsifies an IP address and utilizes Internet Control Message Protocol (ICMP) to inundate a designated network with traffic, often by directing ICMP echo requests toward broadcast IP addresses. To mitigate this attack, IP-directed broadcasts to routers should be disabled to intercept ICMP echo requests at network devices. Alternatively, endpoints can be configured to refrain from responding to ICMP packets originating from broadcast addresses. 1.2.2.4 Ping of death This offensive tactic involves pinging a target system with IP packets surpass- ing the maximum size of 65,535 bytes. The attacker fragments these packets, and upon reassembly by the target system, it may encounter buffer overflows and crashes. Firewalls equipped to verify the maximum size of fragmented IP packets can thwart ping of death attacks. 6 Fundamentals of cybersecurity strategies 1.2.2.5 Botnets Botnets are vast networks composed of millions of systems infected with malware and under the control of hackers to execute DDoS attacks. These bots, or zombie systems, inundate target systems’ bandwidth and processing capabilities. The origin of DDoS attacks from botnets is arduous to trace due to their dispersal across diverse geographical locations. 1.2.3 Man-in-the-middle attack Man-in-the-middle (MitM) attack happens when a hacker inserts themselves into the communication between a client and a server (Figure 1.2). Here are some common types of MitM attacks. 1.2.3.1 Session hijacking In this attack, an attacker takes over a session between a trusted client and a network server. The attacker’s computer replaces the trusted client’s IP address with its own, and the server continues the session, thinking it is still communicating with the client. 1.2.3.2 IP spoofing An attacker uses IP spoofing to trick a system into believing it is communi- cating with a known and trusted entity. The attacker sends a packet to the target host that contains the source IP address of a known and trusted host instead of their own. Figure 1.2 MitM attack Fundamentals of cybersecurity strategies 7 1.2.3.3 Replay attack This attack occurs when an attacker intercepts and saves old messages, and then resends them, pretending to be one of the participants. Techniques such as session time stamps or nonces can counter this type of attack. 1.2.4 Phishing attack Phishing involves sending emails that appear to originate from trusted sources with the goal of obtaining personal information or tricking users into tak- ing specific actions. This technique combines social engineering and techni- cal tactics. It may involve an email attachment that installs malware on your computer or a link to a fraudulent website that tricks you into downloading malware or disclosing personal information. To carry out the cyberattack, the attacker might send a link that redirects you to a deceptive website, where you unknowingly download malware such as viruses, or it might enable the attacker to access your private information. Often, the victim remains unaware of the compromise, allowing the attacker to contact others within the same organization without raising suspicion of malicious activity. 1.2.4.1 Whale-phishing attack Whale-phishing attacks are named so because they target the “big fish” or “whales” of an organization, typically senior executives, senior manage- ment, or others at a high level within the organization. These individuals often possess valuable information sought by attackers, such as proprietary company information or operational details. 1.2.4.2 Spear-phishing attack Spear phishing refers to a specific type of more targeted phishing attack. Attack- ers invest time in researching their targets and craft messages that are likely to be relevant to them. These cyberattacks are aptly named “spear” phishing due to the focused approach on specific targets. The messages appear legitimate, making it challenging to detect a spear-phishing attack. 1.2.5 Password attack Because passwords serve as the primary method to authenticate users of a computer system, acquiring passwords constitutes a common and effective attack strategy. Passwords can be obtained through various methods, such as searching a person’s physical desktop, monitoring network connections to intercept unencrypted passwords, employing social engineering techniques, 8 Fundamentals of cybersecurity strategies accessing password databases, or utilizing guessing. The guessing method can involve random attempts or systematic approaches. 1.2.5.1 Brute force attack This involves trying different passwords in the hopes that one will work. Some logic can be applied, such as trying passwords related to the person’s name, job title, hobbies, or other personal information. 1.2.5.2 Dictionary attack This method involves using a list of common passwords to try to gain access to a user’s computer and network. One technique is to obtain an encrypted file containing passwords, apply the same encryption to a dictionary of com- monly used passwords, and then compare the results to see if any match. 1.2.6 Eavesdropping attack Eavesdropping attacks involve the attacker intercepting traffic as it traverses the network. In doing so, the attacker can capture sensitive information such as usernames, passwords, and credit card details. Eavesdropping can take on two forms: active or passive. During active eavesdropping, the hacker inserts software into the network traffic’s path to collect and analyze information, allowing them to extract useful data. In contrast, passive eavesdropping involves the hacker simply monitoring transmissions, seeking valuable data to exploit, without altering the traffic. 1.2.7 Birthday attack In a birthday attack, an attacker exploits a security feature: hashing algo- rithms used for verifying the authenticity of messages. A hash algorithm acts as a digital signature that the message recipient verifies to confirm the message’s authenticity. If a hacker can generate a hash identical to the one attached by the sender, they can replace the sender’s message with their own. The receiving device will accept it because it matches the correct hash. Birth- day attacks target hashing algorithms that verify message integrity, software, or digital signatures. 1.2.8 Cross-site scripting attack In a cross-site scripting (XSS) attack, the attacker distributes malicious scripts via clickable content sent to the victim’s browser. When the victim clicks on the content, the script is activated. Since the user is already logged into a web Fundamentals of cybersecurity strategies 9 application, the input they provide is considered valid by the application. However, the executed script has been tampered with by the attacker, result- ing in unintended actions being performed on behalf of the user. 1.2.9 Structured Query Language injection attack Structured Query Language (SQL) injection is a prevalent method for exploiting websites that rely on databases to serve their users. Clients, which are devices retrieving information from servers, instigate an SQL attack by dispatching an SQL query to a server’s database. In this attack, the com- mand is “injected” into a data plane instead of the expected input, such as a password or username. 1.2.10 Zero-day attack These attacks exploit recently discovered but unpatched vulnerabilities to carry out their malicious tasks. Various detection mechanisms have been proposed to protect against these attacks; yet they remain prevalent and pose significant challenges in cybersecurity. 1.3 ANATOMY OF A CYBERATTACK Most attacks adhere to the pattern illustrated in Figure 1.3. Figure 1.3 Steps of an anatomy of a cyberattack 10 Fundamentals of cybersecurity strategies 1.3.1 Cyber scanning Network reconnaissance is a crucial step in all organized attacks. It serves as the initial stage in an intrusion attempt, enabling an attacker to collect extensive information about the target and identify vulnerable systems for remote exploitation. 1.3.2 Enumeration It involves testing discovered vulnerabilities to identify weak points that allow attackers to gain access to the system. 1.3.3 Intrusion attempt The cybercriminal can infiltrate the network or employ advanced attacks to render it unusable. 1.3.4 Elevation du privilege According to the Microsoft STRIDE model, escalation of privilege occurs when a malicious user gains a higher level of authorization than is typically assigned to them. 1.3.5 Perform malicious tasks These tasks involve damaging or stealing data. 1.3.6 Deploy malware/backdoor The cybercriminal installs malware on the target endpoint device to create a backdoor, enabling the downloading of multiple types of malware. This facilitates various attacks to be carried out efficiently. 1.3.7 Delete forensic evidence and exit This final step involves attackers removing all traces of their presence from the network and systems. They frequently utilize viruses and worms to elimi- nate potentially incriminating evidence. 1.4 FUNDAMENTALS OF CYBERSECURITY 1.4.1 Confidentiality, integrity, and availability triad Cybersecurity encompasses a range of practices, technologies, measures, and processes designed to safeguard sensitive data, networks, and critical systems Fundamentals of cybersecurity strategies 11 from digital threats like unauthorized intrusions and disruptive interrup- tions. Its primary objective is to ensure the confidentiality, integrity, and availability (CIA) of data and IS through diverse defense mechanisms against cyberattacks (Figure 1.4). Confidentiality: Confidentiality involves implementing data protec- tion measures to ensure that data remains accessible only to autho- rized individuals and is not misused. The stringency of these measures may vary depending on the sensitivity of the data and the potential damage from unauthorized access by malicious actors. Integrity: Integrity ensures the consistency, accuracy, and reliability of data from creation to deletion. This includes measures to prevent unauthorized modifications during transmission. Availability: Availability means that authorized users can access data whenever necessary, requiring measures to maintain a functional oper- ating environment. The CIA triad forms the foundation of cybersecurity. Breaches or attacks compromise one or more of these principles. Additionally, cybersecurity includes other essential characteristics: Non-repudiation: Non-repudiation preserves transaction integrity and trust in system operations, utilizing mechanisms such as action traceability, electronic signatures, or audit logs to prevent users from Figure 1.4 CIA triad 12 Fundamentals of cybersecurity strategies disputing legitimate transactions. For instance, a student who submits an exam on the Moodle platform cannot later deny doing so. Authentication: Authentication is crucial for identifying users and managing their access to appropriate workspaces, thereby ensur- ing IS security. A robust security strategy with multiple layers of protection against malicious online activity is essential for effec- tive cybersecurity. 1.4.2 Principle of least privilege The principle of least privilege is a cybersecurity concept that entails grant- ing users just enough access to the network and IS necessary to perform their duties, without providing unnecessary privileges. This principle is vital because granting excessive privileges increases the company’s attack surface and facilitates lateral movement for attackers in the event of a breach. The main benefits of the principle of least privilege include: Reduced attack surface: Limiting user privileges minimizes potential avenues for attackers to exploit systems and data. Prevention of lateral movement: By adhering to the principle of least privilege, malicious actors are restricted to the systems and data acces- sible to compromised credentials, preventing lateral movement within the network. This limitation reduces the risk of malware dissemination and data exfiltration. Mitigation of insider threats: Restricting access according to the prin- ciple of least privilege helps mitigate insider threats stemming from malicious actions, errors, or negligence by company employees. For instance, limiting application installation to system administrators pre- vents end users from inadvertently or intentionally installing malware. Strengthening compliance: Least privilege access aids in enforcing compliance with industry and regulatory standards such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) by restricting user access to sensi- tive data. 1.4.3 Encryption and its role in cybersecurity Cryptography, a fundamental component of IT security, plays a crucial role in safeguarding communications and data from malicious attacks. Operating on encryption keys, cryptography ensures the confidentiality, integrity, and authenticity of data across networks and IS. It involves the Fundamentals of cybersecurity strategies 13 use of encryption algorithms to convert sensitive information into secret codes, rendering it inaccessible to unauthorized individuals. This protec- tion against cyber threats relies on encryption algorithms that generate cryptographic keys, ensuring the confidentiality of data whether it is in transit or at rest. Only with a decryption key can encrypted data be deciphered. Cryptography employs cryptographic algorithms that utilize mathematical functions to encrypt and decrypt data using keys such as phrases or numbers. The security of cryptography hinges on the robust- ness of the algorithms and the confidentiality level of the key employed. While complex combinations of cryptographic algorithms and keys enhance cryptography’s effectiveness, they also necessitate additional computational resources. Various types of cryptography, including sym- metric cryptography, asymmetric cryptography, and hash functions, are employed to encrypt communications and data. Symmetric or secret key cryptography It utilizes a single cryptographic key for both encryption and decryp- tion of data. The size of the encrypted text remains the same as or smaller than the plaintext. It requires a secure mechanism for the transmission of the decryp- tion key between parties. Asymmetric or public key cryptography It employs distinct public and private key pairs for secure communication. The ciphertext size is the same as or larger than the plaintext. Communication is encrypted using the public key and decrypted using the private key. It offers higher security compared to symmetric cryptography but is notably slower. Hash function It utilizes a hash function to convert plaintext into a fixed-size hash value. The output size of the hash function is fixed, regardless of the mes- sage length. It ensures message integrity; if the message remains unaltered, the hash values on both ends will match. It does not involve the use of public or private keys. Additionally, cryptography involving elliptic curves, or elliptic curve cryptography, employs mathematically advanced techniques. While offering heightened security, it is also more resource-intensive and time-consuming compared to asymmetric encryption methods. 14 Fundamentals of cybersecurity strategies 1.5 CYBERSECURITY FRAMEWORKS Cybersecurity frameworks offer a solid foundation for formulating your cyber strategy and enhancing your security maturity. 1.5.1 National Institute of Standards and Technology cybersecurity framework Originating from the United States, the National Institute of Standards and Technology (NIST) cybersecurity framework was initially designed for pri- vate sector organizations but has gained widespread adoption by govern- ments worldwide. NIST offers a comprehensive framework for preventing, detecting, and responding to a variety of common cyberattacks. It consists of standards, guidelines, and best practices aimed at managing IT risks. As such, it serves as a methodological framework that companies can choose to follow voluntarily without legal obligation. The framework aids in antici- pating security breaches and managing and reducing identified IT risks. It is structured around three main components: core, implementation levels, and profiles, each of which guides the assessment of cybersecurity risk manage- ment’s impact on the organization’s operational and financial performance. Core: The core formulates the organization’s risk management strat- egy, focusing on five primary functions: identify, protect, detect, respond, and recover. These functions are subdivided into categories and subcategories and supplemented with informative references or documentary resources. Implementation levels: These levels enable the evaluation of the com- pany’s existing cyber risk management processes, supporting the assessment of the organization’s maturity in this area. The assessment categorizes maturity into four levels: partial, informed, repeatable, or adaptive risk management. Profile: The profile outlines how the organization manages its cyber risks in alignment with its strategic objectives. Comparing the cur- rent profile to the target profile helps identify priority actions to be implemented. 1.5.2 ISO/IEC 27001 To establish a comprehensive framework for information security, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have developed the ISO 27000 series of standards. These standards delineate a management approach for IT risks, encompassing a set of processes related to IS management. The primary Fundamentals of cybersecurity strategies 15 objective is to assist organizations in safeguarding their data, which may include financial records, customer information, strategic data, trade secrets, intellectual property, and more. The ISO/IEC 27000 family of standards is applicable to businesses of all sizes and across various sectors. Among the standards within this fam- ily, ISO/IEC 27001 stands out as the most recognized. This standard, along with numerous others in the series, outlines requirements for Information Security Management Systems (ISMS). Implementing standards from this family streamlines the management of security for sensitive assets such as financial data, intellectual property records, employee information, and data entrusted by third parties. 1.5.3 Center for Internet Security controls Developed by the Center for Internet Security (CIS), the CIS Critical Security Controls comprise a structured and systematic collection of cybersecurity’s best practices and defensive measures. These controls are designed to miti- gate the most prevalent and severe cyber threats while promoting compli- ance across various regulatory frameworks. Crafted by a consortium of IT professionals, these best practices are informed by real-world attack data and successful defense strategies. The CIS controls offer precise recommen- dations and a well-defined roadmap for organizations to adhere to, enabling them to meet the requirements outlined by numerous legal, regulatory, and policy frameworks. 1.5.4 MITRE ATT&CK A bit distinct from the others on this list, MITRE ATT&CK functions more as a knowledge repository than a rigid framework. Rooted in practical expe- rience, it furnishes a collection of matrices containing insights into prevalent attack tactics and mitigation strategies. Users can delve into any aspect of the cyber kill chain or explore specific adversary tactics and techniques, allowing for the creation of personalized approaches tailored to their organization’s needs. 1.5.5 Control Objectives for Information and Related Technologies Control Objectives for Information and Related Technologies (COBIT) is a well-established framework developed by information systems audit and control association (ISACA). This framework encompasses all critical pro- cesses essential for efficient IT management. While it serves as a valuable overall resource, the latest iteration, COBIT 5, underscores information 16 Fundamentals of cybersecurity strategies security, especially in navigating evolving enterprise landscapes influenced by factors like Bring Your Own Device (BYOD) and remote work practices. 1.6 IMPLEMENTING CYBERSECURITY MEASURES 1.6.1 Network security Network security encompasses the tools, technologies, and processes utilized to safeguard a company’s network and critical infrastructure from unauthorized access, cyberattacks, data breaches, and other security risks. A comprehensive network security strategy aims to prevent, detect, contain, and mitigate various cyber threats by leveraging advanced technologies and human expertise. This strategy encompasses protective measures for all hardware systems, software applications, and endpoints, as well as the network itself, including network traffic, data, and both physical- and cloud-based data centers. Network security relies on three key components: protection, detection, and response. Protection: This entails proactive security measures taken by an orga- nization to thwart cyberattacks and malicious activities. It may involve employing tools such as next-generation antivirus (NGAV) or imple- menting rules such as privileged access management (PAM). Detection: Detection involves the capability to analyze network traffic, identify potential threats, and promptly respond to them. Advanced endpoint detection and response (EDR) solutions typically provide these capabilities. EDR tools use sophisticated data analysis techniques to monitor and record network activities, detect suspicious system behavior, and offer contextual information and remediation recommendations to cybersecurity professionals. Response: Response pertains to the organization’s ability to swiftly address security incidents. This often involves utilizing a managed detection and response (MDR) system, which combines technology and human intelligence to conduct threat hunting, monitoring, and response activities. Additionally, an effective response may include implementing a formal incident response plan outlining the steps required to prevent, detect, mitigate, and recover from data breaches or security events. 1.6.2 Endpoint security Endpoint security involves securing the endpoints of computer networks, which encompass electronic devices like PCs, laptops, smartphones, or tablets. In cybersecurity, endpoints are considered the frontline defense. Endpoint security systems aim to safeguard network entry points or cloud Fundamentals of cybersecurity strategies 17 environments from a range of cybersecurity threats. Initially, these systems comprised traditional antivirus software, but modern tools now provide robust protection against advanced malware and security vulnerabilities. These contemporary systems are engineered to detect, analyze, block, and contain ongoing attacks. Collaboration among these systems and other secu- rity technologies is crucial for administrators to gain visibility into threats and expedite detection and response processes. 1.6.3 Application security AppSec involves identifying, mitigating, and preventing security vulner- abilities at the application level within software development processes. This encompasses integrating application security metrics throughout the development life cycle, spanning from planning to production deployment. Previously, security was often addressed post-application design and devel- opment. However, there is a shift toward incorporating security earlier in the development and testing phases. By embedding AppSec from the outset, organizations can significantly diminish the likelihood of security vulner- abilities in their code or in third-party components utilized in an application. Web application security encompasses diverse processes, technologies, or methodologies aimed at safeguarding servers, applications, and web services like APIs from Internet-based attacks. It is vital for shielding data, custom- ers, and organizations from data breaches, disruptions in business continuity, or other adverse outcomes of cyber threats. A significant portion of cyber- crime targets applications and their vulnerabilities, estimated at over three- quarters. Web application security strategies utilize measures such as web application firewalls (WAF), multifactor authentication (MFA), safeguarding and validating cookies to maintain user state integrity and confidentiality, and various techniques for validating user input to ensure it is non-malicious before processing by an application. Numerous security threats pose risks to software applications. How- ever, the Open Web Application Security Project’s (OWASP) Top Ten list of application threats consolidates the most prevalent and severe threats likely to impact applications in production. AppSec initiatives should prioritize addressing these high-profile threats prevalent in modern applications: Injection: Code injection involves sending a request or command to a software application containing malicious or untrusted data. The most common form is SQL injection, but it can also affect NoSQL servers, operating systems, and LDAP servers. Weak authentication: Many application sites feature inadequate or flawed authentication and authorization mechanisms, enabling attack- ers to steal user credentials or gain unauthorized access. 18 Fundamentals of cybersecurity strategies Exposure of sensitive data: Applications and APIs may inadvertently expose sensitive organizational or customer data, including financial information, payment data, and personally identifiable information (PII). XML external entities (XXE): Attackers exploit legacy XML pars- ers by maliciously referencing external entities in XML documents to access internal files, scan ports, and remotely execute code. Inadequate access control: Insufficiently implemented restrictions on authenticated users enable attackers to access unauthorized functions or data, compromise user accounts, access sensitive files, or modify user permissions. Misconfigured security: Security features may be improperly con- figured, often due to unchanged default application settings or the absence of updates to operating systems and frameworks. Cross-site scripting: XSS enables attackers to execute malicious scripts in users’ browsers, potentially leading to session hijacking, redirection to malicious sites, or website defacement. Insecure deserialization: Flaws in code extraction from files and trans- formation into objects can facilitate malicious code execution, privi- lege escalation, and replay attacks by authorized users. Use of components with known vulnerabilities: Several vulnerabil- ity databases catalog known vulnerabilities in software components. Applications using vulnerable components, even as dependencies, are susceptible to attacks. Insufficient logging and monitoring: Many application sites lack ade- quate mechanisms to identify or record attempted breaches, allowing breaches to go undetected and enabling attackers to pivot to compro- mise other systems. 1.6.4 Cloud security Cloud security encompasses a set of procedures and technologies designed to mitigate external and internal threats to business security. As organiza- tions embark on their digital transformation journey and incorporate cloud- based tools and services into their infrastructure, securing the cloud becomes imperative. Terms like “digital transformation” and “cloud migration” have become commonplace in business vocabulary, signifying the shift toward modern technologies. While these technologies offer flexibility and scal- ability, transitioning to predominantly cloud-based environments requires careful consideration of security implications. The three primary cloud com- puting services are as follows: Infrastructure-as-a-Service (IaaS): This hybrid solution allows orga- nizations to manage some data and applications on-premises while Fundamentals of cybersecurity strategies 19 leveraging cloud computing providers for managing servers, hard- ware, network, virtualization, and storage needs. Platform-as-a-Service (PaaS): PaaS streamlines application develop- ment and delivery by offering a customizable application canvas that automatically manages operating systems, software updates, cloud storage, and supporting infrastructure. Software-as-a-Service (SaaS): SaaS delivers cloud-based software hosted online, typically on a subscription basis. Third-party providers handle technical aspects like data, middleware, servers, and storage, reducing IT resource expenses and simplifying maintenance and support functions. The dynamic nature of infrastructure management, particularly in scaling applications and services, presents challenges for businesses in adequately resourcing their services. As-a-service models enable businesses to offload time-consuming IT-related tasks. However, security threats have evolved to become more sophisticated, targeting cloud computing providers due to organizations’ limited visibility into data access and movement. Failure to enhance cloud security can expose organizations to significant governance and compliance risks associated with managing customer information, irre- spective of its storage location. 1.6.5 Mobile security The future of computing and communication is increasingly centered around mobile devices, such as laptops, tablets, and smartphones, which offer desk- top-like functionality in a portable form factor. Their compact size, diverse operating systems, extensive application ecosystems, and robust processing power make them indispensable tools that can be utilized virtually from anywhere with an Internet connection. Moreover, with the proliferation of rugged devices, the Internet of Things (IoT), and operating systems like Chrome OS, macOS, Windows 10, and Windows 11, virtually every hard- ware device equipped with these software platforms and features becomes inherently mobile. As mobile devices have become more affordable and portable, both busi- nesses and individual users are gravitating toward them instead of relying solely on traditional desktop computers. However, the widespread availabil- ity of Wi-Fi access renders all types of mobile devices susceptible to various forms of cyberattacks and data breaches. While authentication and authorization via mobile devices offer unpar- alleled convenience, they also introduce additional risks by circumventing the constraints imposed by a secure corporate perimeter. New features alter the landscape of user authentication and local authorization for both the device itself and the applications and services accessed over the network. 20 Fundamentals of cybersecurity strategies Consequently, these advancements significantly expand the number of end- points that must be safeguarded against cybersecurity threats. Phishing remains the predominant security threat in the mobile domain, involving fraudulent attempts to steal user credentials or sensitive data, such as credit card numbers. Cybercriminals employ deceptive tactics, such as sending bogus emails or SMS messages masquerading as legitimate sources, complete with fake hyperlinks. Meanwhile, mobile malware represents another insidious menace, comprising stealthy software entities like mali- cious applications or spyware designed to wreak havoc, disrupt operations, or gain unauthorized access to clients, computers, servers, or entire computer networks. Ransomware, a particularly pernicious form of malware, lever- ages encryption to hold a victim’s data or files hostage until a ransom is paid, ostensibly to decrypt the files and restore access. However, the evolving landscape of mobile security presents both new challenges and opportunities, necessitating a fundamental reevaluation of security paradigms for personal computing devices. IT and security teams must reassess how to effectively address security requirements in light of evolving device capabilities, the ever-changing mobile threat landscape, and shifting user expectations. 1.7 COMPLIANCE AND REGULATIONS 1.7.1 Common Vulnerability Scoring System Common Vulnerabilities and Exposures (CVE) serves as a comprehensive catalog of publicly known security vulnerabilities, aiding cybersecurity pro- fessionals in assessing and addressing potential threats. Utilizing the Common Vulnerability Scoring System (CVSS), CVE assigns scores to vulnerabilities based on standardized criteria, enabling professionals to gauge their severity accurately. Managed by the MITRE Corporation, the CVE Glossary Project is dedicated to diligently monitoring and documenting information secu- rity vulnerabilities, with support from the U.S. Department of Homeland Security (DHS). The CVSS employs three key metrics—basic, temporal, and environmental—to evaluate vulnerabilities objectively. The resulting score, ranging from 0 to 10, provides a clear indication of the criticality of each vulnerability, facilitating prioritization and mitigation efforts. 1.7.2 General Data Protection Regulation GDPR stands as the cornerstone legislation for data protection at the Euro- pean level. This regulation was officially published in May 2016 following several years of development. Notably, as a European regulation rather than a directive, the GDPR took immediate effect across all member states of the European Union without the need for individual transpositions. The primary Fundamentals of cybersecurity strategies 21 objectives of the GDPR are twofold: to bolster the protection of individuals whose personal data is processed and to enhance the accountability of enti- ties engaged in such processing activities. These fundamental principles are intended to be enforced with greater efficacy through the heightened author- ity granted to supervisory bodies. 1.7.3 Health Insurance Portability and Accountability Act HIPAA comprises a set of U.S. federal regulatory standards delineating the lawful use and disclosure of protected health information within the United States. Oversight of HIPAA compliance falls under the jurisdiction of the Department of Health and Human Services (HHS) and is enforced by the Office for Civil Rights (OCR). Compliance with HIPAA represents an ongo- ing commitment and cultural shift that healthcare organizations must embed within their operations to safeguard the privacy, security, and integrity of protected health information. Enacted to govern the handling and security of health information, HIPAA mandates stringent security controls for elec- tronic health information and establishes privacy practices. The law applies to two primary categories of entities: “covered entities,” such as healthcare providers, health plans, and health information clearinghouses, as well as their corporate affiliates, including billing companies, Electronic Health Record (EHR) vendors, consultants, and IT service providers. 1.7.4 Payment Card Industry Data Security Standard The Payment Card Industry Data Security Standard (PCI DSS) is a stan- dard applicable to all entities involved in the electronic payment ecosystem, including those that process, transmit, or store cardholder data. PCI DSS aims to safeguard end users as well as all entities within the payment chain by preventing the theft of sensitive banking information through a compre- hensive set of rigorous standards. Compliance with PCI DSS is crucial for protecting users, intermediaries, banks, and merchants alike. In many cases, adherence to PCI DSS standards is mandatory for businesses to conduct transactions with major card issuers such as Visa, Mastercard, JCB, Dis- cover, and American Express. Therefore, it is imperative for organizations to establish and uphold a robust data security policy that includes regular vulnerability assessments and penetration testing to ensure ongoing compli- ance with PCI DSS requirements. 1.8 CYBERSECURITY PROFESSIONS Cybersecurity professionals evaluate the security of computer systems and networks to identify vulnerabilities and address them effectively. Their role is critical in safeguarding businesses and organizations against cyberattacks. 22 Fundamentals of cybersecurity strategies 1.8.1 SOC analyst This configures security monitoring systems (SIEM, probes, honeypots, and filtering equipment); categorizes, analyzes, and processes security alerts reg- ularly to enhance their effectiveness; and ensures detection, investigation, and response to security incidents. The SOC analyst analyzes and interprets alerts, correlated events, and searches for vulnerabilities. 1.8.2 Technical auditor The primary mission of a technical security auditor is to verify that a com- pany’s IT systems are secure and protected against various IT threats. IT systems assess the security measures in place on a given system to detect vulnerabilities and weaknesses in terms of security. 1.8.3 Pentester A pentester is responsible for testing systems to detect weaknesses. It simu- lates attacks as it would be carried out by cyberattackers (e.g., to steal data or compromise a system) and proposes action plans to correct the flaws. 1.8.4 DevSecOps consultant The term “DevOps” corresponds to the blend of tasks performed by a com- pany’s teams responsible for application Development (Dev) and system Opera- tions (Ops). DevSecOps aims to integrate security at every stage of the DevOps cycle. Therefore, we have the continuous DevOps cycle strengthened by security. 1.8.5 Chief Information Security Officer Chief Information Security Officer (CISO) is responsible for the security of IS and manages the entire security department. It is a crucial position, often requiring direct communication with the IT department or even the com- pany’s CEO. However, in the event of a major security incident, the CISO could also be the first person held accountable. 1.9 FUTURE TRENDS IN CYBERSECURITY 1.9.1 Artificial intelligence in cybersecurity Artificial intelligence (AI) enables the continuous processing of large vol- umes of data, aiding in the detection of new security risks. AI algorithms learn over time, reducing the need for repetitive procedures and enhancing cybersecurity capabilities. AI also alleviates humans from time-consuming Fundamentals of cybersecurity strategies 23 tasks, reducing the risk of human error, a significant contributor to cyber- security risks. These advantages are particularly beneficial for incident and threat management processes. Threat management involves collecting vast amounts of information about threats and operationalizing it to better coun- ter attacks. This requires relevant and structured information to provide a timely and appropriate response to malware. AI helps manage information overload by processing data quickly and efficiently. In incident response, AI plays an increasingly important role. This process involves several stages, including incident analysis, restoration planning, and implementation. Many tasks within this process can be partially automated with AI, such as antivirus reinstallation, registry key checks, and firewall rule modifications. Penetra- tion tests aim to identify vulnerabilities within the IS for exploitation. Given the extensive range of possible vulnerabilities, human capacity alone may not be sufficient. AI, with its machine learning (ML) capabilities, emerges as a potential support for addressing these vulnerabilities effectively. 1.9.2 Zero trust security model Zero trust is a cybersecurity strategy where security policies are enforced based on contextual factors established through least privilege access con- trols and strict user authentication, rather than relying on implicit trust. A well-implemented zero trust architecture streamlines network infrastruc- ture, enhances user experience, and bolsters defense against cyber threats. This approach follows the principle of “never trust, always verify,” which was introduced by John Kindervag during his tenure at Forrester Research. In a zero trust architecture, access policies are determined by various con- textual elements, such as user roles, device status, and requested data, to prevent unauthorized access and lateral movement within an environment. Implementing a zero trust architecture necessitates robust visibility and con- trol over users and traffic within the environment, including encrypted traf- fic. Organizations must monitor and verify traffic between different parts of the environment and deploy strong MFA methods, such as biometrics or one-time codes, to augment security beyond simple passwords. In a zero trust architecture, the network location of a resource loses its prominence as the primary security factor. Instead, software-defined microsegmentation is employed to safeguard data, workflows, services, and other assets, allowing organizations to protect them anywhere, whether in traditional data centers or distributed hybrid and multicloud environments. 1.9.3 IoT security challenges IoT encompasses all physical objects capable of connecting to the Internet. This expansive category includes a growing array of devices such as per- sonal assistants, connected children’s toys, surveillance cameras, smart bulbs, 24 Fundamentals of cybersecurity strategies sensors, shutters, blinds, gates, switches, connected sockets for smart homes, and health monitoring wearables like smartwatches. IoT has gained significant attention among the general public due to innovations such as wearable fitness trackers, autonomous vehicles, and smart home technologies. However, its influence extends across various sectors, including industry, through concepts like Industry 4.0 and ongoing innovation. These connected devices are increas- ingly penetrating sensitive domains such as energy distribution, healthcare, pharmaceuticals, aerospace, and transportation, among others. 1.10 CONCLUSION The increasing integration of computing technologies into the workplace has brought numerous benefits to the business ecosystem. However, it has also exposed organizations to heightened risks of cybercrime. Cybersecurity has emerged as a critical discipline aimed at safeguarding the CIA of informa- tion in this digital landscape. Effective cybersecurity measures must span the entire life cycle of data, from its creation and processing to its transmission, storage, and disposal, ensuring that it is managed securely at every stage. As cybercriminals continue to exploit vulnerabilities in IS, the importance of robust cybersecurity practices cannot be overstated. This chapter has pro- vided an overview of key cybersecurity concepts, challenges across various infrastructure components, relevant frameworks, and regulatory consider- ations. Moreover, it has outlined the essential roles played by cybersecurity professionals and highlighted emerging trends shaping the future of cyberse- curity. As organizations navigate the evolving threat landscape, prioritizing cybersecurity initiatives remains paramount to safeguarding digital assets and maintaining trust in the digital age. REFERENCES K. S. Wilson, and M. A. Kiy, “Some fundamental cybersecurity concepts,” IEEE Access, vol. 2, 2014, pp. 116–124. H. Taherdoost, “Cybersecurity vs. information security,” Procedia Computer Science, vol. 215, 2022, pp. 483–487. M. Ouaissa, and M. Ouaissa, “Cyber security issues for IoT based smart grid infrastructure,” IOP Conference Series: Materials Science and Engineering, vol. 937, no. 1, 2020, p. 012001. Y. Li, and Q. Liu, “A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments,” Energy Reports, vol. 7, 2021, pp. 8176–8186. A. Bendovschi, “Cyber-attacks–trends, patterns and security countermeasures,” Procedia Economics and Finance, vol. 28, 2015, pp. 24–31. Fundamentals of cybersecurity strategies 25 M. F. Safitra, M. Lubis, and H. Fakhrurroja, “Counterattacking cyber threats: A framework for the future of cybersecurity,” Sustainability, vol. 15, no. 18, 2023, p. 13369. M. K. Hasan, A. A. Habib, S. Islam, N. Safie, S. N. H. S. Abdullah, and B. Pan- dey, “DDoS: Distributed denial of service attack in communication standard vulnerabilities in smart grid applications and cyber security with recent devel- opments,” Energy Reports, vol. 9, 2023, pp. 1318–1326. D. Javeed, U. Mohammed Badamasi, C. O. Ndubuisi, F. Soomro, and M. Asif, “Man in the middle attacks: Analysis, motivation and prevention,” Interna- tional Journal of Computer Networks and Communications Security, vol. 8, no. 7, 2020, pp. 52–58. Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing attacks: A recent comprehensive study and a new anatomy,” Frontiers in Computer Science, vol. 3, 2021, p. 563060. B. Naqvi, K. Perova, A. Farooq, I. Makhdoom, S. Oyedeji, and J. Porras, “Miti- gation strategies against the phishing attacks: A systematic literature review,” Computers & Security, 2023, p. 103387. G. A. Thomopoulos, D. P. Lyras, and C. A. Fidas, “A systematic review and research challenges on phishing cyberattacks from an electroencephalogra- phy and gaze-based perspective,” Personal and Ubiquitous Computing, 2024, pp. 1–22. C. P. Pfleeger, “The fundamentals of information security,” IEEE Software, vol. 14, no. 1, 1997, pp. 15–16. H. Taherdoost, “Understanding cybersecurity frameworks and information security standards—a review and comprehensive overview,” Electronics, vol. 11, no. 14, 2022, p. 2181. H. Zafar, “Human resource information systems: Information security con- cerns for organizations,” Human Resource Management Review, vol. 23, no. 1, 2013, pp. 105–113. Z. Boulouard, M. Ouaissa, M. Ouaissa, M. Krichen, M. Almutiq, and K. Gasmi, “Detecting hateful and offensive speech in Arabic social media using transfer learning,” Applied Sciences, vol. 12, no. 24, 2022, p. 12823. M. Ouaissa, A. Rhattoy, and I. Chana, “New security level of authentication and key agreement protocol for the IoT on LTE mobile networks,” In 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 1–6. New York: IEEE, 2018. Chapter 2 Offensive cybersecurity tools and technologies 2.1 INTRODUCTION The cybersecurity field encompasses all efforts undertaken by businesses and security teams to safeguard their IT assets from attacks, covering both defen- sive and offensive tasks. Offensive security entails employing the same tools, tactics, and techniques as real attackers to test an organization’s defenses. However, rather than causing harm, security teams leverage these methods to enhance the orga- nization’s security posture. It is a proactive, adversarial approach aimed at shielding computer systems, networks, and individuals from attacks. Defen- sive security, on the other hand, focuses on identifying and, in some cases, disrupting attackers, emphasizing reactive measures like software patching and vulnerability remediation. In the ongoing battle against cyber threats, defenders engage in a constant cat-and-mouse game with cybercriminals and other threat actors. As attack- ers innovate, defenders respond with countermeasures, prompting attackers to find ways to circumvent these defenses. Relying solely on defensive mea- sures means that an organization’s security tools and defenses are only truly tested during an actual attack. Moreover, developing new defenses occurs in isolation, often without a clear understanding of the gaps that need to be addressed in the organization’s defenses. This chapter examines the evolution of offensive cybersecurity tools and technologies in today’s cyberspace context. By exploring the methods and means malicious actors use to compromise system security, it highlights the growing importance of developing effective countermeasures. The analysis covers a range of techniques, such as social engineering, sophisticated mal- ware, DDoS attacks, and reverse engineering. By highlighting the challenges and ethical questions associated with using these tools, this chapter aims to provide cybersecurity practitioners with information on best practices for protecting digital infrastructures against persistent and emerging threats. This chapter is organized into the following sections. In Section 2.2, we propose an overview of offensive cybersecurity. Section 2.3 presents the 26 DOI: 10.1201/9781003509080-2 Offensive cybersecurity tools and technologies 27 offensive cybersecurity techniques and tactics. Section 2.4 describes the offensive cybersecurity tools. We conclude in Section 2.5. 2.2 UNDERSTANDING OFFENSIVE CYBERSECURITY 2.2.1 Overview of offensive versus defensive cybersecurity Defensive cybersecurity comprises an organization’s measures to shield itself from attacks, including deploying security solutions, establishing security protocols, and training employees to detect phishing attempts. It involves both proactive steps to prevent cyberattacks and reactive actions to detect, block, and mitigate ongoing attacks. In essence, offensive cybersecurity represents the threats that defensive cybersecurity aims to counter. Cybercriminals test, evade, and breach an organization’s defenses to steal data or cause harm, whereas ethical hack- ers do the same to uncover vulnerabilities for remediation before malicious actors exploit them. A robust cybersecurity strategy integrates both offensive and defensive measures. This approach enables organizations to defend against cyber threats effectively while leveraging offensive techniques to refine and strengthen their defenses continuously. Offensive security employs a proactive, adversarial approach to safeguard computer systems, networks, and individuals from attacks, while defensive security focuses on identifying perpetrators and, if possible, disrupting their activities. Defensive efforts prioritize reactive actions like software patching and vulnerability remediation (Figure 2.1). Figure 2.1 Overview of offensive versus defensive cybersecurity 28 Offensive cybersecurity tools and technologies 2.2.2 Objectives of offensive cybersecurity Offensive security encompasses proactive strategies that employ tactics simi- lar to cybercriminals to strengthen network security rather than compromise it. Key offensive security techniques include red teaming, penetration testing, and vulnerability assessment. These operations are typically conducted by ethical hackers, cybersecurity experts who leverage their skills to identify and remedy vulnerabilities in computer systems. Unlike malicious hackers, who exploit systems for data theft or malware deployment, ethical hackers operate with explicit permis- sion to simulate breaches. Consequently, their actions result in no actual harm, and the insights gained from simulated attacks aid organizations in fortifying their defenses. Historically, offensive security also involved strategies designed to thwart cybercriminals, such as setting traps or decoys to mislead attackers. However, these adversarial tactics are less prevalent in today’s cybersecurity landscape. 2.2.3 Benefits of offensive cybersecurity To grasp the significance of offensive security, it is beneficial to contrast it with defensive security. Defensive security mechanisms, such as antivirus programs and firewalls, operate reactively. They aim to thwart known threats or identify suspi- cious activities. Advanced tools like security orchestration, automation, and response (SOAR) platforms can even automate responses to ongoing attacks. However, these defensive strategies often burden security teams. Analysts must sift through numerous alerts and data to discern genuine threats from false alarms. Moreover, defensive measures primarily address known attack vectors, leaving organizations susceptible to new or unidentified cyber threats. Offensive security serves as a complement to defensive strategies. Security teams utilize offensive tactics to uncover and address previously unknown attack vectors that might evade other security measures. Offensive security takes a proactive stance compared to defensive approaches. Rather than reacting to cyberattacks as they occur, offensive measures proactively iden- tify and rectify vulnerabilities before malicious actors exploit them. In essence, offensive security enriches the effectiveness of defensive mea- sures by providing crucial insights. Additionally, it alleviates the workload of security teams. Due to these advantages, offensive security has become a standard practice in certain highly regulated industries. 2.2.4 Types of hackers Ultimately, a hacker’s classification hinges on their motivation and adher- ence to legal boundaries (Figure 2.2). Offensive cybersecurity tools and technologies 29 Figure 2.2 Types of hackers White hats: Well-intentioned hackers utilize their hacking talent to defend companies. They are IT security professionals, ethical hackers who oper- ate within a well-defined legal framework to assess the security of an IS. Gray hats: They operate in a gray area of legality. They conduct tests and notify their targets of discovered vulnerabilities for correction with advance notice before disclosure. Sponsored hackers: In the age of cyberwar, some countries often enlist this group of hackers to attack another country, while others train their own elements if necessary. Script kiddies: They are not always trained and lack in-depth knowl- edge of security and law, typically rely on downloading tools from the Internet to conduct their tests. Black hats: Badly intentioned hackers are highly skilled but seek to cause harm. In the jargon, they are referred to as “crackers.” 2.3 COMMON OFFENSIVE CYBERSECURITY TECHNIQUES AND TACTICS Tactics, techniques, and procedures (TTPs) employed by offensive security professionals mirror those used by cybercriminals. By leveraging these TTPs, they can identify and address potential vulnerabilities that real hackers could exploit, thereby testing the efficacy of existing security programs. 30 Offensive cybersecurity tools and technologies 2.3.1 Vulnerability analysis Vulnerability scanning is an automated process for detecting vulnerabilities in an organization’s IT resources. This involves utilizing specialized tools to scan computer systems for vulnerabilities. Vulnerability scanners are capable of identifying known vulnerabilities associated with specific software versions. Additionally, these tools can con- duct more active testing, such as observing how applications respond to common SQL injection strings or other malicious intrusions. Hackers frequently employ vulnerability scanners to pinpoint vulnerabili- ties that can be exploited in an attack. Similarly, offensive security experts utilize these tools to discover and address vulnerabilities before they can be exploited by hackers. This proactive approach enables organizations to stay ahead of threats and bolster their defenses. 2.3.2 Penetration test A penetration test is a type of offensive security assessment where a human evaluator scrutinizes an organization’s cyber defenses. The primary goal of these assessments is to reveal as many vulnerabilities as possible within an organization’s security infrastructure. Penetration test is crucial as it helps identify vulnerabilities that may go undetected by automatic scanners due to the human intelligence and expertise involved. Regular penetration test assists organizations in closing vulnerabilities that are most likely to be exploited by a human attacker. Penetration test involves simulating cyberattacks to identify vulner- abilities in computer systems. Similar to vulnerability scanners, ethical hackers (or pentesters) conducting these tests simulate real hackers to uncover potential network vulnerabilities. By adopting the perspective of a cybercriminal, they can identify many vulnerabilities that are prime tar- gets. Through penetration test, human security experts can detect vulner- abilities that might evade fully automated tools. As they exploit identified vulnerabilities, they are less likely to produce false positives. Moreover, if they can exploit a vulnerability, cybercriminals could potentially do the same. Additionally, because penetration test is often conducted by third- party security services, it tends to uncover vulnerabilities that internal security teams might overlook. Penetration tests can be carried out internally (with some access to the company’s IS) or externally (without access to the company’s IS). These tests typically involve using a combination of automated and manual tools to assess business resources. It is important to note that penetration test is distinct from both hacking and ethical hacking (Figure 2.3). Offensive cybersecurity tools and technologies 31 Figure 2.3 Penetration test versus hacking versus ethical hacking 2.3.2.1 Black box, white box, and gray box White box, black box, and gray box exercises are not distinct forms of assessment; rather, they delineate the level of knowledge and access granted to attackers. Each approach has its pros and cons : White box: In a white box assessment, the assessor has full access to the company’s systems and documentation, simulating an attack by an insider with considerable power, such as a system administrator. This extensive knowledge and access make it easier to target potential vulnerabilities, but testers may risk being influenced by documenta- tion and focusing on intended system functionality rather than actual performance. Black box: In a black box evaluation, the tester operates with no prior knowledge or access, simulating an external attacker. Although this approach reduces bias, it may demand more time and resources for reconnaissance and attack planning. Gray box: Gray box assessment falls between white box and black box evaluations, granting the tester the same level of knowledge and access as a typical user. This approach strikes a balance between the advantages and drawbacks of both white box and black box methods. These three approaches to offensive security testing can be applied across var- ious testing forms. With greater knowledge and access, a penetration tester or red team member has more options compared to a black box assessment. Moreover, additional knowledge and access can influence the configuration and implementation of automated tools for vulnerability scanning. 32 Offensive cybersecurity tools and technologies 2.3.2.2 Penetration test methodologies OffSec teams also adhere to established ethical hacking methodologies, such as Open Source Security Testing Methodology Manual (OSSTMM), Penetra- tion Testing Execution Standard (PTES), and OWASP. OSSTMM methodology: It offers a comprehensive approach to penetration testing, covering five channels: human security, physical security, wireless communications, telecommunications, and data net- works. By assessing security across these channels, organizations gain insight into their overall security posture and evaluate the effective- ness of their security processes. OSSTMM employs modular concepts, defining sets of processes or phases applicable to each channel, tai- lored to real-world domains and technical and regulatory constraints. PTES methodology: It comprises seven main sections that encompass the entire penetration testing process. It starts with initial communi- cation and reasoning, progresses through intelligence gathering and threat modeling, and continues to vulnerability research, exploitation, and post-exploitation phases. Finally, it culminates in reporting, which provides a coherent summary of the entire process, delivering maxi- mum value to the customer. OWASP methodology: An international nonprofit organization, it focuses on enhancing software security. Its mission is to promote soft- ware security visibility and provides resources to improve application security. One core principle of OWASP is the free availability of their materials, including documentation, tools, videos, and forums. This accessibility empowers individuals and organizations to enhance the security of their software. The materials offered by OWASP consist of community-initiated projects that undergo validation and promotion by the OWASP board following a structured roadmap. Among the most renowned OWASP projects are: OWASP TOP 10: A document outlining the ten most critical security risks for web applications. OWASP ZAP: A web proxy tool designed for web application security testing. OWASP Web Security Testing Guide: A methodology for conducting penetration testing on web applications. OWASP Juice Shop: A deliberately vulnerable web application used for practicing web penetration testing and educating users. OWASP Amass: A tool utilized for mapping the attack surface and discovering external assets. Offensive cybersecurity tools and technologies 33 The OWASP methodology encompasses comprehensive guides for testing the security of web, mobile, and firmware applications. These guides, devel- oped through collaboration among cybersecurity professionals and volun- teers, offer a framework of best practices employed by penetration testers and organizations globally. 2.3.2.3 Red/blue/purple team Red team exercises and penetration testing share the commonality of being conducted by humans rather than relying on fully automated processes. However, a significant distinction lies in their respective objectives: while red teaming missions assess an organization’s defenses against specific threats, penetration testing is geared toward uncovering as many vulnerabilities as possible. In contrast, blue and purple team exercises involve different parties and levels of collaboration. In a purple team exercise, there is heightened coop- eration and knowledge exchange between the offensive red team and the defensive blue team. Red team assessments strive to replicate real-world attacks, often target- ing specific objectives like data breaches or ransomware delivery. Regular penetration testing helps organizations detect vulnerabilities that could be exploited by human attackers, enabling them to address these security short- comings effectively. 2.3.2.4 Phases of penetration test process A penetration test can be segmented into a series of steps or phases, forming a comprehensive methodology. While these phases may vary in name and number, they provide a holistic overview of the penetration testing pro- cess. For simplicity, we will outline this procedure in four main phases: 1. Step 1: Reconnaissance 2. Step 2: Scanning (ports, vulnerabilities, etc.) 3. Step 3: Exploitation 4. Step 4: Post-exploitation and maintaining access These steps, although subject to variation depending on methodologies, are supported by various tools. 2.3.2.4.1 Reconnaissance The objective of the reconnaissance stage is to gather information about the target, enhancing the likelihood of success in subsequent steps. Information 34 Offensive cybersecurity tools and technologies gathering predominantly leverages the Internet, employing both active and passive reconnaissance strategies. Active reconnaissance involves direct interaction with the target, poten- tially exposing the attacker’s IP address and actions to detection. Conversely, passive reconnaissance, or Open Source Intelligence (OSINT), relies on pub- licly available information without direct interaction. Passive reconnaissance aims to gather information that illuminates or broadens the attack surface of the target. Various resources and tools are employed for information collection: Search engines Social networks Websites specializing in public information collection on organizations OSINT tools Social engineering techniques 2.3.2.4.2 Scanning At the outset of this initial phase, regardless of the available data, our objec- tive is to compile a list of IP addresses for scanning. The second step, scan- ning, is divided into two separate activities. The first activity entails port scanning, allowing us to compile a list of open ports and potential services operating on each target. The second activity involves vulnerability scanning, which aims to identify and locate specific weaknesses within the software and services running on the targets. 2.3.2.4.3 Exploitation Next, we move on to the exploitation phase. With precise knowledge of the open ports on the target, the services running on these ports, and the asso- ciated vulnerabilities, we can launch an attack. This phase constitutes the actual “hacking.” Exploitation can involve various techniques, tools, and code. The primary goal of exploitation is to gain administrator access (full control) over the target machine. This can occur locally or remotely. A local exploit requires the attacker to have physical access to the computer, while a remote exploit occurs across networks and systems when the attacker cannot physically touch the target. Through exploitation, programs can be installed, defense tools disabled, confidential documents copied, modified, or deleted, and security settings altered. Exploitation is the process of gaining partial or complete control over a system. More specifically, an exploit takes advantage of a security flaw or bypasses security controls to gain adminis- trator-level access to the computer. In many cases, exploitation aims to trans- form the target machine into a “zombie” machine that follows the attacker’s Offensive cybersecurity tools and technologies 35 commands. An exploit is the realization, materialization, or weaponization of a vulnerability. Exploits are failures or bugs in software that allow the attacker to launch a payload on the target system. 2.3.2.4.4 Post-exploitation and maintaining access The final step is post-exploitation and maintaining access. Often, the pay- loads delivered during the exploitation phase only provide temporary access to the system. Therefore, it is necessary to create a permanent backdoor on the system, ensuring administrator access that persists even after programs are closed or the computer is restarted. For a pentester, one of the most crucial activities of a penetration test is writing the report. Regardless of the time and effort invested in the penetration test, the client will often judge the quality and effectiveness of your work based on this written report. The report must include all relevant information discovered during the test, pro- vide a detailed explanation of how the test was conducted, and describe the operations performed. Where possible, it should also present risk mitigation measures and solutions to the identified security issues. The report should offer a nontechnical overview of the findings in one or two pages, highlight- ing and briefly summarizing the critical issues identified by the test. It must be understandable to a broad audience. 2.3.3 Social engineering test While several tests concentrate on breaching an organization’s IT systems and circumventing digital defenses, it is crucial to acknowledge that many cyber threat actors exploit the human element in their attacks rather than solely targeting software vulnerabilities. Social engineering testing is designed to evaluate the effectiveness of employees, contractors, and other individuals within an organization in safeguarding its data and systems. Social engineers employ deception, manipulation, and similar tactics to deceive or coerce tar- gets into carrying out actions that serve the attacker’s interests. These actions may include divulging sensitive data or providing access to secure company sites or applications. Social engineering testing is instrumental in assessing an organization’s resilience against such tactics and identifying areas for improvement in human-centric security measures. 2.3.4 Red teaming Red teaming, or adversarial simulation, involves a group of experts using the TTP of real cybercriminals to launch a simulated attack against a computer system. Unlike penetration testing, red teaming assesses a company’s security by pitting two teams against each other. The red team actively exploits attack 36 Offensive cybersecurity tools and technologies Figure 2.4 Red teaming vectors (without causing actual damage) to see how far they can penetrate, while the blue team, composed of security engineers, is tasked with stopping them. This exercise allows the organization to concretely test its incident response procedures (Figure 2.4). Organizations can establish an internal red team or hire a third party. To test both technical defenses and employee awareness, the red team may employ a range of tactics, including simulated phishing or ransomware attacks, social engineering exercises, and on-site breach techniques like tailgating. Red teams can perform different types of tests depending on the amount of information they have: 1 White box testing: The red team has full transparency into the internal structure and source code of theA target system. 2 Black box testing: The red team has no prior information about the system and must breach it as real cybercriminals would. 3 Gray box testing: The red team has some basic information about the target system, such as IP address ranges for network devices. 2.3.5 Advanced persistent threats An advanced persistent threat (APT) is a targeted, prolonged cyberattack in which an unauthorized individual gains access to the network and goes Offensive cybersecurity tools and technologies 37 unnoticed for a significant period of time. The goal of an APT attack is typically to monitor network activity and steal data rather than damage the network or organization. 2.3.5.1 APT operating mode Most state-sponsored attacks aim to compromise a company for espionage or sabotage over a long period, remaining undetected. The term “advanced persistent threat” is often misused. Rather than designating a specific techni- cal approach taken in response to a threat, it describes the attacker (or group of attackers) and their underlying motivations, beyond simple espionage, financial gain, or one-off offenses. APTs are typically motivated by industrial espionage, aiming to steal valuable trade secrets and intellectual property, or by sabotaging an organization’s plans and infrastructure (Figure 2.5). APT attackers use various messaging-based techniques to generate attacks, supported by physical and external exploitation techniques. Here are the characteristics specific to APT attacks not typically found in other forms of attacks: Reconnaissance: APT attackers leverage intelligence and reconnais- sance to identify the users and systems that will help them achieve their goals. This information is often gleaned from social media, public forums, and intelligence from state security agencies. Life cycle: APT techniques are designed to evade detection for long periods, unlike attacks typically motivated by financial gain, which aim for brief system infections. APT attackers strive to leave no trace, often operating outside office hours. To re-access the system if their initial intrusion is detected, they always leave backdoors, ensuring persistence. Advanced malware: APT attackers exploit a wide range of known intrusion techniques and often combine multiple methodologies in a single attack. They use commercially available crime kits and software, Figure 2.5 Operating mode of APT 38 Offensive cybersecurity tools and technologies but also have the technology and expertise to develop custom tools and polymorphic malware for specific environments and systems. Phishing: Many APTs begin with social engineering and spear phish- ing. After compromising a user’s computer or stealing network login credentials, attackers deploy their tools to monitor and invade the network, moving from machine to machine and network to network, until they find the desired information. Active attack: Unlike traditional criminal attacks, APTs require strong involvement and coordination from the attackers, rather than relying on fully automatic malicious code. The adversary is a fully armed, motivated, and skilled attacker who is extremely active and highly targeted in their approach. 2.3.5.2 How does an APT attack? Hackers who commit APT attacks take the following important steps to gain permanent access to the target network : Network access: APT attackers initially reach their target systems through the Internet, often by sending targeted phishing messages or exploiting security vulnerabilities that allow them to introduce malware. Establish a foothold: Once they gain access, attackers dig deeper, using the installed malware to create backdoor networks and tunnels, allow- ing them to re

Offensive and Defensive Cyber Security Strategies PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue