Skip to content

Latest commit

 

History

History

Chapter5

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
iptables_tricks.md
iptables_tricks.md
 
 
logmodification.PNG
logmodification.PNG
 
 
remotelogging.PNG
remotelogging.PNG
 
 
rootkitusedetected.PNG
rootkitusedetected.PNG
 
 
wrap_log.go
wrap_log.go
 
 

README.md

Chapter 5 - Active Manipulation

This chapter is about actively tampering with the opponents tools and sensors, actively deceiving your opponents

Topics

This chapter covers several topics such as:

  • Deleting logs
  • Backdooring frameworks
  • Rootkits
  • Data integrity
  • Detecting rootkits
  • Manipulating the home field advantage
  • Deceiving attackers on the network
  • Tricking attackers into executing your code

Code

The following are some of the code samples included in this chapter:

  • iptables_tricks.md
    • Several iptables tricks to manipulate network traffic and deceive an attacker
  • wrap_log.go
    • A universal utility to replace system binaries and intercept or log their usage

Images

The following are some of the images in this chapter:

This image shows how an attacker could delete local logs and effect an incident response investigation An attacker modifies the logs in their kill chain

This image shows how a defender can use remote logging and detect when a pipeline goes down Defender uses remote loggign and detects when a pipeline goes down

This last image shows what it could look like if an attacker used a rootkit Rootkit is deployed and detected