If you hope to outmaneuver threat actors, speed and efficiency need to be key components of your cybersecurity operations. Mastery of the standard command-line interface (CLI) is an invaluable skill in times of crisis because no other software application can match the CLI’s availability, flexibility, and agility. This practical guide shows you how to use the CLI with the bash shell to perform tasks such as data collection and analysis, intrusion detection, reverse engineering, and administration.
 

Authors Paul Troncone, founder of Digadel Corporation, and Carl Albing, coauthor of bash Cookbook (O’Reilly), provide insight into command-line tools and techniques to help defensive operators collect data, analyze logs, and monitor networks. Penetration testers will learn how to leverage the enormous amount of functionality built into nearly every version of Linux to enable offensive operations.

In four parts, security practitioners, administrators, and students will examine:

• 
  •  Foundations: Principles of defense and offense, command-line and bash basics, and regular expressions
• •  Defensive security operations: Data collection and analysis, real-time log monitoring, and malware analysis
• •  Penetration testing: Script obfuscation and tools for command-line fuzzing and remote access
• •  Security administration: Users, groups, and permissions; device and software inventory
  
  From the Preface

In this day and age, the command line is sometimes overlooked. New cybersecurity practitioners may be lured away by tools with flashy graphical interfaces. More-experienced operators may dismiss or underestimate its value. However, the command line provides a wealth of capability and should be part of every practitioner’s toolkit. As an example, the seemingly simple tail command that outputs the last few lines of a specified file is over 2,000 lines of C code. You could create a similar tool using Python or another programming language, but why do so when you can access its capabilities by simply invoking it from the command line?
 

Additionally, learning how to use the command line for complex tasks gives you a better understanding of the way an operating system functions. The most capable cybersecurity practitioners understand how tools work at a fundamental level, not just how to use them.

Cybersecurity Ops with bash teaches you how to leverage sophisticated Linux commands and the bash shell to enhance your capabilities as a security operator and practitioner. By learning these skills you will be able to rapidly create and prototype complex capabilities with as little as a single line of pipelined commands.
 

Although the bash shell and the commands we discuss throughout this book originated in the Unix and Linux family of operating systems, they are now ubiquitous. The techniques are easily transferable between Linux, Windows, and macOS environments.

Who This Book Is For

Cybersecurity Ops with bash is written for those who wish to achieve mastery of the command line in the context of computer security. The goal is not to replace existing tools with command-line scripts, but rather to teach you how to use the command line so you can leverage it to augment your existing security capabilities.
 

Throughout this book, we focus examples on security techniques such as data collection, analysis, and penetration testing. The purpose of these examples is to demonstrate the command line’s capabilities and give you insight into some of the fundamental techniques used by higher-level tools.
 

This book assumes basic familiarity with cybersecurity, the command-line interface, programming concepts, and the Linux and Windows operating systems. Prior knowledge of bash is useful but not necessarily needed.
 

This book is not an introduction to programming, although some general concepts are covered in Part I.

About the Author

Paul Troncone has over 15 years of experience in the cybersecurity and information technology fields. For the past 4 years Paul has served as a Distinguished Visiting Professor to the United States Naval Academy, instructing cybersecurity courses in the Computer Science Department. In 2009 Paul founded the Digadel Corporation where he performs independent cybersecurity consulting and software development.

Carl Albing is a software engineer and teacher with a breadth of industry experience. A co-author of O’Reilly’s “bash Cookbook”, he has worked in software for companies large and small, across a variety of software industries. He has a B.A. in Mathematics, Masters in International Management, and a Ph.D. in Computer Science. He has recently spent time in academia as a Distinguished Visiting Professor in the Department of Computer Science at the US Naval Academy where he taught courses on Programming Languages, Compilers, High Performance Computing, and Advanced Shell Scripting.