Advanced Persistent Threat Hacking. McGraw-Hill

Tyler Wrightson

The Art And Science Of Hacking Any Organization

Empirical DataAPT Hacker MethodologyAn APT Approach to ReconnaissanceReconnaissance: Nontechnical DataSpear Social EngineeringPhase III: Remote TargetingSpear Phishing with Hardware TrojansPhysical InfiltrationAPT Software Backdoors

e-books shop
Advanced Persistent Threat Hacking

About the Author
Tyler Wrightson is the author of Advanced Persistent Threats as well as Wireless Network
Security: A Beginner’s Guide. Tyler is the founder and president of Leet Systems, which provides offensive security services such as penetration testing and red teaming to secure organizations against real-world attackers. Tyler has over 13 years’ experience in the IT security field, with extensive experience in all forms of offensive security and penetration testing. He holds industry certifications for CISSP, CCSP, CCNA, CCDA, and MCSE. Tyler has also taught classes for CCNA certification, wireless security, and network security. He has been a frequent speaker at industry conferences, including Derbycon, BSides, Rochester Security Summit, NYS Cyber Security Conference, ISACA,
ISSA, and others. Follow his security blog at

About the Technical Editors
Reg Harnish is an entrepreneur, speaker, security specialist, and the chief security strategist for GreyCastle Security. Reg has nearly 15 years of security experience, specializing in security solutions for financial services, healthcare, higher education, and other industries. His security expertise ranges from risk management, incident response, and regulatory compliance to network, application, and physical security. Reg brings a unique, thought-provoking perspective to his work, and he strives to promote awareness, establish security fundamentals, and reduce risk for GreyCastle Security clients.
Reg attended Rensselaer Polytechnic Institute in Troy, New York, and has achieved numerous security and industry certifications. He is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and a Certified Information Systems Auditor (CISA). In addition, Reg is certified in Information Technology Infrastructure Library (ITIL) Service Essentials. He is a member of InfraGard, the Information Systems Audit and Control Association (ISACA), and the Information Systems Security Association (ISSA). In addition to deep expertise in information security, Reg has achieved numerous physical security certifications,
including firearms instruction, range safety, and personal protection.

Reg is a frequent speaker and has presented at prominent events, including US Cyber Crime,
Symantec Vision, ISACA, ISSA, InfraGard, and more. His successes have been featured in several leading industry journals, including Software Magazine, ComputerWorld, and InfoWorld. Comrade has been in information security since the early 2000s. Comrade holds several industry certifications, but believes the only one that really means anything in regard to this book is the OSCP certification by the Offensive Security team. He currently performs penetration testing against all attack vectors, network, application, physical, social, etc., for clients in all verticals, including many
Fortune 500 companies.

Writing this book was a far more difficult task than I realized when I first set out. This book has
actually been well over a decade in the making. Starting out as a simple thought experiment to
determine how I might be able to hack into any organization, over the years, it turned into more of an obsession.

Finally, after many years of penetration testing, I felt that not only did I have a solid game plan to
successfully hack even the most secure organizations, but I also had plenty of firsthand experience that gave me my own unique perspective.

Why This Book?
This book was written with one crystalized purpose: to prove that regardless of the defenses in place, any organization can have their most valuable assets stolen due to the complete immersion of technology with our world. The truly alarming fact is that not only is this possible, but it is probably far easier than most people realize.

Who Should Read This Book?
This book was originally written for anyone tasked with ensuring the security of their organization, from the CSO to junior systems administrators. However, much of the book will provide enlightening information for anyone even remotely interested in security.
The people who will most likely gain the most from this book are the foot soldiers who must make tactical security decisions every day. People like penetration testers, systems administrators, network engineers, even physical security personnel will find this book particularly helpful. However, even security managers and C-level personnel will find much of this information enlightening.

What This Book Covers
This book starts out at a very high level and quickly gets into the nitty-gritty of attacking an
organization and exploiting specific vulnerabilities. These examples are meant to be actionable,
hands-on examples that you can test yourself. However, it’s critical to understand that in no way
should this book be considered to contain every detail that is necessary to hack any organization.
Hopefully, every reader understands that to contain every detail, this book would quickly reach a size that would not fit on any bookshelf. Instead, in an attempt to find balance, many things that are believed to have been covered adequately by other books or that are assumed to be known by a reader with a moderate understanding of hacking have been left out of this book.
In an attempt to give the most real, unabashed, and meaningful perspective, there has been no
tiptoeing around sensitive subjects, and nothing has been held from this book for fear of being too
controversial. This book has been written from the perspective of a criminal, with no other goal than to take your organization’s most meaningful assets by any means necessary (aside from violence). It is only with this perspective that we can meet Sun Tzu’s tenet of knowing thy enemy. And with that perspective begin to adequately defend against these types of threats.
It is also important to understand the difference between the typical use of the word APT and the
meaning in this book. In this book, I attempt to commandeer the term APT to define a new type of hacker able to infiltrate any organization despite a very small budget and surprisingly with very accessible skills. As always with everything I do, there may be a small dash of tongue-in-cheek humor.

How Is This Book Organized?
In the first part, we stick to the high-level concepts that make every organization vulnerable. 
In Chapter 2, we discuss a few interesting real-world examples of both unsophisticated and
sophisticated threats.
In Chapter 3, we discuss the methodology you must follow to become capable of hacking any
organization. This methodology includes a few hard-set technical skills that you must obtain;
however, it is primarily dominated by the correct system and mental constructs necessary to hack any organization.
Chapters 4 and 5 dive into the first tactical steps in the methodology and cover in detail the
technical and nontechnical types of data you should attempt to obtain about your target through active and passive reconnaissance.
Chapter 6 begins with an in-depth discussion of strategic and tactical components of effective
social engineering. This is followed by tactical examples of spear phishing a target through remote technical means such as e-mail and building effective phishing websites.
Chapter 7 moves on to targeting remote users at their homes and other locations. This chapter
focuses primarily on exploiting wireless vulnerabilities that can allow us to easily and anonymously exploit these users. This includes targeting wireless networks and vulnerabilities, as well as creating the most effective rogue access points and exploiting wireless clients and communications.
Chapter 8 demonstrates how to create and use traditional audio, video, and GPS bugs to monitor key locations and individuals. This is followed by details on how to create and program nextgeneration hardware-based backdoors such as the Teensy device, as well as backdoored hardware such as laptops and smart phones.
Chapter 9 goes in depth into circumventing many of the most common physical security controls and physically infiltrating target locations. Copious examples and useable tools and techniques are covered in detail.
Finally, Chapter 10 closes with a discussion of the types of software backdoors that can be used
throughout all of the previous attack phases to maximize the effectiveness of any attack. This includes code examples as well as functionality that may seem somewhat low tech but will provide great results.

Table of Contents
Chapter 1 Introduction
Defining the Threat
Attacker Motives
Threat Capabilities
Threat Class
Threat History
APT Hacker: The New Black
Targeted Organizations
Constructs of Our Demise
The Impact of Our Youth
The Economics of (In)security
Psychology of (In)security
The Big Picture
The Vulnerability of Complexity
All Together Now
The Future of Our World
Don’t Forget
Chapter 2 Empirical Data
The Problem with Our Data Set
Threat Examples
Techno-Criminals Skimmer Evolution
Techno-Criminals: Hacking Power Systems
Unsophisticated Threat: Hollywood Hacker
Unsophisticated Threat: Neighbor from Hell
Smart Persistent Threats: Kevin Mitnick
APT: Nation-States
Stuxnet and Operation Olympic Games
Duqu: The APT Reconnaissance Worm
Flame: APT Cyber-espionage Worm
APT: RSA Compromise
APT Nation-State: Iran Spying on Citizens
Cell Phone Spying: Carrier IQ
Don’t Forget
Chapter 3 APT Hacker Methodology
AHM: Strong Enough for Penetration Testers, Made for a Hacker
AHM Components (Requirements, Skills, Soft Skills)
Elegant, Big-Picture Thinkers
Advanced: Echelons of Skill
Social Omniscience
Always Target the Weakest Link
Efficacious, Not Elite
Exploitless Exploits
The Value of Information
APT Hacker’s Thought Process
Think Outside the Box
A Side Note
A Vaudeville Story
Look for Misdirection
Think Through the Pain
Avoid Tunnel Vision
No Rules
Keep It Simple, Stupid (KISS)
APT Hacking Core Steps
Maintaining Access
Clean Up
APT Hacker Attack Phases
APT Hacker Foundational Tools
Anonymous Purchasing
Anonymous Internet Activity
Anonymous Phone Calls
APT Hacker Terms
Don’t Forget
Chapter 4 An APT Approach to Reconnaissance
Reconnaissance Data
Data Categories (Technical and Nontechnical)
Data Sources (Cyber and Physical)
Data Methods (Active and Passive)
Technical Data
Registrant Information
DNS Information and Records
DNS Zones
Border Gateway Protocol: An Overview
System and Service Identification
Web Service Enumeration
Large Data Sets
Geolocation Information
Data from the Phone System
Don’t Forget
Chapter 5 Reconnaissance: Nontechnical Data
Search Engine Terms and Tips
Search Engine Commands
Search Engine Scripting
Search Engine Alerts
HUMINT: Personnel
Personnel Directory Harvesting
Directory Harvesting: HTTP Requests
Directory Harvesting: Stateful HTTP
Analyzing Results
Directory Harvesting HTML Tables
Personnel Directory: Analyzing the Final Results
E-mail Harvesting
Technical E-mail Harvesting
Nontechnical E-mail Harvesting
Geographical Data
Reconnaissance on Individuals
Nontraditional Information Repositories
Automated Individual Reconnaissance
Our Current View
Don’t Forget
Chapter 6 Spear Social Engineering
Social Engineering
Social Engineering Strategies
Do What Works for You
Legitimacy Triggers
Keep It Simple, Stupid
Don’t Get Caught
Don’t Lie
Be Congruent
Social Engineering Tactics
Like Likes Like
Personality Types
Tell Me What I Know
Insider Information
Name Dropping
The Right Tactic
Why Don’t You Make Me?
Spear-Phishing Methods
Spear-Phishing Goals
Technical Spear-Phishing Exploitation Tactics
Building the Story
Phishing Website Tactics
Phishing Website: Back-End Functionality
Client-Side Exploits
Custom Trojan Backdoor
Don’t Forget
Chapter 7 Phase III: Remote Targeting
Remote Presence Reconnaissance
Social Spear Phishing
Wireless Phases
APT Wireless Tools
Wireless Reconnaissance
Active Wireless Attacks
Client Hacking: APT Access Point
Getting Clients to Connect
Attacking WPA-Enterprise Clients
Access Point Component Attacks
Access Point Core Attack Config
Access Point Logging Configuration
Access Point Protocol Manipulation
Access Point Fake Servers
Don’t Forget
Chapter 8 Spear Phishing with Hardware Trojans
Phase IV Spear Phishing with Hardware Trojans
Hardware Delivery Methods
Hardware Trojans: The APT Gift
APT Wakizashi Phone
Trojaned Hardware Devices
Hardware Device Trojans with Teensy
Don’t Forget
Chapter 9 Physical Infiltration
Phase V Physical Infiltration
APT Team Super Friends
It’s Official – Size Matters
Facility Reconnaissance Tactics
Example Target Facility Types
Choosing Facility Asset Targets
Physical Security Control Primer
Physical Infiltration Factors
Physical Security Concentric Circles
Physical Social Engineering
Physical Social Engineering Foundations
Physical Congruence
Body Language
Defeating Physical Security Controls
Preventative Physical Controls
Detective Physical Controls
Hacking Home Security
Hacking Hotel Security
Hacking Car Security
Intermediate Asset and Lily Pad Decisions
Plant Device
Steal Asset
Take and Return Asset
Backdoor Asset
Don’t Forget
Chapter 10 APT Software Backdoors
Software Backdoor Goals
APT Backdoor: Target Data
APT Backdoors: Necessary Functions
Rootkit Functionality
Know Thy Enemy
Thy Enemies’ Actions
Responding to Thy Enemy
Network Stealth Configurations
Deployment Scenarios
American Backdoor: An APT Hacker’s Novel
Backdoor Droppers
Backdoor Extensibility
Backdoor Command and Control
Backdoor Installer
Backdoor: Interactive Control
Data Collection
Backdoor Watchdog
Backdooring Legitimate Software
Don’t Forget


e-books shop

Purchase Now !
Just with Paypal

Product details
 434 p
 File Size
 10,831 KB
 File Type
 PDF format
 2015 by McGraw-Hill Education

═════ ═════

Loading... Protection Status