Showing posts with label Hacking Book. Show all posts

Red Team Edition

Peter Kim


e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 4.00
 Pages
 337 p
 File Size 
 8,923 KB
 File Type
 PDF format
 ISBN-13
 978-1980901754
 Copyright©   
 2018 by Secure Planet LLC 

About the Author
Peter Kim has been in the information security industry for more than 14 years
and has been running Penetration Testing/Red Teams for more than 12 years.
He has worked for multiple utility companies, Fortune 1000 entertainment
companies, government agencies, and large financial organizations. Although
he is most well-known for The Hacker Playbook series, his passions are building
a safe security community, mentoring students, and training others. He founded
and maintains one of Southern California's largest technical security clubs called
LETHAL (www.meetup.com/LETHAL), performs private training at his
warehouse LETHAL Security (lethalsecurity.com), and runs a boutique
penetration testing firm called Secure Planet (www.SecurePla.net).

Peter's main goal with The Hacker Playbook series is to instill passion into his
readers and get them to think outside the box. With the ever-changing
environment of security, he wants to help build the next generation of security professionals.
Feel free to contact Peter Kim for any of the following:
Questions about the book: book@thehackerplaybook.com
Inquiries on private training or Penetration Tests: secure@securepla.net
Twitter: @hackerplaybook

preface
This is the third iteration of The Hacker Playbook (THP) series. Below is an
overview of all the new vulnerabilities and attacks that will be discussed. In
addition to the new content, some attacks and techniques from the prior books
(which are still relevant today) are included to eliminate the need to refer back to
the prior books. So, what's new? Some of the updated topics from the past
couple of years include:
Abusing Active Directory
Abusing Kerberos
Advanced Web Attacks
Better Ways to Move Laterally
Cloud Vulnerabilities
Faster/Smarter Password Cracking
Living Off the Land
Lateral Movement Attacks
Multiple Custom Labs
Newer Web Language Vulnerabilities
Physical Attacks
Privilege Escalation
PowerShell Attacks
Ransomware Attacks
Red Team vs Penetration Testing
Setting Up Your Red Team Infrastructure
Usable Red Team Metrics
Writing Malware and Evading AV
And so much more
Additionally, I have attempted to incorporate all of the comments and
recommendations received from readers of the first and second books. I do want
to reiterate that I am not a professional author. I just love security and love
teaching security and this is one of my passion projects. I hope you enjoy it.

This book will also provide a more in-depth look into how to set up a lab
environment in which to test your attacks, along with the newest tips and tricks
of penetration testing. Lastly, I tried to make this version easier to follow since
many schools have incorporated my book into their curricula. Whenever
possible, I have added lab sections that help provide a way to test a vulnerability or exploit.

As with the other two books, I try to keep things as realistic, or “real world”, as
possible. I also try to stay away from theoretical attacks and focus on what I
have seen from personal experience and what actually worked. I think there has
been a major shift in the industry from penetration testers to Red Teamers, and I
want to show you rather than tell you why this is so. As I stated before, my
passion is to teach and challenge others. So, my goals for you through this book
are two-fold: first, I want you to get into the mindset of an attacker and
understand “the how” of the attacks; second, I want you to take the tools and
techniques you learn and expand upon them. Reading and repeating the labs is
only one part – the main lesson I teach to my students is to let your work speak
for your talents. Instead of working on your resume (of course, you should have
a resume), I really feel that having a strong public Github repo/technical blog
speaks volumes in security over a good resume. Whether you live in the blue
defensive or red offensive world, getting involved and sharing with our security
community is imperative.

For those who did not read either of my two prior books, you might be
wondering what my experience entails. My background includes more than 12
years of penetration testing/red teaming for major financial institutions, large
utility companies, Fortune 500 entertainment companies, and government
organizations. I have also spent years teaching offensive network security at
colleges, spoken at multiple security conferences, been referenced in many
security publications, taught courses all over the country, ran multiple public
CTF competitions, and started my own security school. One of my big passion
project was building a free and open security community in Southern California
called LETHAL (meetup.com/lethal). Now, with over 800+ members, monthly
meetings, CTF competitions, and more, it has become an amazing environment
for people to share, learn, and grow.

One important note is that I am using both commercial and open source tools.
For every commercial tool discussed, I try to provide an open source
counterpart. I occasionally run into some pentesters who claim they only use
open source tools. As a penetration tester, I find this statement hard to accept. If
you are supposed to emulate a “real world” attack, the “bad guys” do not have
these restrictions; therefore, you need to use any tool (commercial or open
source) that will get the job done.

A question I get often is, who is this book intended for? It is really hard to state
for whom this book is specifically intended as I truly believe anyone in security
can learn. Parts of this book might be too advanced for novice readers, some
parts might be too easy for advanced hackers, and other parts might not even be
in your field of security.

For those who are just getting into security, one of the most common things I
hear from readers is that they tend to gain the most benefit from the books after
reading them for the second or third time (making sure to leave adequate time
between reads). There is a lot of material thrown at you throughout this book
and sometimes it takes time to absorb it all. So, I would say relax, take a good
read, go through the labs/examples, build your lab, push your scripts/code to a
public Github repository, and start up a blog.

Lastly, being a Red Team member is half about technical ability and half about
having confidence. Many of the social engineering exercises require you to
overcome your nervousness and go outside your comfort zone. David Letterman
said it best, "Pretending to not be afraid is as good as actually not being afraid."
Although this should be taken with a grain of salt, sometimes you just have to
have confidence, do it, and don't look back.


Table of Contents
Contents
Preface
Notes and Disclaimer
Introduction
Penetration Testing Teams vs Red Teams
Summary
1 Pregame - The Setup
Assumed Breach Exercises
Setting Up Your Campaign
Setting Up Your External Servers
Tools of the Trade
Metasploit Framework
Cobalt Strike
PowerShell Empire
dnscat2
p0wnedShell
Pupy Shell
PoshC2
Merlin
Nishang
Conclusion
2 Before the Snap - Red Team Recon
Monitoring an Environment
Regular Nmap Diffing
Web Screenshots
Cloud Scanning
Network/Service Search Engines
Manually Parsing SSL Certificates
Subdomain Discovery
Github
Cloud
Emails
Additional Open Source Resources
Conclusion
3 The Throw - Web Application Exploitation
Bug Bounty Programs:
Web Attacks Introduction - Cyber Space Kittens
The Red Team Web Application Attacks
Chat Support Systems Lab
Cyber Space Kittens: Chat Support Systems
Setting Up Your Web Application Hacking Machine
Analyzing a Web Application
Web Discovery
Cross-Site Scripting XSS
Blind XSS
DOM Based XSS
Advanced XSS in NodeJS
XSS to Compromise
NoSQL Injections
Deserialization Attacks
Template Engine Attacks - Template Injections
JavaScript and Remote Code Execution
Server Side Request Forgery (SSRF)
XML eXternal Entities (XXE)
Advanced XXE - Out Of Band (XXE-OOB)
Conclusion
4 The Drive - Compromising the Network
Finding Credentials from Outside the Network
Advanced Lab
Moving Through the Network
Setting Up the Environment - Lab Network
On the Network with No Credentials
Responder
Better Responder (MultiRelay.py)
PowerShell Responder
User Enumeration Without Credentials
Scanning the Network with CrackMapExec (CME)
After Compromising Your Initial Host
Privilege Escalation
Privilege Escalation Lab
Pulling Clear Text Credentials from Memory
Getting Passwords from the Windows Credential Store and Browsers
Getting Local Creds and Information from OSX
Living Off of the Land in a Windows Domain Environment
Service Principal Names
Querying Active Directory
Bloodhound/Sharphound
Moving Laterally - Migrating Processes
Moving Laterally Off Your Initial Host
Lateral Movement with DCOM
Pass-the-Hash
Gaining Credentials from Service Accounts
Dumping the Domain Controller Hashes
Lateral Movement via RDP over the VPS
Pivoting in Linux
Privilege Escalation
Linux Lateral Movement Lab
Attacking the CSK Secure Network
Conclusion
5 The Screen - Social Engineering
Building Your Social Engineering (SE) Campaigns
Doppelganger Domains
How to Clone Authentication Pages
Credentials with 2FA
Phishing
Microsoft Word/Excel Macro Files
Non-Macro Office Files - DDE
Hidden Encrypted Payloads
Exploiting Internal Jenkins with Social Engineering
Conclusion
6 The Onside Kick - Physical Attacks
Card Reader Cloners
Physical Tools to Bypass Access Points
LAN Turtle (lanturtle.com)
Packet Squirrel
Bash Bunny
Breaking into Cyber Space Kittens
QuickCreds
BunnyTap
WiFi
Conclusion
7 The Quarterback Sneak - Evading AV and Network Detection
Writing Code for Red Team Campaigns
The Basics Building a Keylogger
Setting up your environment
Compiling from Source
Sample Framework
Obfuscation
THP Custom Droppers
Shellcode vs DLLs
Running the Server
Client
Configuring the Client and Server
Adding New Handlers
Further Exercises
Recompiling Metasploit/Meterpreter to Bypass AV and Network Detection
How to Build Metasploit/Meterpreter on Windows:
Creating a Modified Stage 0 Payload:
SharpShooter
Application Whitelisting Bypass
Code Caves
PowerShell Obfuscation
PowerShell Without PowerShell:
HideMyPS
Conclusion
8 Special Teams - Cracking, Exploits, and Tricks
Automation
Automating Metasploit with RC scripts
Automating Empire
Automating Cobalt Strike
The Future of Automation
Password Cracking
Gotta Crack Em All - Quickly Cracking as Many as You Can
Cracking the CyberSpaceKittens NTLM hashes:
Creative Campaigns
Disabling PS Logging
Windows Download File from Internet Command Line
Getting System from Local Admin
Retrieving NTLM Hashes without Touching LSASS
Building Training Labs and Monitor with Defensive Tools
Conclusion
9 Two-Minute Drill - From Zero to Hero
10 Post Game Analysis - Reporting
Continuing Education
About the Author
special thanks

Bookscreen
e-books shop

Introduction
In the last engagement (The Hacker Playbook 2), you were tasked with breaking
into the Cyber Kittens weapons facility. They are now back with their brand
new space division called Cyber Space Kittens (CSK). This new division took
all the lessons learned from the prior security assessment to harden their
systems, set up a local security operations center, and even create security
policies. They have hired you to see if all of their security controls have helped
their overall posture.

From the little details we have picked up, it looks like Cyber Space Kittens has
discovered a secret planet located in the Great Andromeda Nebula or
Andromeda Galaxy. This planet, located on one of the two spiral arms, is
referred to as KITT-3n. KITT-3n, whose size is double that of Earth, resides in
the binary system called OI 31337 with a star that is also twice the size of
Earth’s star. This creates a potentially habitable environment with oceans, lakes,
plants, and maybe even life…

With the hope of new life, water, and another viable planet, the space race is
real. CSK has hired us to perform a Red Team assessment to make sure they are
secure, and capable of detecting and stopping a breach. Their management has
seen and heard of all the major breaches in the last year and want to hire only the
best. This is where you come in...

Your mission, if you choose to accept it, is to find all the external and internal
vulnerabilities, use the latest exploits, use chained vulnerabilities, and see if their
defensive teams can detect or stop you.

What types of tactics, threats, and procedures are you going to have to employ?
In this campaign, you are going to need to do a ton of reconnaissance and
discovery, look for weaknesses in their external infrastructure, social engineer
employees, privilege escalate, gain internal network information, move laterally
throughout the network, and ultimately exfiltrate KITT-3n systems and databases.

by Kevin Beaver 

Building the Foundation for Security Testing
Putting Security Testing in Motion
Hacking Network Hosts
Hacking Operating Systems
Hacking Applications.
Security Testing Aftermath
The Part of Tens

e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 5.00 USD
 Pages
 411 p
 File Size
 11,535 KB
 File Type
 PDF format
 ISBN
 978-1-119-48547-6 (pbk)
 978-1-119-48554-4 (ebk)
 978-1-119-48551-3 (ebk)
 Copyright   
 2018 by John Wiley & Sons, Inc   

Introduction
Welcome to Hacking For Dummies, 6th Edition. This book outlines — in
plain English — computer hacking tricks and techniques that you can
use to assess the security of your information systems, find the vulnerabilities
that matter, and fix the weaknesses before criminal hackers and malicious
insiders take advantage of them. This hacking is the professional, aboveboard, and
legal type of security testing — which I refer to as ethical hacking or vulnerability
and penetration testing throughout the book.

Computer and network security is a complex subject and an ever-moving target.
You must stay on top of it to ensure that your information is protected from the
bad guys. The techniques and tools outlined in this book can help.
You could implement all the security technologies and other best practices possible,
and your network environment might be secure — as far as you know. But unless and
until you understand how malicious attackers think, apply that knowledge, and use
the right tools to assess your systems from their point of view, it’s practically
impossible to have a true sense of how secure your systems and information really are.

Ethical hacking (or, more simply, security assessments), which encompasses formal
and methodical vulnerability and penetration testing, is necessary to find
security flaws and to validate that your information systems are truly secure on an
ongoing basis. This book provides you the knowledge you need to successfully
implement a security assessment program, perform proper security checks, and
put the proper countermeasures in place to keep external hackers and malicious
users in check.

About This Book
Hacking For Dummies is a reference guide on hacking your systems to improve
security and minimize business risks. The security testing techniques are based on
written and unwritten rules of computer system penetration testing, vulnerability
testing, and information security best practices. This book covers everything from
establishing your testing plan to assessing your systems to plugging the holes and
managing an ongoing security testing program.

Realistically, for most networks, operating systems, and applications, thousands
of possible vulnerabilities exist. I don’t cover them all, but I do cover the big ones
on various platforms and systems that I believe contribute to most security problems
in business today. I cover basic Pareto principle (80/20 rule) stuff, with the
goal of helping you find the 20 percent of the issues that create 80 percent of your
security risks. Whether you need to assess security vulnerabilities on a small
home-office network, a medium-size corporate network, or large enterprise systems,
Hacking For Dummies provides the information you need.
This book includes the following features:
»»Various technical and nontechnical tests and their detailed methodologies.
»»Specific countermeasures to protect against hacking and breaches.
Before you start testing your systems, familiarize yourself with the information in
Part 1 so that you’re prepared for the tasks at hand. The adage “If you fail to plan,
you plan to fail” rings true for the security assessment process. You must have a
solid game plan in place if you’re going to be successful.

Table of Contents
INTRODUCTION. 1
About This Book. 1
Foolish Assumptions. 2
Icons Used in This Book. 3
Beyond the Book. 3
Where to Go from Here. 4
PART 1: BUILDING THE FOUNDATION FOR
SECURITY TESTING. 5
CHAPTER 1: Introduction to Vulnerability and Penetration Testing. 7
Straightening Out the Terminology . 7
Hacker. 8
Malicious user . 9
Recognizing How Malicious Attackers Beget Ethical Hackers. 10
Vulnerability and penetration testing versus auditing. 10
Policy considerations . 11
Compliance and regulatory concerns. 12
Understanding the Need to Hack Your Own Systems. 12
Understanding the Dangers Your Systems Face. 14
Nontechnical attacks. 14
Network infrastructure attacks. 15
Operating system attacks. 15
Application and other specialized attacks. 15
Following the Security Assessment Principles .16
Working ethically. 16
Respecting privacy. 17
Not crashing your systems. 17
Using the Vulnerability and Penetration Testing Process. 18
Formulating your plan . 18
Selecting tools . 20
Executing the plan. 22
Evaluating results . 23
Moving on. 23
CHAPTER 2: Cracking the Hacker Mindset . 25
What You’re Up Against. 25
Who Breaks into Computer Systems. 28
Hacker skill levels. 28
Hacker motivations. 30
Why They Do It. 30
Planning and Performing Attacks. 33
Maintaining Anonymity  .35
CHAPTER 3: Developing Your Security Testing Plan. 37
Establishing Your Goals . 37
Determining Which Systems to Test. 40
Creating Testing Standards. 43
Timing your tests. 43
Running specific tests. 44
Conducting blind versus knowledge assessments. 45
Picking your location. 46
Responding to vulnerabilities you find. 46
Making silly assumptions. 46
Selecting Security Assessment Tools. 47
CHAPTER 4: Hacking Methodology . 49
Setting the Stage for Testing. 49
Seeing What Others See. 51
Scanning Systems. 52
Hosts. 53
Open ports. 53
Determining What’s Running on Open Ports . 54
Assessing Vulnerabilities . 56
Penetrating the System . 58
PART 2: PUTTING SECURITY TESTING IN MOTION. 59
CHAPTER 5: Information Gathering. 61
Gathering Public Information . 61
Social media. 62
Web search. 62
Web crawling. 63
Websites. 64
Mapping the Network. 64
WHOIS. 65
Privacy policies. 66
CHAPTER 6: Social Engineering. 67
Introducing Social Engineering. 67
Starting Your Social Engineering Tests. 68
Knowing Why Attackers Use Social Engineering. 69
Understanding the Implications. 70
Building trust. 71
Exploiting the relationship. 72
Performing Social Engineering Attacks . 74
Determining a goal. 75
Seeking information. 75
Social Engineering Countermeasures . 80
Policies . 80
User awareness and training. 80
CHAPTER 7: Physical Security. 83
Identifying Basic Physical Security Vulnerabilities . 84
Pinpointing Physical Vulnerabilities in Your Office. 85
Building infrastructure. 85
Utilities . 87
Office layout and use . 88
Network components and computers. 90
CHAPTER 8: Passwords. 95
Understanding Password Vulnerabilities. 96
Organizational password vulnerabilities. 97
Technical password vulnerabilities. 97
Cracking Passwords . 98
Cracking passwords the old-fashioned way . 99
Cracking passwords with high-tech tools. 102
Cracking password-protected files. 110
Understanding other ways to crack passwords. 112
General Password Cracking Countermeasures . 117
Storing passwords. 118
Creating password policies . 118
Taking other countermeasures. 120
Securing Operating Systems. 121
Windows. 121
Linux and Unix. 122
PART 3: HACKING NETWORK HOSTS. 123
CHAPTER 9: Network Infrastructure Systems. 125
Understanding Network Infrastructure Vulnerabilities. 126
Choosing Tools. 127
Scanners and analyzers. 128
Vulnerability assessment. 128
Scanning, Poking, and Prodding the Network. 129
Scanning ports. 129
Scanning SNMP. 135
Grabbing banners. 137
Testing firewall rules. 138
Analyzing network data . 140
The MAC-daddy attack. 147
Testing denial of service attacks. 152
Detecting Common Router, Switch, and Firewall Weaknesses. 155
Finding unsecured interfaces . 155
Uncovering issues with SSL and TLS. 156
Putting Up General Network Defenses . 156
CHAPTER 10: Wireless Networks. 159
Understanding the Implications of Wireless Network
Vulnerabilities . 159
Choosing Your Tools. 160
Discovering Wireless Networks. 162
Checking for worldwide recognition. 162
Scanning your local airwaves. 163
Discovering Wireless Network Attacks and Taking
Countermeasures. 165
Encrypted traffic . 167
Countermeasures against encrypted traffic attacks . 170
Wi-Fi Protected Setup. 172
Countermeasures against the WPS PIN flaw. 175
Rogue wireless devices. 175
Countermeasures against rogue wireless devices. 179
MAC spoofing. 179
Countermeasures against MAC spoofing . 183
Physical security problems. 183
Countermeasures against physical security problems. 184
Vulnerable wireless workstations. 185
Countermeasures against vulnerable wireless workstations. 185
Default configuration settings. 185
Countermeasures against default configuration settings
exploits. 186
CHAPTER 11: Mobile Devices. 187
Sizing Up Mobile Vulnerabilities. 187
Cracking Laptop Passwords. 188
Choosing your tools . 188
Applying countermeasures . 193
Cracking Phones and Tablets. 193
Cracking iOS passwords. 194
Taking countermeasures against password cracking . 197
PART 4: HACKING OPERATING SYSTEMS. 199
CHAPTER 12: Windows. 201
Introducing Windows Vulnerabilities. 202
Choosing Tools.  203
Free Microsoft tools . 203
All-in-one assessment tools. 204
Task-specific tools. 204
Gathering Information About Your Windows Vulnerabilities. 205
System scanning. 205
NetBIOS. 208
Detecting Null Sessions . 210
Mapping. 211
Gleaning information. 212
Countermeasures against null-session hacks. 214
Checking Share Permissions. 215
Windows defaults . 216
Testing. 216
Exploiting Missing Patches. 217
Using Metasploit. 220
Countermeasures against missing patch vulnerability
exploits. 224
Running Authenticated Scans. 225
CHAPTER 13: Linux and macOS. 227
Understanding Linux Vulnerabilities . 228
Choosing Tools. 229
Gathering Information About Your System Vulnerabilities. 229
System scanning. 229
Countermeasures against system scanning. 233
Finding Unneeded and Unsecured Services. 234
Searches. 234
Countermeasures against attacks on unneeded services. 236
Securing the .rhosts and hosts.equiv Files . 238
Hacks using the hosts.equiv and .rhosts files. 239
Countermeasures against .rhosts and hosts.equiv
file attacks. 240
Assessing the Security of NFS. 241
NFS hacks. 241
Countermeasures against NFS attacks. 242
Checking File Permissions. 242
File permission hacks. 243
Countermeasures against file permission attacks. 243
Finding Buffer Overflow Vulnerabilities. 244
Attacks. 244
Countermeasures against buffer overflow attacks . 245
Checking Physical Security. 245
Physical security hacks. 245
Countermeasures against physical security attacks . 245
Performing General Security Tests. 246
Patching . 248
Distribution updates. 248
Multiplatform update managers. 249
PART 5: HACKING APPLICATIONS. 251
CHAPTER 14: Communication and Messaging Systems. 253
Introducing Messaging System Vulnerabilities. 253
Recognizing and Countering Email Attacks. 254
Email bombs. 255
Banners. 258
SMTP attacks . 260
General best practices for minimizing email security risks. 269
Understanding VoIP . 270
VoIP vulnerabilities. 271
Countermeasures against VoIP vulnerabilities. 275
CHAPTER 15: Web Applications and Mobile Apps . 277
Choosing Your Web Security Testing Tools. 278
Seeking Out Web Vulnerabilities. 279
Directory traversal. 279
Countermeasures against directory traversals. 283
Input-filtering attacks. 283
Countermeasures against input attacks . 290
Default script attacks . 291
Countermeasures against default script attacks . 293
Unsecured login mechanisms. 293
Countermeasures against unsecured login systems. 297
Performing general security scans for web application
vulnerabilities. 297
Minimizing Web Security Risks . 298
Practicing security by obscurity. 299
Putting up firewalls. 300
Analyzing source code . 300
Uncovering Mobile App Flaws. 301
CHAPTER 16: Databases and Storage Systems. 303
Diving Into Databases. 303
Choosing tools. 304
Finding databases on the network. 304
Cracking database passwords. 305
Scanning databases for vulnerabilities. .306
Following Best Practices for Minimizing Database
Security Risks. 307
Opening Up About Storage Systems . 308
Choosing tools. 309
Finding storage systems on the network. 309
Rooting out sensitive text in network files. 310
Following Best Practices for Minimizing Storage
Security Risks. 312
PART 6: SECURITY TESTING AFTERMATH. 315
CHAPTER 17: Reporting Your Results. 317
Pulling the Results Together . 317
Prioritizing Vulnerabilities . 319
Creating Reports. 321
CHAPTER 18: Plugging Your Security Holes. 323
Turning Your Reports into Action. 323
Patching for Perfection. 324
Patch management. 325
Patch automation . 325
Hardening Your Systems. 326
Assessing Your Security Infrastructure . 328
CHAPTER 19: Managing Security Processes 331
Automating the Security Assessment Process . 331
Monitoring Malicious Use.  332
Outsourcing Security Assessments. 334
Instilling a Security-Aware Mindset. 336
Keeping Up with Other Security Efforts. 337
PART 7: THE PART OF TENS. 339
CHAPTER 20: Ten Tips for Getting Security Buy-In. 341
Cultivate an Ally and a Sponsor. 341
Don’t Be a FUDdy-Duddy. 342
Demonstrate That the Organization Can’t Afford to Be Hacked . 342
Outline the General Benefits of Security Testing. 343
Show How Security Testing Specifically Helps the Organization. 344
Get Involved in the Business. 344
Establish Your Credibility. 345
Speak on Management’s Level . 345
Show Value in Your Efforts. 346
Be Flexible and Adaptable. 346
CHAPTER 21: Ten Reasons Hacking Is the Only Effective
Way to Test. 347
The Bad Guys Think Bad Thoughts, Use Good Tools,
and Develop New Methods. 347
IT Governance and Compliance Are More Than
High-Level Checklist Audits . 348
Vulnerability and Penetration Testing Complements
Audits and Security Evaluations . 348
Customers and Partners Will Ask How Secure
Your Systems Are . 348
The Law of Averages Works Against Businesses . 349
Security Assessments Improve Understanding
of Business Threats. 349
If a Breach Occurs, You Have Something to Fall Back On. 349
In-Depth Testing Brings Out the Worst in Your Systems. 350
Combined Vulnerability and Penetration Testing Is
What You Need. 350
Proper Testing Can Uncover Overlooked Weaknesses. 350
CHAPTER 22: Ten Deadly Mistakes. 351
Not Getting Approval . 351
Assuming That You Can Find All Vulnerabilities. 352
Assuming That You Can Eliminate All Vulnerabilities. 352
Performing Tests Only Once. 353
Thinking That You Know It All . 353
Running Your Tests Without Looking at Things from
a Hacker’s Viewpoint. 353
Not Testing the Right Systems. 354
Not Using the Right Tools. 354
Pounding Production Systems at the Wrong Time. 354
Outsourcing Testing and Not Staying Involved. 355
APPENDIX: TOOLS AND RESOURCES. 357
INDEX . 375

Bookscreen
e-books shop
E-book Shop
Stealing the Network - How to Own a Shadow

THE CHASE FOR KNUTH

Johnny Long
Timothy (Thor) Mullen
Ryan Russell
Technical Advisors
SensePost is an independent and objective organisation specialising in  
IT Security consultation, training and assessment services.
The company is situated in South Africa from where it provides services to more
than 70 large and very large clients in Australia, South Africa, Germany, Switzerland, Belgium,The
Netherlands, United Kingdom, Malaysia, United States
of America, and various African countries. 
More than 20 of these clients are in the financial services industry,
where information security is an essential part of their core competency.
SensePost analysts are regular speakers at international conferences including
Black Hat Briefings, DEFCON and Summercon.The analysts also have been
training two different classes at the Black Hat Briefings for the last 2 years. Here
they meet all sorts of interesting people and make good friends. SensePost personnel
typically think different thoughts, have inquisitive minds, never give up
and are generally good looking...
For more information, or just to hang out with us, visit:www.sensepost.com.


Technical EditorSTN: How to Own the Box
Ryan Russell has worked in the IT field for over 13 years, focusing on information
security for the last seven. He was the primary author of Hack Proofing
Your Network: Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6), and
is a frequent technical editor for the Hack Proofing series of books. He is also a
technical advisor to Syngress Publishing’s Snort 2.0 Intrusion Detection (ISBN: 1-
931836-74-4). Ryan founded the vuln-dev mailing list, and moderated it for
three years under the alias “Blue Boar.” He is a frequent lecturer at security
conferences, and can often be found participating in security mailing lists and
Web site discussions. Ryan is the Director of Software Engineering for
AnchorIS.com, where he’s developing the anti-worm product, Enforcer. One of
Ryan’s favorite activities is disassembling worms.


Preface

This is the fourth book in the “Stealing the Network Series.”Reading through the first three books, you can see how this series has evolved over the years.A concept that was hatched at Black Hat USA 2002 in Las Vegas became a reality as Stealing the Network: How to Own the Box was released at Black Hat USA 2003 in Las Vegas.This first book brought together some of the most talented and creative minds in the security world, including Ryan Russell,Tim Mullen (Thor), FX,Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett, and Paul Craig. In all honesty,“Stealing” was not conceived of as a series, but rather as merely a stand-alone book, an unrelated collection of short stories about hackers. But this first book seemed to strike a chord within the security community, and it also generated a following among non-security professionals as well. Security professionals both enjoyed the stories and maybe more importantly learned to think more creatively about both attack and defense techniques.Non-security professionals were able to enjoy the stories and gain an understanding of the hacker world (from both sides of the law) that was beginning to dominate mainstream media headlines.The general public was being bombarded with stories about “hackers,”“identify theft,”“phishing,” and “spam,” but like many things, these terms were all painted with a very broad brushstroke and received only simplistic analysis. Stealing the Network: How to Own the Box changed that and provided the general public with a real understanding of the true world of hacking; that is, how criminals use hacking techniques to commit crimes and how law enforcement strives to prevent crimes and apprehend those responsible.After Stealing the Network: How to Own the Box was published, readers wanted more “Stealing” books, and the series was born.
For the second book in the series, Stealing the Network: How to Own a Continent, the authors
aspired to write a series of stories that actually formed a single, coherent story line (unlike the unrelated stories in How to Own the Box). How to Own a Continent was released at Black Hat USA 2004 in Las Vegas and featured many authors from the first book, including Ryan Russell,Thor, Joe Grand and Paul Craig.The family of “Stealing” authors expanded on this book to include industry luminaries Russ Rogers, Jay Beale, Fyodor,Tom Parker, 131ah (any guesses?), and featured Kevin Mitnick as a technical reviewer.As the story centered on hacking into a string of financial institutions across Africa, Roelof Temmingh, Haroon Meer, and Charl van der Walt of the South African-based IT Security consulting firm SensePost were brought on as technical advisers. Now, getting 10 hackers to follow the same thread is, in the words of lead author Ryan Russell, like “herding cats.” How to Own a Continent was written in the vein of the film “Usual Suspects.” It featured a criminal hacker group led by the shadowy Bob Knuth. Each member of the group was expert in a particular area of compromise, and each had a varying understanding of the larger hack as well as his role in it. Just as readers latched on to the concept of How to Own the Box, the readers of How to Own a Continent latched on to this
Knuth character, and again, they wanted more.

.Bookmarks.
Cover
Preface
Foreword
Travel Plans
Back In The Saddle
Old Man and A Ghost
Rootkit
Paul
The Birth Of Pawn
Dishonorable Discharge
McGaylver
Flashback to Knuth

 Screenshot 
E-books Shop

Purchase Now !
Just with Paypal



Product details
 Price
 File Size
 9,346 KB
 Pages
 450 p
 File Type
 PDF format
 ISBN-10
 ISBN-13
 1-59749-081-4
 978-1-59749-081-8
 Copyright
 2007 by Elsevier, Inc   
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●


═════ ═════

Christopher Hadnagy

Second Edition


e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 4.00 USD
 Pages
 362 p
 File Size
 7,200 KB
 File Type
 PDF format 
 ISBN             
 978-1-119-43375-0
 Copyright   
 2018 Christopher Hadnagy  

About the Author
CHRISTOPHER HADNAGY
is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and DerbyCon,as well as the creator of the popular Social Engineering Capture the Flag (SECTF). He is a sought-after speaker and trainer and even has debriefed the Pentagon on these topics. He can be found tweeting at @humanhacker.

FOREWORD
When I started Apple Computers in 1976 with Steve Jobs, I did not imagine
where that invention would take the world. I wanted to do something that was
unheard of: create a personal computer. One that any person could use, enjoy,
and benefit from. Jump forward only a short 40 or so years and that vision is a reality.

With billions of personal computers around the globe, smartphones, smart
devices, and technology being embedded into every aspect of our lives, it is
important to take a step back and look at how we maintain safety and security
while still innovating and growing and working with the next generation.
I love getting to work with youth today, inspiring them to innovate and grow. I
love seeing the ideas flow from them as they figure out new and creative ways to
use technology. And I truly love being able to see how this technology can
enhance people's lives.

With that said, we need to take a serious look at how we secure this future. In
2004 when I gave the keynote speech at HOPE Conference, I said that a lot of
hacking is playing with other people and getting them to do strange things. My
friend, Kevin Mitnick, has mastered this over the years in one area of security
called social engineering.

Chris’s book captures the very essence of social engineering, defining and
shaping it for all of us to understand. He has rewritten the book on it again,
defining the core principles of how we as humans make decisions and how those
very same processes can be manipulated.

Hacking has been around for a while, and human hacking has been around for as
long as humans have. This book can prepare you, protect you, and educate you
how to recognize, defend, and mitigate the risks that come from social engineering.
—Steve “Woz” Wozniak


Table of Contents
Cover
Foreword
Preface
1 A Look into the New World of Professional Social Engineering
What Has Changed?
Why Should You Read This Book?
An Overview of Social Engineering
The SE Pyramid
What's in This Book?
Summary
2 Do You See What I See?
A Real-World Example of Collecting OSINT
Nontechnical OSINT
Tools of the Trade
Summary
3 Profiling People Through Communication
The Approach
Enter the DISC
Summary
4 Becoming Anyone You Want to Be
The Principles of Pretexting
Summary
5 I Know How to Make You Like Me
The Tribe Mentality
Building Rapport as a Social Engineer
The Rapport Machine
Summary
6 Under the Influence
Principle One: Reciprocity
Principle Two: Obligation
Principle Three: Concession
Principle Four: Scarcity
Principle Five: Authority
Principle Six: Consistency and Commitment
Principle Seven: Liking
Principle Eight: Social Proof
Influence vs. Manipulation
Summary
7 Building Your Artwork
The Dynamic Rules of Framing
Elicitation
Summary
8 I Can See What You Didn't Say
Nonverbals Are Essential
All Your Baselines Belong to Us
Understand the Basics of Nonverbals
Comfort vs. Discomfort
Summary
9 Hacking the Humans
An Equal Opportunity Victimizer
The Principles of the Pentest
Phishing
Vishing
SMiShing
Impersonation
Reporting
Top Questions for the SE Pentester
Summary
10 Do You Have a M.A.P.P.?
Step 1: Learn to Identify Social Engineering Attacks
Step 2: Develop Actionable and Realistic Policies
Step 3: Perform Regular Real-World Checkups
Step 4: Implement Applicable Security-Awareness Programs
Tie It All Together
Gotta Keep 'Em Updated
Let the Mistakes of Your Peers Be Your Teacher
Create a Security Awareness Culture
Summary
11 Now What?
Soft Skills for Becoming an Social Engineer
Technical Skills
Education
Job Prospects
The Future of Social Engineering
Index
End User License Agreement


Bookscreen
e-books shop

PREFACE
Social engineering—I can remember when searching for that term led you to
videos on getting free burgers or dates with girls. Now it seems like it's almost a
household term. Just the other day I heard a friend of the family, who's not in
this industry at all, talking about an email scam. She said, “Well, that's just a
great example of social engineering!”
It threw me for a loop for a second, but here we are, eight years after my
decision to start a company solely focused on social engineering, and now it's a
full-blown industry and household term.
If you were to just start reading this book it would be easy to mistake my
intentions. You might think I am fully okay with arming the bad guys or
preparing them for nefarious acts. That cannot be further from the truth.

When I wrote my first book, there were many folks who, during interviews, got
very upset with me and said I was arming the malicious social engineers. I felt
the same then as I do now: you cannot really defend against social engineering
until you know all sides of its use. Social engineering is a tool like a hammer,
shovel, knife, or even a gun. Each has a purpose that can be used to build, save,
feed, or survive; each tool also can be used to maim, kill, destroy, and ruin. For
you to understand how to use social engineering to build, feed, survive, or save,
you need to understand both uses. This is especially true if your goal is to
defend. Defending yourself and others from malicious uses of social engineering
requires that you step over into the dark side of it to get a clear picture of how it is used.

I was recently chatting with AJ Cook about her work on Criminal Minds, and
she mentioned that she often has to meet with real federal agents who work
serial-killer cases to prepare herself for playing the role of JJ on the show. The
same idea applies directly to this book.

As you read this book, do it with an open mind. I tried my hardest to put the
knowledge, experience, and practical wisdom I have learned over the last decade
onto these pages. There will always be some mistakes or something you don't
like or something you might feel was not 100% clear. Let's discuss it; reach out
to me and let's talk. You can find me on Twitter: @humanhacker. Or you can
email me from one of the websites: 
When I teach my five-day courses, I always ask the students to not treat me like
some infallible instructor. If they have knowledge, thoughts, or even feelings
that contradict something I say, I want to discuss it with them. I love learning
and expanding my understanding on these topics. I extend the same request to you.

Finally, I want to thank you. Thank you for spending some of your valuable time
with me in the pages of this book. Thank you for helping me improve over the
years. Thank you for all your feedback, ideas, critiques, and advice.
I truly hope you enjoy this book.
—Christopher Hadnagy
Loading...
DMCA.com Protection Status