Showing posts with label Network Book. Show all posts

Red Team Edition

Peter Kim

e-books shop

Purchase Now !
Just with Paypal

Book Details
 337 p
 File Size 
 8,923 KB
 File Type
 PDF format
 2018 by Secure Planet LLC 

About the Author
Peter Kim has been in the information security industry for more than 14 years
and has been running Penetration Testing/Red Teams for more than 12 years.
He has worked for multiple utility companies, Fortune 1000 entertainment
companies, government agencies, and large financial organizations. Although
he is most well-known for The Hacker Playbook series, his passions are building
a safe security community, mentoring students, and training others. He founded
and maintains one of Southern California's largest technical security clubs called
LETHAL (, performs private training at his
warehouse LETHAL Security (, and runs a boutique
penetration testing firm called Secure Planet (

Peter's main goal with The Hacker Playbook series is to instill passion into his
readers and get them to think outside the box. With the ever-changing
environment of security, he wants to help build the next generation of security professionals.
Feel free to contact Peter Kim for any of the following:
Questions about the book:
Inquiries on private training or Penetration Tests:
Twitter: @hackerplaybook

This is the third iteration of The Hacker Playbook (THP) series. Below is an
overview of all the new vulnerabilities and attacks that will be discussed. In
addition to the new content, some attacks and techniques from the prior books
(which are still relevant today) are included to eliminate the need to refer back to
the prior books. So, what's new? Some of the updated topics from the past
couple of years include:
Abusing Active Directory
Abusing Kerberos
Advanced Web Attacks
Better Ways to Move Laterally
Cloud Vulnerabilities
Faster/Smarter Password Cracking
Living Off the Land
Lateral Movement Attacks
Multiple Custom Labs
Newer Web Language Vulnerabilities
Physical Attacks
Privilege Escalation
PowerShell Attacks
Ransomware Attacks
Red Team vs Penetration Testing
Setting Up Your Red Team Infrastructure
Usable Red Team Metrics
Writing Malware and Evading AV
And so much more
Additionally, I have attempted to incorporate all of the comments and
recommendations received from readers of the first and second books. I do want
to reiterate that I am not a professional author. I just love security and love
teaching security and this is one of my passion projects. I hope you enjoy it.

This book will also provide a more in-depth look into how to set up a lab
environment in which to test your attacks, along with the newest tips and tricks
of penetration testing. Lastly, I tried to make this version easier to follow since
many schools have incorporated my book into their curricula. Whenever
possible, I have added lab sections that help provide a way to test a vulnerability or exploit.

As with the other two books, I try to keep things as realistic, or “real world”, as
possible. I also try to stay away from theoretical attacks and focus on what I
have seen from personal experience and what actually worked. I think there has
been a major shift in the industry from penetration testers to Red Teamers, and I
want to show you rather than tell you why this is so. As I stated before, my
passion is to teach and challenge others. So, my goals for you through this book
are two-fold: first, I want you to get into the mindset of an attacker and
understand “the how” of the attacks; second, I want you to take the tools and
techniques you learn and expand upon them. Reading and repeating the labs is
only one part – the main lesson I teach to my students is to let your work speak
for your talents. Instead of working on your resume (of course, you should have
a resume), I really feel that having a strong public Github repo/technical blog
speaks volumes in security over a good resume. Whether you live in the blue
defensive or red offensive world, getting involved and sharing with our security
community is imperative.

For those who did not read either of my two prior books, you might be
wondering what my experience entails. My background includes more than 12
years of penetration testing/red teaming for major financial institutions, large
utility companies, Fortune 500 entertainment companies, and government
organizations. I have also spent years teaching offensive network security at
colleges, spoken at multiple security conferences, been referenced in many
security publications, taught courses all over the country, ran multiple public
CTF competitions, and started my own security school. One of my big passion
project was building a free and open security community in Southern California
called LETHAL ( Now, with over 800+ members, monthly
meetings, CTF competitions, and more, it has become an amazing environment
for people to share, learn, and grow.

One important note is that I am using both commercial and open source tools.
For every commercial tool discussed, I try to provide an open source
counterpart. I occasionally run into some pentesters who claim they only use
open source tools. As a penetration tester, I find this statement hard to accept. If
you are supposed to emulate a “real world” attack, the “bad guys” do not have
these restrictions; therefore, you need to use any tool (commercial or open
source) that will get the job done.

A question I get often is, who is this book intended for? It is really hard to state
for whom this book is specifically intended as I truly believe anyone in security
can learn. Parts of this book might be too advanced for novice readers, some
parts might be too easy for advanced hackers, and other parts might not even be
in your field of security.

For those who are just getting into security, one of the most common things I
hear from readers is that they tend to gain the most benefit from the books after
reading them for the second or third time (making sure to leave adequate time
between reads). There is a lot of material thrown at you throughout this book
and sometimes it takes time to absorb it all. So, I would say relax, take a good
read, go through the labs/examples, build your lab, push your scripts/code to a
public Github repository, and start up a blog.

Lastly, being a Red Team member is half about technical ability and half about
having confidence. Many of the social engineering exercises require you to
overcome your nervousness and go outside your comfort zone. David Letterman
said it best, "Pretending to not be afraid is as good as actually not being afraid."
Although this should be taken with a grain of salt, sometimes you just have to
have confidence, do it, and don't look back.

Table of Contents
Notes and Disclaimer
Penetration Testing Teams vs Red Teams
1 Pregame - The Setup
Assumed Breach Exercises
Setting Up Your Campaign
Setting Up Your External Servers
Tools of the Trade
Metasploit Framework
Cobalt Strike
PowerShell Empire
Pupy Shell
2 Before the Snap - Red Team Recon
Monitoring an Environment
Regular Nmap Diffing
Web Screenshots
Cloud Scanning
Network/Service Search Engines
Manually Parsing SSL Certificates
Subdomain Discovery
Additional Open Source Resources
3 The Throw - Web Application Exploitation
Bug Bounty Programs:
Web Attacks Introduction - Cyber Space Kittens
The Red Team Web Application Attacks
Chat Support Systems Lab
Cyber Space Kittens: Chat Support Systems
Setting Up Your Web Application Hacking Machine
Analyzing a Web Application
Web Discovery
Cross-Site Scripting XSS
Blind XSS
Advanced XSS in NodeJS
XSS to Compromise
NoSQL Injections
Deserialization Attacks
Template Engine Attacks - Template Injections
JavaScript and Remote Code Execution
Server Side Request Forgery (SSRF)
XML eXternal Entities (XXE)
Advanced XXE - Out Of Band (XXE-OOB)
4 The Drive - Compromising the Network
Finding Credentials from Outside the Network
Advanced Lab
Moving Through the Network
Setting Up the Environment - Lab Network
On the Network with No Credentials
Better Responder (
PowerShell Responder
User Enumeration Without Credentials
Scanning the Network with CrackMapExec (CME)
After Compromising Your Initial Host
Privilege Escalation
Privilege Escalation Lab
Pulling Clear Text Credentials from Memory
Getting Passwords from the Windows Credential Store and Browsers
Getting Local Creds and Information from OSX
Living Off of the Land in a Windows Domain Environment
Service Principal Names
Querying Active Directory
Moving Laterally - Migrating Processes
Moving Laterally Off Your Initial Host
Lateral Movement with DCOM
Gaining Credentials from Service Accounts
Dumping the Domain Controller Hashes
Lateral Movement via RDP over the VPS
Pivoting in Linux
Privilege Escalation
Linux Lateral Movement Lab
Attacking the CSK Secure Network
5 The Screen - Social Engineering
Building Your Social Engineering (SE) Campaigns
Doppelganger Domains
How to Clone Authentication Pages
Credentials with 2FA
Microsoft Word/Excel Macro Files
Non-Macro Office Files - DDE
Hidden Encrypted Payloads
Exploiting Internal Jenkins with Social Engineering
6 The Onside Kick - Physical Attacks
Card Reader Cloners
Physical Tools to Bypass Access Points
LAN Turtle (
Packet Squirrel
Bash Bunny
Breaking into Cyber Space Kittens
7 The Quarterback Sneak - Evading AV and Network Detection
Writing Code for Red Team Campaigns
The Basics Building a Keylogger
Setting up your environment
Compiling from Source
Sample Framework
THP Custom Droppers
Shellcode vs DLLs
Running the Server
Configuring the Client and Server
Adding New Handlers
Further Exercises
Recompiling Metasploit/Meterpreter to Bypass AV and Network Detection
How to Build Metasploit/Meterpreter on Windows:
Creating a Modified Stage 0 Payload:
Application Whitelisting Bypass
Code Caves
PowerShell Obfuscation
PowerShell Without PowerShell:
8 Special Teams - Cracking, Exploits, and Tricks
Automating Metasploit with RC scripts
Automating Empire
Automating Cobalt Strike
The Future of Automation
Password Cracking
Gotta Crack Em All - Quickly Cracking as Many as You Can
Cracking the CyberSpaceKittens NTLM hashes:
Creative Campaigns
Disabling PS Logging
Windows Download File from Internet Command Line
Getting System from Local Admin
Retrieving NTLM Hashes without Touching LSASS
Building Training Labs and Monitor with Defensive Tools
9 Two-Minute Drill - From Zero to Hero
10 Post Game Analysis - Reporting
Continuing Education
About the Author
special thanks

e-books shop

In the last engagement (The Hacker Playbook 2), you were tasked with breaking
into the Cyber Kittens weapons facility. They are now back with their brand
new space division called Cyber Space Kittens (CSK). This new division took
all the lessons learned from the prior security assessment to harden their
systems, set up a local security operations center, and even create security
policies. They have hired you to see if all of their security controls have helped
their overall posture.

From the little details we have picked up, it looks like Cyber Space Kittens has
discovered a secret planet located in the Great Andromeda Nebula or
Andromeda Galaxy. This planet, located on one of the two spiral arms, is
referred to as KITT-3n. KITT-3n, whose size is double that of Earth, resides in
the binary system called OI 31337 with a star that is also twice the size of
Earth’s star. This creates a potentially habitable environment with oceans, lakes,
plants, and maybe even life…

With the hope of new life, water, and another viable planet, the space race is
real. CSK has hired us to perform a Red Team assessment to make sure they are
secure, and capable of detecting and stopping a breach. Their management has
seen and heard of all the major breaches in the last year and want to hire only the
best. This is where you come in...

Your mission, if you choose to accept it, is to find all the external and internal
vulnerabilities, use the latest exploits, use chained vulnerabilities, and see if their
defensive teams can detect or stop you.

What types of tactics, threats, and procedures are you going to have to employ?
In this campaign, you are going to need to do a ton of reconnaissance and
discovery, look for weaknesses in their external infrastructure, social engineer
employees, privilege escalate, gain internal network information, move laterally
throughout the network, and ultimately exfiltrate KITT-3n systems and databases.

Foreword by Jeff Moss

President & CEO, Black Hat, Inc

Ryan Russell Tim Mullen (Thor) FX Dan “Effugas” Kaminsky
Joe Grand Ken Pfeil Ido Durbrawsky
Mark Burnett Paul Craig

e-books shop
Stealing the Network - How to Own the Box


We would like to acknowledge the following people for their kindness and support
in making this book possible.
Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner,
Kevin Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell,
Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Kristin
Keith, Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of
Publishers Group West for sharing their incredible marketing experience and expertise.
The incredibly hard working team at Elsevier Science, including Jonathan
Bunkell, AnnHelen Lindeholm, Duncan Enright, David Burton, Rosanna
Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, and Rosie Moss for
making certain that our vision remains worldwide in scope.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie
Lim, Audrey Gan, and Joseph Chan of STP Distributors for the enthusiasm with
which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene
Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates
for all their help and enthusiasm representing our product in Canada.
Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at
Jaguar Book Group for their help with distribution of Syngress books in Canada.
David Scott,Tricia Wilden, Marilla Burgess, Annette Scott, Geoff Ebbs, Hedley
Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books
throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands,
and the Cook Islands.
Winston Lim of Global Publishing for his help and support with distribution of
Syngress books in the Philippines.
Ping Look and Jeff Moss of Black Hat for their invaluable insight into the world
of computer security and their support of the Syngress publishing program. A special
thanks to Jeff for sharing his thoughts with our readers in the Foreword to this book,
and to Ping for providing design expertise on the cover.
Syngress would like to extend a special thanks to Ryan Russell. Ryan has been
an important part of our publishing program for many years; he is a talented author
and tech editor, and an all-around good guy.Thank you Ryan.

Technical Editor
Ryan Russell has worked in the IT field for over 13 years, focusing on information
security for the last seven. He was the primary author of Hack Proofing Your Network:
Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6), and is a frequent technical
editor for the Hack Proofing series of books. He is also a technical advisor to
Syngress Publishing’s Snort 2.0 Intrusion Detection (ISBN: 1-931836-74-4). Ryan
founded the vuln-dev mailing list, and moderated it for three years under the alias
“Blue Boar.” He is a frequent lecturer at security conferences, and can often be found
participating in security mailing lists and Web site discussions. Ryan is the Director of
Software Engineering for, where he’s developing the anti-worm
product, Enforcer. One of Ryan’s favorite activities is disassembling worms.

Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya’s
Enterprise Security Practice, where he works on large-scale security infrastructure.
Dan’s experience includes two years at Cisco Systems, designing security infrastructure
for cross-organization network monitoring systems, and he is best known for his
work on the ultra-fast port scanner, scanrand, part of the “Paketto Keiretsu,” a collection
of tools that use new and unusual strategies for manipulating TCP/IP networks.
He authored the Spoofing and Tunneling chapters for Hack Proofing Your Network:
Second Edition (Syngress Publishing, ISBN: 1-928994-70-9), and has delivered presentations
at several major industry conferences, including LinuxWorld, DefCon, and
past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to
OpenSSH, integrating the majority of VPN-style functionality into the widely
deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara
Research in 1997, seeking to integrate psychological and technological theory to
create more effective systems for non-ideal but very real environments in the field.
Dan is based in Silicon Valley, CA.

FX of Phenoelit has spent the better part of the last few years becoming familiar
with the security issues faced by the foundation of the Internet, including protocol
based attacks and exploitation of Cisco routers. He has presented the results of his
work at several conferences, including DefCon, Black Hat Briefings, and the Chaos
Communication Congress. In his professional life, FX is currently employed as a
Security Solutions Consultant at n.runs GmbH, performing various security audits
for major customers in Europe. His specialty lies in security evaluation and testing of
custom applications and black box devices. FX loves to hack and hang out with his
friends in Phenoelit and wouldn’t be able to do the things he does without the continuing
support and understanding of his mother, his friends, and especially his young
lady, Bine, with her infinite patience and love.

Mark Burnett is an independent security consultant, freelance writer, and a specialist
in securing Windows-based IIS Web servers. Mark is co-author of Maximum
Windows Security and is a contributor to Dr.Tom Shinder’s ISA Server and Beyond: Real
World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN:
1-931836-66-3). He is a contributor and technical editor for Syngress Publishing’s
Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-
931836-69-8). Mark speaks at various security conferences and has published articles
in Windows & .NET, Information Security, Windows Web Solutions, Security Administrator,
and is a regular contributor at Mark also publishes articles on his
own Web site,

Joe Grand is the President and CEO of Grand Idea Studio, Inc., a product design
and development firm that brings unique inventions to market through intellectual
property licensing. As an electrical engineer, many of his creations including consumer
devices, medical products, video games and toys, are sold worldwide.A recognized
name in computer security and former member of the legendary hacker
think-tank,The L0pht, Joe’s pioneering research on product design and analysis,
mobile devices, and digital forensics is published in various industry journals. He is a
co-author of Hack Proofing Your Network, Second Edition (Syngress Publishing, ISBN 1-
928994-70-9). Joe has testified before the United States Senate Governmental Affairs
Committee on the state of government and homeland computer security. He has
presented his work at the United States Naval Post Graduate School Center for
INFOSEC Studies and Research, the United States Air Force Office of Special
Investigations, the USENIX Security Symposium, and the IBM Thomas J.Watson
Research Center. Joe is a sought after personality who has spoken at numerous universities
and industry forums.

Ido Dubrawsky (CCNA, CCDA, SCSA) is a Network Security Architect working
in the SAFE architecture group of Cisco Systems, Inc. His responsibilities include
research into network security design and implementation. Previously, Ido was a
member of Cisco’s Secure Consulting Services in Austin,TX where he conducted
security posture assessments and penetration tests for clients as well as provided technical
consulting for security design reviews. Ido was one of the co-developers of the
Secure Consulting Services wireless network assessment toolset. His strengths
include Cisco routers and switches, PIX firewalls, the Cisco Intrusion Detection
System, and the Solaris operating system. His specific interests are in freeware intrusion
detection systems. Ido holds a bachelor’s and master’s degree from the University
of Texas at Austin in Aerospace Engineering and is a longtime member of USENIX
and SAGE. He has written numerous articles covering Solaris security and network
security for Sysadmin as well as the online SecurityFocus. He is a contributor to Hack
Proofing Sun Solaris 8 (Syngress Publishing, ISBN: 1-928994-44-X) and Hack Proofing
Your Network, Second Edition (Syngress, ISBN: 1-928994-70-9). He currently resides in
Silver Spring, MD with his family.

Paul Craig is a network administrator for a major broadcasting company in New
Zealand. He has experience securing a great variety of networks and operating systems.
Paul has also done extensive research and development in digital rights management
(DRM) and copy protection systems.

Ken Pfeil is a Senior Security Consultant with Avaya’s Enterprise Security
Consulting Practice, based in New York. Ken’s IT and security experience spans over
18 years with companies such as Microsoft, Dell, Identix and Merrill Lynch in
strategic positions ranging from Systems Technical Architect to Chief Security
Officer. While at Microsoft, Ken co-authored Microsoft’s Best Practices for Enterprise
Security white paper series, was a technical contributor to the MCSE Exam, Designing
Security for Windows 2000 and official curriculum for the same. Other books Ken has
co-authored or contributed to include Hack Proofing Your Network, Second Edition
(Syngress Publishing, ISBN: 1-928994-70-9), The Definitive Guide to Network Firewalls
and VPN’s,Web Services Security, Security Planning and Disaster Recovery, and The CISSP
Study Guide. Ken holds a number of industry certifications, and participates as a
Subject Matter Expert for CompTIA’s Security+ certification. In 1998 Ken founded
The NT Toolbox Web site, where he oversaw all operations until GFI Software
acquired it in 2002. Ken is a member of ISSA’s International Privacy Advisory Board,
the New York Electronic Crimes Task Force, IEEE, IETF, and CSI.

Timothy Mullen is CIO and Chief Software Architect for AnchorIS.Com, a developer
of secure enterprise-based accounting solutions. Mullen is also a columnist for
Security Focus’ Microsoft Focus section, and a regular contributor of InFocus technical
articles. Also known as Thor, he is the founder of the “Hammer of God” security coop group.

Table of Contents
Foreword—Jeff Moss . . . . . . . . . . . . . . . . . .xix

Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . .1
Hide and Sneak—Ido Dubrawsky
If you want to hack into someone else’s network, the week
between Christmas and New Year’s Day is the best time. I love that
time of year. No one is around, and most places are running on a
skeleton crew at best. If you’re good, and you do it right, you
won’t be noticed even by the automated systems. And that was a
perfect time of year to hit these guys with their nice e-commerce
site—plenty of credit card numbers, I figured.
The people who ran this site had ticked me off. I bought some
computer hardware from them, and they took forever to ship it to
me. On top of that, when the stuff finally arrived, it was damaged.
I called their support line and asked for a return or an exchange,
but they said that they wouldn’t take the card back because it was a
closeout.Their site didn’t say that the card was a closeout! I told
the support drones that, but they wouldn’t listen.They said, “policy
is policy,” and “didn’t you read the fine print?”Well, if they’re
going to take that position…. Look, they were okay guys on the
whole.They just needed a bit of a lesson.That’s all.

Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . .21
The Worm Turns—Ryan Russell
and Tim Mullen
After a few hours, I’ve got a tool that seems to work. Geeze, 4:30
A.M. I mail it to the list for people to check out and try.
Heh, it’s tempting to use the root.exe and make the infected
boxes TFTP down my tool and fix themselves. Maybe by putting it
out there some idiot will volunteer himself. Otherwise the tool
won’t do much good, the damage is done. I’m showing like 14,000
unique IPs in my logs so far. Based on previous worms, that usually
means there are at least 10 times as many infected. At least. My
little home range is only 5 IP addresses.
I decide to hack up a little script that someone can use to
remotely install my fix program, using the root.exe hole.That way,
if someone wants to fix some of their internal boxes, they won’t
have to run around to the consoles.Then I go ahead and change it
to do a whole range of IP addresses, so admins can use it on their
whole internal network at once. When everyone gets to work
tomorrow, they’re going to need all the help they can get. I do it
in C so I can compile it to a .exe, since most people won’t have
the Windows perl installed.

Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . .47
Just Another Day at the Office
—Joe Grand
I can’t disclose much about my location. Let’s just say it’s damp and
cold. But it’s much better to be here than in jail, or dead. I thought
I had it made—simple hacks into insecure systems for tax-free dollars.
And then the ultimate heist: breaking into a sensitive lab to
steal one of the most important weapons the U.S. had been developing.
And now it’s over. I’m in a country I know nothing about,
with a new identity, doing chump work for a guy who’s fresh out
Contents xiii
of school. Each day goes by having to deal with meaningless corporate
policies and watching employees who can’t think for themselves,
just blindly following orders. And now I’m one of them. I
guess it’s just another day at the office.

Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . .79
h3X’s Adventures in Networkland—FX
h3X is a hacker, or to be more precise, she is a hackse (from hexe,
the German word for witch). Currently, h3X is on the lookout for
some printers. Printers are the best places to hide files and share
them with other folks anonymously. And since not too many
people know about that, h3X likes to store exploit codes and other
kinky stuff on printers, and point her buddies to the Web servers
that actually run on these printers. She has done this before.

Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . .133
The Thief No One Saw—Paul Craig
My eyes slowly open to the shrill sound of my phone and the
blinking LED in my dimly lit room. I answer the phone.
“Hmm … Hello?”
“Yo, Dex, it’s Silver Surfer. Look, I got a title I need you to get
for me.You cool for a bit of work?”
Silver Surfer and I go way back. He was the first person to get
me into hacking for profit. I’ve been working with him for almost
two years. Although I trust him, we don’t know each other’s real
names. My mind slowly engages. I was up till 5:00 A.M., and it’s
only 10:00 A.M. now. I still feel a little mushy.
“Sure, but what’s the target? And when is it due out?”
“Digital Designer v3 by Denizeit. It was announced being final
today and shipping by the end of the week, Mr. Chou asked for
this title personally. It’s good money if you can get it to us before
it’s in the stores.There’s been a fair bit of demand for it on the
street already.”
“Okay, I’ll see what I can do once I get some damn coffee.”
“Thanks dude. I owe you.”There’s a click as he hangs up.

Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . .155
Flying the Friendly Skies—Joe Grand
Not only am I connected to the private wireless network, I can
also access the Internet. Once I’m on the network, the underlying
wireless protocol is transparent, and I can operate just as I would
on a standard wired network. From a hacker’s point of view, this is
great. Someone could just walk into a Starbucks, hop onto their
wireless network, and attack other systems on the Internet, with
hardly any possibility of detection. Public wireless networks are
perfect for retaining your anonymity.
Thirty minutes later, I’ve finished checking my e-mail using a
secure Web mail client, read up on the news, and placed some bids
on eBay for a couple rare 1950’s baseball cards I’ve been looking
for. I’m bored again, and there is still half an hour before we’ll start
boarding the plane.

Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . .169
dis-card—Mark Burnett
One of my favorite pastimes is to let unsuspecting people do the
dirty work for me.The key here is the knowledge that you can
obtain through what I call social reverse-engineering, which is
nothing more than the analysis of people. What can you do with
social reverse-engineering? By watching how people deal with
computer technology, you’ll quickly realize how consistent people
really are.You’ll see patterns that you can use as a roadmap for
human behavior.
Humans are incredibly predictable. As a teenager, I used to
watch a late-night TV program featuring a well-known mentalist. I
watched as he consistently guessed social security numbers of audience
members. I wasn’t too impressed at first—how hard would it
be for him to place his own people in the audience to play along?
It was what he did next that intrigued me: He got the TV-viewing
audience involved. He asked everyone at home to think of a vegetable.
I thought to myself, carrot.To my surprise, the word
CARROT suddenly appeared on my TV screen. Still, that could
have been a lucky guess.

Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . .189
Social (In)Security—Ken Pfeil
While I‘m not normally a guy prone to revenge, I guess some
things just rub me the wrong way. When that happens, I rub
back—only harder. When they told me they were giving me
walking papers, all I could see was red. Just who did they think
they were dealing with anyway? I gave these clowns seven years of
sweat, weekends, and three-in-the-morning handholding. And for
what? A lousy week’s severance? I built that IT organization, and
then they turn around and say I’m no longer needed.They said
they’ve decided to “outsource” all of their IT to ICBM Global Services.
The unemployment checks are about to stop, and after
spending damn near a year trying to find another gig in this
economy, I think it’s payback time.Maybe I’ve lost a step or two
technically over the years, but I still know enough to hurt these
bastards. I’m sure I can get some information that’s worth selling to
a competitor, or maybe to get hired on with them. And can you
imagine the looks on their faces when they find out they were
hacked? If only I could be a fly on the wall.

Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . .211
BabelNet—Dan Kaminsky
Black Hat Defense: Know Your Network Better Than
The Enemy Can Afford To…
SMB—short for Server Message Block, was ultimately the protocol
behind NBT(NetBIOS over TCP/IP), the prehistoric IBM LAN
Manager, and its modern n-th generation clone,Windows File
Sharing. Elena laughed as chunkage like ECFDEECACACACACACACACACACACACACA
spewed across the display. Once upon a
time, a particularly twisted IBM engineer decided that “First Level
Encoding” might be a rational way to write the name “BSD”.
Humanly readable? Not unless you were the good Luke Kenneth
Casson Leighton, whose ability to fully grok raw SMB from hexdumps
was famed across the land, a postmodern incarnation of
sword swallowing.

Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . .235
The Art of Tracking—Mark Burnett
It’s strange how hackers think.You’d think that white hat hackers
would be on one end of the spectrum and black hat hackers on
the other. On the contrary, they are both at the same end of the
spectrum, the rest of the world on the other end.There really is no
difference between responsible hacking and evil hacking. Either
way it’s hacking.The only difference is the content. Perhaps that is
why it is so natural for a black hat to go legit, and why it is so easy
for a white hat to go black.The line between the two is fine,
mostly defined by ethics and law.To the hacker, ethics and laws
have holes just like anything else.
Many security companies like to hire reformed hackers.The
truth is that there is no such thing as a reformed hacker.They may
have their focus redirected and their rewards changed, but they are
never reformed. Getting paid to hack doesn’t make them any less
of a hacker.
Hackers are kind of like artists. An artist will learn to paint by
painting whatever they want.They could paint mountains, animals,
or perhaps nudes.They can use any medium, any canvas, and any
colors they wish. If the artist some day gets a job doing art, he
becomes a commercial artist.The only difference is that they now
paint what other people want.

Appendix . . . . . . . . . . . . . . . . . . . . . . . . .269
The Laws of Security—Ryan Russell
This book contains a series of fictional short stories demonstrating
criminal hacking techniques that are used every day. While these
stories are fictional, the dangers are obviously real. As such, we’ve
included this appendix, which discusses how to mitigate many of
the attacks detailed in this book. While not a complete reference,
these security laws can provide you with a foundation of knowledge
prevent criminal hackers from stealing your network.


e-books shop

Purchase Now !
Just with Paypal

Product details
 3.00 USD
 329 p
 File Size
 4,699 KB
 File Type
 PDF format
 2003 by Syngress Publishing, Inc 

═════ ═════

Loading... Protection Status