Showing posts with label Wiley. Show all posts

by Kevin Beaver 

Building the Foundation for Security Testing
Putting Security Testing in Motion
Hacking Network Hosts
Hacking Operating Systems
Hacking Applications.
Security Testing Aftermath
The Part of Tens

e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 5.00 USD
 Pages
 411 p
 File Size
 11,535 KB
 File Type
 PDF format
 ISBN
 978-1-119-48547-6 (pbk)
 978-1-119-48554-4 (ebk)
 978-1-119-48551-3 (ebk)
 Copyright   
 2018 by John Wiley & Sons, Inc   

Introduction
Welcome to Hacking For Dummies, 6th Edition. This book outlines — in
plain English — computer hacking tricks and techniques that you can
use to assess the security of your information systems, find the vulnerabilities
that matter, and fix the weaknesses before criminal hackers and malicious
insiders take advantage of them. This hacking is the professional, aboveboard, and
legal type of security testing — which I refer to as ethical hacking or vulnerability
and penetration testing throughout the book.

Computer and network security is a complex subject and an ever-moving target.
You must stay on top of it to ensure that your information is protected from the
bad guys. The techniques and tools outlined in this book can help.
You could implement all the security technologies and other best practices possible,
and your network environment might be secure — as far as you know. But unless and
until you understand how malicious attackers think, apply that knowledge, and use
the right tools to assess your systems from their point of view, it’s practically
impossible to have a true sense of how secure your systems and information really are.

Ethical hacking (or, more simply, security assessments), which encompasses formal
and methodical vulnerability and penetration testing, is necessary to find
security flaws and to validate that your information systems are truly secure on an
ongoing basis. This book provides you the knowledge you need to successfully
implement a security assessment program, perform proper security checks, and
put the proper countermeasures in place to keep external hackers and malicious
users in check.

About This Book
Hacking For Dummies is a reference guide on hacking your systems to improve
security and minimize business risks. The security testing techniques are based on
written and unwritten rules of computer system penetration testing, vulnerability
testing, and information security best practices. This book covers everything from
establishing your testing plan to assessing your systems to plugging the holes and
managing an ongoing security testing program.

Realistically, for most networks, operating systems, and applications, thousands
of possible vulnerabilities exist. I don’t cover them all, but I do cover the big ones
on various platforms and systems that I believe contribute to most security problems
in business today. I cover basic Pareto principle (80/20 rule) stuff, with the
goal of helping you find the 20 percent of the issues that create 80 percent of your
security risks. Whether you need to assess security vulnerabilities on a small
home-office network, a medium-size corporate network, or large enterprise systems,
Hacking For Dummies provides the information you need.
This book includes the following features:
»»Various technical and nontechnical tests and their detailed methodologies.
»»Specific countermeasures to protect against hacking and breaches.
Before you start testing your systems, familiarize yourself with the information in
Part 1 so that you’re prepared for the tasks at hand. The adage “If you fail to plan,
you plan to fail” rings true for the security assessment process. You must have a
solid game plan in place if you’re going to be successful.

Table of Contents
INTRODUCTION. 1
About This Book. 1
Foolish Assumptions. 2
Icons Used in This Book. 3
Beyond the Book. 3
Where to Go from Here. 4
PART 1: BUILDING THE FOUNDATION FOR
SECURITY TESTING. 5
CHAPTER 1: Introduction to Vulnerability and Penetration Testing. 7
Straightening Out the Terminology . 7
Hacker. 8
Malicious user . 9
Recognizing How Malicious Attackers Beget Ethical Hackers. 10
Vulnerability and penetration testing versus auditing. 10
Policy considerations . 11
Compliance and regulatory concerns. 12
Understanding the Need to Hack Your Own Systems. 12
Understanding the Dangers Your Systems Face. 14
Nontechnical attacks. 14
Network infrastructure attacks. 15
Operating system attacks. 15
Application and other specialized attacks. 15
Following the Security Assessment Principles .16
Working ethically. 16
Respecting privacy. 17
Not crashing your systems. 17
Using the Vulnerability and Penetration Testing Process. 18
Formulating your plan . 18
Selecting tools . 20
Executing the plan. 22
Evaluating results . 23
Moving on. 23
CHAPTER 2: Cracking the Hacker Mindset . 25
What You’re Up Against. 25
Who Breaks into Computer Systems. 28
Hacker skill levels. 28
Hacker motivations. 30
Why They Do It. 30
Planning and Performing Attacks. 33
Maintaining Anonymity  .35
CHAPTER 3: Developing Your Security Testing Plan. 37
Establishing Your Goals . 37
Determining Which Systems to Test. 40
Creating Testing Standards. 43
Timing your tests. 43
Running specific tests. 44
Conducting blind versus knowledge assessments. 45
Picking your location. 46
Responding to vulnerabilities you find. 46
Making silly assumptions. 46
Selecting Security Assessment Tools. 47
CHAPTER 4: Hacking Methodology . 49
Setting the Stage for Testing. 49
Seeing What Others See. 51
Scanning Systems. 52
Hosts. 53
Open ports. 53
Determining What’s Running on Open Ports . 54
Assessing Vulnerabilities . 56
Penetrating the System . 58
PART 2: PUTTING SECURITY TESTING IN MOTION. 59
CHAPTER 5: Information Gathering. 61
Gathering Public Information . 61
Social media. 62
Web search. 62
Web crawling. 63
Websites. 64
Mapping the Network. 64
WHOIS. 65
Privacy policies. 66
CHAPTER 6: Social Engineering. 67
Introducing Social Engineering. 67
Starting Your Social Engineering Tests. 68
Knowing Why Attackers Use Social Engineering. 69
Understanding the Implications. 70
Building trust. 71
Exploiting the relationship. 72
Performing Social Engineering Attacks . 74
Determining a goal. 75
Seeking information. 75
Social Engineering Countermeasures . 80
Policies . 80
User awareness and training. 80
CHAPTER 7: Physical Security. 83
Identifying Basic Physical Security Vulnerabilities . 84
Pinpointing Physical Vulnerabilities in Your Office. 85
Building infrastructure. 85
Utilities . 87
Office layout and use . 88
Network components and computers. 90
CHAPTER 8: Passwords. 95
Understanding Password Vulnerabilities. 96
Organizational password vulnerabilities. 97
Technical password vulnerabilities. 97
Cracking Passwords . 98
Cracking passwords the old-fashioned way . 99
Cracking passwords with high-tech tools. 102
Cracking password-protected files. 110
Understanding other ways to crack passwords. 112
General Password Cracking Countermeasures . 117
Storing passwords. 118
Creating password policies . 118
Taking other countermeasures. 120
Securing Operating Systems. 121
Windows. 121
Linux and Unix. 122
PART 3: HACKING NETWORK HOSTS. 123
CHAPTER 9: Network Infrastructure Systems. 125
Understanding Network Infrastructure Vulnerabilities. 126
Choosing Tools. 127
Scanners and analyzers. 128
Vulnerability assessment. 128
Scanning, Poking, and Prodding the Network. 129
Scanning ports. 129
Scanning SNMP. 135
Grabbing banners. 137
Testing firewall rules. 138
Analyzing network data . 140
The MAC-daddy attack. 147
Testing denial of service attacks. 152
Detecting Common Router, Switch, and Firewall Weaknesses. 155
Finding unsecured interfaces . 155
Uncovering issues with SSL and TLS. 156
Putting Up General Network Defenses . 156
CHAPTER 10: Wireless Networks. 159
Understanding the Implications of Wireless Network
Vulnerabilities . 159
Choosing Your Tools. 160
Discovering Wireless Networks. 162
Checking for worldwide recognition. 162
Scanning your local airwaves. 163
Discovering Wireless Network Attacks and Taking
Countermeasures. 165
Encrypted traffic . 167
Countermeasures against encrypted traffic attacks . 170
Wi-Fi Protected Setup. 172
Countermeasures against the WPS PIN flaw. 175
Rogue wireless devices. 175
Countermeasures against rogue wireless devices. 179
MAC spoofing. 179
Countermeasures against MAC spoofing . 183
Physical security problems. 183
Countermeasures against physical security problems. 184
Vulnerable wireless workstations. 185
Countermeasures against vulnerable wireless workstations. 185
Default configuration settings. 185
Countermeasures against default configuration settings
exploits. 186
CHAPTER 11: Mobile Devices. 187
Sizing Up Mobile Vulnerabilities. 187
Cracking Laptop Passwords. 188
Choosing your tools . 188
Applying countermeasures . 193
Cracking Phones and Tablets. 193
Cracking iOS passwords. 194
Taking countermeasures against password cracking . 197
PART 4: HACKING OPERATING SYSTEMS. 199
CHAPTER 12: Windows. 201
Introducing Windows Vulnerabilities. 202
Choosing Tools.  203
Free Microsoft tools . 203
All-in-one assessment tools. 204
Task-specific tools. 204
Gathering Information About Your Windows Vulnerabilities. 205
System scanning. 205
NetBIOS. 208
Detecting Null Sessions . 210
Mapping. 211
Gleaning information. 212
Countermeasures against null-session hacks. 214
Checking Share Permissions. 215
Windows defaults . 216
Testing. 216
Exploiting Missing Patches. 217
Using Metasploit. 220
Countermeasures against missing patch vulnerability
exploits. 224
Running Authenticated Scans. 225
CHAPTER 13: Linux and macOS. 227
Understanding Linux Vulnerabilities . 228
Choosing Tools. 229
Gathering Information About Your System Vulnerabilities. 229
System scanning. 229
Countermeasures against system scanning. 233
Finding Unneeded and Unsecured Services. 234
Searches. 234
Countermeasures against attacks on unneeded services. 236
Securing the .rhosts and hosts.equiv Files . 238
Hacks using the hosts.equiv and .rhosts files. 239
Countermeasures against .rhosts and hosts.equiv
file attacks. 240
Assessing the Security of NFS. 241
NFS hacks. 241
Countermeasures against NFS attacks. 242
Checking File Permissions. 242
File permission hacks. 243
Countermeasures against file permission attacks. 243
Finding Buffer Overflow Vulnerabilities. 244
Attacks. 244
Countermeasures against buffer overflow attacks . 245
Checking Physical Security. 245
Physical security hacks. 245
Countermeasures against physical security attacks . 245
Performing General Security Tests. 246
Patching . 248
Distribution updates. 248
Multiplatform update managers. 249
PART 5: HACKING APPLICATIONS. 251
CHAPTER 14: Communication and Messaging Systems. 253
Introducing Messaging System Vulnerabilities. 253
Recognizing and Countering Email Attacks. 254
Email bombs. 255
Banners. 258
SMTP attacks . 260
General best practices for minimizing email security risks. 269
Understanding VoIP . 270
VoIP vulnerabilities. 271
Countermeasures against VoIP vulnerabilities. 275
CHAPTER 15: Web Applications and Mobile Apps . 277
Choosing Your Web Security Testing Tools. 278
Seeking Out Web Vulnerabilities. 279
Directory traversal. 279
Countermeasures against directory traversals. 283
Input-filtering attacks. 283
Countermeasures against input attacks . 290
Default script attacks . 291
Countermeasures against default script attacks . 293
Unsecured login mechanisms. 293
Countermeasures against unsecured login systems. 297
Performing general security scans for web application
vulnerabilities. 297
Minimizing Web Security Risks . 298
Practicing security by obscurity. 299
Putting up firewalls. 300
Analyzing source code . 300
Uncovering Mobile App Flaws. 301
CHAPTER 16: Databases and Storage Systems. 303
Diving Into Databases. 303
Choosing tools. 304
Finding databases on the network. 304
Cracking database passwords. 305
Scanning databases for vulnerabilities. .306
Following Best Practices for Minimizing Database
Security Risks. 307
Opening Up About Storage Systems . 308
Choosing tools. 309
Finding storage systems on the network. 309
Rooting out sensitive text in network files. 310
Following Best Practices for Minimizing Storage
Security Risks. 312
PART 6: SECURITY TESTING AFTERMATH. 315
CHAPTER 17: Reporting Your Results. 317
Pulling the Results Together . 317
Prioritizing Vulnerabilities . 319
Creating Reports. 321
CHAPTER 18: Plugging Your Security Holes. 323
Turning Your Reports into Action. 323
Patching for Perfection. 324
Patch management. 325
Patch automation . 325
Hardening Your Systems. 326
Assessing Your Security Infrastructure . 328
CHAPTER 19: Managing Security Processes 331
Automating the Security Assessment Process . 331
Monitoring Malicious Use.  332
Outsourcing Security Assessments. 334
Instilling a Security-Aware Mindset. 336
Keeping Up with Other Security Efforts. 337
PART 7: THE PART OF TENS. 339
CHAPTER 20: Ten Tips for Getting Security Buy-In. 341
Cultivate an Ally and a Sponsor. 341
Don’t Be a FUDdy-Duddy. 342
Demonstrate That the Organization Can’t Afford to Be Hacked . 342
Outline the General Benefits of Security Testing. 343
Show How Security Testing Specifically Helps the Organization. 344
Get Involved in the Business. 344
Establish Your Credibility. 345
Speak on Management’s Level . 345
Show Value in Your Efforts. 346
Be Flexible and Adaptable. 346
CHAPTER 21: Ten Reasons Hacking Is the Only Effective
Way to Test. 347
The Bad Guys Think Bad Thoughts, Use Good Tools,
and Develop New Methods. 347
IT Governance and Compliance Are More Than
High-Level Checklist Audits . 348
Vulnerability and Penetration Testing Complements
Audits and Security Evaluations . 348
Customers and Partners Will Ask How Secure
Your Systems Are . 348
The Law of Averages Works Against Businesses . 349
Security Assessments Improve Understanding
of Business Threats. 349
If a Breach Occurs, You Have Something to Fall Back On. 349
In-Depth Testing Brings Out the Worst in Your Systems. 350
Combined Vulnerability and Penetration Testing Is
What You Need. 350
Proper Testing Can Uncover Overlooked Weaknesses. 350
CHAPTER 22: Ten Deadly Mistakes. 351
Not Getting Approval . 351
Assuming That You Can Find All Vulnerabilities. 352
Assuming That You Can Eliminate All Vulnerabilities. 352
Performing Tests Only Once. 353
Thinking That You Know It All . 353
Running Your Tests Without Looking at Things from
a Hacker’s Viewpoint. 353
Not Testing the Right Systems. 354
Not Using the Right Tools. 354
Pounding Production Systems at the Wrong Time. 354
Outsourcing Testing and Not Staying Involved. 355
APPENDIX: TOOLS AND RESOURCES. 357
INDEX . 375

Bookscreen
e-books shop

Christopher Hadnagy

Second Edition


e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 4.00 USD
 Pages
 362 p
 File Size
 7,200 KB
 File Type
 PDF format 
 ISBN             
 978-1-119-43375-0
 Copyright   
 2018 Christopher Hadnagy  

About the Author
CHRISTOPHER HADNAGY
is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and DerbyCon,as well as the creator of the popular Social Engineering Capture the Flag (SECTF). He is a sought-after speaker and trainer and even has debriefed the Pentagon on these topics. He can be found tweeting at @humanhacker.

FOREWORD
When I started Apple Computers in 1976 with Steve Jobs, I did not imagine
where that invention would take the world. I wanted to do something that was
unheard of: create a personal computer. One that any person could use, enjoy,
and benefit from. Jump forward only a short 40 or so years and that vision is a reality.

With billions of personal computers around the globe, smartphones, smart
devices, and technology being embedded into every aspect of our lives, it is
important to take a step back and look at how we maintain safety and security
while still innovating and growing and working with the next generation.
I love getting to work with youth today, inspiring them to innovate and grow. I
love seeing the ideas flow from them as they figure out new and creative ways to
use technology. And I truly love being able to see how this technology can
enhance people's lives.

With that said, we need to take a serious look at how we secure this future. In
2004 when I gave the keynote speech at HOPE Conference, I said that a lot of
hacking is playing with other people and getting them to do strange things. My
friend, Kevin Mitnick, has mastered this over the years in one area of security
called social engineering.

Chris’s book captures the very essence of social engineering, defining and
shaping it for all of us to understand. He has rewritten the book on it again,
defining the core principles of how we as humans make decisions and how those
very same processes can be manipulated.

Hacking has been around for a while, and human hacking has been around for as
long as humans have. This book can prepare you, protect you, and educate you
how to recognize, defend, and mitigate the risks that come from social engineering.
—Steve “Woz” Wozniak


Table of Contents
Cover
Foreword
Preface
1 A Look into the New World of Professional Social Engineering
What Has Changed?
Why Should You Read This Book?
An Overview of Social Engineering
The SE Pyramid
What's in This Book?
Summary
2 Do You See What I See?
A Real-World Example of Collecting OSINT
Nontechnical OSINT
Tools of the Trade
Summary
3 Profiling People Through Communication
The Approach
Enter the DISC
Summary
4 Becoming Anyone You Want to Be
The Principles of Pretexting
Summary
5 I Know How to Make You Like Me
The Tribe Mentality
Building Rapport as a Social Engineer
The Rapport Machine
Summary
6 Under the Influence
Principle One: Reciprocity
Principle Two: Obligation
Principle Three: Concession
Principle Four: Scarcity
Principle Five: Authority
Principle Six: Consistency and Commitment
Principle Seven: Liking
Principle Eight: Social Proof
Influence vs. Manipulation
Summary
7 Building Your Artwork
The Dynamic Rules of Framing
Elicitation
Summary
8 I Can See What You Didn't Say
Nonverbals Are Essential
All Your Baselines Belong to Us
Understand the Basics of Nonverbals
Comfort vs. Discomfort
Summary
9 Hacking the Humans
An Equal Opportunity Victimizer
The Principles of the Pentest
Phishing
Vishing
SMiShing
Impersonation
Reporting
Top Questions for the SE Pentester
Summary
10 Do You Have a M.A.P.P.?
Step 1: Learn to Identify Social Engineering Attacks
Step 2: Develop Actionable and Realistic Policies
Step 3: Perform Regular Real-World Checkups
Step 4: Implement Applicable Security-Awareness Programs
Tie It All Together
Gotta Keep 'Em Updated
Let the Mistakes of Your Peers Be Your Teacher
Create a Security Awareness Culture
Summary
11 Now What?
Soft Skills for Becoming an Social Engineer
Technical Skills
Education
Job Prospects
The Future of Social Engineering
Index
End User License Agreement


Bookscreen
e-books shop

PREFACE
Social engineering—I can remember when searching for that term led you to
videos on getting free burgers or dates with girls. Now it seems like it's almost a
household term. Just the other day I heard a friend of the family, who's not in
this industry at all, talking about an email scam. She said, “Well, that's just a
great example of social engineering!”
It threw me for a loop for a second, but here we are, eight years after my
decision to start a company solely focused on social engineering, and now it's a
full-blown industry and household term.
If you were to just start reading this book it would be easy to mistake my
intentions. You might think I am fully okay with arming the bad guys or
preparing them for nefarious acts. That cannot be further from the truth.

When I wrote my first book, there were many folks who, during interviews, got
very upset with me and said I was arming the malicious social engineers. I felt
the same then as I do now: you cannot really defend against social engineering
until you know all sides of its use. Social engineering is a tool like a hammer,
shovel, knife, or even a gun. Each has a purpose that can be used to build, save,
feed, or survive; each tool also can be used to maim, kill, destroy, and ruin. For
you to understand how to use social engineering to build, feed, survive, or save,
you need to understand both uses. This is especially true if your goal is to
defend. Defending yourself and others from malicious uses of social engineering
requires that you step over into the dark side of it to get a clear picture of how it is used.

I was recently chatting with AJ Cook about her work on Criminal Minds, and
she mentioned that she often has to meet with real federal agents who work
serial-killer cases to prepare herself for playing the role of JJ on the show. The
same idea applies directly to this book.

As you read this book, do it with an open mind. I tried my hardest to put the
knowledge, experience, and practical wisdom I have learned over the last decade
onto these pages. There will always be some mistakes or something you don't
like or something you might feel was not 100% clear. Let's discuss it; reach out
to me and let's talk. You can find me on Twitter: @humanhacker. Or you can
email me from one of the websites: 
When I teach my five-day courses, I always ask the students to not treat me like
some infallible instructor. If they have knowledge, thoughts, or even feelings
that contradict something I say, I want to discuss it with them. I love learning
and expanding my understanding on these topics. I extend the same request to you.

Finally, I want to thank you. Thank you for spending some of your valuable time
with me in the pages of this book. Thank you for helping me improve over the
years. Thank you for all your feedback, ideas, critiques, and advice.
I truly hope you enjoy this book.
—Christopher Hadnagy

Wil Allsopp 


e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 3.00 USD
 Pages
 297 p
 File Size
 6,447 KB
 File Type
 PDF format
 ISBN
 978-1-119-36768-0
 Copyright   
 2017 Wiley   

Introduction
There is an old yet erroneous belief that fortune favors the brave. Fortune has
and always will favor the prepared. When your organization experiences a
serious security incident (and it will), it's your level of preparedness based on the
understanding of the inevitability of such an event that will guide a successful
recovery. It doesn't matter if you're responsible for the security of a local
community college or if you're the CISO of an international bank—this fact will
always remain true.
To quote Howard Ruff, “It wasn't raining when Noah built the ark.”
The first step to being prepared is being aware.

Coming Full Circle
There has always been the impression that you have to patch your systems and
secure your networks because hackers are scanning vast address ranges looking
for victims who haven't done these things and they'll take whatever vulnerable
systems they can get. In a sense that's true—there have always been those who
are satisfied with low hanging fruit. It was true back in the 80s as well—war
dialing on the PSTN and such attacks are usually trivial to guard against if you
know what you're up against. However, if you are specifically targeted by
someone with time and resources, you have a problem of an altogether different
magnitude. Put simply, gaining access to corporate systems by patiently
targeting the users was usually the best way to go in the 80s and it's usually the
best way now. However, the security industry, like any other, is constantly
looking to sell “new” products and services with different names and to do that,
a buzzword is required. The one that stuck was advanced persistent threat.

Advanced Persistent Threat (APT)
What differentiates an APT from a more traditional intrusion is that it is strongly
goal-oriented. The attacker is looking for something (proprietary data for
example) and is prepared to be as patient as is necessary to acquire it. While I
don't recommend breaking complex processes down into simple lists or
flowcharts, all APTs generally have the following characteristics:
Initial compromise—Usually performed or assisted by the use of social
engineering techniques. An attack against a client will include a core
technical component (such as a Java applet), but without a convincing
pretext, such an attack is usually doomed to failure. A pretext can be
anything but is successful when tailored to the target and its employees.
Casting a wide net to catch the low hanging fruit (to mix my metaphors) is
not an acceptable way to model APTs and is certainly not how your
adversaries are doing things.
Establish beachhead—Ensure future access to compromised assets without
needing a repeat initial intrusion. This is where Command & Control (C2)
comes in to play and it's best to have something that you've created yourself;
that you fully understand and can customize according to your needs. This is
a key point in this book that I make a number of times when discussing the
various aspects of C2—it needs to be secure but its traffic has to look
legitimate. There are easy solutions to this problem.
Escalate privileges—Gain local and ultimately domain administrator access.
There are many ways this can be achieved; this book will dedicate
considerable space to the best and most reliable methods as well as some
concepts that are more subtle.
Internal reconnaissance—Collect information on surrounding infrastructure,
trust relationships, and the Windows domain structure. Situational awareness
is critical to the success of any APT.
Network colonization—Expand control to other network assets using
harvested administrative credentials or other attacks. This is also referred to
as lateral movement, where an attacker (having established a stable base of
operations within the target network) will spread influence across the
infrastructure and exploit other hosts.
Persist—Ensure continued control via Command & Control. Persistence
essentially means being able to access your target whenever you want
regardless of whether a machine is rebooted.
Complete mission—Exfiltrate stolen data. The most important part of any
APT. The attacker is not interested in vandalizing systems, defacing web
pages, or stealing credit card numbers (unless any of these things advances
the final goal). There is always a well-defined target in mind and that target
is almost always proprietary data—the mission is completed when that data
has been located and liberated.
I am a penetration tester by trade (a professional “hacker,” if you like) working
I am a penetration tester by trade (a professional “hacker,” if you like) working
for every possible kind of client and market vertical over the best part of two
decades. This book speaks from that narrative. I want to show how conventional
penetration testing is next to useless when attempting to protect organizations
against a targeted APT attack. Only by going beyond the stagnant nature of
contemporary penetration testing methodologies can this hope to be achieved.
Potential adversaries today include organized crime and nation states—it's worth
pointing out that foreign intelligence agencies (of any nation) are heavily
invested in industrial espionage, and not just against hostile nations.

Table of Contents
Cover
Title Page
Introduction
Coming Full Circle
Advanced Persistent Threat (APT)
Next Generation Technology
Hackers
Forget Everything You Think You Know About Penetration Testing
How This Book Is Organized
Chapter 1: Medical Records (In)security
An Introduction to Simulating Advanced Persistent Threat
Background and Mission Briefing
Payload Delivery Part 1: Learning How to Use the VBA Macro
Command and Control Part 1: Basics and Essentials
The Attack
Summary
Exercises
Chapter 2: Stealing Research
Background and Mission Briefing
Payload Delivery Part 2: Using the Java Applet for Payload Delivery
Notes on Payload Persistence
Command and Control Part 2: Advanced Attack Management
The Attack
Summary
Exercises
Chapter 3: Twenty-First Century Heist
What Might Work?
Nothing Is Secure
Organizational Politics
APT Modeling versus Traditional Penetration Testing
Background and Mission Briefing
Command and Control Part III: Advanced Channels and Data
Exfiltration
Payload Delivery Part III: Physical Media
The Attack
Summary
Exercises
Chapter 4: Pharma Karma
Background and Mission Briefing
Payload Delivery Part IV: Client-Side Exploits 1
Command and Control Part IV: Metasploit Integration
The Attack
Summary
Exercises
Chapter 5: Guns and Ammo
Background and Mission Briefing
Payload Delivery Part V: Simulating a Ransomware Attack
Command and Control Part V: Creating a Covert C2 Solution
New Strategies in Stealth and Deployment
The Attack
Summary
Exercises
Chapter 6: Criminal Intelligence
Payload Delivery Part VI: Deploying with HTA
Privilege Escalation in Microsoft Windows
Command and Control Part VI: The Creeper Box
The Attack
Summary
Exercises
Chapter 7: War Games
Background and Mission Briefing
Payload Delivery Part VII: USB Shotgun Attack
Command and Control Part VII: Advanced Autonomous Data
Exfiltration
The Attack
Summary
Exercises
Chapter 8: Hack Journalists
Briefing
Advanced Concepts in Social Engineering
C2 Part VIII: Experimental Concepts in Command and Control
Payload Delivery Part VIII: Miscellaneous Rich Web Content
The Attack
Summary
Exercises
Chapter 9: Northern Exposure
Overview
Operating Systems
North Korean Public IP Space
The North Korean Telephone System
Approved Mobile Devices
The “Walled Garden”: The Kwangmyong Intranet
Audio and Video Eavesdropping
Summary
Exercises
End User License Agreement


Bookscreen
e-books shop

How This Book Is Organized
In this book, as stated, I'm going to examine APT modeling in the real world, but
I'm also going to go a little further than that. I will present a working APT
testing framework and in each chapter will add another layer of functionality as
needed to solve different problems and apply the result to the target
environments in discussion. In doing so, I will be completely code-agnostic
where possible; however, a solid knowledge of programming is essential as you
will be required to create your own tools—sometimes in languages you may be
unfamiliar with.
Each of the chapters of this book discusses my experience of APT modeling
against specific industries. As such, each chapter introduces new concepts, new
ideas, and lessons to take away. I believe it's valuable to break this work down
by industry as environments, attitudes to security, and indeed the competence of
those performing network defense varies widely across different sectors. If you
are a pen tester, you will learn something. If you have the unenviable task of
keeping intruders out of your organization's system, you will learn things that
will keep you up at night but also show you how to build more resilient defenses.
Rather than approach the subject matter as a dry technical manual, each chapter
follows a similar format—the context of a wide range of separate industries will
be the background against which new technologies, attacks, and themes are
explored. This includes not only successful vectors of attack but such vital
concepts as privilege escalation, avoiding malware detection, situation
awareness, lateral movement, and many more skills that are critical to a
successful understanding of both APT and how to model it. The goal is not
simply to provide a collection of code and scripts, although many examples are
given, but to encourage a broad and organic understanding of the problems and
their solutions so that the readers will think about them in new ways and be able
to confidently develop their own tools.

Chapter 1, “Medical Records (In)Security,” discusses attacks to hospital
infrastructure with concepts such as macro attacks and man-in-the-browser
techniques. Introduction to Command & Control (C2) is explored.
Chapter 2, “Stealing Research,” will explore attacks using Java Applets and
more advanced C2 within the context of an attack against a research university.
Chapter 3, “Twenty-First Century Heist,” considers ways of penetrating
high-security targets such as banks and highly advanced C2 techniques using
the DNS protocol.
Chapter 4, “Pharma Karma,” examines an attack against a pharmaceutical
company and against this backdrop introduces client-side exploits and
integrating third-party frameworks such as Metasploit into your C2.
Chapter 5, “Guns and Ammo,” examines ransomware simulation and using
Tor hidden services to mask the physical location of the C2 infrastructure.
Chapter 6, “Criminal Intelligence,” uses the backdrop of an intrusion against
a police HQ to illustrate the use of “creeper” boxes for long-term
engagements where temporary physical access is possible. Other concepts
such as privilege escalation and deploying attacks using HTML applications are introduced.
Chapter 7, “War Games,” discusses an attack against a classified data
network and explains concepts such as open source intelligence gathering
and advanced concepts in Command & Control.
Chapter 8, “Hack Journalists,” shows how to attack a publisher and use their
own technologies and workflows against them. Emerging rich media content
and experimental C2 methodologies are considered. Advanced concepts in
social engineering are introduced.
Chapter 9, “Northern Exposure,” is a hypothetical attack against a hostile
rogue state by a government Tailored Access Operations (TAO) team. North
Korea is used as a convenient example. We discuss advanced discreet
network mapping and means of attacking smartphones, including the
creation of hostile code for iOS and Android phones.
So, without further ado—on with the show.

by Kevin Beaver and Peter T.Davis

Foreword by Devin K.Akin

Chief Technology Officer, 
The Certified Wireless Network Professional (CWNP) Program

at a Glace

Part I: Building the Foundation for Testing Wireless Networks
Introduction to Wireless Hacking
The Wireless Hacking Process 
Implementing a Testing Methodology
Amassing Your War Chest
Part II: Getting Rolling with Common Wi-Fi Hacks 
Human (In)Security
Containing the Airwaves
Hacking Wireless Clients
Discovering Default Settings
Wardriving
Part III: Advanced Wi-Fi Hacks
Still at War
Unauthorized Wireless Devices
Network Attacks
Denial-of-Service Attacks
Cracking Encryption
Authenticating Users
Part IV: The Part of Tens
Ten Essential Tools for Hacking Wireless Networks
Ten Wireless Security-Testing Mistakes 
Ten Tips for Following Up after Your Testing
Part V: Appendixes
Appendix A: Wireless Hacking Resources
Appendix B: Glossary of Acronyms

e-books shop

Purchase Now !
Just with Paypal



Book Details
 Price
 2.00 USD
 Pages
 387 p
 File Size
 11,233 KB
 File Type
 PDF format
 ISBN-13
 ISBN-10
 978-0-7645-9730-5
 0-7645-9730-2
 Copyright   
 2005 by Wiley Publishing, Inc 

About the Author
Kevin Beaver is founder and information security advisor with Principle
Logic, LLC, an Atlanta-based information-security services firm. He has over
17 years of experience in the IT industry and specializes in information
security assessments for those who take security seriously — and incident
response for those who don’t. Before starting his own information-security
services business, Kevin served in various information-technology and security
roles for several healthcare, e-commerce, financial, and educational institutions.

Kevin is author of Hacking For Dummies as well as the e-book The Definitive
Guide to Email Management and Security (Realtimepublishers.com). In addition,
Kevin co-authored The Practical Guide to HIPAA Privacy and Security
Compliance (Auerbach Publications). He was also a contributing author and
editor of Healthcare Information Systems, 2nd ed., (Auerbach Publications),
and technical editor of Network Security For Dummies.

Kevin is a regular columnist and information-security expert for SearchSecurity.
com, SearchWindowsSecurity.com, SearchNetworking.com, SearchExchange.
com, and SearchSmallBizIT.com. He also serves as a contributing editor
for HCPro’s Briefings on HIPAA newsletter and is a Security Clinic Expert
for ITsecurity.com. In addition, Kevin’s information-security work has
been published in Information Security Magazine, SecurityFocus.com,
and Computerworld.com. Kevin is an information-security instructor for
the Southeast Cybercrime Institute, and frequently speaks on information
security at various conferences for CSI, TechTarget, IIA, SecureWorld Expo,
and the Cybercrime Summit.

Kevin earned his bachelor’s degree in Computer Engineering Technology from
Southern Polytechnic State University and his master’s degree in Management
of Technology from Georgia Tech. He also holds MCSE, Master CNE, and IT
Project+ certifications. Kevin can be reached at kbeaver@principlelogic.com.
Peter T. Davis (CISA, CMA, CISSP, CWNA, CCNA, CMC, CISM) founded Peter
Davis+Associates (a very original name) as a firm specializing in the security,
audit, and control of information. A 30-year information-systems veteran,
Mr. Davis’s career includes positions as programmer, systems analyst, security
administrator, security planner, information-systems auditor, and consultant.
Peter is also the founder (and past President) of the Toronto ISSA chapter,
past Recording Secretary of the ISSA’s International Board, and past Computer
Security Institute Advisory Committee member. Mr. Davis has written or
co-written numerous articles and 10 books, including Wireless Networks For
Dummies and Securing and Controlling Cisco Routers. In addition, Peter was
the technical editor for Hacking For Dummies and Norton Internet Security
For Dummies. Peter is listed in the International Who’s Who of Professionals.
In addition, he was only the third editor in the three-decade history of
EDPACS, a publication in the field of security, audit, and control. He finds
time to be a part-time lecturer in data communications at Seneca College
(http://cs.senecac.on.ca). He lives with his wife Janet, daughter Kelly,
two cats, and a dog in Toronto, Ontario.

About This Book
Hacking Wireless Networks For Dummies is inspired by the original Hacking
For Dummies book that Kevin authored and Peter performed the technical
editing. Hacking For Dummies covered a broad range of security testing
topics, but this book focuses specifically on 802.11-based wireless networks.
The techniques we outline are based on information-security best practices,
as well as various unwritten rules of engagement. This book covers the entire
ethical-hacking process, from establishing your plan to carrying out the tests
to following up and implementing countermeasures to ensure your wireless
systems are secure.

There are literally hundreds, if not thousands, of ways to hack wireless network
systems such as (for openers) laptops and access points (APs). Rather
than cover every possible vulnerability that may rear its head in your wireless
network, we’re going to cover just the ones you should be most concerned
about. The tools and techniques we describe in this book can help
you secure wireless networks at home, in small-to-medium sized businesses
(SMBs) including coffee shops, and even across large enterprise networks.

Introduction
Welcome to Hacking Wireless Networks For Dummies. This book outlines
plain-English, wireless-network hacker tricks and techniques you can
use to ethically hack 802.11-based wireless networks (yours or someone else’s
if you’ve been given permission) and discover security vulnerabilities. By
turning the tables and using ethical hacking techniques, you then have a leg
up on the malicious hackers — you’ll be aware of any vulnerabilities that
exist and be able to plug the holes before the bad guys have a chance to exploit them.

When we refer to ethical hacking, we mean the professional, aboveboard, and
legal type of security testing that you — as an IT professional — can perform
as part of your job. Villains need not apply.

Wireless networks are popping up everywhere. They provide a lot of freedom
but not without cost: All too many wireless networks are left wide open for
attack. As with any other computer or network, you must be up on the latest
security concepts to properly secure 802.11-based wireless networks. But
locking them down involves more than just port-scanning testing and patching
vulnerabilities. You must also have the right security tools, use the
proper testing techniques, and possess a watchful eye. And know your enemy:
It’s critical to think like a hacker to get a true sense of how secure your information really is.

Ethical hacking is a means of using the bad-guy (black-hat) techniques for
good-guy (white-hat) purposes. It’s testing your information systems with the
goal of making them more secure — and keeping them that way. This type of
security testing is sometimes called penetration testing, white-hat hacking, or
vulnerability testing, but it goes further than that as you’ll see when we outline
the methodology in this book.

If you use the resources provided in this book, maintain a security-focused
mindset, and dedicate some time for testing, we believe you’ll be well on your
way to finding the weaknesses in your wireless systems and implementing
countermeasures to keep the bad guys off your airwaves and out of your business.

The ethical hacking tests and system-hardening tips outlined in this book can
help you test and protect your wireless networks at places like warehouses,
coffee shops, your office building, your customer sites, and even at your house.

Table of Contents
Foreword ..................................................................xvii
Introduction .................................................................1
Who Should Read This Book? ........................................................................2
About This Book ..............................................................................................2
How to Use This Book ....................................................................................2
Foolish Assumptions ......................................................................................3
How This Book Is Organized ..........................................................................3
Part I: Building the Foundation for Testing Wireless Networks ......4
Part II: Getting Rolling with Common Wi-Fi Hacks ............................4
Part III: Advanced Wi-Fi Hacks .............................................................4
Part IV: The Part of Tens .......................................................................5
Part V: Appendixes ................................................................................5
Icons Used in This Book .................................................................................5
Where to Go from Here ...................................................................................6
Part I: Building the Foundation
for Testing Wireless Networks .......................................7
Chapter 1: Introduction to Wireless Hacking . . . . . . . . . . . . . . . . . . . . .9
Why You Need to Test Your Wireless Systems ..........................................10
Knowing the dangers your systems face ..........................................11
Understanding the enemy ..................................................................12
Wireless-network complexities ..........................................................14
Getting Your Ducks in a Row .......................................................................15
Gathering the Right Tools ............................................................................16
To Protect, You Must Inspect ......................................................................17
Non-technical attacks .........................................................................17
Network attacks ...................................................................................18
Software attacks ..................................................................................18
Chapter 2: The Wireless Hacking Process . . . . . . . . . . . . . . . . . . . . . .19
Obeying the Ten Commandments of Ethical Hacking ..............................19
Thou shalt set thy goals .....................................................................20
Thou shalt plan thy work, lest thou go off course ..........................21
Thou shalt obtain permission ............................................................21
Thou shalt work ethically ...................................................................22
Thou shalt keep records .....................................................................22
Thou shalt respect the privacy of others .........................................23
Thou shalt do no harm .......................................................................23
Thou shalt use a “scientific” process ...............................................24
Thou shalt not covet thy neighbor’s tools .......................................24
Thou shalt report all thy findings .....................................................25
Understanding Standards ............................................................................26
Using ISO 17799 ...................................................................................26
Using CobiT ..........................................................................................27
Using SSE-CMM ....................................................................................27
Using ISSAF ...........................................................................................27
Using OSSTMM ....................................................................................28
Chapter 3: Implementing a Testing Methodology . . . . . . . . . . . . . . . . .31
Determining What Others Know .................................................................32
What you should look for ...................................................................32
Footprinting: Gathering what’s in the public eye ............................33
Mapping Your Network .................................................................................35
Scanning Your Systems ................................................................................37
Determining More about What’s Running ..................................................39
Performing a Vulnerability Assessment .....................................................39
Manual assessment .............................................................................40
Automatic assessment ........................................................................40
Finding more information ...................................................................41
Penetrating the System ................................................................................41
Chapter 4: Amassing Your War Chest . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Choosing Your Hardware .............................................................................44
The personal digital assistant ............................................................44
The portable or laptop .......................................................................44
Hacking Software ...........................................................................................45
Using software emulators ...................................................................45
Linux distributions on CD ..................................................................55
Stumbling tools ....................................................................................56
You got the sniffers? ............................................................................56
Picking Your Transceiver .............................................................................57
Determining your chipset ...................................................................57
Buying a wireless NIC ..........................................................................59
Extending Your Range ...................................................................................59
Using GPS .......................................................................................................62
Signal Jamming ..............................................................................................63
Part II: Getting Rolling with Common Wi-Fi Hacks .......65
Chapter 5: Human (In)Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
What Can Happen .........................................................................................68
Ignoring the Issues ........................................................................................69
Social Engineering .........................................................................................70
Passive tests .........................................................................................71
Active tests ...........................................................................................73
Unauthorized Equipment .............................................................................74
Default Settings ..............................................................................................76
Weak Passwords ............................................................................................77
Human (In)Security Countermeasures .......................................................78
Enforce a wireless security policy .....................................................78
Train and educate ...............................................................................79
Keep people in the know ....................................................................79
Scan for unauthorized equipment .....................................................80
Secure your systems from the start ..................................................80
Chapter 6: Containing the Airwaves . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Signal Strength ...............................................................................................81
Using Linux Wireless Extension and Wireless Tools .......................81
Using Wavemon ...................................................................................87
Using Wscan .........................................................................................88
Using Wmap .........................................................................................88
Using XNetworkStrength ....................................................................88
Using Wimon ........................................................................................88
Other link monitors .............................................................................88
Network Physical Security Countermeasures ...........................................90
Checking for unauthorized users ......................................................90
Antenna type ........................................................................................91
Adjusting your signal strength ..........................................................94
Chapter 7: Hacking Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . . . . .97
What Can Happen .........................................................................................98
Probing for Pleasure .....................................................................................99
Port scanning .......................................................................................99
Using VPNMonitor .............................................................................102
Looking for General Client Vulnerabilities ...............................................103
Common AP weaknesses ..................................................................104
Linux application mapping ...............................................................105
Windows null sessions ......................................................................106
Ferreting Out WEP Keys .............................................................................109
Wireless Client Countermeasures .............................................................111
Chapter 8: Discovering Default Settings . . . . . . . . . . . . . . . . . . . . . . .113
Collecting Information ................................................................................113
Are you for Ethereal? ........................................................................113
This is AirTraf control, you are cleared to sniff ............................114
Let me AiroPeek at your data ..........................................................114
Another CommView of your data ....................................................115
Gulpit ...................................................................................................117
That’s Mognet not magnet ...............................................................119
Other analyzers .................................................................................119
Cracking Passwords ....................................................................................120
Using Cain & Abel ..............................................................................120
Using dsniff .........................................................................................124
Gathering IP Addresses ..............................................................................125
Gathering SSIDs ...........................................................................................126
Using essid_jack ................................................................................127
Using SSIDsniff ...................................................................................128
Default-Setting Countermeasures .............................................................128
Change SSIDs ......................................................................................128
Don’t broadcast SSIDs .......................................................................129
Using pong ..........................................................................................129
Detecting sniffers ...............................................................................129
Chapter 9: Wardriving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Introducing Wardriving ..............................................................................131
Installing and Running NetStumbler .........................................................133
Setting Up NetStumbler ..............................................................................134
Interpreting the Results ..............................................................................141
Mapping Your Stumbling ............................................................................148
Using StumbVerter and MapPoint ...................................................149
Using Microsoft Streets & Trips .......................................................150
Using DiGLE ........................................................................................151
Part III: Advanced Wi-Fi Hacks .................................153
Chapter 10: Still at War . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Using Advanced Wardriving Software ......................................................155
Installing and using Kismet ..............................................................156
Installing and using Wellenreiter .....................................................167
Using WarLinux ..................................................................................168
Installing and using MiniStumbler ...................................................170
Using other wardriving software .....................................................173
Organization Wardriving Countermeasures ............................................174
Using Kismet ......................................................................................174
Disabling probe responses ...............................................................175
Increasing beacon broadcast intervals ..........................................175
Fake ’em out with a honeypot ..........................................................175
Chapter 11: Unauthorized Wireless Devices . . . . . . . . . . . . . . . . . . . .177
What Can Happen .......................................................................................178
Wireless System Configurations ................................................................179
Characteristics of Unauthorized Systems ................................................181
Wireless Client Software .............................................................................184
Stumbling Software .....................................................................................186
Network-Analysis Software ........................................................................188
Browsing the network .......................................................................188
Probing further ..................................................................................191
Additional Software Options ......................................................................193
Online Databases ........................................................................................193
Unauthorized System Countermeasures ..................................................193
Chapter 12: Network Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
What Can Happen .......................................................................................196
MAC-Address Spoofing ...............................................................................197
Changing your MAC in Linux ...........................................................198
Tweaking your Windows settings ....................................................199
SMAC’ing your address .....................................................................203
A walk down MAC-Spoofing Lane ....................................................204
Who’s that Man in the Middle? ..................................................................208
Management-frame attacks ..............................................................209
ARP-poisoning attacks ......................................................................211
SNMP: That’s Why They Call It Simple .....................................................213
All Hail the Queensland Attack ..................................................................217
Sniffing for Network Problems ...................................................................218
Network-analysis programs .............................................................218
Network analyzer tips .......................................................................219
Weird stuff to look for .......................................................................220
Network Attack Countermeasures ............................................................222
Chapter 13: Denial-of-Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . .225
What Can Happen .......................................................................................227
Types of DoS attacks .........................................................................227
It’s so easy ..........................................................................................228
We Be Jamming ............................................................................................229
Common signal interrupters ............................................................230
What jamming looks like ..................................................................230
Fight the power generators ..............................................................232
AP Overloading ............................................................................................234
Guilty by association ........................................................................234
Too much traffic ................................................................................240
Are You Dis’ing Me? ....................................................................................241
Disassociations ..................................................................................242
Deauthentications .............................................................................242
Invalid authentications via fata_jack ..............................................249
Physical Insecurities ...................................................................................250
DoS Countermeasures ................................................................................251
Know what’s normal .........................................................................251
Contain your radio waves ................................................................251
Limit bandwidth ................................................................................253
Use a Network Monitoring System ..................................................253
Use a WIDS .........................................................................................253
Attack back .........................................................................................254
Demand fixes ......................................................................................254
Chapter 14: Cracking Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255
What Can Happen .......................................................................................255
Protecting Message Privacy .......................................................................256
Protecting Message Integrity .....................................................................256
Using Encryption .........................................................................................257
WEP Weaknesses .........................................................................................259
Other WEP Problems to Look For .............................................................261
Attacking WEP .............................................................................................263
Active traffic injection ......................................................................263
Active attack from both sides ..........................................................263
Table-based attack ............................................................................264
Passive attack decryption ................................................................264
Cracking Keys ..............................................................................................264
Using WEPcrack .................................................................................265
Using AirSnort ....................................................................................267
Using aircrack ....................................................................................269
Using WepLab ....................................................................................273
Finding other tools ............................................................................274
Countermeasures Against Home Network-Encryption Attacks ............274
Rotating keys .....................................................................................275
Using WPA ..........................................................................................275
Organization Encryption Attack Countermeasures ................................277
Using WPA2 ........................................................................................278
Using a VPN ........................................................................................278
Chapter 15: Authenticating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281
Three States of Authentication ..................................................................281
Authentication according to IEEE 802.11 .......................................282
I Know Your Secret ......................................................................................283
Have We Got EAP? .......................................................................................284
This method seems easy to digest ..................................................285
Not another PEAP out of you ...........................................................286
Another big LEAP for mankind ........................................................286
That was EAP-FAST ............................................................................287
Beam me up, EAP-TLS .......................................................................287
EAP-TTLS: That’s funky software ....................................................288
Implementing 802.1X ..................................................................................288
Cracking LEAP .............................................................................................290
Using asleap .......................................................................................291
Using THC-LEAPcracker ...................................................................292
Using anwrap .....................................................................................293
Network Authentication Countermeasures .............................................293
WPA improves the 8021.1 picture ....................................................293
Using WPA2 ........................................................................................294
Using a VPN ........................................................................................295
WIDS ....................................................................................................296
Use the right EAP ...............................................................................297
Setting up a WDMZ ............................................................................297
Using the Auditor Collection ............................................................297
Part IV: The Part of Tens ...........................................301
Chapter 16: Ten Essential Tools for
Hacking Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
Laptop Computer ........................................................................................303
Wireless Network Card ...............................................................................304
Antennas and Connecting Cables .............................................................304
GPS Receiver ................................................................................................304
Stumbling Software .....................................................................................304
Wireless Network Analyzer ........................................................................305
Port Scanner ................................................................................................305
Vulnerability Assessment Tool ..................................................................305
Google ...........................................................................................................305
An 802.11 Reference Guide .........................................................................305
Chapter 17: Ten Wireless Security-Testing Mistakes . . . . . . . . . . . .307
Skipping the Planning Process ..................................................................307
Not Involving Others in Testing ................................................................308
Not Using a Methodology ...........................................................................308
Forgetting to Unbind the NIC When Wardriving ......................................309
Failing to Get Written Permission to Test ................................................312
Failing to Equip Yourself with the Proper Tools .....................................313
Over-Penetrating Live Networks ...............................................................314
Using Data Improperly ................................................................................314
Failing to Report Results or Follow Up .....................................................314
Breaking the Law .........................................................................................316
Chapter 18: Ten Tips for Following Up after Your Testing . . . . . . . . .321
Organize and Prioritize Your Results ........................................................321
Prepare a Professional Report ...................................................................322
Retest If Necessary .....................................................................................322
Obtain Sign-Off .............................................................................................322
Plug the Holes You Find ..............................................................................323
Document the Lessons Learned ................................................................323
Repeat Your Tests .......................................................................................323
Monitor Your Airwaves ..............................................................................324
Practice Using Your Wireless Tools ..........................................................324
Keep Up with Wireless Security Issues ....................................................324
Part V: Appendixes ...................................................325
Appendix A: Wireless Hacking Resources . . . . . . . . . . . . . . . . . . . . .327
Certifications ...............................................................................................327
General Resources ......................................................................................327
Hacker Stuff ..................................................................................................328
Wireless Organizations ...............................................................................328
Institute of Electrical and Electronics
Engineers (IEEE): www.ieee.org ...................................................328
Wi-Fi Alliance (formerly WECA): www.wifialliance.com ...............329
Local Wireless Groups ................................................................................329
Security Awareness and Training ..............................................................331
Wireless Tools ..............................................................................................331
General tools ......................................................................................331
Vulnerability databases ....................................................................332
Linux distributions ............................................................................332
Software emulators ...........................................................................333
RF prediction software ......................................................................333
RF monitoring ....................................................................................333
Antennae .............................................................................................335
Wardriving ..........................................................................................335
Wireless IDS/IPS vendors ..................................................................336
Wireless sniffers ................................................................................337
WEP/WPA cracking ............................................................................338
Cracking passwords ..........................................................................338
Dictionary files and word lists .........................................................339
Gathering IP addresses and SSIDs ...................................................339
LEAP crackers ....................................................................................340
Network mapping ..............................................................................340
Network scanners ..............................................................................340
Appendix B: Glossary of Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . .341
Index........................................................................347

Bookscreen
e-book shop

Who Should Read This Book?
If you want to find out how to maliciously break into wireless networks this
book is not for you. In fact, we feel so strongly about this, we provide the following disclaimer.
If you choose to use the information in this book to maliciously hack or
break into wireless systems in an unauthorized fashion — you’re on your
own. Neither Kevin nor Peter as the co-authors nor anyone else associated
with this book shall be liable or responsible for any unethical or criminal
choices you may make using the methodologies and tools we describe. This
book and its contents are intended solely for IT professionals who wish to
test the security of wireless networks in an authorized fashion.

So, anyway, this book is for you if you’re a network administrator, informationsecurity
manager, security consultant, wireless-network installer, or anyone
interested in finding out more about testing 802.11-based wireless networks
in order to make them more secure — whether it’s your own wireless network
or that of a client that you’ve been given permission to test.

How to Use This Book
This book bases its approach on three standard ingredients of ethicalhacking
wisdom:
 Descriptions of various non-technical and technical hack attacks — and
their detailed methodologies
 Access information to help you get hold of common freeware, opensource,
and commercial security-testing tools
 Countermeasures to protect wireless networks against attacks
Each chapter is as an individual reference on a specific ethical-hacking subject.
You can refer to individual chapters that pertain to the type of testing
you wish to perform, or you can read the book straight through.

Before you start testing your wireless systems, it’s important to familiarize
yourself with the information in Part I so you’re prepared for the tasks at
hand. You’ve undoubtedly heard the saying, “If you fail to plan, you plan to
fail.” Well, it applies especially to what we’re covering here.
Loading...
DMCA.com Protection Status