Advanced penetration testing hacking the world's most secure networks
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, Indiana :
Wiley
2017.
|
| Edición: | 1st ed |
| Colección: | THEi Wiley ebooks.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009849116406719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright
- About the Author
- About the Technical Editor
- Credits
- Acknowledgments
- Contents at a glance
- Contents
- Foreword
- Introduction
- Coming Full Circle
- Advanced Persistent Threat (APT)
- Next Generation Technology
- "Hackers"
- Forget Everything You Think You Know About Penetration Testing
- How This Book Is Organized
- Chapter 1: Medical Records (In)security
- An Introduction to Simulating Advanced Persistent Threat
- Background and Mission Briefing
- Payload Delivery Part 1: Learning How to Use the VBA Macro
- How NOT to Stage a VBA Attack
- Examining the VBA Code
- Avoid Using Shellcode
- Automatic Code Execution
- Using a VBA/VBS Dual Stager
- Keep Code Generic Whenever Possible
- Code Obfuscation
- Enticing Users
- Command and Control Part 1: Basics and Essentials
- The Attack
- Bypassing Authentication
- Summary
- Exercises
- Chapter 2: Stealing Research
- Background and Mission Briefing
- Payload Delivery Part 2: Using the Java Applet for Payload Delivery
- Java Code Signing for Fun and Profit
- Writing a Java Applet Stager
- Create a Convincing Pretext
- Signing the Stager
- Notes on Payload Persistence
- Microsoft Windows
- Linux
- OSX
- Command and Control Part 2: Advanced Attack Management
- Adding Stealth and Multiple System Management
- Implementing a Command Structure
- Building a Management Interface
- The Attack
- Situational Awareness
- Using AD to Gather Intelligence
- Analyzing AD Output
- Attack Against Vulnerable Secondary System
- Credential Reuse Against Primary Target System
- Summary
- Exercises
- Chapter 3: Twenty-First Century Heist
- What Might Work?
- Nothing Is Secure
- Organizational Politics
- APT Modeling versus Traditional Penetration Testing
- Background and Mission Briefing.
- Command and Control Part III: Advanced Channels and Data Exfiltration
- Notes on Intrusion Detection and the Security Operations Center
- The SOC Team
- How the SOC Works
- SOC Reaction Time and Disruption
- IDS Evasion
- False Positives
- Payload Delivery Part III: Physical Media
- A Whole New Kind of Social Engineering
- Target Location Profiling
- Gathering Targets
- The Attack
- Summary
- Exercises
- Chapter 4: Pharma Karma
- Background and Mission Briefing
- Payload Delivery Part IV: Client-Side Exploits 1
- The Curse That Is Flash
- At Least You Can Live Without It
- Memory Corruption Bugs: Dos and Don'ts
- Reeling in the Target
- Command and Control Part IV: Metasploit Integration
- Metasploit Integration Basics
- Server Configuration
- Black Hats/White Hats
- What Have I Said About AV?
- Pivoting
- The Attack
- The Hard Disk Firewall Fail
- Metasploit Demonstration
- Under the Hood
- The Benefits of Admin
- Typical Subnet Cloning
- Recovering Passwords
- Making a Shopping List
- Summary
- Exercises
- Chapter 5: Guns and Ammo
- Background and Mission Briefing
- Payload Delivery Part V: Simulating a Ransomware Attack
- What Is Ransomware?
- Why Simulate a Ransomware Attack?
- A Model for Ransomware Simulation
- Asymmetric Cryptography
- Remote Key Generation
- Targeting Files
- Requesting the Ransom
- Maintaining C2
- Final Thoughts
- Command and Control Part V: Creating a Covert C2 Solution
- Introducing the Onion Router
- The Torrc File
- Configuring a C2 Agent to Use the Tor Network
- Bridges
- New Strategies in Stealth and Deployment
- VBA Redux: Alternative Command-Line Attack Vectors
- PowerShell
- FTP
- Windows Scripting Host (WSH)
- BITSadmin
- Simple Payload Obfuscation
- Alternative Strategies in Antivirus Evasion
- The Attack
- Gun Design Engineer Answers Your Questions.
- Identifying the Players
- Smart(er) VBA Document Deployment
- Email and Saved Passwords
- Keyloggers and Cookies
- Bringing It All Together
- Summary
- Exercises
- Chapter 6: Criminal Intelligence
- Payload Delivery Part VI: Deploying with HTA
- Malware Detection
- Privilege Escalation in Microsoft Windows
- Escalating Privileges with Local Exploits
- Exploiting Automated OS Installations
- Exploiting the Task Scheduler
- Exploiting Vulnerable Services
- Hijacking DLLs
- Mining the Windows Registry
- Command and Control Part VI: The Creeper Box
- Creeper Box Specification
- Introducing the Raspberry Pi and Its Components
- GPIO
- Choosing an OS
- Configuring Full-Disk Encryption
- A Word on Stealth
- Configuring Out-of-Band Command and Control Using 3G/4G
- Creating a Transparent Bridge
- Using a Pi as a Wireless AP to Provision Access by Remote Keyloggers
- The Attack
- Spoofing Caller ID and SMS Messages
- Summary
- Exercises
- Chapter 7: War Games
- Background and Mission Briefing
- Payload Delivery Part VII: USB Shotgun Attack
- USB Media
- A Little Social Engineering
- Command and Control Part VII: Advanced Autonomous Data Exfiltration
- What We Mean When We Talk About "Autonomy"
- Means of Egress
- The Attack
- Constructing a Payload to Attack a Classified Network
- Stealthy 3G/4G Software Install
- Attacking the Target and Deploying the Payload
- Efficient "Burst-Rate" Data Exfiltration
- Summary
- Exercises
- Chapter 8: Hack Journalists
- Briefing
- Advanced Concepts in Social Engineering
- Cold Reading
- C2 Part VIII: Experimental Concepts in Command and Control
- Scenario 1: C2 Server Guided Agent Management
- Scenario 2: Semi-Autonomous C2 Agent Management
- Payload Delivery Part VIII: Miscellaneous Rich Web Content
- Java Web Start
- Adobe AIR
- A Word on HTML5
- The Attack.
- Summary
- Exercises
- Chapter 9: Northern Exposure
- Overview
- Operating Systems
- Red Star Desktop 3.0
- Red Star Server 3.0
- North Korean Public IP Space
- The North Korean Telephone System
- Approved Mobile Devices
- The "Walled Garden": The Kwangmyong Intranet
- Audio and Video Eavesdropping
- Summary
- Exercises
- Index
- EULA.
