Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition

Häftad, Engelska, 2022

AvAllen Harper,Ryan Linn,Stephen Sims,Michael Baucom,Huascar Tejeda,Daniel Fernandez,Moses Frost

609 kr

Skickas . Fri frakt för medlemmar vid köp för minst 249 kr.

Up-to-date strategies for thwarting the latest, most insidious network attacks

This fully updated, industry-standard security resource shows, step by step, how to fortify computer networks by learning and applying effective ethical hacking techniques. Based on curricula developed by the authors at major security conferences and colleges, the book features actionable planning and analysis methods as well as practical steps for identifying and combating both targeted and opportunistic attacks.

Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition clearly explains the enemy’s devious weapons, skills, and tactics and offers field-tested remedies, case studies, and testing labs. You will get complete coverage of Internet of Things, mobile, and Cloud security along with penetration testing, malware analysis, and reverse engineering techniques. State-of-the-art malware, ransomware, and system exploits are thoroughly explained.

Fully revised content includes 7 new chapters covering the latest threats
Includes proof-of-concept code stored on the GitHub repository
Authors train attendees at major security conferences, including RSA, Black Hat, Defcon, and B-Sides

Produktinformation

Utgivningsdatum2022-03-29
Mått234 x 190 x 44 mm
Vikt1 165 g
FormatHäftad
SpråkEngelska
Antal sidor704
Upplaga6
FörlagMcGraw-Hill Education
ISBN9781264268948

Tillhör följande kategorier

IT-säkerhet inom Data och IT

PrefaceAcknowledgmentsIntroductionPart I. PreparationChapter 1. Gray Hat HackingGray Hat Hacking OverviewHistory of HackingEthics and HackingDefinition of Gray Hat HackingHistory of Ethical HackingHistory of Vulnerability DisclosureBug Bounty ProgramsKnow the Enemy: Black Hat HackingAdvanced Persistent ThreatsLockheed Martin Cyber Kill ChainCourses of Action for the Cyber Kill ChainMITRE ATT&CK FrameworkSummaryFor Further ReadingReferencesChapter 2. Programming Survival SkillsC Programming LanguageBasic C Language ConstructsLab 2-1: Format StringsLab 2-2: LoopsLab 2-3: if/elseSample ProgramsLab 2-4: hello.cLab 2-5: meet.cCompiling with gccLab 2-6: Compiling meet.cComputer MemoryRandom Access MemoryEndianSegmentation of MemoryPrograms in MemoryBuffersStrings in MemoryPointersPutting the Pieces of Memory TogetherLab 2-7: memory.cIntel ProcessorsRegistersAssembly Language BasicsMachine vs. Assembly vs. CAT&T vs. NASMAddressing ModesAssembly File StructureLab 2-8: Simple Assembly ProgramDebugging with gdbgdb BasicsLab 2-9: DebuggingLab 2-10: Disassembly with gdbPython Survival SkillsGetting PythonLab 2-11: Launching PythonLab 2-12: “Hello, World!” in PythonPython ObjectsLab 2-13: StringsLab 2-14: NumbersLab 2-15: ListsLab 2-16: DictionariesLab 2-17: Files with PythonLab 2-18: Sockets with PythonSummaryFor Further ReadingReferencesChapter 3. Linux Exploit Development ToolsBinary, Dynamic Information-Gathering ToolsLab 3-1: Hello.cLab 3-2: lddLab 3-3: objdumpLab 3-4: straceLab 3-5: ltraceLab 3-6: checksecLab 3-7: libc-databaseLab 3-8: patchelfLab 3-9: one_gadgetLab 3-10: RopperExtending gdb with PythonPwntools CTF Framework and Exploit Development LibrarySummary of FeaturesLab 3-11: leak-bof.cHeapME (Heap Made Easy) Heap Analysis and Collaboration ToolInstalling HeapMELab 3-12: heapme_demo.cSummaryFor Further ReadingReferencesChapter 4. Introduction to GhidraCreating Our First ProjectInstallation and QuickStartSetting the Project WorkspaceFunctionality OverviewLab 4-1: Improving Readability with AnnotationsLab 4-2: Binary Diffing and Patch AnalysisSummaryFor Further ReadingReferencesChapter 5. IDA ProIntroduction to IDA Pro for Reverse EngineeringWhat Is Disassembly?Navigating IDA ProIDA Pro Features and FunctionalityCross-References (Xrefs)Function CallsProximity BrowserOpcodes and AddressingShortcutsCommentsDebugging with IDA ProSummaryFor Further ReadingReferencesPart II. Ethical HackingChapter 6. Red and Purple TeamsIntroduction to Red TeamsVulnerability ScanningValidated Vulnerability ScanningPenetration TestingThreat Simulation and EmulationPurple TeamMaking Money with Red TeamingCorporate Red TeamingConsultant Red TeamingPurple Team BasicsPurple Team SkillsPurple Team ActivitiesSummaryFor Further ReadingReferencesChapter 7. Command and Control (C2)Command and Control SystemsMetasploitLab 7-1: Creating a Shell with MetasploitPowerShell EmpireCovenantLab 7-2: Using Covenant C2Payload Obfuscationmsfvenom and ObfuscationLab 7-3: Obfuscating Payloads with msfvenomCreating C# LaunchersLab 7-4: Compiling and Testing C# LaunchersCreating Go LaunchersLab 7-5: Compiling and Testing Go LaunchersCreating Nim Launchers  Lab 7-6: Compiling and Testing Nim LaunchersNetwork EvasionEncryptionAlternate ProtocolsC2 TemplatesEDR EvasionKilling EDR ProductsBypassing HooksSummaryFor Further ReadingChapter 8. Building a Threat Hunting LabThreat Hunting and LabsOptions of Threat Hunting LabsMethod for the Rest of this ChapterBasic Threat Hunting Lab: DetectionLabPrerequisitesLab 8-1: Install the Lab on Your HostLab 8-2: Install the Lab in the CloudLab 8-3: Looking Around the LabExtending Your LabHELKLab 8-4: Install HELKLab 8-5: Install WinlogbeatLab 8-6: Kibana BasicsLab 8-7: MordorSummaryFor Further ReadingReferencesChapter 9. Introduction to Threat HuntingThreat Hunting BasicsTypes of Threat HuntingWorkflow of a Threat HuntNormalizing Data Sources with OSSEMData SourcesOSSEM to the RescueData-Driven Hunts Using OSSEMMITRE ATT&CK Framework Refresher: T1003.002Lab 9-1: Visualizing Data Sources with OSSEMLab 9-2: AtomicRedTeam Attacker EmulationExploring Hypothesis-Driven HuntsLab 9-3: Hypothesis that Someone Copied a SAM FileCrawl, Walk, RunEnter MordorLab 9-4: Hypothesis that Someone Other than an Admin Launched PowerShellThreat Hunter PlaybookDeparture from HELK for NowSpark and JupyterLab 9-5: Automated Playbooks and Sharing of AnalyticsSummaryFor Further ReadingReferencesPart III. Hacking SystemsChapter 10. Basic Linux ExploitsStack Operations and Function-Calling ProceduresBuffer OverflowsLab 10-1: Overflowing meet.cRamifications of Buffer OverflowsLocal Buffer Overflow ExploitsLab 10-2: Components of the ExploitLab 10-3: Exploiting Stack Overflows from the Command LineLab 10-4: Writing the Exploit with PwntoolsLab 10-5: Exploiting Small BuffersExploit Development ProcessLab 10-6: Building Custom ExploitsSummaryFor Further ReadingChapter 11. Advanced Linux ExploitsLab 11-1: Vulnerable Program and Environment SetupLab 11-2: Bypassing Non-Executable Stack (NX) with Return-Oriented Programming (ROP)Lab 11-3: Defeating Stack CanariesLab 11-4: ASLR Bypass with an Information LeakLab 11-5: PIE Bypass with an Information LeakSummaryFor Further ReadingReferencesChapter 12. Linux Kernel ExploitsLab 12-1: Environment Setup and Vulnerable procfs ModuleLab 12-2: ret2usrLab 12-3: Defeating Stack CanariesLab 12-4: Bypassing Supervisor Mode Execution Protection (SMEP) and Kernel Page-Table Isolation (KPTI)Lab 12-5: Bypassing Supervisor Mode Access Prevention (SMAP)Lab 12-6: Defeating Kernel Address Space Layout Randomization (KASLR)SummaryFor Further ReadingReferencesChapter 13. Basic Windows ExploitationCompiling and Debugging Windows ProgramsLab 13-1: Compiling on WindowsDebugging on Windows with Immunity DebuggerLab 13-2: Crashing the ProgramWriting Windows ExploitsExploit Development Process ReviewLab 13-3: Exploiting ProSSHD ServerUnderstanding Structured Exception HandlingUnderstanding and Bypassing Common Windows Memory ProtectionsSafe Structured Exception HandlingBypassing SafeSEHData Execution PreventionReturn-Oriented ProgrammingGadgetsBuilding the ROP ChainSummaryFor Further ReadingReferencesChapter 14. Windows Kernel ExploitationThe Windows KernelKernel DriversKernel DebuggingLab 14-1: Setting Up Kernel DebuggingPicking a TargetLab 14-2: Obtaining the Target DriverLab 14-3: Reverse Engineering the DriverLab 14-4: Interacting with the DriverToken StealingLab 14-5: Arbitrary Pointer Read/WriteLab 14-6: Writing a Kernel ExploitSummaryFor Further ReadingReferencesChapter 15. PowerShell ExploitationWhy PowerShellLiving off the LandPowerShell LoggingPowerShell PortabilityLoading PowerShell ScriptsLab 15-1: The Failure ConditionLab 15-2: Passing Commands on the Command LineLab 15-3: Encoded CommandsLab 15-4: Bootstrapping via the WebExploitation and Post-Exploitation with PowerSploitLab 15-5: Setting Up PowerSploitLab 15-6: Running Mimikatz Through PowerShellUsingPowerShell Empire for C2Lab 15-7: Setting Up EmpireLab 15-8: Staging an Empire C2Lab 15-9: Using Empire to Own the SystemLab 15-10: Using WinRM to Launch EmpireSummaryFor Further ReadingReferenceChapter 16. Getting Shells Without ExploitsCapturing Password HashesUnderstanding LLMNR and NBNSUnderstanding Windows NTLMv1 and NTLMv2 AuthenticationUsing ResponderLab 16-1: Getting Passwords with ResponderUsing WinexeLab 16-2: Using Winexe to Access Remote SystemsLab 16-3: Using Winexe to Gain Elevated PrivilegesUsing WMILab 16-4: Querying System Information with WMILab 16-5: Executing Commands with WMITaking Advantage of WinRMLab 16-6: Executing Commands with WinRMLab 16-7: Using Evil-WinRM to Execute CodeSummaryFor Further ReadingReferenceChapter 17. Post-Exploitation in Modern Windows EnvironmentsPost-ExploitationHost ReconLab 17-1: Using whoami to Identify PrivilegesLab 17-2: Using Seatbelt to Find User InformationLab 17-3: System Recon with PowerShellLab 17-4: System Recon with SeatbeltLab 17-5: Getting Domain Information with PowerShellLab 17-6: Using PowerView for AD ReconLab 17-7: Gathering AD Data with SharpHoundEscalationLab 17-8: Profiling Systems with winPEASLab 17-9: Using SharpUp to Escalate PrivilegesLab 17-10: Searching for Passwords in User ObjectsLab 17-11: Abusing Kerberos to Gather CredentialsLab 17-12: Abusing Kerberos to Escalate PrivilegesActive Directory PersistenceLab 17-13: Abusing AdminSDHolderLab 17-14: Abusing SIDHistorySummaryFor Further ReadingChapter 18. Next-Generation Patch ExploitationIntroduction to Binary DiffingApplication DiffingPatch DiffingBinary Diffing ToolsBinDiffturbodiffLab 18-1: Our First DiffPatch Management ProcessMicrosoft Patch TuesdayObtaining and Extracting Microsoft PatchesSummaryFor Further ReadingReferencesPart IV. Hacking IoTChapter 19. Internet of Things to Be HackedInternet of Things (IoT)Types of Connected ThingsWireless ProtocolsCommunication ProtocolsSecurity ConcernsShodan IoT Search EngineWeb InterfaceShodan Command-Line InterfaceLab 19-1: Using the Shodan Command LineShodan APILab 19-2: Testing the Shodan APILab 19-3: Playing with MQTTImplications of this Unauthenticated Access to MQTTIoT Worms: It Was a Matter of TimePreventionSummaryFor Further ReadingReferencesChapter 20. Dissecting Embedded DevicesCPUMicroprocessorMicrocontrollersSystem on ChipCommon Processor ArchitecturesSerial InterfacesUARTSPII2CDebug InterfacesJTAGSWDSoftwareBootloaderNo Operating SystemReal-Time Operating SystemGeneral Operating SystemSummaryFor Further ReadingReferencesChapter 21. Exploiting Embedded DevicesStatic Analysis of Vulnerabilities in Embedded DevicesLab 21-1: Analyzing the Update PackageLab 21-2: Performing Vulnerability AnalysisDynamic Analysis with HardwareThe Test Environment SetupEttercapDynamic Analysis with EmulationFirmAELab 21-3: Setting Up FirmAELab 21-4: Emulating FirmwareLab 21-5: Exploiting FirmwareSummaryFor Further ReadingReferencesChapter 22. Software-Defined RadioGetting Started with SDRWhat to BuyNot So Quick: Know the RulesLearn by ExampleSearchCaptureReplayAnalyzePreviewExecuteSummaryFor Further ReadingPart V. Hacking HypervisorsChapter 23. Hypervisors 101What Is a Hypervisor?Popek and Goldberg Virtualization TheoremsGoldberg’s Hardware VirtualizerType-1 and Type-2 VMMsx86 VirtualizationDynamic Binary TranslationRing CompressionShadow PagingParavirtualizationHardware Assisted Virtualization VMXEPTSummaryReferencesChapter 24. Creating a Research FrameworkHypervisor Attack SurfaceThe UnikernelLab 24-1: Booting and CommunicationLab 24-2: Communication ProtocolBoot Message ImplementationHandling RequestsThe Client (Python)Communication Protocol (Python)Lab 24-3: Running the Guest (Python)Lab 24-4: Code Injection (Python)FuzzingThe Fuzzer Base ClassLab 24-5: IO-Ports FuzzerLab 24-6: MSR FuzzerLab 24-7: Exception HandlingFuzzing Tips and ImprovementsSummaryReferencesChapter 25. Inside Hyper-VEnvironment SetupHyper-V ArchitectureHyper-V ComponentsVirtual Trust LevelsGeneration-1 VMsLab 25-1: Scanning PCI Devices in a Generation-1 V