Gray Hat Hacking: The Ethical Hacker's Handbook

Autorentext

Dr. Allen Harper, CISSP, is the founder of N2NetSecurity, Inc.; former EVP and chief hacker at Tangible Security; former program director at Liberty University; and now serves as EVP of Cybersecurity at T-Rex Solutions LLC.. Ryan Linn has over 20 years in the security industry, ranging from systems programmer to corporate security, to leading a global cybersecurity consultancy. Stephen Sims is an industry expert with over 15 years of experience in information technology and security. He currently works as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. Michael Baucom has over 25 years of industry experience ranging from embedded systems development to leading the product security and research division at Tangible Security. Huáscar Tejeda is the co-founder and CEO of F2TC Cyber Security. He is a seasoned cybersecurity professional, thoroughly experienced with more than 20 years and notable achievements in IT and Telecommunications, developing carrier grade security solutions and business critical components for multiple broadband providers. He is also a member of the SANS Latin America Advisory Group, SANS Purple Team Summit Advisory Board, and contributing author of the SANS Institute's most advanced course, SEC760: Advanced Exploit Development for Penetration Testers.

Daniel Fernandez is a security researcher with more than 15 years of experience in the field. His focus over the last years has been hypervisor exploitation, before that he exploited Windows and Linux Kernels mostly. Moses Frost is an author and instructor at the SANS Institute. His technology interests include Web Applications, Linux Systems Administration and Design and Designing hacking challenges. He currently works at McAfee.

Klappentext

Up-to-date strategies for thwarting the latest, most insidious network attacks

This fully updated, industry-standard security resource shows, step by step, how to fortify computer networks by learning and applying effective ethical hacking techniques. Based on curricula developed by the authors at major security conferences and colleges, the book features actionable planning and analysis methods as well as practical steps for identifying and combating both targeted and opportunistic attacks.

Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition clearly explains the enemy's devious weapons, skills, and tactics and offers field-tested remedies, case studies, and testing labs. You will get complete coverage of Internet of Things, mobile, and Cloud security along with penetration testing, malware analysis, and reverse engineering techniques. State-of-the-art malware, ransomware, and system exploits are thoroughly explained.

• Fully revised content includes 7 new chapters covering the latest threats
• Includes proof-of-concept code stored on the GitHub repository

• Authors train attendees at major security conferences, including RSA, Black Hat, Defcon, and Besides

Inhalt

Preface Acknowledgments Introduction

Part I. Preparation

Chapter 1. Gray Hat Hacking Gray Hat Hacking Overview History of Hacking Ethics and Hacking Definition of Gray Hat Hacking History of Ethical Hacking History of Vulnerability Disclosure Bug Bounty Programs Know the Enemy: Black Hat Hacking Advanced Persistent Threats Lockheed Martin Cyber Kill Chain Courses of Action for the Cyber Kill Chain MITRE ATT&CK Framework Summary For Further Reading References

Chapter 2. Programming Survival Skills C Programming Language Basic C Language Constructs Lab 2-1: Format Strings Lab 2-2: Loops Lab 2-3: if/else Sample Programs Lab 2-4: hello.c Lab 2-5: meet.c Compiling with gcc Lab 2-6: Compiling meet.c Computer Memory Random Access Memory Endian Segmentation of Memory Programs in Memory Buffers Strings in Memory Pointers Putting the Pieces of Memory Together Lab 2-7: memory.c Intel Processors Registers Assembly Language Basics Machine vs. Assembly vs. C AT&T vs. NASM Addressing Modes Assembly File Structure Lab 2-8: Simple Assembly Program Debugging with gdb gdb Basics Lab 2-9: Debugging Lab 2-10: Disassembly with gdb Python Survival Skills Getting Python Lab 2-11: Launching Python Lab 2-12: "Hello, World!" in Python Python Objects Lab 2-13: Strings Lab 2-14: Numbers Lab 2-15: Lists Lab 2-16: Dictionaries Lab 2-17: Files with Python Lab 2-18: Sockets with Python Summary For Further Reading References

Chapter 3. Linux Exploit Development Tools Binary, Dynamic Information-Gathering Tools Lab 3-1: Hello.c Lab 3-2: ldd Lab 3-3: objdump Lab 3-4: strace Lab 3-5: ltrace Lab 3-6: checksec Lab 3-7: libc-database Lab 3-8: patchelf Lab 3-9: one_gadget Lab 3-10: Ropper Extending gdb with Python Pwntools CTF Framework and Exploit Development Library Summary of Features Lab 3-11: leak-bof.c HeapME (Heap Made Easy) Heap Analysis and Collaboration Tool Installing HeapME Lab 3-12: heapme_demo.c Summary For Further Reading References

Chapter 4. Introduction to Ghidra Creating Our First Project Installation and QuickStart Setting the Project Workspace Functionality Overview Lab 4-1: Improving Readability with Annotations Lab 4-2: Binary Diffing and Patch Analysis Summary For Further Reading References

Chapter 5. IDA Pro Introduction to IDA Pro for Reverse Engineering What Is Disassembly? Navigating IDA Pro IDA Pro Features and Functionality Cross-References (Xrefs) Function Calls Proximity Browser Opcodes and Addressing Shortcuts Comments Debugging with IDA Pro Summary For Further Reading References

Part II. Ethical Hacking

Chapter 6. Red and Purple Teams Introduction to Red Teams Vulnerability Scanning Validated Vulnerability Scanning Penetration Testing Threat Simulation and Emulation Purple Team Making Money with Red Teaming Corporate Red Teaming Consultant Red Teaming Purple Team Basics Purple Team Skills Purple Team Activities Summary For Further Reading References

Chapter 7. Command and Control (C2) Command and Control Systems Metasploit Lab 7-1: Creating a Shell with Metasploit PowerShell Empire Covenant Lab 7-2: Using Covenant C2 Payload Obfuscation msfvenom and Obfuscation Lab 7-3: Obfuscating Payloads with msfvenom Creating C# Launchers Lab 7-4: Compiling and Testing C# Launchers Creating Go Launchers Lab 7-5: Compiling and Testing Go Launchers Creating Nim Launchers &n bsp; Lab 7-6: Compiling and Testing Nim Launchers Network Evasion Encryption Alternate Protocols C2 Templates EDR Evasion Killing EDR Products Bypassing Hooks Summary For Further Reading

Chapter 8. Building a Threat Hunting Lab Threat Hunting and Labs Options of Threat Hunting Labs Method for the Rest of this Chapter Basic Threat Hunting Lab: DetectionLab Prerequisites Lab 8-1: Install the Lab on Your Host Lab 8-2: Install the Lab in the Cloud Lab 8-3: Looking Around the Lab Extending Your Lab HELK Lab 8-4: Install HELK Lab 8-5: Install Winlogbeat Lab 8-6: Kibana Basics Lab 8-7: Mordor Summary For Further Reading References

Chapter 9. Introduction to Threat Hunting Threat Hunting Basics Types of Threat Hunting Workflow of a Threat Hunt Normalizing Data Sources with OSSEM Data Sources OSSEM to the Rescue Data-Driven Hunts Using OSSEM MITRE ATT&CK Framework Refresher: T1003.002 Lab 9-1: Visualizing Data Sources with OSSEM Lab 9-2: AtomicRedTeam Attacker Emulation Exploring Hypothesis-Driven Hunts Lab 9-3: Hypothesis that Someone Copied a SAM File Crawl, Walk, Run Enter Mordor Lab 9-4: Hypothesis that Someone Other than an Admin Launched PowerShell Threat Hunter Playbook Departure from HELK for Now Spark and Jupyter Lab 9-5: Automated Playbooks and Sharing of Analytics Summary For Further Reading References

Part III. Hacking Systems

Chapter 10. Basic Linux Exploits Stack Operations and Function-Calling Procedures Buffer Overflows Lab 10-1: Overflowing meet.c Ramifications of Buffer Overflows Local Buffer Overflow Exploi…