Hacking and Security

Uncover security vulnerabilities and harden your system against attacks! With this guide you'll learn to set up a virtual learning environment where you can test out hacking tools, from Kali Linux to hydra and Wireshark. Then expand your understanding of offline hacking, external safety checks, penetration testing in networks, and other essential security techniques, with step-by-step instructions. With information on mobile, cloud, and IoT security you can fortify your system against any threat!

Master pen testing with tools like Metaspolit, Kali Linux, hydra, OpenVAS, Empire, Pwnagotchi, and more

Contenu

· ... Preface ... 33

· ... What Hacking Has to Do with Security ... 33

· ... About this Book ... 34

· ... What's New in the Third Edition ... 35

· ... Target Group ... 35

· ... Let's Go! ... 35

· ... Foreword by Klaus Gebeshuber ... 36

· ... Foreword by Stefan Kania ... 36

· ... Greeting ... 36

· Introduction ... 39

· 1.1 ... Hacking ... 39

· 1.2 ... Security ... 47

· 1.3 ... Exploits ... 58

· 1.4 ... Authentication and Passwords ... 65

· 1.5 ... Security Risk IPv6 ... 70

· 1.6 ... Legal Framework ... 72

· 1.7 ... Security Organizations and Government Institutions ... 75

· 2 ... Kali Linux ... 77

· 2.1 ... Kali Alternatives ... 77

· 2.2 ... Trying Out Kali Linux without Installation ... 78

· 2.3 ... Installing Kali Linux in VirtualBox ... 84

· 2.4 ... Kali Linux and Hyper-V ... 91

· 2.5 ... Kali Linux in the Windows Subsystem for Linux ... 93

· 2.6 ... Kali Linux on Raspberry Pi ... 96

· 2.7 ... Running Kali Linux on Apple PCs with ARM CPUs ... 97

· 2.8 ... Simple Application Examples ... 99

· 2.9 ... Internal Details of Kali ... 103

· 3 ... Setting Up the Learning Environment: Metasploitable, Juice Shop ... 109

· 3.1 ... Honeypots ... 110

· 3.2 ... Metasploitable 2 ... 110

· 3.3 ... Metasploitable 3 (Ubuntu Variant) ... 116

· 3.4 ... Metasploitable 3 (Windows Variant) ... 123

· 3.5 ... Juice Shop ... 133

· 4 ... Hacking Tools ... 137

· 4.1 ... nmap ... 138

· 4.2 ... hydra ... 142

· 4.3 ... sslyze, sslscan, and testssl ... 148

· 4.4 ... whois, host, and dig ... 151

· 4.5 ... Wireshark ... 154

· 4.6 ... tcpdump ... 159

· 4.7 ... Netcat (nc) ... 163

· 4.8 ... OpenVAS ... 166

· 4.9 ... Metasploit Framework ... 176

· 4.10 ... Empire Framework ... 187

· 4.11 ... The Koadic Postexploitation Framework ... 197

· 4.12 ... Social Engineer Toolkit ... 205

· 4.13 ... Burp Suite ... 212

· 4.14 ... Sliver ... 219

· 5 ... Offline Hacking ... 227

· 5.1 ... BIOS/EFI: Basic Principles ... 228

· 5.2 ... Accessing External Systems ... 230

· 5.3 ... Accessing External Hard Drives or SSDs ... 236

· 5.4 ... Resetting the Windows Password ... 237

· 5.5 ... Resetting Linux and macOS Passwords ... 244

· 5.6 ... Encrypting Hard Drives ... 246

· 6 ... Passwords ... 255

· 6.1 ... Hash Procedures ... 256

· 6.2 ... Brute-Force Password Cracking ... 259

· 6.3 ... Rainbow Tables ... 260

· 6.4 ... Dictionary Attacks ... 262

· 6.5 ... Password Tools ... 263

· 6.6 ... Default Passwords ... 271

· 6.7 ... Data Breaches ... 272

· 6.8 ... Multifactor Authentication ... 275

· 6.9 ... Implementing Secure Password Handling ... 276

· IT Forensics ... 279

· 7.1 ... Methodical Analysis of Incidents ... 281

· 7.2 ... Postmortem Investigation ... 284

· 7.3 ... Live Analysis ... 300

· 7.4 ... Forensic Readiness ... 303

· 7.5 ... Summary ... 305

· 8 ... Wi-Fi, Bluetooth, and SDR ... 307

· 8.1 ... 802.11x Systems: Wi-Fi ... 307

· 8.2 ... Collecting WPA-2 Handshakes with Pwnagotchi ... 325

· 8.3 ... Bluetooth ... 332

· 8.4 ... Software-Defined Radios ... 349

· 9 ... Attack Vector USB Interface ... 359

· 9.1 ... USB Rubber Ducky ... 360

· 9.2 ... Digispark: A Wolf in Sheep's Clothing ... 367

· 9.3 ... Bash Bunny ... 375

· 9.4 ... P4wnP1: The Universal Talent ... 396

· 9.5 ... MalDuino W ... 406

· 9.6 ... Countermeasures ... 412

· 10 ... External Security Checks ... 419

· 10.1 ... Reasons for Professional Checks ... 419

· 10.2 ... Types of Security Checks ... 420

· 10.3 ... Legal Protection ... 430

· 10.4 ... Objectives and Scope ... 432

· 10.5 ... Implementation Methods ... 433

· 10.6 ... Reporting ... 434

· 10.7 ... Selecting the Right Provider ... 437

· 11 ... Penetration Testing ... 441

· 11.1 ... Gathering Information ... 442

· 11.2 ... Initial Access with Code Execution ... 459

· 11.3 ... Scanning Targets of Interest ... 463

· 11.4 ... Searching for Known Vulnerabilities Using nmap ... 470

· 11.5 ... Exploiting Known Vulnerabilities Using Metasploit ... 472

· 11.6 ... Attacking Using Known or Weak Passwords ... 478

· 11.7 ... Email Phishing Campaigns for Companies ... 481

· 11.8 ... Phishing Attacks with Office Macros ... 490

· 11.9 ... Phishing Attacks with ISO and ZIP Files ... 494

· 11.10 ... Attack Vector USB Phishing ... 504

· 11.11 ... Network Access Control and 802.1X in Local Networks ... 506

· 11.12 ... Extending Rights on the System ... 509

· 11.13 ... Collecting Credentials and Tokens ... 517

· 11.14 ... SMB Relaying Attack on Ordinary Domain Users ... 540

· 12 ... Securing Windows Servers ... 543

· 12.1 ... Local Users, Groups, and Rights ... 544

· 12.2 ... Manipulating the File System ... 553

· 12.3 ... Server Hardening ... 558

· 12.4 ... Microsoft Defender ... 561

· 12.5 ... Windows Firewall ... 564

· 12.6 ... Windows Event Viewer ... 568

· 13 ... Active Directory ... 579

· 13.1 ... What Is Active Directory? ... 579

· 13.2 ... Manipulating the Active Directory Database or its Data ... 592

· 13.3 ... Manipulating Group Policies ... 596

· 13.4 ... Domain Authentication: Kerberos ... 603

· 13.5 ... Attacks against Authentication Protocols and LDAP ... 611

· 13.6 ... Pass-the-Hash Attacks: mimikatz ... 612

· 13.7 ... Golden Ticket and Silver Ticket ... 624

· 13.8 ... Reading Sensitive Data from the Active Directory Database ... 628

· 13.9 ... Basic Coverage ... 631

· 13.10 ... More Security through Tiers ... 635

· 13.11 ... Protective Measures against Pass-the-Hash and Pass-the-Ticket Attacks ... 639

· 14 ... Securing Linux ... 649

· 14.1 ... Other Linux Chapters ... 649

· 14.2 ... Installation ... 650

· 14.3 ... Software Updates ... 654

· 14.4 ... Kernel Updates: Live Patches ... 658

· 14.5 ... Securing SSH ... 661

· 14.6 ... 2FA with Google Authenticator ... 665

· 14.7 ... 2FA with YubiKey ... 670

· 14.8 ... Fail2ban ... 673

· 14.9 ... Firewall ... 679

· 14.10 ... SELinux ... 693

· 14.11 ... AppArmor ... 699

· 14.12 ... Kernel Hardening ... 704

· 14.13 ... Apache ... 706

· 14.14 ... MySQL and MariaDB ... 712

· 14.15 ... Postfix ... 719

· 14.16 ... Dovecot ... 724

· 14.17 ... Rootkit Detection and Intrusion Detection ... 726

· 15 ... Security of Samba File Servers ... 735

· 15.1 ... Preliminary Considerations ... 735

· 15.2 ... Basic CentOS Installation ... 737

· 15.3 ... Basic Debian Installation ... 741

· 15.4 ... Configuring the Samba Server ... 743

· 15.5 ... Samba Server in Active Directory ... 746

· 15.6 ... Shares on the Samba Server ... 750

· 15.7 ... Changes to the Registry ... 755

· 15.8 ... Samba Audit …