Produktbild: Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition

Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition

52,99 €

inkl. gesetzl. MwSt., Versandkostenfrei


Beschreibung

Produktdetails

Einband

Taschenbuch

Erscheinungsdatum

29.03.2022

Abbildungen

Illustrationen, nicht spezifiziert

Verlag

Mcgraw Hill Higher Education

Seitenzahl

704

Maße (L/B/H)

22,9/18,8/3,7 cm

Gewicht

1166 g

Auflage

6. Auflage

Sprache

Englisch

ISBN

978-1-264-26894-8

Beschreibung

Produktdetails

Einband

Taschenbuch

Erscheinungsdatum

29.03.2022

Abbildungen

Illustrationen, nicht spezifiziert

Verlag

Mcgraw Hill Higher Education

Seitenzahl

704

Maße (L/B/H)

22,9/18,8/3,7 cm

Gewicht

1166 g

Auflage

6. Auflage

Sprache

Englisch

ISBN

978-1-264-26894-8

Herstelleradresse

Libri GmbH
Europaallee 1
36244 Bad Hersfeld
DE

Email: gpsr@libri.de

Noch keine Bewertungen vorhanden

Verfassen Sie die erste Bewertung zu diesem Artikel

Helfen Sie anderen Kundinnen und Kunden durch Ihre Meinung.

Kundinnen und Kunden meinen

Bewertungen (0)

  • Produktbild: Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition
  • Preface
    Acknowledgments
    Introduction

    Part I. Preparation

    Chapter 1. Gray Hat Hacking
    Gray Hat Hacking Overview
    History of Hacking
    Ethics and Hacking
    Definition of Gray Hat Hacking
    History of Ethical Hacking
    History of Vulnerability Disclosure
    Bug Bounty Programs
    Know the Enemy: Black Hat Hacking
    Advanced Persistent Threats
    Lockheed Martin Cyber Kill Chain
    Courses of Action for the Cyber Kill Chain
    MITRE ATT&CK Framework
    Summary
    For Further Reading
    References

    Chapter 2. Programming Survival Skills
    C Programming Language
    Basic C Language Constructs
    Lab 2-1: Format Strings
    Lab 2-2: Loops
    Lab 2-3: if/else
    Sample Programs
    Lab 2-4: hello.c
    Lab 2-5: meet.c
    Compiling with gcc
    Lab 2-6: Compiling meet.c
    Computer Memory
    Random Access Memory
    Endian
    Segmentation of Memory
    Programs in Memory
    Buffers
    Strings in Memory
    Pointers
    Putting the Pieces of Memory Together
    Lab 2-7: memory.c
    Intel Processors
    Registers
    Assembly Language Basics
    Machine vs. Assembly vs. C
    AT&T vs. NASM
    Addressing Modes
    Assembly File Structure
    Lab 2-8: Simple Assembly Program
    Debugging with gdb
    gdb Basics
    Lab 2-9: Debugging
    Lab 2-10: Disassembly with gdb
    Python Survival Skills
    Getting Python
    Lab 2-11: Launching Python
    Lab 2-12: "Hello, World!" in Python
    Python Objects
    Lab 2-13: Strings
    Lab 2-14: Numbers
    Lab 2-15: Lists
    Lab 2-16: Dictionaries
    Lab 2-17: Files with Python
    Lab 2-18: Sockets with Python
    Summary
    For Further Reading
    References

    Chapter 3. Linux Exploit Development Tools
    Binary, Dynamic Information-Gathering Tools
    Lab 3-1: Hello.c
    Lab 3-2: ldd
    Lab 3-3: objdump
    Lab 3-4: strace
    Lab 3-5: ltrace
    Lab 3-6: checksec
    Lab 3-7: libc-database
    Lab 3-8: patchelf
    Lab 3-9: one_gadget
    Lab 3-10: Ropper
    Extending gdb with Python
    Pwntools CTF Framework and Exploit Development Library
    Summary of Features
    Lab 3-11: leak-bof.c
    HeapME (Heap Made Easy) Heap Analysis and Collaboration Tool
    Installing HeapME
    Lab 3-12: heapme_demo.c
    Summary
    For Further Reading
    References

    Chapter 4. Introduction to Ghidra
    Creating Our First Project
    Installation and QuickStart
    Setting the Project Workspace
    Functionality Overview
    Lab 4-1: Improving Readability with Annotations
    Lab 4-2: Binary Diffing and Patch Analysis
    Summary
    For Further Reading
    References

    Chapter 5. IDA Pro
    Introduction to IDA Pro for Reverse Engineering
    What Is Disassembly?
    Navigating IDA Pro
    IDA Pro Features and Functionality
    Cross-References (Xrefs)
    Function Calls
    Proximity Browser
    Opcodes and Addressing
    Shortcuts
    Comments
    Debugging with IDA Pro
    Summary
    For Further Reading
    References

    Part II. Ethical Hacking

    Chapter 6. Red and Purple Teams
    Introduction to Red Teams
    Vulnerability Scanning
    Validated Vulnerability Scanning
    Penetration Testing
    Threat Simulation and Emulation
    Purple Team
    Making Money with Red Teaming
    Corporate Red Teaming
    Consultant Red Teaming
    Purple Team Basics
    Purple Team Skills
    Purple Team Activities
    Summary
    For Further Reading
    References

    Chapter 7. Command and Control (C2)
    Command and Control Systems
    Metasploit
    Lab 7-1: Creating a Shell with Metasploit
    PowerShell Empire
    Covenant
    Lab 7-2: Using Covenant C2
    Payload Obfuscation
    msfvenom and Obfuscation
    Lab 7-3: Obfuscating Payloads with msfvenom
    Creating C# Launchers
    Lab 7-4: Compiling and Testing C# Launchers
    Creating Go Launchers
    Lab 7-5: Compiling and Testing Go Launchers
    Creating Nim Launchers
    &n bsp; Lab 7-6: Compiling and Testing Nim Launchers
    Network Evasion
    Encryption
    Alternate Protocols
    C2 Templates
    EDR Evasion
    Killing EDR Products
    Bypassing Hooks
    Summary
    For Further Reading

    Chapter 8. Building a Threat Hunting Lab
    Threat Hunting and Labs
    Options of Threat Hunting Labs
    Method for the Rest of this Chapter
    Basic Threat Hunting Lab: DetectionLab
    Prerequisites
    Lab 8-1: Install the Lab on Your Host
    Lab 8-2: Install the Lab in the Cloud
    Lab 8-3: Looking Around the Lab
    Extending Your Lab
    HELK
    Lab 8-4: Install HELK
    Lab 8-5: Install Winlogbeat
    Lab 8-6: Kibana Basics
    Lab 8-7: Mordor
    Summary
    For Further Reading
    References

    Chapter 9. Introduction to Threat Hunting
    Threat Hunting Basics
    Types of Threat Hunting
    Workflow of a Threat Hunt
    Normalizing Data Sources with OSSEM
    Data Sources
    OSSEM to the Rescue
    Data-Driven Hunts Using OSSEM
    MITRE ATT&CK Framework Refresher: T1003.002
    Lab 9-1: Visualizing Data Sources with OSSEM
    Lab 9-2: AtomicRedTeam Attacker Emulation
    Exploring Hypothesis-Driven Hunts
    Lab 9-3: Hypothesis that Someone Copied a SAM File
    Crawl, Walk, Run
    Enter Mordor
    Lab 9-4: Hypothesis that Someone Other than an Admin Launched PowerShell
    Threat Hunter Playbook
    Departure from HELK for Now
    Spark and Jupyter
    Lab 9-5: Automated Playbooks and Sharing of Analytics
    Summary
    For Further Reading
    References

    Part III. Hacking Systems

    Chapter 10. Basic Linux Exploits
    Stack Operations and Function-Calling Procedures
    Buffer Overflows
    Lab 10-1: Overflowing meet.c
    Ramifications of Buffer Overflows
    Local Buffer Overflow Exploits
    Lab 10-2: Components of the Exploit
    Lab 10-3: Exploiting Stack Overflows from the Command Line
    Lab 10-4: Writing the Exploit with Pwntools
    Lab 10-5: Exploiting Small Buffers
    Exploit Development Process
    Lab 10-6: Building Custom Exploits
    Summary
    For Further Reading

    Chapter 11. Advanced Linux Exploits
    Lab 11-1: Vulnerable Program and Environment Setup
    Lab 11-2: Bypassing Non-Executable Stack (NX) with Return-Oriented Programming (ROP)
    Lab 11-3: Defeating Stack Canaries
    Lab 11-4: ASLR Bypass with an Information Leak
    Lab 11-5: PIE Bypass with an Information Leak
    Summary
    For Further Reading
    References

    Chapter 12. Linux Kernel Exploits
    Lab 12-1: Environment Setup and Vulnerable procfs Module
    Lab 12-2: ret2usr
    Lab 12-3: Defeating Stack Canaries
    Lab 12-4: Bypassing Supervisor Mode Execution Protection (SMEP) and Kernel Page-Table Isolation (KPTI)
    Lab 12-5: Bypassing Supervisor Mode Access Prevention (SMAP)
    Lab 12-6: Defeating Kernel Address Space Layout Randomization (KASLR)
    Summary
    For Further Reading
    References

    Chapter 13. Basic Windows Exploitation
    Compiling and Debugging Windows Programs
    Lab 13-1: Compiling on Windows
    Debugging on Windows with Immunity Debugger
    Lab 13-2: Crashing the Program
    Writing Windows Exploits
    Exploit Development Process Review
    Lab 13-3: Exploiting ProSSHD Server
    Understanding Structured Exception Handling
    Understanding and Bypassing Common Windows Memory Protections
    Safe Structured Exception Handling
    Bypassing SafeSEH
    Data Execution Prevention
    Return-Oriented Programming
    Gadgets
    Building the ROP Chain
    Summary
    For Further Reading
    References

    Chapter 14. Windows Kernel Exploitation
    The Windows Kernel
    Kernel Drivers
    Kernel Debugging
    Lab 14-1: Setting Up Kernel Debugging
    Picking a Target
    Lab 14-2: Obtaining the Target Driver
    Lab 14-3: Reverse Engineering the Driver
    Lab 14-4: Interacting with the Driver
    Token Stealing
    Lab 14-5: Arbitrary Pointer Read/Write
    Lab 14-6: Writing a Kernel Exploit
    Summary
    For Further Reading
    References

    Chapter 15. PowerShell Exploitation
    Why PowerShell
    Living off the Land
    PowerShell Logging
    PowerShell Portability
    Loading PowerShell Scripts
    Lab 15-1: The Failure Condition
    Lab 15-2: Passing Commands on the Command Line
    Lab 15-3: Encoded Commands
    Lab 15-4: Bootstrapping via the Web
    Exploitation and Post-Exploitation with PowerSploit
    Lab 15-5: Setting Up PowerSploit
    Lab 15-6: Running Mimikatz Through PowerShell
    Using PowerShell Empire for C2
    Lab 15-7: Setting Up Empire
    Lab 15-8: Staging an Empire C2
    Lab 15-9: Using Empire to Own the System
    Lab 15-10: Using WinRM to Launch Empire
    Summary
    For Further Reading
    Reference

    Chapter 16. Getting Shells Without Exploits
    Capturing Password Hashes
    Understanding LLMNR and NBNS
    Understanding Windows NTLMv1 and NTLMv2 Authentication
    Using Responder
    Lab 16-1: Getting Passwords with Responder
    Using Winexe
    Lab 16-2: Using Winexe to Access Remote Systems
    Lab 16-3: Using Winexe to Gain Elevated Privileges
    Using WMI
    Lab 16-4: Querying System Information with WMI
    Lab 16-5: Executing Commands with WMI
    Taking Advantage of WinRM
    Lab 16-6: Executing Commands with WinRM
    Lab 16-7: Using Evil-WinRM to Execute Code
    Summary
    For Further Reading
    Reference

    Chapter 17. Post-Exploitation in Modern Windows Environments
    Post-Exploitation
    Host Recon
    Lab 17-1: Using whoami to Identify Privileges
    Lab 17-2: Using Seatbelt to Find User Information
    Lab 17-3: System Recon with PowerShell
    Lab 17-4: System Recon with Seatbelt
    Lab 17-5: Getting Domain Information with PowerShell
    Lab 17-6: Using PowerView for AD Recon
    Lab 17-7: Gathering AD Data with SharpHound
    Escalation
    Lab 17-8: Profiling Systems with winPEAS
    Lab 17-9: Using SharpUp to Escalate Privileges
    Lab 17-10: Searching for Passwords in User Objects
    Lab 17-11: Abusing Kerberos to Gather Credentials
    Lab 17-12: Abusing Kerberos to Escalate Privileges
    Active Directory Persistence
    Lab 17-13: Abusing AdminSDHolder
    Lab 17-14: Abusing SIDHistory
    Summary
    For Further Reading

    Chapter 18. Next-Generation Patch Exploitation
    Introduction to Binary Diffing
    Application Diffing
    Patch Diffing
    Binary Diffing Tools
    BinDiff
    turbodiff
    Lab 18-1: Our First Diff
    Patch Management Process
    Microsoft Patch Tuesday
    Obtaining and Extracting Microsoft Patches
    Summary
    For Further Reading
    References

    Part IV. Hacking IoT

    Chapter 19. Internet of Things to Be Hacked
    Internet of Things (IoT)
    Types of Connected Things
    Wireless Protocols
    Communication Protocols
    Security Concerns
    Shodan IoT Search Engine
    Web Interface
    Shodan Command-Line Interface
    Lab 19-1: Using the Shodan Command Line
    Shodan API
    Lab 19-2: Testing the Shodan API
    Lab 19-3: Playing with MQTT
    Implications of this Unauthenticated Access to MQTT
    IoT Worms: It Was a Matter of Time
    Prevention
    Summary
    For Further Reading
    References

    Chapter 20. Dissecting Embedded Devices
    CPU
    Microprocessor
    Microcontrollers
    System on Chip
    Common Processor Architectures
    Serial Interfaces
    UART
    SPI
    I2C
    Debug Interfaces
    JTAG
    SWD
    Software
    Bootloader
    No Operating System
    Real-Time Operating System
    General Operating System
    Summary
    For Further Reading
    References

    Chapter 21. Exploiting Embedded Devices
    Static Analysis of Vulnerabilities in Embedded Devices
    Lab 21-1: Analyzing the Update Package
    Lab 21-2: Performing Vulnerability Analysis
    Dynamic Analysis with Hardware
    The Test Environment Setup
    Ettercap
    Dynamic Analysis with Emulation
    FirmAE
    Lab 21-3: Setting Up FirmAE
    Lab 21-4: Emulating Firmware
    Lab 21-5: Exploiting Firmware
    Summary
    For Further Reading
    References

    Chapter 22. Software-Defined Radio
    Getting Started with SDR
    What to Buy
    Not So Quick: Know the Rules
    Learn by Example
    Search
    Capture
    Replay
    Analyze
    Preview
    Execute
    Summary
    For Further Reading

    Part V. Hacking Hypervisors

    Chapter 23. Hypervisors 101
    What Is a Hypervisor?
    Popek and Goldberg Virtualization Theorems
    Goldberg's Hardware Virtualizer
    Type-1 and Type-2 VMMs
    x86 Virtualization
    Dynamic Binary Translation
    Ring Compression
    Shadow Paging
    Paravirtualization
    Hardware Assisted Virtualization
    VMX
    EPT
    Summary
    References

    Chapter 24. Creating a Research Framework
    Hypervisor Attack Surface
    The Unikernel
    Lab 24-1: Booting and Communication
    Lab 24-2: Communication Protocol
    Boot Message Implementation
    Handling Requests
    The Client (Python)
    Communication Protocol (Python)
    Lab 24-3: Running the Guest (Python)
    Lab 24-4: Code Injection (Python)
    Fuzzing
    The Fuzzer Base Class
    Lab 24-5: IO-Ports Fuzzer
    Lab 24-6: MSR Fuzzer
    Lab 24-7: Exception Handling
    Fuzzing Tips and Improvements
    Summary
    References

    Chapter 25. Inside Hyper-V
    Environment Setup
    Hyper-V Architecture
    Hyper-V Components
    Virtual Trust Levels
    Generation-1 VMs
    Lab 25-1: Scanning PCI Devices in a Generation-1 V