Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition - Allen Harper, Ryan Linn, Stephen Sims, Michael Baucom, Huascar Tejeda

Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition

Buch | Softcover
704 Seiten
2022 | 6th edition
McGraw-Hill Education (Verlag)
978-1-264-26894-8 (ISBN)
57,35 inkl. MwSt
Up-to-date strategies for thwarting the latest, most insidious network attacks

This fully updated, industry-standard security resource shows, step by step, how to fortify computer networks by learning and applying effective ethical hacking techniques. Based on curricula developed by the authors at major security conferences and colleges, the book features actionable planning and analysis methods as well as practical steps for identifying and combating both targeted and opportunistic attacks.

Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition clearly explains the enemy’s devious weapons, skills, and tactics and offers field-tested remedies, case studies, and testing labs. You will get complete coverage of Internet of Things, mobile, and Cloud security along with penetration testing, malware analysis, and reverse engineering techniques. State-of-the-art malware, ransomware, and system exploits are thoroughly explained.



Fully revised content includes 7 new chapters covering the latest threats
Includes proof-of-concept code stored on the GitHub repository
Authors train attendees at major security conferences, including RSA, Black Hat, Defcon, and Besides

Dr. Allen Harper, CISSP, is the founder of N2NetSecurity, Inc.; former EVP and chief hacker at Tangible Security; former program director at Liberty University; and now serves as EVP of Cybersecurity at T-Rex Solutions LLC.. Ryan Linn has over 20 years in the security industry, ranging from systems programmer to corporate security, to  leading a global cybersecurity consultancy. Stephen Sims is an industry expert with over 15 years of experience in information technology and security. He currently works as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing.  Michael Baucom has over 25 years of industry experience ranging from embedded systems development to leading the product security and research division at Tangible Security. Huáscar Tejeda is the co-founder and CEO of F2TC Cyber Security. He is a seasoned cybersecurity professional, thoroughly experienced with more than 20 years and notable achievements in IT and Telecommunications, developing carrier grade security solutions and business critical components for multiple broadband providers. He is also a member of the SANS Latin America Advisory Group, SANS Purple Team Summit Advisory Board, and contributing author of the SANS Institute's most advanced course, SEC760: Advanced Exploit Development for Penetration Testers. Daniel Fernandez is a security researcher with more than 15 years of experience in the field. His focus over the last years has been hypervisor exploitation, before that he exploited Windows and Linux Kernels mostly. Moses Frost is an author and instructor at the SANS Institute. His technology interests include Web Applications, Linux Systems Administration and Design and Designing hacking challenges. He currently works at McAfee.

Preface
Acknowledgments
Introduction

Part I. Preparation

Chapter 1. Gray Hat Hacking
    Gray Hat Hacking Overview
        History of Hacking
        Ethics and Hacking
        Definition of Gray Hat Hacking
    History of Ethical Hacking
        History of Vulnerability Disclosure
        Bug Bounty Programs
    Know the Enemy: Black Hat Hacking
        Advanced Persistent Threats
        Lockheed Martin Cyber Kill Chain
        Courses of Action for the Cyber Kill Chain
        MITRE ATT&CK Framework
    Summary
    For Further Reading
    References

Chapter 2. Programming Survival Skills
    C Programming Language
        Basic C Language Constructs
        Lab 2-1: Format Strings
        Lab 2-2: Loops
        Lab 2-3: if/else
        Sample Programs
        Lab 2-4: hello.c
        Lab 2-5: meet.c
        Compiling with gcc
        Lab 2-6: Compiling meet.c
    Computer Memory
        Random Access Memory
        Endian
        Segmentation of Memory
        Programs in Memory
        Buffers
        Strings in Memory
        Pointers
        Putting the Pieces of Memory Together
        Lab 2-7: memory.c
    Intel Processors
        Registers
    Assembly Language Basics
        Machine vs. Assembly vs. C
        AT&T vs. NASM
        Addressing Modes
        Assembly File Structure
        Lab 2-8: Simple Assembly Program
    Debugging with gdb
        gdb Basics
        Lab 2-9: Debugging
        Lab 2-10: Disassembly with gdb
    Python Survival Skills
        Getting Python
        Lab 2-11: Launching Python
        Lab 2-12: “Hello, World!” in Python
        Python Objects
        Lab 2-13: Strings
        Lab 2-14: Numbers
        Lab 2-15: Lists
        Lab 2-16: Dictionaries
        Lab 2-17: Files with Python
        Lab 2-18: Sockets with Python
    Summary
    For Further Reading
    References

Chapter 3. Linux Exploit Development Tools
    Binary, Dynamic Information-Gathering Tools
        Lab 3-1: Hello.c
        Lab 3-2: ldd
        Lab 3-3: objdump
        Lab 3-4: strace
        Lab 3-5: ltrace
        Lab 3-6: checksec
        Lab 3-7: libc-database
        Lab 3-8: patchelf
        Lab 3-9: one_gadget
        Lab 3-10: Ropper
    Extending gdb with Python
    Pwntools CTF Framework and Exploit Development Library
        Summary of Features
        Lab 3-11: leak-bof.c
    HeapME (Heap Made Easy) Heap Analysis and Collaboration Tool
        Installing HeapME
        Lab 3-12: heapme_demo.c
    Summary
    For Further Reading
    References

Chapter 4. Introduction to Ghidra
    Creating Our First Project
    Installation and QuickStart
        Setting the Project Workspace
        Functionality Overview
        Lab 4-1: Improving Readability with Annotations
        Lab 4-2: Binary Diffing and Patch Analysis
    Summary
    For Further Reading
    References

Chapter 5. IDA Pro
    Introduction to IDA Pro for Reverse Engineering
    What Is Disassembly?
    Navigating IDA Pro
    IDA Pro Features and Functionality
        Cross-References (Xrefs)
        Function Calls
        Proximity Browser
        Opcodes and Addressing
        Shortcuts
        Comments
    Debugging with IDA Pro
    Summary
    For Further Reading
    References

Part II. Ethical Hacking

Chapter 6. Red and Purple Teams
    Introduction to Red Teams
        Vulnerability Scanning
        Validated Vulnerability Scanning
        Penetration Testing
        Threat Simulation and Emulation
        Purple Team
    Making Money with Red Teaming
        Corporate Red Teaming
        Consultant Red Teaming
    Purple Team Basics
        Purple Team Skills
        Purple Team Activities
    Summary
    For Further Reading
    References

Chapter 7. Command and Control (C2)
    Command and Control Systems
        Metasploit
        Lab 7-1: Creating a Shell with Metasploit
        PowerShell Empire
        Covenant
        Lab 7-2: Using Covenant C2
    Payload Obfuscation
        msfvenom and Obfuscation
        Lab 7-3: Obfuscating Payloads with msfvenom
        Creating C# Launchers
        Lab 7-4: Compiling and Testing C# Launchers
        Creating Go Launchers
        Lab 7-5: Compiling and Testing Go Launchers
        Creating Nim Launchers
     &n
bsp;  Lab 7-6: Compiling and Testing Nim Launchers
    Network Evasion
        Encryption
        Alternate Protocols
        C2 Templates
    EDR Evasion
        Killing EDR Products
        Bypassing Hooks
    Summary
    For Further Reading

Chapter 8. Building a Threat Hunting Lab
    Threat Hunting and Labs
        Options of Threat Hunting Labs
        Method for the Rest of this Chapter
    Basic Threat Hunting Lab: DetectionLab
        Prerequisites
        Lab 8-1: Install the Lab on Your Host
        Lab 8-2: Install the Lab in the Cloud
        Lab 8-3: Looking Around the Lab
    Extending Your Lab
        HELK
        Lab 8-4: Install HELK
        Lab 8-5: Install Winlogbeat
        Lab 8-6: Kibana Basics
        Lab 8-7: Mordor
    Summary
    For Further Reading
    References

Chapter 9. Introduction to Threat Hunting
    Threat Hunting Basics
        Types of Threat Hunting
        Workflow of a Threat Hunt
    Normalizing Data Sources with OSSEM
        Data Sources
        OSSEM to the Rescue
    Data-Driven Hunts Using OSSEM
        MITRE ATT&CK Framework Refresher: T1003.002
        Lab 9-1: Visualizing Data Sources with OSSEM
        Lab 9-2: AtomicRedTeam Attacker Emulation
    Exploring Hypothesis-Driven Hunts
        Lab 9-3: Hypothesis that Someone Copied a SAM File
        Crawl, Walk, Run
    Enter Mordor
        Lab 9-4: Hypothesis that Someone Other than an Admin Launched PowerShell
    Threat Hunter Playbook
        Departure from HELK for Now
        Spark and Jupyter
        Lab 9-5: Automated Playbooks and Sharing of Analytics
    Summary
    For Further Reading
    References

Part III. Hacking Systems

Chapter 10. Basic Linux Exploits
    Stack Operations and Function-Calling Procedures
    Buffer Overflows
        Lab 10-1: Overflowing meet.c
        Ramifications of Buffer Overflows
    Local Buffer Overflow Exploits
        Lab 10-2: Components of the Exploit
        Lab 10-3: Exploiting Stack Overflows from the Command Line
        Lab 10-4: Writing the Exploit with Pwntools
        Lab 10-5: Exploiting Small Buffers
    Exploit Development Process
        Lab 10-6: Building Custom Exploits
    Summary
    For Further Reading

Chapter 11. Advanced Linux Exploits
        Lab 11-1: Vulnerable Program and Environment Setup
        Lab 11-2: Bypassing Non-Executable Stack (NX) with Return-Oriented Programming (ROP)
        Lab 11-3: Defeating Stack Canaries
        Lab 11-4: ASLR Bypass with an Information Leak
        Lab 11-5: PIE Bypass with an Information Leak
    Summary
    For Further Reading
    References

Chapter 12. Linux Kernel Exploits
        Lab 12-1: Environment Setup and Vulnerable procfs Module
        Lab 12-2: ret2usr
        Lab 12-3: Defeating Stack Canaries
        Lab 12-4: Bypassing Supervisor Mode Execution Protection (SMEP) and Kernel Page-Table Isolation (KPTI)
        Lab 12-5: Bypassing Supervisor Mode Access Prevention (SMAP)
        Lab 12-6: Defeating Kernel Address Space Layout Randomization (KASLR)
    Summary
    For Further Reading
    References

Chapter 13. Basic Windows Exploitation
    Compiling and Debugging Windows Programs
        Lab 13-1: Compiling on Windows
        Debugging on Windows with Immunity Debugger
        Lab 13-2: Crashing the Program
    Writing Windows Exploits
        Exploit Development Process Review
        Lab 13-3: Exploiting ProSSHD Server
    Understanding Structured Exception Handling
        Understanding and Bypassing Common Windows Memory Protections
        Safe Structured Exception Handling
        Bypassing SafeSEH
    Data Execution Prevention
        Return-Oriented Programming
        Gadgets
        Building the ROP Chain
    Summary
    For Further Reading
    References

Chapter 14. Windows Kernel Exploitation
    The Windows Kernel
    Kernel Drivers
    Kernel Debugging
        Lab 14-1: Setting Up Kernel Debugging
    Picking a Target
        Lab 14-2: Obtaining the Target Driver
        Lab 14-3: Reverse Engineering the Driver
        Lab 14-4: Interacting with the Driver
    Token Stealing
        Lab 14-5: Arbitrary Pointer Read/Write
        Lab 14-6: Writing a Kernel Exploit
    Summary
    For Further Reading
    References

Chapter 15. PowerShell Exploitation
    Why PowerShell
        Living off the Land
        PowerShell Logging
        PowerShell Portability
    Loading PowerShell Scripts
        Lab 15-1: The Failure Condition
        Lab 15-2: Passing Commands on the Command Line
        Lab 15-3: Encoded Commands
        Lab 15-4: Bootstrapping via the Web
    Exploitation and Post-Exploitation with PowerSploit
        Lab 15-5: Setting Up PowerSploit
        Lab 15-6: Running Mimikatz Through PowerShell
    Using
PowerShell Empire for C2
        Lab 15-7: Setting Up Empire
        Lab 15-8: Staging an Empire C2
        Lab 15-9: Using Empire to Own the System
        Lab 15-10: Using WinRM to Launch Empire
    Summary
    For Further Reading
    Reference

Chapter 16. Getting Shells Without Exploits
    Capturing Password Hashes
        Understanding LLMNR and NBNS
        Understanding Windows NTLMv1 and NTLMv2 Authentication
        Using Responder
        Lab 16-1: Getting Passwords with Responder
    Using Winexe
        Lab 16-2: Using Winexe to Access Remote Systems
        Lab 16-3: Using Winexe to Gain Elevated Privileges
    Using WMI
        Lab 16-4: Querying System Information with WMI
        Lab 16-5: Executing Commands with WMI
    Taking Advantage of WinRM
        Lab 16-6: Executing Commands with WinRM
        Lab 16-7: Using Evil-WinRM to Execute Code
    Summary
    For Further Reading
    Reference

Chapter 17. Post-Exploitation in Modern Windows Environments
    Post-Exploitation
        Host Recon
        Lab 17-1: Using whoami to Identify Privileges
        Lab 17-2: Using Seatbelt to Find User Information
        Lab 17-3: System Recon with PowerShell
        Lab 17-4: System Recon with Seatbelt
        Lab 17-5: Getting Domain Information with PowerShell
        Lab 17-6: Using PowerView for AD Recon
        Lab 17-7: Gathering AD Data with SharpHound
        Escalation
        Lab 17-8: Profiling Systems with winPEAS
        Lab 17-9: Using SharpUp to Escalate Privileges
        Lab 17-10: Searching for Passwords in User Objects
        Lab 17-11: Abusing Kerberos to Gather Credentials
        Lab 17-12: Abusing Kerberos to Escalate Privileges
    Active Directory Persistence
        Lab 17-13: Abusing AdminSDHolder
        Lab 17-14: Abusing SIDHistory
    Summary
    For Further Reading

Chapter 18. Next-Generation Patch Exploitation
    Introduction to Binary Diffing
        Application Diffing
        Patch Diffing
    Binary Diffing Tools
        BinDiff
        turbodiff
        Lab 18-1: Our First Diff
    Patch Management Process
        Microsoft Patch Tuesday
        Obtaining and Extracting Microsoft Patches
    Summary
    For Further Reading
    References

Part IV. Hacking IoT

Chapter 19. Internet of Things to Be Hacked
    Internet of Things (IoT)
        Types of Connected Things
        Wireless Protocols
        Communication Protocols
        Security Concerns
    Shodan IoT Search Engine
        Web Interface
        Shodan Command-Line Interface
        Lab 19-1: Using the Shodan Command Line
        Shodan API
        Lab 19-2: Testing the Shodan API
        Lab 19-3: Playing with MQTT
        Implications of this Unauthenticated Access to MQTT
    IoT Worms: It Was a Matter of Time
        Prevention
    Summary
    For Further Reading
    References

Chapter 20. Dissecting Embedded Devices
    CPU
        Microprocessor
        Microcontrollers
        System on Chip
        Common Processor Architectures
    Serial Interfaces
        UART
        SPI
        I2C
    Debug Interfaces
        JTAG
        SWD
    Software
        Bootloader
        No Operating System
        Real-Time Operating System
        General Operating System
    Summary
    For Further Reading
    References

Chapter 21. Exploiting Embedded Devices
    Static Analysis of Vulnerabilities in Embedded Devices
        Lab 21-1: Analyzing the Update Package
        Lab 21-2: Performing Vulnerability Analysis
    Dynamic Analysis with Hardware
        The Test Environment Setup
        Ettercap
    Dynamic Analysis with Emulation
        FirmAE
        Lab 21-3: Setting Up FirmAE
        Lab 21-4: Emulating Firmware
        Lab 21-5: Exploiting Firmware
    Summary
    For Further Reading
    References

Chapter 22. Software-Defined Radio
    Getting Started with SDR
        What to Buy
        Not So Quick: Know the Rules
    Learn by Example
        Search
        Capture
        Replay
        Analyze
        Preview
        Execute
    Summary
    For Further Reading

Part V. Hacking Hypervisors

Chapter 23. Hypervisors 101
    What Is a Hypervisor?
        Popek and Goldberg Virtualization Theorems
        Goldberg’s Hardware Virtualizer
        Type-1 and Type-2 VMMs
    x86 Virtualization
        Dynamic Binary Translation
        Ring Compression
        Shadow Paging
        Paravirtualization
    Hardware Assisted Virtualization
       
 VMX
        EPT
    Summary
    References

Chapter 24. Creating a Research Framework
    Hypervisor Attack Surface
    The Unikernel
        Lab 24-1: Booting and Communication
        Lab 24-2: Communication Protocol
        Boot Message Implementation
        Handling Requests
    The Client (Python)
        Communication Protocol (Python)
        Lab 24-3: Running the Guest (Python)
        Lab 24-4: Code Injection (Python)
    Fuzzing
        The Fuzzer Base Class
        Lab 24-5: IO-Ports Fuzzer
        Lab 24-6: MSR Fuzzer
        Lab 24-7: Exception Handling
        Fuzzing Tips and Improvements
    Summary
    References

Chapter 25. Inside Hyper-V
    Environment Setup
    Hyper-V Architecture
        Hyper-V Components
        Virtual Trust Levels
        Generation-1 VMs
        Lab 25-1: Scanning PCI Devices in a Generation-1 V

Erscheinungsdatum
Zusatzinfo 120 Illustrations
Verlagsort OH
Sprache englisch
Gewicht 1166 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Theorie / Studium
ISBN-10 1-264-26894-7 / 1264268947
ISBN-13 978-1-264-26894-8 / 9781264268948
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00