£45.99

Description

Contents

Preface Acknowledgments Introduction Part I. Preparation Chapter 1. Gray Hat Hacking Gray Hat Hacking Overview History of Hacking Ethics and Hacking Definition of Gray Hat Hacking History of Ethical Hacking History of Vulnerability Disclosure Bug Bounty Programs Know the Enemy: Black Hat Hacking Advanced Persistent Threats Lockheed Martin Cyber Kill Chain Courses of Action for the Cyber Kill Chain MITRE ATT&CK Framework Summary For Further Reading References Chapter 2. Programming Survival Skills C Programming Language Basic C Language Constructs Lab 2-1: Format Strings Lab 2-2: Loops Lab 2-3: if/else Sample Programs Lab 2-4: hello.c Lab 2-5: meet.c Compiling with gcc Lab 2-6: Compiling meet.c Computer Memory Random Access Memory Endian Segmentation of Memory Programs in Memory Buffers Strings in Memory Pointers Putting the Pieces of Memory Together Lab 2-7: memory.c Intel Processors Registers Assembly Language Basics Machine vs. Assembly vs. C AT&T vs. NASM Addressing Modes Assembly File Structure Lab 2-8: Simple Assembly Program Debugging with gdb gdb Basics Lab 2-9: Debugging Lab 2-10: Disassembly with gdb Python Survival Skills Getting Python Lab 2-11: Launching Python Lab 2-12: "Hello, World!" in Python Python Objects Lab 2-13: Strings Lab 2-14: Numbers Lab 2-15: Lists Lab 2-16: Dictionaries Lab 2-17: Files with Python Lab 2-18: Sockets with Python Summary For Further Reading References Chapter 3. Linux Exploit Development Tools Binary, Dynamic Information-Gathering Tools Lab 3-1: Hello.c Lab 3-2: ldd Lab 3-3: objdump Lab 3-4: strace Lab 3-5: ltrace Lab 3-6: checksec Lab 3-7: libc-database Lab 3-8: patchelf Lab 3-9: one_gadget Lab 3-10: Ropper Extending gdb with Python Pwntools CTF Framework and Exploit Development Library Summary of Features Lab 3-11: leak-bof.c HeapME (Heap Made Easy) Heap Analysis and Collaboration Tool Installing HeapME Lab 3-12: heapme_demo.c Summary For Further Reading References Chapter 4. Introduction to Ghidra Creating Our First Project Installation and QuickStart Setting the Project Workspace Functionality Overview Lab 4-1: Improving Readability with Annotations Lab 4-2: Binary Diffing and Patch Analysis Summary For Further Reading References Chapter 5. IDA Pro Introduction to IDA Pro for Reverse Engineering What Is Disassembly? Navigating IDA Pro IDA Pro Features and Functionality Cross-References (Xrefs) Function Calls Proximity Browser Opcodes and Addressing Shortcuts Comments Debugging with IDA Pro Summary For Further Reading References Part II. Ethical Hacking Chapter 6. Red and Purple Teams Introduction to Red Teams Vulnerability Scanning Validated Vulnerability Scanning Penetration Testing Threat Simulation and Emulation Purple Team Making Money with Red Teaming Corporate Red Teaming Consultant Red Teaming Purple Team Basics Purple Team Skills Purple Team Activities Summary For Further Reading References Chapter 7. Command and Control (C2) Command and Control Systems Metasploit Lab 7-1: Creating a Shell with Metasploit PowerShell Empire Covenant Lab 7-2: Using Covenant C2 Payload Obfuscation msfvenom and Obfuscation Lab 7-3: Obfuscating Payloads with msfvenom Creating C# Launchers Lab 7-4: Compiling and Testing C# Launchers Creating Go Launchers Lab 7-5: Compiling and Testing Go Launchers Creating Nim Launchers &n bsp; Lab 7-6: Compiling and Testing Nim Launchers Network Evasion Encryption Alternate Protocols C2 Templates EDR Evasion Killing EDR Products Bypassing Hooks Summary For Further Reading Chapter 8. Building a Threat Hunting Lab Threat Hunting and Labs Options of Threat Hunting Labs Method for the Rest of this Chapter Basic Threat Hunting Lab: DetectionLab Prerequisites Lab 8-1: Install the Lab on Your Host Lab 8-2: Install the Lab in the Cloud Lab 8-3: Looking Around the Lab Extending Your Lab HELK Lab 8-4: Install HELK Lab 8-5: Install Winlogbeat Lab 8-6: Kibana Basics Lab 8-7: Mordor Summary For Further Reading References Chapter 9. Introduction to Threat Hunting Threat Hunting Basics Types of Threat Hunting Workflow of a Threat Hunt Normalizing Data Sources with OSSEM Data Sources OSSEM to the Rescue Data-Driven Hunts Using OSSEM MITRE ATT&CK Framework Refresher: T1003.002 Lab 9-1: Visualizing Data Sources with OSSEM Lab 9-2: AtomicRedTeam Attacker Emulation Exploring Hypothesis-Driven Hunts Lab 9-3: Hypothesis that Someone Copied a SAM File Crawl, Walk, Run Enter Mordor Lab 9-4: Hypothesis that Someone Other than an Admin Launched PowerShell Threat Hunter Playbook Departure from HELK for Now Spark and Jupyter Lab 9-5: Automated Playbooks and Sharing of Analytics Summary For Further Reading References Part III. Hacking Systems Chapter 10. Basic Linux Exploits Stack Operations and Function-Calling Procedures Buffer Overflows Lab 10-1: Overflowing meet.c Ramifications of Buffer Overflows Local Buffer Overflow Exploits Lab 10-2: Components of the Exploit Lab 10-3: Exploiting Stack Overflows from the Command Line Lab 10-4: Writing the Exploit with Pwntools Lab 10-5: Exploiting Small Buffers Exploit Development Process Lab 10-6: Building Custom Exploits Summary For Further Reading Chapter 11. Advanced Linux Exploits Lab 11-1: Vulnerable Program and Environment Setup Lab 11-2: Bypassing Non-Executable Stack (NX) with Return-Oriented Programming (ROP) Lab 11-3: Defeating Stack Canaries Lab 11-4: ASLR Bypass with an Information Leak Lab 11-5: PIE Bypass with an Information Leak Summary For Further Reading References Chapter 12. Linux Kernel Exploits Lab 12-1: Environment Setup and Vulnerable procfs Module Lab 12-2: ret2usr Lab 12-3: Defeating Stack Canaries Lab 12-4: Bypassing Supervisor Mode Execution Protection (SMEP) and Kernel Page-Table Isolation (KPTI) Lab 12-5: Bypassing Supervisor Mode Access Prevention (SMAP) Lab 12-6: Defeating Kernel Address Space Layout Randomization (KASLR) Summary For Further Reading References Chapter 13. Basic Windows Exploitation Compiling and Debugging Windows Programs Lab 13-1: Compiling on Windows Debugging on Windows with Immunity Debugger Lab 13-2: Crashing the Program Writing Windows Exploits Exploit Development Process Review Lab 13-3: Exploiting ProSSHD Server Understanding Structured Exception Handling Understanding and Bypassing Common Windows Memory Protections Safe Structured Exception Handling Bypassing SafeSEH Data Execution Prevention Return-Oriented Programming Gadgets Building the ROP Chain Summary For Further Reading References Chapter 14. Windows Kernel Exploitation The Windows Kernel Kernel Drivers Kernel Debugging Lab 14-1: Setting Up Kernel Debugging Picking a Target Lab 14-2: Obtaining the Target Driver Lab 14-3: Reverse Engineering the Driver Lab 14-4: Interacting with the Driver Token Stealing Lab 14-5: Arbitrary Pointer Read/Write Lab 14-6: Writing a Kernel Exploit Summary For Further Reading References Chapter 15. PowerShell Exploitation Why PowerShell Living off the Land PowerShell Logging PowerShell Portability Loading PowerShell Scripts Lab 15-1: The Failure Condition Lab 15-2: Passing Commands on the Command Line Lab 15-3: Encoded Commands Lab 15-4: Bootstrapping via the Web Exploitation and Post-Exploitation with PowerSploit Lab 15-5: Setting Up PowerSploit Lab 15-6: Running Mimikatz Through PowerShell Using PowerShell Empire for C2 Lab 15-7: Setting Up Empire Lab 15-8: Staging an Empire C2 Lab 15-9: Using Empire to Own the System Lab 15-10: Using WinRM to Launch Empire Summary For Further Reading Reference Chapter 16. Getting Shells Without Exploits Capturing Password Hashes Understanding LLMNR and NBNS Understanding Windows NTLMv1 and NTLMv2 Authentication Using Responder Lab 16-1: Getting Passwords with Responder Using Winexe Lab 16-2: Using Winexe to Access Remote Systems Lab 16-3: Using Winexe to Gain Elevated Privileges Using WMI Lab 16-4: Querying System Information with WMI Lab 16-5: Executing Commands with WMI Taking Advantage of WinRM Lab 16-6: Executing Commands with WinRM Lab 16-7: Using Evil-WinRM to Execute Code Summary For Further Reading Reference Chapter 17. Post-Exploitation in Modern Windows Environments Post-Exploitation Host Recon Lab 17-1: Using whoami to Identify Privileges Lab 17-2: Using Seatbelt to Find User Information Lab 17-3: System Recon with PowerShell Lab 17-4: System Recon with Seatbelt Lab 17-5: Getting Domain Information with PowerShell Lab 17-6: Using PowerView for AD Recon Lab 17-7: Gathering AD Data with SharpHound Escalation Lab 17-8: Profiling Systems with winPEAS Lab 17-9: Using SharpUp to Escalate Privileges Lab 17-10: Searching for Passwords in User Objects Lab 17-11: Abusing Kerberos to Gather Credentials Lab 17-12: Abusing Kerberos to Escalate Privileges Active Directory Persistence Lab 17-13: Abusing AdminSDHolder Lab 17-14: Abusing SIDHistory Summary For Further Reading Chapter 18. Next-Generation Patch Exploitation Introduction to Binary Diffing Application Diffing Patch Diffing Binary Diffing Tools BinDiff turbodiff Lab 18-1: Our First Diff Patch Management Process Microsoft Patch Tuesday Obtaining and Extracting Microsoft Patches Summary For Further Reading References Part IV. Hacking IoT Chapter 19. Internet of Things to Be Hacked Internet of Things (IoT) Types of Connected Things Wireless Protocols Communication Protocols Security Concerns Shodan IoT Search Engine Web Interface Shodan Command-Line Interface Lab 19-1: Using the Shodan Command Line Shodan API Lab 19-2: Testing the Shodan API Lab 19-3: Playing with MQTT Implications of this Unauthenticated Access to MQTT IoT Worms: It Was a Matter of Time Prevention Summary For Further Reading References Chapter 20. Dissecting Embedded Devices CPU Microprocessor Microcontrollers System on Chip Common Processor Architectures Serial Interfaces UART SPI I2C Debug Interfaces JTAG SWD Software Bootloader No Operating System Real-Time Operating System General Operating System Summary For Further Reading References Chapter 21. Exploiting Embedded Devices Static Analysis of Vulnerabilities in Embedded Devices Lab 21-1: Analyzing the Update Package Lab 21-2: Performing Vulnerability Analysis Dynamic Analysis with Hardware The Test Environment Setup Ettercap Dynamic Analysis with Emulation FirmAE Lab 21-3: Setting Up FirmAE Lab 21-4: Emulating Firmware Lab 21-5: Exploiting Firmware Summary For Further Reading References Chapter 22. Software-Defined Radio Getting Started with SDR What to Buy Not So Quick: Know the Rules Learn by Example Search Capture Replay Analyze Preview Execute Summary For Further Reading Part V. Hacking Hypervisors Chapter 23. Hypervisors 101 What Is a Hypervisor? Popek and Goldberg Virtualization Theorems Goldberg's Hardware Virtualizer Type-1 and Type-2 VMMs x86 Virtualization Dynamic Binary Translation Ring Compression Shadow Paging Paravirtualization Hardware Assisted Virtualization VMX EPT Summary References Chapter 24. Creating a Research Framework Hypervisor Attack Surface The Unikernel Lab 24-1: Booting and Communication Lab 24-2: Communication Protocol Boot Message Implementation Handling Requests The Client (Python) Communication Protocol (Python) Lab 24-3: Running the Guest (Python) Lab 24-4: Code Injection (Python) Fuzzing The Fuzzer Base Class Lab 24-5: IO-Ports Fuzzer Lab 24-6: MSR Fuzzer Lab 24-7: Exception Handling Fuzzing Tips and Improvements Summary References Chapter 25. Inside Hyper-V Environment Setup Hyper-V Architecture Hyper-V Components Virtual Trust Levels Generation-1 VMs Lab 25-1: Scanning PCI Devices in a Generation-1 V

Back