Gray Hat Hacking: The Ethical Hacker’s Handbook, 6th Edition
- Length: 704 pages
- Edition: 6
- Language: English
- Publisher: McGraw Hill
- Publication Date: 2022-03-14
- ISBN-10: 1264268947
- ISBN-13: 9781264268948
- Sales Rank: #757800 (See Top 100 Books)
Up-to-date strategies for thwarting the latest, most insidious network attacks
This fully updated, industry-standard security resource shows, step by step, how to fortify computer networks by learning and applying effective ethical hacking techniques. Based on curricula developed by the authors at major security conferences and colleges, the book features actionable planning and analysis methods as well as practical steps for identifying and combating both targeted and opportunistic attacks.
Gray Hat Hacking: The Ethical Hacker’s Handbook, Sixth Edition clearly explains the enemy’s devious weapons, skills, and tactics and offers field-tested remedies, case studies, and testing labs. You will get complete coverage of Internet of Things, mobile, and Cloud security along with penetration testing, malware analysis, and reverse engineering techniques. State-of-the-art malware, ransomware, and system exploits are thoroughly explained.
- Fully revised content includes 7 new chapters covering the latest threats
- Includes proof-of-concept code stored on the GitHub repository
- Authors train attendees at major security conferences, including RSA, Black Hat, Defcon, and Besides
Cover Title Page Copyright Page Contents Preface Acknowledgments Introduction Part I Preparation Chapter 1 Gray Hat Hacking Gray Hat Hacking Overview History of Hacking Ethics and Hacking Definition of Gray Hat Hacking History of Ethical Hacking History of Vulnerability Disclosure Bug Bounty Programs Know the Enemy: Black Hat Hacking Advanced Persistent Threats Lockheed Martin Cyber Kill Chain Courses of Action for the Cyber Kill Chain MITRE ATT&CK Framework Summary For Further Reading References Chapter 2 Programming Survival Skills C Programming Language Basic C Language Constructs Lab 2-1: Format Strings Lab 2-2: Loops Lab 2-3: if/else Sample Programs Lab 2-4: hello.c Lab 2-5: meet.c Compiling with gcc Lab 2-6: Compiling meet.c Computer Memory Random Access Memory Endian Segmentation of Memory Programs in Memory Buffers Strings in Memory Pointers Putting the Pieces of Memory Together Lab 2-7: memory.c Intel Processors Registers Assembly Language Basics Machine vs. Assembly vs. C AT&T vs. NASM Addressing Modes Assembly File Structure Lab 2-8: Simple Assembly Program Debugging with gdb gdb Basics Lab 2-9: Debugging Lab 2-10: Disassembly with gdb Python Survival Skills Getting Python Lab 2-11: Launching Python Lab 2-12: “Hello, World!” in Python Python Objects Lab 2-13: Strings Lab 2-14: Numbers Lab 2-15: Lists Lab 2-16: Dictionaries Lab 2-17: Files with Python Lab 2-18: Sockets with Python Summary For Further Reading References Chapter 3 Linux Exploit Development Tools Binary, Dynamic Information-Gathering Tools Lab 3-1: Hello.c Lab 3-2: ldd Lab 3-3: objdump Lab 3-4: strace Lab 3-5: ltrace Lab 3-6: checksec Lab 3-7: libc-database Lab 3-8: patchelf Lab 3-9: one_gadget Lab 3-10: Ropper Extending gdb with Python Pwntools CTF Framework and Exploit Development Library Summary of Features Lab 3-11: leak-bof.c HeapME (Heap Made Easy) Heap Analysis and Collaboration Tool Installing HeapME Lab 3-12: heapme_demo.c Summary For Further Reading References Chapter 4 Introduction to Ghidra Creating Our First Project Installation and QuickStart Setting the Project Workspace Functionality Overview Lab 4-1: Improving Readability with Annotations Lab 4-2: Binary Diffing and Patch Analysis Summary For Further Reading References Chapter 5 IDA Pro Introduction to IDA Pro for Reverse Engineering What Is Disassembly? Navigating IDA Pro IDA Pro Features and Functionality Cross-References (Xrefs) Function Calls Proximity Browser Opcodes and Addressing Shortcuts Comments Debugging with IDA Pro Summary For Further Reading References Part II Ethical Hacking Chapter 6 Red and Purple Teams Introduction to Red Teams Vulnerability Scanning Validated Vulnerability Scanning Penetration Testing Threat Simulation and Emulation Purple Team Making Money with Red Teaming Corporate Red Teaming Consultant Red Teaming Purple Team Basics Purple Team Skills Purple Team Activities Summary For Further Reading References Chapter 7 Command and Control (C2) Command and Control Systems Metasploit Lab 7-1: Creating a Shell with Metasploit PowerShell Empire Covenant Lab 7-2: Using Covenant C2 Payload Obfuscation msfvenom and Obfuscation Lab 7-3: Obfuscating Payloads with msfvenom Creating C# Launchers Lab 7-4: Compiling and Testing C# Launchers Creating Go Launchers Lab 7-5: Compiling and Testing Go Launchers Creating Nim Launchers Lab 7-6: Compiling and Testing Nim Launchers Network Evasion Encryption Alternate Protocols C2 Templates EDR Evasion Killing EDR Products Bypassing Hooks Summary For Further Reading Chapter 8 Building a Threat Hunting Lab Threat Hunting and Labs Options of Threat Hunting Labs Method for the Rest of this Chapter Basic Threat Hunting Lab: DetectionLab Prerequisites Lab 8-1: Install the Lab on Your Host Lab 8-2: Install the Lab in the Cloud Lab 8-3: Looking Around the Lab Extending Your Lab HELK Lab 8-4: Install HELK Lab 8-5: Install Winlogbeat Lab 8-6: Kibana Basics Lab 8-7: Mordor Summary For Further Reading References Chapter 9 Introduction to Threat Hunting Threat Hunting Basics Types of Threat Hunting Workflow of a Threat Hunt Normalizing Data Sources with OSSEM Data Sources OSSEM to the Rescue Data-Driven Hunts Using OSSEM MITRE ATT&CK Framework Refresher: T1003.002 Lab 9-1: Visualizing Data Sources with OSSEM Lab 9-2: AtomicRedTeam Attacker Emulation Exploring Hypothesis-Driven Hunts Lab 9-3: Hypothesis that Someone Copied a SAM File Crawl, Walk, Run Enter Mordor Lab 9-4: Hypothesis that Someone Other than an Admin Launched PowerShell Threat Hunter Playbook Departure from HELK for Now Spark and Jupyter Lab 9-5: Automated Playbooks and Sharing of Analytics Summary For Further Reading References Part III Hacking Systems Chapter 10 Basic Linux Exploits Stack Operations and Function-Calling Procedures Buffer Overflows Lab 10-1: Overflowing meet.c Ramifications of Buffer Overflows Local Buffer Overflow Exploits Lab 10-2: Components of the Exploit Lab 10-3: Exploiting Stack Overflows from the Command Line Lab 10-4: Writing the Exploit with Pwntools Lab 10-5: Exploiting Small Buffers Exploit Development Process Lab 10-6: Building Custom Exploits Summary For Further Reading Chapter 11 Advanced Linux Exploits Lab 11-1: Vulnerable Program and Environment Setup Lab 11-2: Bypassing Non-Executable Stack (NX) with Return-Oriented Programming (ROP) Lab 11-3: Defeating Stack Canaries Lab 11-4: ASLR Bypass with an Information Leak Lab 11-5: PIE Bypass with an Information Leak Summary For Further Reading References Chapter 12 Linux Kernel Exploits Lab 12-1: Environment Setup and Vulnerable procfs Module Lab 12-2: ret2usr Lab 12-3: Defeating Stack Canaries Lab 12-4: Bypassing Supervisor Mode Execution Protection (SMEP) and Kernel Page-Table Isolation (KPTI) Lab 12-5: Bypassing Supervisor Mode Access Prevention (SMAP) Lab 12-6: Defeating Kernel Address Space Layout Randomization (KASLR) Summary For Further Reading References Chapter 13 Basic Windows Exploitation Compiling and Debugging Windows Programs Lab 13-1: Compiling on Windows Debugging on Windows with Immunity Debugger Lab 13-2: Crashing the Program Writing Windows Exploits Exploit Development Process Review Lab 13-3: Exploiting ProSSHD Server Understanding Structured Exception Handling Understanding and Bypassing Common Windows Memory Protections Safe Structured Exception Handling Bypassing SafeSEH Data Execution Prevention Return-Oriented Programming Gadgets Building the ROP Chain Summary For Further Reading References Chapter 14 Windows Kernel Exploitation The Windows Kernel Kernel Drivers Kernel Debugging Lab 14-1: Setting Up Kernel Debugging Picking a Target Lab 14-2: Obtaining the Target Driver Lab 14-3: Reverse Engineering the Driver Lab 14-4: Interacting with the Driver Token Stealing Lab 14-5: Arbitrary Pointer Read/Write Lab 14-6: Writing a Kernel Exploit Summary For Further Reading References Chapter 15 PowerShell Exploitation Why PowerShell Living off the Land PowerShell Logging PowerShell Portability Loading PowerShell Scripts Lab 15-1: The Failure Condition Lab 15-2: Passing Commands on the Command Line Lab 15-3: Encoded Commands Lab 15-4: Bootstrapping via the Web Exploitation and Post-Exploitation with PowerSploit Lab 15-5: Setting Up PowerSploit Lab 15-6: Running Mimikatz Through PowerShell Using PowerShell Empire for C2 Lab 15-7: Setting Up Empire Lab 15-8: Staging an Empire C2 Lab 15-9: Using Empire to Own the System Lab 15-10: Using WinRM to Launch Empire Summary For Further Reading Reference Chapter 16 Getting Shells Without Exploits Capturing Password Hashes Understanding LLMNR and NBNS Understanding Windows NTLMv1 and NTLMv2 Authentication Using Responder Lab 16-1: Getting Passwords with Responder Using Winexe Lab 16-2: Using Winexe to Access Remote Systems Lab 16-3: Using Winexe to Gain Elevated Privileges Using WMI Lab 16-4: Querying System Information with WMI Lab 16-5: Executing Commands with WMI Taking Advantage of WinRM Lab 16-6: Executing Commands with WinRM Lab 16-7: Using Evil-WinRM to Execute Code Summary For Further Reading Reference Chapter 17 Post-Exploitation in Modern Windows Environments Post-Exploitation Host Recon Lab 17-1: Using whoami to Identify Privileges Lab 17-2: Using Seatbelt to Find User Information Lab 17-3: System Recon with PowerShell Lab 17-4: System Recon with Seatbelt Lab 17-5: Getting Domain Information with PowerShell Lab 17-6: Using PowerView for AD Recon Lab 17-7: Gathering AD Data with SharpHound Escalation Lab 17-8: Profiling Systems with winPEAS Lab 17-9: Using SharpUp to Escalate Privileges Lab 17-10: Searching for Passwords in User Objects Lab 17-11: Abusing Kerberos to Gather Credentials Lab 17-12: Abusing Kerberos to Escalate Privileges Active Directory Persistence Lab 17-13: Abusing AdminSDHolder Lab 17-14: Abusing SIDHistory Summary For Further Reading Chapter 18 Next-Generation Patch Exploitation Introduction to Binary Diffing Application Diffing Patch Diffing Binary Diffing Tools BinDiff turbodiff Lab 18-1: Our First Diff Patch Management Process Microsoft Patch Tuesday Obtaining and Extracting Microsoft Patches Summary For Further Reading References Part IV Hacking IoT Chapter 19 Internet of Things to Be Hacked Internet of Things (IoT) Types of Connected Things Wireless Protocols Communication Protocols Security Concerns Shodan IoT Search Engine Web Interface Shodan Command-Line Interface Lab 19-1: Using the Shodan Command Line Shodan API Lab 19-2: Testing the Shodan API Lab 19-3: Playing with MQTT Implications of this Unauthenticated Access to MQTT IoT Worms: It Was a Matter of Time Prevention Summary For Further Reading References Chapter 20 Dissecting Embedded Devices CPU Microprocessor Microcontrollers System on Chip Common Processor Architectures Serial Interfaces UART SPI I2C Debug Interfaces JTAG SWD Software Bootloader No Operating System Real-Time Operating System General Operating System Summary For Further Reading References Chapter 21 Exploiting Embedded Devices Static Analysis of Vulnerabilities in Embedded Devices Lab 21-1: Analyzing the Update Package Lab 21-2: Performing Vulnerability Analysis Dynamic Analysis with Hardware The Test Environment Setup Ettercap Dynamic Analysis with Emulation FirmAE Lab 21-3: Setting Up FirmAE Lab 21-4: Emulating Firmware Lab 21-5: Exploiting Firmware Summary For Further Reading References Chapter 22 Software-Defined Radio Getting Started with SDR What to Buy Not So Quick: Know the Rules Learn by Example Search Capture Replay Analyze Preview Execute Summary For Further Reading Part V Hacking Hypervisors Chapter 23 Hypervisors What Is a Hypervisor? Popek and Goldberg Virtualization Theorems Goldberg’s Hardware Virtualizer Type-1 and Type-2 VMMs x86 Virtualization Dynamic Binary Translation Ring Compression Shadow Paging Paravirtualization Hardware Assisted Virtualization VMX EPT Summary References Chapter 24 Creating a Research Framework Hypervisor Attack Surface The Unikernel Lab 24-1: Booting and Communication Lab 24-2: Communication Protocol Boot Message Implementation Handling Requests The Client (Python) Communication Protocol (Python) Lab 24-3: Running the Guest (Python) Lab 24-4: Code Injection (Python) Fuzzing The Fuzzer Base Class Lab 24-5: IO-Ports Fuzzer Lab 24-6: MSR Fuzzer Lab 24-7: Exception Handling Fuzzing Tips and Improvements Summary References Chapter 25 Inside Hyper-V Environment Setup Hyper-V Architecture Hyper-V Components Virtual Trust Levels Generation-1 VMs Lab 25-1: Scanning PCI Devices in a Generation-1 VM Generation 2 VMs Lab 25-2: Scanning PCI Devices in a Generation-2 VM Hyper-V Synthetic Interface Synthetic MSRs Lab 25-3: Setting Up the Hypercall Page and Dumping Its Contents Hypercalls VMBus Lab 25-4: Listing VMBus Devices Summary For Further Reading References Chapter 26 Hacking Hypervisors Case Study Bug Analysis USB Basics Lab 26-1: Patch Analysis Using GitHub API Developing a Trigger Setting Up the Target Lab 26-2: Scanning the PCI Bus The EHCI Controller Triggering the Bug Lab 26-3: Running the Trigger Exploitation Relative Write Primitive Relative Read Primitive Lab 26-4: Debugging the Relative Read Primitive Arbitrary Read Full Address-Space Leak Primitive Module Base Leak RET2LIB Lab 26-5: Finding Function Pointers with GDB Lab 26-6: Displaying IRQState with GDB Lab 26-7: Launching the Exploit Summary For Further Reading References Part VI Hacking the Cloud Chapter 27 Hacking in Amazon Web Services Amazon Web Services Services, Locations, and Infrastructure How Authorization Works in AWS Abusing AWS Best Practices Lab 27-1: Environment Setup Abusing Authentication Controls Types of Keys and Key Material Lab 27-2: Finding AWS Keys Attacker Tools Lab 27-3: Enumerating Permissions Lab 27-4: Leveraging Access to Perform Unauthorized Actions Lab 27-5: Persistence Through System Internals Summary For Further Reading References Chapter 28 Hacking in Azure Microsoft Azure Differences Between Azure and AWS Lab 28-1: Setup of Our Labs Lab 28-2: Additional User Steps Lab 28-3: Validating Access Microsoft Azure AD Overview Azure Permissions Constructing an Attack on Azure-Hosted Systems Lab 28-4: Azure AD User Lookups Lab 28-5: Azure AD Password Spraying Lab 28-6: Getting onto Azure Control Plane and Managed Identities Lab 28-7: System Assigned Identities Lab 28-8: Getting a Backdoor on a Node Summary For Further Reading References Chapter 29 Hacking Containers Linux Containers Container Internals Cgroups Lab 29-1: Setup of our Environment Lab 29-2: Looking at Cgroups Namespaces Storage Lab 29-3: Container Storage Applications What Is Docker? Lab 29-4: Looking for Docker Daemons Container Security Lab 29-5: Interacting with the Docker API Lab 29-6: Executing Commands Remotely Lab 29-7: Pivots Breaking Out of Containers Capabilities Lab 29-8: Privileged Pods Lab 29-9: Abusing Cgroups Summary For Further Reading References Chapter 30 Hacking on Kubernetes Kubernetes Architecture Fingerprinting Kubernetes API Servers Lab 30-1: Cluster Setup Finding Kubernetes API Servers Lab 30-2: Fingerprinting Kubernetes Servers Hacking Kubernetes from Within Lab 30-3: Kubestriker Lab 30-4: Attacking from Within Lab 30-5: Attacking the API Server Summary For Further Reading References Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.