The Hack Is Back: Techniques to Beat Hackers at Their Own Games

Cover
Half Title
Title Page
Copyright Page
Contents
Foreword
About the Authors
Chapter 1: Hacking and Securing Your Operating System
	Introduction
	Breaking in – The Background
	Breaking into the Windows Operating System – Step-by-Step with Screenshots
	Post-Exploitation
	Counterintelligence/Advanced Hacking
	Disabling Anti-Virus
	How to Prevent this Physical Attack and Secure Your System
	Summary
Chapter 2: Update and Change Defaults, or Else!
	Introduction
	Shodan
		Searching
		Industrial Control Systems
		Internet of Things
		Membership and Credits
		API Integrations
	Default Configuration Files
	Defaults on a LAN
		Assessing Default Configurations
	Unpatched Services
		WannaCry
		MOVEit
	Finding Known Vulnerabilities
		Nuclei
		Greenbone Security Assistant
		Nessus
	Defensive Perspective
		Honeypots
		OpenCanary
	Conclusion
Chapter 3: Web Application Hacking and Defense
	Introduction
	Methodology
		Reconnaissance
		Evaluating Potential Vulnerabilities
		Weaponization
		Exploitation
		Persistence
		Pivoting
	Tools Used to Test Web Applications
		Burp
		cURL
		GoBuster
		Ffuf
		Python Libraries
	Common Attacks on Web Applications
		Reflected XSS
		Stored XSS
		CSRF
		SQLi
		Directory Traversal
	Cheat Sheets
		Enumerate Vhosts
		Enumerate Available HTTP Methods
		Ffuf
		SQLmap
		XSS Payloads
	Defensive Application
		Log Review
		Technical Controls
		Applying Patches
		Changing Default Credentials
		Exposed Credentials
		Attacking Your Stuff
	Stories from the Field
	Summary
Chapter 4: Obfuscation, Deception, and Detection
	Introduction
	Why Obfuscation is Important
		Pyramid of Pain
	“Disposable” IP Addresses
		VPS Providers
		Digital Ocean
		Amazon Lightsail
		Azure
		Heroku
		Hostwinds
	Living Off Trusted Sites
		API Gateways
	Accelerating Deployment
	Proxy Technology
		SOCKS Proxies
		ProxyChains
	TOR
		Using the TOR Client Ourselves
		Using TOR with Python
	Passive DNS and Domain Registration
	Target Detection
	Backdoor Channels
		WireGuard
		Ngrok
	Detection
		Zeek
		RITA (Realtime Intelligence Threat Analytics)
	Summary
Chapter 5: Vulnerability Identification
	Introduction
	Brilliant on the Basics
		Computer Networks
		Computer Management
		Troubleshooting
	Gaining Vulnerability Experience
		Capture the Flag
	Finding Vulnerabilities
		Scanning Purposes
		Finding CVEs
		Bug Bounties
	Defender’s Perspective
	Summary
Chapter 6: Exploitation and Reverse Shells
	Introduction.
	Why Exploitation is Important
		Exploit-DB
	Metasploit
		Selecting an Exploit Module
		Selecting a Payload Module
		Running the Exploit
		Meterpreter
		Msfvenom
	Defensive Perspectives
	Summary
Chapter 7: Privilege Escalation and Persistence
	Introduction
	Goals
	Learning the Environment
		Who Are We, Where Are We, and What’s Running?
		Who Else is Here?
		Who’s Got the Juice?
	Linux PrivEsc
		World-Readable Files
		Authentication Material
		SUID and GUID
		Cronjobs
		GTFO-bins
		Exploits
	Windows PrivEsc
		Windows Service Hijacking
		Backup Operators
	Active Directory PrivEsc
		Unauthenticated Access
		Password Sprays
		Multicast DNS Poisoning
		NTLM Relays
		Authenticated Access
		Local Admin Access
		BloodHound
		WADComs
	Peass Please!
	Persistence
		Adding Accounts
		Boot or Logon Initialization Scripts
		External Remote Services
	Defender’s Perspective
		Welcome to the Matrix
		Atomic Red Team
	Cheat Sheets
		Identify Linux Machine Info After Foothold
	Create SUID Bash Binary
		Create SSH Keypair
		Identify Windows Machine Info After Foothold
		Find Vulnerable Windows Services
		Create New Windows Service
		Identify Active Directory Info After Foothold
		PowerShell Primer
	Summary
Chapter 8: Data Exfiltration Leakage (Pwned)
	Introduction
	Breaches
		Causes of a Breach
	Data Exfil 101
	Summary
Chapter 9: Am I Hacked? How Do I Tell?
	Introduction
	Evidence of Compromise
	Getting Nastier, They Upped Their Game and So Will We
	Check the Accounts
	Summary
Chapter 10: A Career in Cyber
	Introduction
	Summary
Index