Muutke küpsiste eelistusi

Black Hat Go: Go Programming For Hackers and Pentesters [Pehme köide]

3.70/5 (156 hinnangut Goodreads-ist)
, ,
  • Formaat: Paperback / softback, 368 pages, kõrgus x laius: 234x178 mm
  • Ilmumisaeg: 24-Jan-2020
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1593278659
  • ISBN-13: 9781593278656
Teised raamatud teemal:
Black Hat Go: Go Programming For Hackers and PentestersSuurem pilt
  • Formaat: Paperback / softback, 368 pages, kõrgus x laius: 234x178 mm
  • Ilmumisaeg: 24-Jan-2020
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1593278659
  • ISBN-13: 9781593278656
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781593278656.html
Märksõnad:
Like the best-selling Black Hat Python, Black Hat Go explores the darker side of the popular Go programming language. This collection of short scripts will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset.

In Black Hat Go, you'll learn how to write powerful and effective penetration testing tools in Go, a language revered for its speed and scalability. Start off with an introduction to Go fundamentals like data types, control structures, and error handling; then, dive into the deep end of Go's offensive capabilities as you learn how to:

-Write a simple TCP proxy to use concurrency for non-parallel tasks
-Create HTTP clients to perform common web interactions
-Write a custom DNS server and proxy
-Sniff and process packets using the gopacket library
-Create extendable tools to expand program functionality
-Write your own exploits with the help of insider techniques

Black Hat Go will show you how to build powerful security tools to pen test huge networks, fast.

Arvustused

"Its been incredibly fun having these kinds of projects, where youre not just learning syntax, youre not just learning the mechanics of Go, but you have things to build that are kind of fun." Johnny Boursiquot, Go Time Podcast 

Foreword xv
H.D. Moore
Acknowledgments xvii
Introduction xix
Who This Book Is For xx
What This Book Isn't xx
Why Use Go for Hacking? xxi
Why You Might Not Love Go xxi
Chapter Overview xxii
1 Go Fundamentals
1(20)
Setting Up a Development Environment
1(9)
Downloading and Installing Go
2(1)
Setting GOROOT to Define the Go Binary Location
2(1)
Setting GOPATH to Determine the Location of Your Go Workspace
2(1)
Choosing an Integrated Development Environment
3(3)
Using Common Go Tool Commands
6(4)
Understanding Go Syntax
10(10)
Data Types
10(4)
Control Structures
14(2)
Concurrency
16(1)
Error Handling
17(1)
Handling Structured Data
18(2)
Summary
20(1)
2 TCP, Scanners, And Proxies
21(24)
Understanding the TCP Handshake
22(1)
Bypassing Firewalls with Port Forwarding
23(1)
Writing a TCP Scanner
23(9)
Testing for Port Availability
24(1)
Performing Nonconcurrent Scanning
25(1)
Performing Concurrent Scanning
26(6)
Building a TCP Proxy
32(12)
Using io.Reader and io.Writer
32(3)
Creating the Echo Server
35(2)
Improving the Code by Creating a Buffered Listener
37(2)
Proxying a TCP Client
39(1)
Replicating Netcat for Command Execution
40(4)
Summary
44(1)
3 HTTP Clients And Remote Interaction With Tools
45(32)
HTTP Fundamentals with Go
46(5)
Calling HTTP APIs
46(2)
Generating a Request
48(1)
Using Structured Response Parsing
48(3)
Building an HTTP Client That Interacts with Shodan
51(8)
Reviewing the Steps for Building an API Client
51(1)
Designing the Project Structure
52(1)
Cleaning Up API Calls
53(1)
Querying Your Shodan Subscription
54(4)
Creating a Client
58(1)
Interacting with Metasploit
59(9)
Setting Up Your Environment
59(2)
Defining Your Objective
61(1)
Retrieving a Valid Token
62(1)
Defining Request and Response Methods
63(1)
Creating a Configuration Struct and an RPC Method
64(1)
Performing Remote Calls
64(3)
Creating a Utility Program
67(1)
Parsing Document Metadata with Bing Scraping
68(8)
Setting Up the Environment and Planning
69(2)
Defining the metadata Package
71(1)
Mapping the Data to Structs
72(1)
Searching and Receiving Files with Bing
73(3)
Summary
76(1)
4 HTTP Servers, Routing, And Middleware
77(26)
HTTP Server Basics
78(12)
Building a Simple Server
78(1)
Building a Simple Router
79(1)
Building Simple Middleware
80(1)
Routing with the gorilla/mux Package
81(2)
Building Middleware with Negroni
83(3)
Adding Authentication with Negroni
86(2)
Using Templates to Produce HTML Responses
88(2)
Credential Harvesting
90(3)
Keylogging with the WebSocket API
93(5)
Multiplexing Command-and-Control
98(4)
Summary
102(1)
5 Exploiting DNS
103(28)
Writing DNS Clients
104(13)
Retrieving A Records
104(2)
Processing Answers from a Msg struct
106(1)
Enumerating Subdomains
107(10)
Writing DNS Servers
117(13)
Lab Setup and Server Introduction
118(3)
Creating DNS Server and Proxy
121(9)
Summary
130(1)
6 Interacting With Smb And NTLM
131(22)
The SMB Package
132(1)
Understanding SMB
132(14)
Understanding SMB Security Tokens
133(1)
Setting Up an SMB Session
134(1)
Using Mixed Encoding of Struct Fields
135(3)
Understanding Metadata and Referential Fields
138(1)
Understanding the SMB Implementation
139(7)
Guessing Passwords with SMB
146(1)
Reusing Passwords with the Pass-the-Hash Technique
147(3)
Recovering NTLM Passwords
150(1)
Calculating the Hash
150(1)
Recovering the NTLM Hash
150(1)
Summary
151(2)
7 Abusing Databases And Filesystems
153(20)
Setting Up Databases with Docker
154(4)
Installing and Seeding MongoDB
154(2)
Installing and Seeding PostgreSQL and MySQL Databases
156(1)
Installing and Seeding Microsoft SQL Server Databases
157(1)
Connecting and Querying Databases in Go
158(3)
Querying MongoDB
158(2)
Querying SQL Databases
160(1)
Building a Database Miner
161(9)
Implementing a MongoDB Database Miner
164(2)
Implementing a MySQL Database Miner
166(4)
Pillaging a Filesystem
170(2)
Summary
172(1)
8 Raw Packet Processing
173(14)
Setting Up Your Environment
174(1)
Identifying Devices by Using the pcap Subpackage
174(1)
Live Capturing and Filtering Results
175(3)
Sniffing and Displaying Cleartext User Credentials
178(2)
Port Scanning Through SYN-flood Protections
180(5)
Checking TCP Flags
180(1)
Building the BPF Filter
181(1)
Writing the Port Scanner
182(3)
Summary
185(2)
9 Writing And Porting Exploit Code
187(30)
Creating a Fuzzer `
88(108)
Buffer Overflow Fuzzing
188(4)
SQL Injection Fuzzing
192(4)
Porting Exploits to Go
196(17)
Porting an Exploit from Python
197(4)
Porting an Exploit from C
201(12)
Creating Shellcode in Go
213(3)
C Transform
213(1)
Hex Transform
214(1)
Num Transform
214(1)
Raw Transform
215(1)
Baseo4 Encoding
215(1)
A Note on Assembly
216(1)
Summary
216(1)
10 Go Plugins And Extendable Tools
217(16)
Using Go's Native Plug-in System
218(7)
Creating the Main Program
219(3)
Building a Password-Guessing Plug-in
222(2)
Running the Scanner
224(1)
Building Plug-ins in Lua
225(7)
Creating the head() HTTP Function
226(1)
Creating the get() Function
227(2)
Registering the Functions with the Lua VM
229(1)
Writing Your Main Function
230(1)
Creating Your Plug-in Script
231(1)
Testing the Lua Plug-in
232(1)
Summary
232(1)
11 Implementing And Attacking Cryptography
233(30)
Reviewing Basic Cryptography Concepts
234(1)
Understanding the Standard Crypto Library
235(1)
Exploring Hashing
235(4)
Cracking an MD5 or SHA-256 Hash
236(1)
Implementing bcrypt
237(2)
Authenticating Messages
239(3)
Encrypting Data
242(10)
Symmetric-Key Encryption
242(3)
Asymmetric Cryptography
245(7)
Brute-Forcing RC2
252(9)
Getting Started
252(3)
Producing Work
255(2)
Performing Work and Decrypting Data
257(1)
Writing the Main Function
258(2)
Running the Program
260(1)
Summary
261(2)
12 Windows System Interaction And Analysis
263(32)
The Windows API's OpenProcessj) Function
263(3)
The unsafe.Pointer and uintptr Types
266(2)
Performing Process Injection with the syscall Package
268(11)
Defining the Windows DLLs and Assigning Variables
270(1)
Obtaining a Process Token with the OpenProcess Windows API
271(2)
Manipulating Memory with the VirtualAllocEx Windows API
273(1)
Writing to Memory with the WriteProcessMemory Windows API
274(1)
Finding LoadLibraryA with the GetProcessAddress Windows API
275(1)
Executing the Malicious DLL Using the CreateRemoteThread Windows API
275(1)
Verifying Injection with the WaitforSingleObject Windows API
276(1)
Cleaning Up with the VirtualFreeEx Windows API
277(1)
Additional Exercises
278(1)
The Portable Executable File
279(11)
Understanding the PE File Format
279(1)
Writing a PE Parser
280(9)
Additional Exercises
289(1)
Using C with Go
290(3)
Installing a C Windows Toolchain
290(1)
Creating a Message Box Using C and the Windows API
290(1)
Building Go into C
291(2)
Summary
293(2)
13 Hiding Data With Steganography
295(20)
Exploring the PNG Format
296(2)
The Header
296(1)
The Chunk Sequence
297(1)
Reading Image Byte Data
298(4)
Reading the Header Data
298(1)
Reading the Chunk Sequence
299(3)
Writing Image Byte Data to Implant a Payload
302(5)
Locating a Chunk Offset
302(1)
Writing Bytes with the Processlmage() Method
302(5)
Encoding and Decoding Image Byte Data by Using XOR
307(5)
Summary
312(1)
Additional Exercises
312(3)
14 Building A Command-And-Control Rat
315(16)
Getting Started
316(1)
Installing Protocol Buffers for Defining a gRPC API
316(1)
Creating the Project Workspace
317(1)
Defining and Building the gRPC API
317(2)
Creating the Server
319(4)
Implementing the Protocol Interface
319(3)
Writing the main() Function
322(1)
Creating the Client Implant
323(2)
Building the Admin Component
325(1)
Running the RAT
326(1)
Improving the RAT
326(4)
Encrypt Your Communications
327(1)
Handle Connection Disruptions
327(1)
Register the Implants
327(1)
Add Database Persistence
328(1)
Support Multiple Implants
328(1)
Add Implant Functionality
329(1)
Chain Operating System Commands
329(1)
Enhance the Implant's Authenticity and Practice Good OPSEC
329(1)
Add ASCII Art
329(1)
Summary
330(1)
Index 331
Tom Steele, Dan Kottmann, and Chris Patten share over 30 years in penetration testing and offensive security experience, and have delivered multiple Go training and development sessions.