Muutke küpsiste eelistusi

How to Hack Like a Legend: Breaking Windows [Pehme köide]

4.67/5 (19 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 216 pages, kõrgus x laius: 234x177 mm
  • Ilmumisaeg: 25-Oct-2022
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718501501
  • ISBN-13: 9781718501508
Teised raamatud teemal:
How to Hack Like a Legend: Breaking WindowsSuurem pilt
  • Formaat: Paperback / softback, 216 pages, kõrgus x laius: 234x177 mm
  • Ilmumisaeg: 25-Oct-2022
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718501501
  • ISBN-13: 9781718501508
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781718501508.html
Märksõnad:
Tag along with a master hacker on a truly memorable attack. From reconnaissance to infiltration, you’ll experience their every thought, frustration, and strategic decision-making first-hand in this exhilarating narrative journey into a highly defended Windows environment driven by AI.

Step into the shoes of a master hacker and break into an intelligent, highly defensive Windows environment. You’ll be infiltrating the suspicious (fictional) offshoring company G & S Trust and their hostile Microsoft stronghold. While the target is fictional, the corporation’s vulnerabilities are based on real-life weaknesses in today’s advanced Windows defense systems. You’ll experience all the thrills, frustrations, dead-ends, and eureka moments of the mission first-hand, while picking up practical, cutting-edge techniques for evading Microsoft’s best security systems.
 
The adventure starts with setting up your elite hacking infrastructure complete with virtual Windows system. After some thorough passive recon, you’ll craft a sophisticated phishing campaign to steal credentials and gain initial access. Once inside you’ll identify the security systems, scrape passwords, plant persistent backdoors, and delve deep into areas you don’t belong. Throughout your task you’ll get caught, change tack on a tee, dance around defensive monitoring systems, anddisable tools from the inside. Spark Flow’s clever insights, witty reasoning, andstealth maneuvers teach you to be patient, persevere, and adapt your skills at the drop of a hat.
 
You’ll learn how to:
  •  Identify and evade Microsoft security systems like Advanced Threat Analysis,QRadar, MDE, and AMSI
  •  Seek out subdomains and open ports with Censys, Python scripts, and other OSINT tools
  •  Scrape password hashes using Kerberoasting
  •  Plant camouflaged C# backdoors and payloads
  •  Grab victims’ credentials with more advanced techniques like reflection anddomain replication
 
Like other titles in the How to Hack series, this book is packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.

Arvustused

"How To Hack Like a Legend is a well written, story lead, day in a life of a hacker taking you into his hacking mindset and showing the reader even failure can be turned into a successful hack. This sort of hands-on material is normally only ever gained through experiences in real life. Above all, being able to get all this information down on paper and wrapping it all up with a fictional story really shows Sparc knows what hes talking about." Security Tutorials

"Another great hacker plot by Spark Flow. This is the 7th book in his series on penetration testing, and like the rest it does not disappoint . . . Short, engaging, technical, and really fun." LockBoxx: A Hacker's Blog

"A good addition to his series. It covers many more topics to the existing others. This book is available to everyone because all tools and techniques presented are open sources." OnlineBooksReview

"What sets this book apart from other cyber security books is the unique plot it follows . . . The book is written for penetration testers and red teamers, but if you have some knowledge in IT do not hesitate to pick it up. It is a great read and Sparc Flow details step-by-step every line of code and obscure tip to make it understandable by everyone." Tech Guide and Reviews

"A good introduction to the entire process of infiltrating and compromising a network from beginning to end, and the kind of logical and creative thinking needed to successfully compromise a well secured environment." Darlene Hibbs, Senior Cybersecurity Researcher, Fortra

Acknowledgments xv
Introduction xvii
How This Book Works xix
The Vague Plan xix
Part I Starting Blocks
1(46)
1 Bending But Never Breaking
3(10)
Infrastructure Requirements
4(2)
Front-Line Practical Configuration
6(5)
Attack Server
6(1)
C2 Server
6(5)
Resources
11(2)
2 Buried Alive
13(10)
Establishing Contact
14(1)
Scouring The Web
15(4)
Findinq The Weak Links
19(2)
Resources
21(2)
3 Pitching A Curveball
23(8)
Stealing The Look
24(1)
Unearthing Subdomains
25(1)
Phishing Foes
26(2)
Spam Filters
26(1)
Email Sandboxes
27(1)
Antivirus
28(1)
Credential Harvesting
28(3)
4 Perfecting The Hook
31(16)
Recycling Domains
31(3)
Manipulating Headers
34(5)
Routing Emails
35(2)
Setting Up the Sender Policy Framework
37(1)
Generating a Public Key for DKIM
37(2)
Baiting the Hook
39(2)
Building the Site
41(5)
Diverting the Analysts
43(2)
User Hunting
45(1)
Resources
46(1)
PART II First Dive In
47(36)
5 Prison Break
49(16)
Diving In
50(8)
Server Recon
55(1)
Automating Our Recon
56(2)
A Custom PowerShell Wrapper
58(6)
Building an MSBuild Project
60(1)
Unrestricted PowerShell
61(3)
Resources
64(1)
6 Busting In And Getting Busted!
65(10)
Planting Our PowerShell
65(4)
Microsoft Base Code
66(1)
Interactive Mode
67(1)
Loading the PowerView Script
68(1)
Deeper Recon
69(5)
Inspecting the Data
70(2)
Gauging the Security
72(1)
Impersonating Users
73(1)
Resources
74(1)
7 Know Thy Enemy
75(8)
Investigating the Crime Scene
76(2)
Revealing the Enemy
78(3)
Resources
81(2)
PART III BACK TO THE ARENA
83(76)
8 Through Logs And Fire
85(12)
Password Roulette
86(2)
Devising a Strategy
88(8)
Neutering Script Block Logging
89(1)
The Power of Self-Inspection
89(4)
Bypassing String Matches
93(3)
Resources
96(1)
9 Russian Roulette
97(12)
Camouflage
97(2)
Identifying Services
99(2)
Attacking the Database
101(6)
Kerberos Unraveled
101(1)
Kerberoasting Databases
102(1)
Cracking Passwords
103(4)
Resources
107(2)
10 Finally Free
109(16)
Raw SQL
110(2)
Mimikatz: Windows' Magic Wand
112(1)
Executing Mimikatz
113(2)
Combating AMSI
115(6)
Identifying the Culprit
116(1)
Evading String Matching
117(2)
The Final Script
119(1)
Executing the Script
120(1)
Harvesting Our Spoils
121(2)
Resources
123(2)
11 Defeating The Machines
125(16)
Exploring the Virtual Desktop
126(2)
Bypassing MDE
128(4)
Accessing LSASS
130(1)
Extracting the Credentials
131(1)
Defeating MDE
132(8)
Process Protection
133(1)
Gaining Trust
134(1)
Thread Injection
135(4)
Alternative Routes
139(1)
Resources
140(1)
12 Perfecting The Backdoor
141(18)
The Development Structure
142(2)
Planting a Backdoor
144(13)
Setting the Snare
144(3)
Checking Our Surroundings
147(3)
Calling for the Payload
150(3)
Reworking the Empire Agent
153(2)
The Core of Our Backdoor
155(1)
Hijacking Commits
156(1)
Resources
157(2)
PART IV SALVATION
159(28)
13 Hunting For Data
161(16)
Scoping Out the Defenses
163(1)
Gathering Intel
164(2)
Hunting for Data
166(10)
Privilege Check
168(2)
Persisting
170(1)
Raiding the Hive
171(3)
Gaining Trust
174(1)
Takinq Credentials
175(1)
Resources
176(1)
14 Jackpot
177(10)
Pivoting
177(4)
Cracking the Vault
181(3)
Closing Thoughts
184(1)
Resources
185(2)
Index 187
Sparc Flow is a computer security expert specialized in ethical hacking, who has presented research at international security conferences like Black Hat, DEF CON, and Hack In The Box. While his day job consists of performing penetration tests against companies so they can patch security vulnerabilities, his passion is writing and sharing hacking knowledge through his acclaimed Hack the Planet books.