Muutke küpsiste eelistusi

Hacking Connected Cars: Tactics, Techniques, and Procedures [Pehme köide]

4.29/5 (29 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 234x185x18 mm, kaal: 454 g
  • Ilmumisaeg: 16-Apr-2020
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119491800
  • ISBN-13: 9781119491804
Teised raamatud teemal:
  • Pehme köide
  • Hind: 48,45 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 57,00 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 3-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
  • Raamatukogudele
Hacking Connected Cars: Tactics, Techniques, and ProceduresSuurem pilt
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 234x185x18 mm, kaal: 454 g
  • Ilmumisaeg: 16-Apr-2020
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119491800
  • ISBN-13: 9781119491804
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119491804.html
Märksõnad:
A field manual on contextualizing cyber threats, vulnerabilities, and risks to connected cars through penetration testing and risk assessment

Hacking Connected Cars deconstructs the tactics, techniques, and procedures (TTPs) used to hack into connected cars and autonomous vehicles to help you identify and mitigate vulnerabilities affecting cyber-physical vehicles. Written by a veteran of risk management and penetration testing of IoT devices and connected cars, this book provides a detailed account of how to perform penetration testing, threat modeling, and risk assessments of telematics control units and infotainment systems. This book demonstrates how vulnerabilities in wireless networking, Bluetooth, and GSM can be exploited to affect confidentiality, integrity, and availability of connected cars.

Passenger vehicles have experienced a massive increase in connectivity over the past five years, and the trend will only continue to grow with the expansion of The Internet of Things and increasing consumer demand for always-on connectivity. Manufacturers and OEMs need the ability to push updates without requiring service visits, but this leaves the vehicles systems open to attack. This book examines the issues in depth, providing cutting-edge preventative tactics that security practitioners, researchers, and vendors can use to keep connected cars safe without sacrificing connectivity.





Perform penetration testing of infotainment systems and telematics control units through a step-by-step methodical guide Analyze risk levels surrounding vulnerabilities and threats that impact confidentiality, integrity, and availability





Conduct penetration testing using the same tactics, techniques, and procedures used by hackers

From relatively small features such as automatic parallel parking, to completely autonomous self-driving carsall connected systems are vulnerable to attack. As connectivity becomes a way of life, the need for security expertise for in-vehicle systems is becoming increasingly urgent. Hacking Connected Cars provides practical, comprehensive guidance for keeping these vehicles secure.
About The Author v
Acknowledgments vii
Foreword xv
Introduction xix
Part I Tactics, Techniques, and Procedures
1(152)
Chapter 1 Pre-Engagement
3(36)
Penetration Testing Execution Standard
4(2)
Scope Definition
6(3)
Architecture
7(1)
Full Disclosure
7(1)
Release Cycles
7(1)
IP Addresses
7(1)
Source Code
8(1)
Wireless Networks
8(1)
Start and End Dates
8(1)
Hardware Unique Serial Numbers
8(1)
Rules of Engagement
9(1)
Timeline
10(1)
Testing Location
10(1)
Work Breakdown Structure
10(1)
Documentation Collection and Review
11(2)
Example Documents
11(2)
Project Management
13(11)
Conception and Initiation
15(1)
Definition and Planning
16(6)
Launch or Execution
22(1)
Performance/Monitoring
23(1)
Project Close
24(1)
Lab Setup
24(12)
Required Hardware and Software
25(3)
Laptop Setup
28(1)
Rogue BTS Option 1 OsmocomBB
28(4)
Rogue BTS Option 2 BladeRF + YateBTS
32(3)
Setting Up Your WiFi Pineapple Tetra
35(1)
Summary
36(3)
Chapter 2 Intelligence Gathering
39(22)
Asset Register
40(1)
Reconnaissance
41(18)
Passive Reconnaissance
42(14)
Active Reconnaissance
56(3)
Summary
59(2)
Chapter 3 Threat Modeling
61(26)
STRIDE Model
63(11)
Threat Modeling Using STRIDE
65(9)
VAST
74(2)
PASTA
76(9)
Stage 1 Define the Business and Security Objectives
77(1)
Stage 2 Define the Technical Scope
78(1)
Stage 3 Decompose the Application
79(1)
Stage 4 Identify Threat Agents
80(2)
Stage 5 Identify the Vulnerabilities
82(1)
Stage 6 Enumerate the Exploits
82(1)
Stage 7 Perform Risk and Impact Analysis
83(2)
Summary
85(2)
Chapter 4 Vulnerability Analysis
87(20)
Passive and Active Analysis
88(17)
WiFi
91(9)
Bluetooth
100(5)
Summary
105(2)
Chapter 5 Exploitation
107(26)
Creating Your Rogue BTS
108(5)
Configuring NetworkinaPC
109(3)
Bringing Your Rogue BTS Online
112(1)
Hunting for the TCU
113(4)
When You Know the MSISDN of the TCU
113(1)
When You Know the IMSI of the TCU
114(1)
When You Don't Know the IMSI or MSISDN of the TCU
114(3)
Cryptanalysis
117(15)
Encryption Keys
118(5)
Impersonation Attacks
123(9)
Summary
132(1)
Chapter 6 Post Exploitation
133(20)
Persistent Access
133(4)
Creating a Reverse Shell
134(2)
Linux Systems
136(1)
Placing the Backdoor on the System
137(1)
Network Sniffing
137(1)
Infrastructure Analysis
138(10)
Examining the Network Interfaces
139(1)
Examining the ARP Cache
139(2)
Examining DNS
141(1)
Examining the Routing Table
142(1)
Identifying Services
143(1)
Fuzzing
143(5)
Filesystem Analysis
148(1)
Command-Line History
148(1)
Core Dump Files
148(1)
Debug Log Files
149(1)
Credentials and Certificates
149(1)
Over-the-Air Updates
149(1)
Summary
150(3)
Part II Risk Management
153(80)
Chapter 7 Risk Management
155(24)
Frameworks
156(2)
Establishing the Risk Management Program
158(8)
SAEJ3061
159(4)
ISO/SAE AWI21434
163(1)
Heavens
164(2)
Threat Modeling
166(10)
Stride
168(3)
Pasta
171(4)
Trike
175(1)
Summary
176(3)
Chapter 8 Risk-Assessment Frameworks
179(14)
Heavens
180(7)
Determining the Threat Level
180(3)
Determining the Impact Level
183(3)
Determining the Security Level
186(1)
Evita
187(5)
Calculating Attack Potential
189(3)
Summary
192(1)
Chapter 9 PKI in Automotive
193(12)
Vanet
194(3)
On-board Units
196(1)
Roadside Unit
196(1)
Pki In A Vanet
196(1)
Applications in a VANET
196(1)
VANET Attack Vectors
197(1)
802.11p Rising
197(1)
Frequencies and Channels
197(1)
Cryptography
198(3)
Public Key Infrastructure
199(1)
V2X PKI
200(1)
IEEE US Standard
201(1)
Certificate Security
201(2)
Hardware Security Modules
201(1)
Trusted Platform Modules
202(1)
Certificate Pinning
202(1)
PKI Implementation Failures
203(1)
Summary
203(2)
Chapter 10 Reporting
205(28)
Penetration Test Report
206(12)
Summary Page
206(1)
Executive Summary
207(1)
Scope
208(1)
Methodology
209(2)
Limitations
211(1)
Narrative
211(2)
Tools Used
213(1)
Risk Rating
214(1)
Findings
215(2)
Remediation
217(1)
Report Outline
217(1)
Risk Assessment Report
218(11)
Introduction
219(1)
References
220(1)
Functional Description
220(1)
Head Unit
220(1)
System Interface
221(1)
Threat Model
222(1)
Threat Analysis
223(1)
Impact Assessment
224(1)
Risk Assessment
224(2)
Security Control Assessment
226(3)
Example Risk Assessment Table
229(1)
Summary
230(3)
Index 233
Alissa Knight has worked in cybersecurity for more than 20 years. For the past ten years, she has focused her vulnerability research into hacking connected cars, embedded systems, and IoT devices for clients in the United States, Middle East, Europe, and Asia. She continues to work with some of the worlds largest automobile manufacturers and OEMs on building more secure connected cars.

Alissa is the Group CEO of Brier & Thorn and is also the managing partner at Knight Ink, where she blends hacking with content creation of written and visual content for challenger brands and market leaders in cybersecurity. As a serial entrepreneur, Alissa was the CEO of Applied Watch and Netstream, companies she sold in M&A transactions to publicly traded companies in international markets.

Her passion professionally is meeting and learning from extraordinary leaders around the world and sharing her views on the disruptive forces reshaping global markets. Alissas long-term goal is to help as many organizations as possible develop and execute on their strategic plans and focus on their areas of increased risk, bridging silos to effectively manage risk across organizational boundaries, and enable them to pursue intelligent risk taking as a means to long-term value creation. You can learn more about Alissa on her homepage at http://www.alissaknight.com, connect with her on LinkedIn, or follow her on Twitter @alissaknight.