Muutke küpsiste eelistusi

How to Hack Like a Ghost: Breaching the Cloud [Pehme köide]

4.49/5 (104 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 264 pages, kõrgus x laius: 234x177 mm
  • Ilmumisaeg: 03-May-2021
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718501269
  • ISBN-13: 9781718501263
Teised raamatud teemal:
How to Hack Like a Ghost: Breaching the CloudSuurem pilt
  • Formaat: Paperback / softback, 264 pages, kõrgus x laius: 234x177 mm
  • Ilmumisaeg: 03-May-2021
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718501269
  • ISBN-13: 9781718501263
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781718501263.html
Märksõnad:
"This book is about hacking modern cloud technologies. The reader adopts the role of the hacker-narrator, whose target is a fictional political consultancy firm. The reader shadows the hacker through the journey from setting up a stealthy hacking system on their machine to infiltrating and exploiting the target"--

How to Hack Like a Ghost takes readers deep inside the mind of a hacker as they carry out a fictionalized attack against a tech company, teaching cutting-edge hacking techniques along the way.

  •  A fast-paced hands-on guide to hacking modern cloud systems.
  •  Readers shadow a hacker as they describe, with detailed code, how they might hack a tech company and escape detection.
  •  While the account is fictional, the tech company's vulnerabilities are drawn from real-life weaknesses common in today's corporate, cloud-based systems
  •  By following along and studying the code, the reader learns practical, cutting-edge hacking techniques

Arvustused

"Spark Flow uses a realistic scenario to aid the reader in understanding how to hack modern cloud infrastructures. From reconnaissance to post-exploitation, the author guides the reader through the process of hacking a fictional enterprise's cloud environment, utilising some of the latest tooling employed in the industry today. This unique approach makes for an engaging read. I would recommend this book to anyone looking to sharpen their hacking skills against modern cloud solutions. Ed, EdOverflow

Acknowledgments xiii
Introduction xv
How the Book Works xviii
The Vague Plan xviii
PART I CATCH ME IF YOU CAN
1(42)
1 Becoming Anonymous Online
3(8)
VPNs and Their Failings
4(1)
Location, Location, Location
5(1)
The Operation Laptop
6(1)
Bouncing Servers
7(1)
The Attack Infrastructure
8(1)
Resources
9(2)
2 Return Of Command And Control
11(10)
Command and Control Legacy
11(1)
The Search for a New C2
12(7)
Merlin
13(2)
Koadic
15(2)
Silenttrinity
17(2)
Resources
19(2)
3 Let There Be Infrastructure
21(22)
Legacy Method
21(2)
Containers and Virtualization
23(9)
Namespaces
24(4)
Union Filesystem
28(2)
Cgroups
30(2)
IP Masquerading
32(1)
Automating the Server Setup
33(8)
Tuning the Server
36(3)
Pushing to Production
39(2)
Resources
41(2)
PART II TRY HARDER
43(42)
4 Healthy Stalking
45(14)
Understanding Gretsch Politico
46(1)
Finding Hidden Relationships
47(2)
Scouring GitHub
49(4)
Pulling Web Domains
53(3)
From Certificates
53(1)
By Harvesting the Internet
54(2)
Discovering the Web Infrastructure Used
56(1)
Resources
57(2)
5 Vulnerability Seeking
59(26)
Practice Makes Perfect
60(1)
Revealing Hidden Domains
60(2)
Investigating the S3 URLs
62(11)
S3 Bucket Security
64(1)
Examining the Buckets
65(3)
Inspecting the Web-Facing Application
68(1)
Interception with WebSocket
69(4)
Server-Side Request Forgery
73(10)
Exploring the Metadata
73(2)
The Dirty Secret of the Metadata API
75(5)
Aws I Am
80(2)
Examining the Key List
82(1)
Resources
83(2)
PART III TOTAL IMMERSION
85(80)
6 Fracture
87(20)
Server-Side Template Injection
89(6)
Fingerprinting the Framework
90(2)
Arbitrary Code Execution
92(2)
Confirming the Owner
94(1)
Smuggling Buckets
95(2)
Quality Backdoor Using S3
97(4)
Creating the Agent
98(2)
Creating the Operator
100(1)
Trying to Break Free
101(1)
Checking for Privileged Mode
102(1)
Linux Capabilities
103(2)
Docker Socket
105(1)
Resources
106(1)
7 Behind The Curtain
107(14)
Kubernetes Overview
108(7)
Introducing Pods
109(4)
Balancing Traffic
113(2)
Opening the App to the World
115(1)
Kube Under the Hood
115(4)
Resources
119(2)
8 Shawshank Redemption: Breaking Out
121(32)
RBAC in Kube
122(3)
Recon 2.0
125(4)
Breaking Into Datastores
129(11)
API Exploration
132(3)
Abusing the IAM Role Privileges
135(1)
Abusing the Service Account Privileges
136(1)
Infiltrating the Database
137(3)
Redis and Real-Time Bidding
140(11)
Deserialization
141(2)
Cache Poisoning
143(5)
Kube Privilege Escalation
148(3)
Resources
151(2)
9 Sticky Shell
153(12)
Stable Access
155(5)
The Stealthy Backdoor
160(5)
Resources
PART IV THE ENEMY INSIDE
165(72)
10 The Enemy Inside
167(20)
The Path to Apotheosis
168(4)
Automation Tool Takeover
172(9)
Jenkins Almighty
173(1)
Hell's Kitchen
174(7)
Taking Over Lambda
181(4)
Resources
185(2)
11 Nevertheless, We Persisted
187(12)
The AWS Sentries
188(2)
Persisting in the Utmost Secrecy
190(6)
The Program to Execute
191(1)
Building the Lambda
192(1)
Setting Up the Trigger Event
193(2)
Covering Our Tracks
195(1)
Recovering Access
195(1)
Alternative (Worse) Methods
196(1)
Resources
197(2)
12 Apotheosis
199(26)
Persisting the Access
201(14)
Understanding Spark
204(1)
Malicious Spark
205(5)
Spark Takeover
210(3)
Finding Raw Data
213(2)
Stealing Processed Data
215(9)
Privilege Escalation
216(4)
Infiltrating Redshift
220(4)
Resources
224(1)
13 Final Cut
225(12)
Hacking Google Workspace
226(6)
Abusing CloudTrail
229(3)
Creating a Google Workspace Super Admin Account
232(1)
Sneaking a Peek
233(2)
Closing Thoughts
235(1)
Resources
235(2)
Index 237
Sparc Flow is a computer security expert specializing in ethical hacking, who has presented his research at international security conferences like Black Hat, DEF CON, Hack In The Box, and more. While his day job consists mainly of performing penetration tests against companies so they can patch vulnerabilities, his passion is writing and sharing hacking knowledge through his acclaimed Hack the Planet books.