book

Advanced Persistent Threat Hacking

by Tyler Wrightson

December 2014

Intermediate to advanced

464 pages

12h 47m

English

McGraw-Hill

Read now

Unlock full access

Defining the ThreatThreatsAttacker MotivesThreat CapabilitiesThreat ClassThreat HistoryAPT Hacker: The New BlackTargeted OrganizationsConstructs of Our DemiseThe Impact of Our YouthThe Economics of (In)securityPsychology of (In)securityThe Big PictureThe Vulnerability of ComplexityAll Together NowThe Future of Our WorldDon’t Forget
The Problem with Our Data SetThreat ExamplesTechno-Criminals Skimmer EvolutionTechno-Criminals: Hacking Power SystemsUnsophisticated Threat: Hollywood HackerUnsophisticated Threat: Neighbor from HellSmart Persistent Threats: Kevin MitnickAPT: Nation-StatesStuxnet and Operation Olympic GamesDuqu: The APT Reconnaissance WormFlame: APT Cyber-espionage WormAPT: RSA CompromiseAPT Nation-State: Iran Spying on CitizensCell Phone Spying: Carrier IQDon’t Forget

AHM: Strong Enough for Penetration Testers, Made for a HackerAHM Components (Requirements, Skills, Soft Skills)Elegant, Big-Picture ThinkersAdvanced: Echelons of SkillPreparationPatienceSocial OmniscienceAlways Target the Weakest LinkEfficacious, Not EliteExploitless ExploitsThe Value of InformationAPT Hacker’s Thought ProcessThink Outside the BoxA Side NoteA Vaudeville StoryLook for MisdirectionThink Through the PainAvoid Tunnel VisionNo RulesKeep It Simple, Stupid (KISS)QuoteAPT Hacking Core StepsReconnaissanceEnumerationExploitationMaintaining AccessClean UpProgressionExfiltrationAPT Hacker Attack PhasesAPT Hacker Foundational ToolsAnonymous PurchasingAnonymous Internet ActivityAnonymous Phone CallsAPT Hacker TermsDon’t Forget
Reconnaissance DataData Categories (Technical and Nontechnical)Data Sources (Cyber and Physical)Data Methods (Active and Passive)Technical DataRegistrant InformationDNS Information and RecordsDNS ZonesBorder Gateway Protocol: An OverviewSystem and Service IdentificationWeb Service EnumerationLarge Data SetsGeolocation InformationData from the Phone SystemDon’t Forget
Search Engine Terms and TipsSearch Engine CommandsSearch Engine ScriptingSearch Engine AlertsHUMINT: PersonnelPersonnel Directory HarvestingDirectory Harvesting: HTTP Requests Directory Harvesting: Stateful HTTP Analyzing ResultsDirectory Harvesting HTML TablesPersonnel Directory: Analyzing the Final ResultsE-mail HarvestingTechnical E-mail HarvestingNontechnical E-mail HarvestingGeographical DataReconnaissance on IndividualsNontraditional Information RepositoriesAutomated Individual ReconnaissanceOur Current ViewDon’t Forget
Social EngineeringSocial Engineering StrategiesAssumptionsDo What Works for YouPreparationLegitimacy TriggersKeep It Simple, StupidDon’t Get CaughtDon’t LieBe CongruentSocial Engineering TacticsLike Likes LikePersonality TypesEventsTell Me What I KnowInsider InformationName DroppingThe Right TacticWhy Don’t You Make Me?Spear-Phishing MethodsSpear-Phishing GoalsTechnical Spear-Phishing Exploitation TacticsBuilding the StoryPhishing Website TacticsPhishing Website: Back-End FunctionalityClient-Side ExploitsCustom Trojan BackdoorDon’t Forget
Remote Presence ReconnaissanceSocial Spear PhishingWireless PhasesAPT Wireless ToolsWireless ReconnaissanceActive Wireless AttacksClient Hacking: APT Access PointGetting Clients to ConnectAttacking WPA-Enterprise ClientsAccess Point Component AttacksAccess Point Core Attack ConfigAccess Point Logging ConfigurationAccess Point Protocol ManipulationAccess Point Fake ServersDon’t Forget
Phase IV Spear Phishing with Hardware TrojansHardware Delivery MethodsHardware Trojans: The APT GiftAPT Wakizashi PhoneTrojaned Hardware DevicesHardware Device Trojans with TeensyDon’t Forget
Phase V Physical InfiltrationAPT Team Super FriendsIt’s Official – Size MattersFacility Reconnaissance TacticsExample Target Facility TypesHeadquartersChoosing Facility Asset TargetsPhysical Security Control PrimerPhysical Infiltration FactorsPhysical Security Concentric CirclesPhysical Social EngineeringPhysical Social Engineering FoundationsPhysical CongruenceBody LanguageDefeating Physical Security ControlsPreventative Physical ControlsDetective Physical ControlsHacking Home SecurityHacking Hotel SecurityHacking Car SecurityIntermediate Asset and Lily Pad DecisionsPlant DeviceSteal AssetTake and Return AssetBackdoor AssetDon’t Forget
Software Backdoor GoalsAPT Backdoor: Target DataAPT Backdoors: Necessary FunctionsRootkit FunctionalityKnow Thy EnemyThy Enemies’ ActionsResponding to Thy EnemyNetwork Stealth ConfigurationsDeployment ScenariosAmerican Backdoor: An APT Hacker’s NovelBackdoor DroppersBackdoor ExtensibilityBackdoor Command and ControlBackdoor InstallerBackdoor: Interactive ControlData CollectionBackdoor WatchdogBackdooring Legitimate SoftwareDon’t Forget

Content preview from Advanced Persistent Threat Hacking

CHAPTER

5 Reconnaissance: Nontechnical Data

Obtaining nontechnical data about a target is much simpler than you might expect. While it is one of the most critical steps in compromising a target organization, it is often the most overlooked. A successful reconnaissance journey starts in front of a search engine, but it does not stop there. This simple step will help you identify the areas of greatest opportunity by familiarizing you with key information about the target organization, including employees, locations, business units, partners, and more.

To start, identify and browse your target’s website and any websites associated with the target—for example, sister companies, blogs, partner sites, and so on. This information will give you the ...