book

Advanced Persistent Threat Hacking

by Tyler Wrightson

December 2014

Intermediate to advanced

464 pages

12h 47m

English

McGraw-Hill

Read now

Unlock full access

Defining the ThreatThreatsAttacker MotivesThreat CapabilitiesThreat ClassThreat HistoryAPT Hacker: The New BlackTargeted OrganizationsConstructs of Our DemiseThe Impact of Our YouthThe Economics of (In)securityPsychology of (In)securityThe Big PictureThe Vulnerability of ComplexityAll Together NowThe Future of Our WorldDon’t Forget
The Problem with Our Data SetThreat ExamplesTechno-Criminals Skimmer EvolutionTechno-Criminals: Hacking Power SystemsUnsophisticated Threat: Hollywood HackerUnsophisticated Threat: Neighbor from HellSmart Persistent Threats: Kevin MitnickAPT: Nation-StatesStuxnet and Operation Olympic GamesDuqu: The APT Reconnaissance WormFlame: APT Cyber-espionage WormAPT: RSA CompromiseAPT Nation-State: Iran Spying on CitizensCell Phone Spying: Carrier IQDon’t Forget

AHM: Strong Enough for Penetration Testers, Made for a HackerAHM Components (Requirements, Skills, Soft Skills)Elegant, Big-Picture ThinkersAdvanced: Echelons of SkillPreparationPatienceSocial OmniscienceAlways Target the Weakest LinkEfficacious, Not EliteExploitless ExploitsThe Value of InformationAPT Hacker’s Thought ProcessThink Outside the BoxA Side NoteA Vaudeville StoryLook for MisdirectionThink Through the PainAvoid Tunnel VisionNo RulesKeep It Simple, Stupid (KISS)QuoteAPT Hacking Core StepsReconnaissanceEnumerationExploitationMaintaining AccessClean UpProgressionExfiltrationAPT Hacker Attack PhasesAPT Hacker Foundational ToolsAnonymous PurchasingAnonymous Internet ActivityAnonymous Phone CallsAPT Hacker TermsDon’t Forget
Reconnaissance DataData Categories (Technical and Nontechnical)Data Sources (Cyber and Physical)Data Methods (Active and Passive)Technical DataRegistrant InformationDNS Information and RecordsDNS ZonesBorder Gateway Protocol: An OverviewSystem and Service IdentificationWeb Service EnumerationLarge Data SetsGeolocation InformationData from the Phone SystemDon’t Forget
Search Engine Terms and TipsSearch Engine CommandsSearch Engine ScriptingSearch Engine AlertsHUMINT: PersonnelPersonnel Directory HarvestingDirectory Harvesting: HTTP Requests Directory Harvesting: Stateful HTTP Analyzing ResultsDirectory Harvesting HTML TablesPersonnel Directory: Analyzing the Final ResultsE-mail HarvestingTechnical E-mail HarvestingNontechnical E-mail HarvestingGeographical DataReconnaissance on IndividualsNontraditional Information RepositoriesAutomated Individual ReconnaissanceOur Current ViewDon’t Forget
Social EngineeringSocial Engineering StrategiesAssumptionsDo What Works for YouPreparationLegitimacy TriggersKeep It Simple, StupidDon’t Get CaughtDon’t LieBe CongruentSocial Engineering TacticsLike Likes LikePersonality TypesEventsTell Me What I KnowInsider InformationName DroppingThe Right TacticWhy Don’t You Make Me?Spear-Phishing MethodsSpear-Phishing GoalsTechnical Spear-Phishing Exploitation TacticsBuilding the StoryPhishing Website TacticsPhishing Website: Back-End FunctionalityClient-Side ExploitsCustom Trojan BackdoorDon’t Forget
Remote Presence ReconnaissanceSocial Spear PhishingWireless PhasesAPT Wireless ToolsWireless ReconnaissanceActive Wireless AttacksClient Hacking: APT Access PointGetting Clients to ConnectAttacking WPA-Enterprise ClientsAccess Point Component AttacksAccess Point Core Attack ConfigAccess Point Logging ConfigurationAccess Point Protocol ManipulationAccess Point Fake ServersDon’t Forget
Phase IV Spear Phishing with Hardware TrojansHardware Delivery MethodsHardware Trojans: The APT GiftAPT Wakizashi PhoneTrojaned Hardware DevicesHardware Device Trojans with TeensyDon’t Forget
Phase V Physical InfiltrationAPT Team Super FriendsIt’s Official – Size MattersFacility Reconnaissance TacticsExample Target Facility TypesHeadquartersChoosing Facility Asset TargetsPhysical Security Control PrimerPhysical Infiltration FactorsPhysical Security Concentric CirclesPhysical Social EngineeringPhysical Social Engineering FoundationsPhysical CongruenceBody LanguageDefeating Physical Security ControlsPreventative Physical ControlsDetective Physical ControlsHacking Home SecurityHacking Hotel SecurityHacking Car SecurityIntermediate Asset and Lily Pad DecisionsPlant DeviceSteal AssetTake and Return AssetBackdoor AssetDon’t Forget
Software Backdoor GoalsAPT Backdoor: Target DataAPT Backdoors: Necessary FunctionsRootkit FunctionalityKnow Thy EnemyThy Enemies’ ActionsResponding to Thy EnemyNetwork Stealth ConfigurationsDeployment ScenariosAmerican Backdoor: An APT Hacker’s NovelBackdoor DroppersBackdoor ExtensibilityBackdoor Command and ControlBackdoor InstallerBackdoor: Interactive ControlData CollectionBackdoor WatchdogBackdooring Legitimate SoftwareDon’t Forget

Content preview from Advanced Persistent Threat Hacking

Index

Please note that index links point to page beginnings from the print edition. Locations are approximate in e-readers, and you may need to page down one or more times after clicking a link to get to the indexed material.

-A option, in nmap service scan, 112

access maintenance, in AHM, 69

access points, wireless. See wireless access points

acoustic motion sensors, 355–357

active reconnaissance, 80. See also reconnaissance

active wireless attacks

post-exploitation exploration, 242–243

vendor vulnerabilities, 241–242

WEP cracking, 233–236

WPA preshared key cracking, 236–240

WPS cracking, 240–241

active wireless reconnaissance