book

Advanced Persistent Threat Hacking

by Tyler Wrightson

December 2014

Intermediate to advanced

464 pages

12h 47m

English

McGraw-Hill

Read now

Unlock full access

Defining the ThreatThreatsAttacker MotivesThreat CapabilitiesThreat ClassThreat HistoryAPT Hacker: The New BlackTargeted OrganizationsConstructs of Our DemiseThe Impact of Our YouthThe Economics of (In)securityPsychology of (In)securityThe Big PictureThe Vulnerability of ComplexityAll Together NowThe Future of Our WorldDon’t Forget
The Problem with Our Data SetThreat ExamplesTechno-Criminals Skimmer EvolutionTechno-Criminals: Hacking Power SystemsUnsophisticated Threat: Hollywood HackerUnsophisticated Threat: Neighbor from HellSmart Persistent Threats: Kevin MitnickAPT: Nation-StatesStuxnet and Operation Olympic GamesDuqu: The APT Reconnaissance WormFlame: APT Cyber-espionage WormAPT: RSA CompromiseAPT Nation-State: Iran Spying on CitizensCell Phone Spying: Carrier IQDon’t Forget

AHM: Strong Enough for Penetration Testers, Made for a HackerAHM Components (Requirements, Skills, Soft Skills)Elegant, Big-Picture ThinkersAdvanced: Echelons of SkillPreparationPatienceSocial OmniscienceAlways Target the Weakest LinkEfficacious, Not EliteExploitless ExploitsThe Value of InformationAPT Hacker’s Thought ProcessThink Outside the BoxA Side NoteA Vaudeville StoryLook for MisdirectionThink Through the PainAvoid Tunnel VisionNo RulesKeep It Simple, Stupid (KISS)QuoteAPT Hacking Core StepsReconnaissanceEnumerationExploitationMaintaining AccessClean UpProgressionExfiltrationAPT Hacker Attack PhasesAPT Hacker Foundational ToolsAnonymous PurchasingAnonymous Internet ActivityAnonymous Phone CallsAPT Hacker TermsDon’t Forget
Reconnaissance DataData Categories (Technical and Nontechnical)Data Sources (Cyber and Physical)Data Methods (Active and Passive)Technical DataRegistrant InformationDNS Information and RecordsDNS ZonesBorder Gateway Protocol: An OverviewSystem and Service IdentificationWeb Service EnumerationLarge Data SetsGeolocation InformationData from the Phone SystemDon’t Forget
Search Engine Terms and TipsSearch Engine CommandsSearch Engine ScriptingSearch Engine AlertsHUMINT: PersonnelPersonnel Directory HarvestingDirectory Harvesting: HTTP Requests Directory Harvesting: Stateful HTTP Analyzing ResultsDirectory Harvesting HTML TablesPersonnel Directory: Analyzing the Final ResultsE-mail HarvestingTechnical E-mail HarvestingNontechnical E-mail HarvestingGeographical DataReconnaissance on IndividualsNontraditional Information RepositoriesAutomated Individual ReconnaissanceOur Current ViewDon’t Forget
Social EngineeringSocial Engineering StrategiesAssumptionsDo What Works for YouPreparationLegitimacy TriggersKeep It Simple, StupidDon’t Get CaughtDon’t LieBe CongruentSocial Engineering TacticsLike Likes LikePersonality TypesEventsTell Me What I KnowInsider InformationName DroppingThe Right TacticWhy Don’t You Make Me?Spear-Phishing MethodsSpear-Phishing GoalsTechnical Spear-Phishing Exploitation TacticsBuilding the StoryPhishing Website TacticsPhishing Website: Back-End FunctionalityClient-Side ExploitsCustom Trojan BackdoorDon’t Forget
Remote Presence ReconnaissanceSocial Spear PhishingWireless PhasesAPT Wireless ToolsWireless ReconnaissanceActive Wireless AttacksClient Hacking: APT Access PointGetting Clients to ConnectAttacking WPA-Enterprise ClientsAccess Point Component AttacksAccess Point Core Attack ConfigAccess Point Logging ConfigurationAccess Point Protocol ManipulationAccess Point Fake ServersDon’t Forget
Phase IV Spear Phishing with Hardware TrojansHardware Delivery MethodsHardware Trojans: The APT GiftAPT Wakizashi PhoneTrojaned Hardware DevicesHardware Device Trojans with TeensyDon’t Forget
Phase V Physical InfiltrationAPT Team Super FriendsIt’s Official – Size MattersFacility Reconnaissance TacticsExample Target Facility TypesHeadquartersChoosing Facility Asset TargetsPhysical Security Control PrimerPhysical Infiltration FactorsPhysical Security Concentric CirclesPhysical Social EngineeringPhysical Social Engineering FoundationsPhysical CongruenceBody LanguageDefeating Physical Security ControlsPreventative Physical ControlsDetective Physical ControlsHacking Home SecurityHacking Hotel SecurityHacking Car SecurityIntermediate Asset and Lily Pad DecisionsPlant DeviceSteal AssetTake and Return AssetBackdoor AssetDon’t Forget
Software Backdoor GoalsAPT Backdoor: Target DataAPT Backdoors: Necessary FunctionsRootkit FunctionalityKnow Thy EnemyThy Enemies’ ActionsResponding to Thy EnemyNetwork Stealth ConfigurationsDeployment ScenariosAmerican Backdoor: An APT Hacker’s NovelBackdoor DroppersBackdoor ExtensibilityBackdoor Command and ControlBackdoor InstallerBackdoor: Interactive ControlData CollectionBackdoor WatchdogBackdooring Legitimate SoftwareDon’t Forget

Content preview from Advanced Persistent Threat Hacking

Introduction

Writing this book was a far more difficult task than I realized when I first set out. This book has actually been well over a decade in the making. Starting out as a simple thought experiment to determine how I might be able to hack into any organization, over the years, it turned into more of an obsession.

Finally, after many years of penetration testing, I felt that not only did I have a solid game plan to successfully hack even the most secure organizations, but I also had plenty of firsthand experience that gave me my own unique perspective.

Why This Book?

This book was written with one crystalized purpose: to prove that regardless of the defenses in place, any organization can have their most valuable assets stolen due ...