book

Ethical Hacking

by Daniel G. Graham

September 2021

Intermediate to advanced

376 pages

9h 25m

English

No Starch Press

Read now

Unlock full access

Why Read This Book?Installing PythonWhat Is in the Book?Reaching Out
Virtual LabSetting Up VirtualBoxSetting Up pfSenseSetting Up MetasploitableSetting Up Kali LinuxSetting Up the Ubuntu Linux DesktopYour First Hack: Exploiting a Backdoor in Metasploitable
How the Internet Transmits DataARP Spoofing AttacksPerforming an ARP Spoofing AttackDetecting an ARP Spoofing AttackExercises
Packets and the Internet Protocol StackViewing Packets in WiresharkAnalyzing Packets Collected by Your FirewallExercises
Sockets and Process CommunicationAccessing the Victim MachineWriting a Reverse Shell ClientWriting a TCP Server That Listens for Client ConnectionsLoading the Reverse Shell onto the Metasploitable ServerBotnetsExercises
EncryptionEncrypting and Decrypting a FileEmail EncryptionEncrypting a File with RSAWriting RansomwareExercises
Transport Layer SecurityUsing Diffie-Hellman to Compute a Shared KeyElliptic-Curve Diffie-HellmanWriting TLS SocketsSSL Stripping and HSTS BypassExercise: Add Encryption to your Ransomware Server
A Sophisticated and Sneaky Social Engineering AttackFaking EmailsFaking WebsitesCreating Deepfake VideosExercises
Link AnalysisGoogle DorkingScanning the Entire InternetIPv6 and NAT LimitationsVulnerability DatabasesVulnerability ScannersExercises
Case Study: Exploiting the Heartbleed OpenSSL VulnerabilityFuzzingSymbolic ExecutionDynamic Symbolic ExecutionUsing DSE to Crack a PasscodeExercises
Case Study: Re-Creating Drovorub by Using MetasploitHiding an Implant in a Legitimate FileEvading Antivirus by Using EncodersCreating a Windows TrojanCreating an Android TrojanExercises
Writing a Linux Kernel ModuleModifying System CallsHooking the Shutdown SyscallHiding FilesUsing Armitage to Exploit a Host and Install a RootkitExercises
SQL InjectionStealing Passwords from a Website’s DatabaseWriting Your Own SQL Injection ToolUsing SQLMapHashing PasswordsBuilding a Salted Hash CrackerPopular Hash Cracking and Brute-Forcing ToolsExercises
Cross-Site ScriptingFinding Vulnerabilities with OWASP Zed Attack ProxyUsing Browser Exploitation Framework PayloadsMoving from Browser to MachineExercise: Hunting for Bugs in a Bug Bounty Program
Pivoting from a Dual-Homed DeviceExtracting Password Hashes on LinuxExercises
Creating a Windows Virtual LabExtracting Password Hashes with MimikatzPassing the Hash with NT LAN ManagerExploring the Corporate Windows NetworkAttacking the DNS ServiceAttacking Active Directory and LDAP ServicesAttacking KerberosExercise: Kerberoasting
Setting Up a Hardened Hacking EnvironmentOther TopicsConnect with Others

Content preview from Ethical Hacking

7PHISHING AND DEEPFAKES

Don’t believe anything you read on the net. Except this. Well, including this, I suppose.

–Douglas Adams

Hackers use social engineering techniques to trick victims into giving them access to their systems. Social engineering is the use of technology to psychologically influence a person’s behavior. These techniques have been used to steal passwords, destabilize governments, and rig elections.

You might be familiar with social engineering attacks that attempt to bait users into taking a particular action. These are referred to as phishing attacks. But savvy computer users can usually identify fake emails quickly and spam ...