book

Hacking Exposed 7, 7th Edition

by Stuart McClure, Joel Scambray, George Kurtz

July 2012

Intermediate to advanced

720 pages

21h 47m

English

McGraw-Hill

Read now

Unlock full access

Case StudyIAAAS—It’s All About Anonymity, StupidTor-menting the Good Guys
What Is FootprintingWhy Is Footprinting NecessaryInternet FootprintingStep 1: Determine the Scope of Your ActivitiesStep 2: Get Proper AuthorizationStep 3: Publicly Available InformationStep 4: WHOIS & DNS EnumerationStep 5: DNS InterrogationStep 6: Network ReconnaissanceSummary

Determining If the System Is AliveARP Host DiscoveryICMP Host DiscoveryTCP/UDP Host DiscoveryDetermining Which Services Are Running or ListeningScan TypesIdentifying TCP and UDP Services RunningDetecting the Operating SystemMaking Guesses from Available PortsActive Stack FingerprintingPassive Stack FingerprintingProcessing and Storing Scan DataManaging Scan Data with MetasploitSummary
Service FingerprintingVulnerability ScannersBasic Banner GrabbingEnumerating Common Network ServicesSummary
Case Study: International Intrigue
OverviewWhat’s Not CoveredUnauthenticated AttacksAuthentication Spoofing AttacksRemote Unauthenticated ExploitsAuthenticated AttacksPrivilege EscalationExtracting and Cracking PasswordsRemote Control and Back DoorsPort RedirectionCovering TracksGeneral Countermeasures to Authenticated CompromiseWindows Security FeaturesWindows FirewallAutomated UpdatesSecurity CenterSecurity Policy and Group PolicyMicrosoft Security EssentialsThe Enhanced Mitigation Experience ToolkitBitlocker and the Encrypting File SystemWindows Resource ProtectionIntegrity Levels, UAC, and PMIEData Execution Prevention (DEP)Windows Service HardeningCompiler-based EnhancementsCoda: The Burden of Windows SecuritySummary
The Quest for RootA Brief ReviewVulnerability MappingRemote Access vs. Local AccessRemote AccessData-driven AttacksI Want My ShellCommon Types of Remote AttacksLocal AccessAfter Hacking RootRootkit RecoverySummary
What Is an APTOperation AuroraAnonymousRBNWhat APTs Are NOTExamples of Popular APT Tools and TechniquesCommon APTs IndicatorsSummary
Case Study: Read It and WEP
Preparing to Dial UpWardialingHardwareLegal IssuesPeripheral CostsSoftwareBrute-Force Scripting—The Homegrown WayA Final Note About Brute-Force ScriptingPBX HackingVoicemail HackingVirtual Private Network (VPN) HackingBasics of IPSec VPNsHacking the Citrix VPN SolutionVoice over IP AttacksAttacking VoIPSummary
BackgroundFrequencies and ChannelsSession EstablishmentSecurity MechanismsEquipmentWireless AdaptersOperating SystemsMiscellaneous GoodiesDiscovery and MonitoringFinding Wireless NetworksSniffing Wireless TrafficDenial of Service AttacksEncryption AttacksWEPAuthentication AttacksWPA Pre-Shared KeyWPA EnterpriseSummary
Physical Access: Getting in the DoorHacking DevicesDefault ConfigurationsOwned Out of the BoxStandard PasswordsBluetoothReverse Engineering HardwareMapping the DeviceSniffing Bus DataSniffing the Wireless InterfaceFirmware ReversingICE ToolsSummary
Case Study
Web Server HackingSample FilesSource Code DisclosureCanonicalization AttacksServer ExtensionsBuffer OverflowsDenial of ServiceWeb Server Vulnerability ScannersWeb Application HackingFinding Vulnerable Web Apps with Google (Googledorks)Web CrawlingWeb Application AssessmentCommon Web Application VulnerabilitiesDatabase HackingDatabase DiscoveryDatabase VulnerabilitiesOther ConsiderationsSummary
Hacking AndroidAndroid FundamentalsHacking Your AndroidHacking Other AndroidsAndroid as a Portable Hacking PlatformDefending Your AndroidiOSKnow Your iPhoneHow Secure Is iOSJailbreaking: Unleash the Fury!Hacking Other iPhones: Fury Unleashed!Summary
General Strategies(Re)move the AssetSeparation of DutiesAuthenticate, Authorize, and AuditLayeringAdaptive EnhancementOrderly FailurePolicy and TrainingSimple, Cheap, and EasyExample ScenariosDesktop ScenariosServer ScenariosNetwork ScenariosWeb Application and Database ScenariosMobile ScenariosSummary
Countermeasures

Content preview from Hacking Exposed 7, 7th Edition

CHAPTER 2SCANNING

If footprinting is the equivalent of casing a place for information, then scanning is equivalent to inspecting the walls for doors and windows as potential entry points. During footprinting, we obtained a list of IP network blocks and IP addresses through a wide variety of techniques including WHOIS and ARIN queries. These techniques provide the security administrator (and hacker) with valuable information about the target network, including employee names and phone numbers, IP address ranges, DNS servers, and mail servers. In this chapter, we will determine what systems are listening for inbound network traffic (aka “alive”) and are reachable using a variety of tools and techniques. We will also look at how you can bypass firewalls ...