Book description
A fast, hands-on introduction to offensive hacking techniques
Hands-On Hacking teaches readers to see through the eyes of their adversary and apply hacking techniques to better understand real-world risks to computer networks and data. Readers will benefit from the author's years of experience in the field hacking into computer networks and ultimately training others in the art of cyber-attacks. This book holds no punches and explains the tools, tactics and procedures used by ethical hackers and criminal crackers alike.
We will take you on a journey through a hacker’s perspective when focused on the computer infrastructure of a target company, exploring how to access the servers and data. Once the information gathering stage is complete, you’ll look for flaws and their known exploits—including tools developed by real-world government financed state-actors.
• An introduction to the same hacking techniques that malicious hackers will use against an organization
• Written by infosec experts with proven history of publishing vulnerabilities and highlighting security flaws
• Based on the tried and tested material used to train hackers all over the world in the art of breaching networks
• Covers the fundamental basics of how computer networks are inherently vulnerable to attack, teaching the student how to apply hacking skills to uncover vulnerabilities
We cover topics of breaching a company from the external network perimeter, hacking internal enterprise systems and web application vulnerabilities. Delving into the basics of exploitation with real-world practical examples, you won’t find any hypothetical academic only attacks here. From start to finish this book will take the student through the steps necessary to breach an organization to improve its security.
Written by world-renowned cybersecurity experts and educators, Hands-On Hacking teaches entry-level professionals seeking to learn ethical hacking techniques. If you are looking to understand penetration testing and ethical hacking, this book takes you from basic methods to advanced techniques in a structured learning format.
Table of contents
- Cover
- Foreword
- Introduction
- Chapter 1: Hacking a Business Case
- Chapter 2: Hacking Ethically and Legally
- Chapter 3: Building Your Hack Box
-
Chapter 4: Open Source Intelligence Gathering
- Does Your Client Need an OSINT Review?
- What Are You Looking For?
- Where Do You Find It?
- OSINT Tools
- Grabbing Email Addresses from Google
- Google Dorking the Shadows
- A Brief Introduction to Passwd and Shadow Files
- The Google Hacking Database
- Have You Been “Pwned” Yet?
- OSINT Framework Recon-ng
- Recon-ng Under the Hood
- Harvesting the Web
- Document Metadata
- Maltego
- Social Media Networks
- Shodan
- Protecting Against OSINT
- Summary
-
Chapter 5: The Domain Name System
- The Implications of Hacking DNS
- A Brief History of DNS
- The DNS Hierarchy
- A Basic DNS Query
- Authority and Zones
- DNS Resource Records
- BIND9
- DNS Hacking Toolkit
- Finding Hosts
- Finding the SOA with Dig
- Hacking a Virtual Name Server
- Port Scanning with Nmap
- Digging for Information
- Information Leak CHAOS
- Zone Transfer Requests
- Information-Gathering Tools
- Searching for Vulnerabilities and Exploits
- DNS Traffic Amplification
- Metasploit
- Carrying Out a Denial-of-Service Attack
- DoS Attacks with Metasploit
- DNS Spoofing
- DNS Cache Poisoning
- DNS Cache Snooping
- DNSSEC
- Fuzzing
- Summary
-
Chapter 6: Electronic Mail
- The Email Chain
- Message Headers
- Delivery Status Notifications
- The Simple Mail Transfer Protocol
- Sender Policy Framework
- Scanning a Mail Server
- Mail Software
- User Enumeration via Finger
- Brute-Forcing the Post Office
- The Nmap Scripting Engine
- CVE-2014-0160: The Heartbleed Bug
- Exploiting CVE-2010-4345
- Exploiting CVE-2017-7692
- Summary
-
Chapter 7: The World Wide Web of Vulnerabilities
- The World Wide Web
- The Hypertext Transfer Protocol
- Uniform Resource Identifiers
- LAMP: Linux, Apache, MySQL, and PHP
- Creepy Crawlers and Spiders
- The Web Server Hacker's Toolkit
- Port Scanning a Web Server
- Manual HTTP Requests
- Web Vulnerability Scanning
- Guessing Hidden Web Content
- Uploading Files
- HTTP Authentication
- Common Gateway Interface
- Shellshock
- SSL, TLS, and Heartbleed
- Web Administration Interfaces
- Web Proxies
- Privilege Escalation
- Summary
-
Chapter 8: Virtual Private Networks
- What Is a VPN?
- Internet Protocol Security
- Internet Key Exchange
- Transport Layer Security and VPNs
- User Databases and Authentication
- The NSA and VPNs
- The VPN Hacker's Toolkit
- VPN Hacking Methodology
- Port Scanning a VPN Server
- IKE-scan
- OpenVPN
- LDAP
- OpenVPN and Shellshock
- Exploiting CVE-2017-5618
- Summary
- Chapter 9: Files and File Sharing
- Chapter 10: UNIX
- Chapter 11: Databases
-
Chapter 12: Web Applications
- The OWASP Top 10
- The Web Application Hacker's Toolkit
- Port Scanning a Web Application Server
- Using an Intercepting Proxy
- Manual Browsing and Mapping
- Spidering
- Identifying Entry Points
- Web Vulnerability Scanners
- Finding Vulnerabilities
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Controls
- Security Misconfiguration
- Cross-Site Scripting
- Insecure Deserialization
- Known Vulnerabilities
- Insufficient Logging and Monitoring
- Privilege Escalation
- Summary
-
Chapter 13: Microsoft Windows
- Hacking Windows vs. Linux
- Setting Up a Windows VM
- A Windows Hacking Toolkit
- Windows and the NSA
- Port Scanning Windows Server
- Microsoft DNS
- Internet Information Services
- Kerberos
- Golden Tickets
- NetBIOS
- LDAP
- Server Message Block
- ETERNALBLUE
- Enumerating Users
- Microsoft RPC
- Task Scheduler
- Remote Desktop
- The Windows Shell
- PowerShell
- Meterpreter
- Hash Dumping
- Passing the Hash
- Privilege Escalation
- Getting SYSTEM
- Alternative Payload Delivery Methods
- Bypassing Windows Defender
- Summary
- Chapter 14: Passwords
- Chapter 15: Writing Reports
- Index
- End User License Agreement
Product information
- Title: Hands on Hacking
- Author(s):
- Release date: September 2020
- Publisher(s): Wiley
- ISBN: 9781119561453
You might also like
video
Python Fundamentals
51+ hours of video instruction. Overview The professional programmer’s Deitel® video guide to Python development with …
book
Python Crash Course, 2nd Edition
This is the second edition of the best selling Python book in the world. Python Crash …
book
Python for Programmers, First Edition
The professional programmer's Deitel® guide to Python® with introductory artificial intelligence case studies Written for programmers …
book
Python Projects for Beginners: A Ten-Week Bootcamp Approach to Python Programming
Immerse yourself in learning Python and introductory data analytics with this book’s project-based approach. Through the …