book

How to Hack Like a Ghost

by Sparc Flow

May 2021

Intermediate to advanced

264 pages

6h 31m

English

No Starch Press

Read now

Unlock full access

How the Book WorksThe Vague Plan
VPNs and Their FailingsLocation, Location, LocationThe Operation LaptopBouncing ServersThe Attack InfrastructureResources
Command and Control LegacyThe Search for a New C2MerlinKoadicSILENTTRINITYResources

Legacy MethodContainers and VirtualizationNamespacesUnion FilesystemCgroupsIP MasqueradingAutomating the Server SetupTuning the ServerPushing to ProductionResources
Understanding Gretsch PoliticoFinding Hidden RelationshipsScouring GitHubPulling Web DomainsFrom CertificatesBy Harvesting the InternetDiscovering the Web Infrastructure UsedResources
Practice Makes PerfectRevealing Hidden DomainsInvestigating the S3 URLsS3 Bucket SecurityExamining the BucketsInspecting the Web-Facing ApplicationInterception with WebSocketServer-Side Request ForgeryExploring the MetadataThe Dirty Secret of the Metadata APIAWS IAMExamining the Key ListResources
Server-Side Template InjectionFingerprinting the FrameworkArbitrary Code ExecutionConfirming the OwnerSmuggling BucketsQuality Backdoor Using S3Creating the AgentCreating the OperatorTrying to Break FreeChecking for Privileged ModeLinux CapabilitiesDocker SocketResources
Kubernetes OverviewIntroducing PodsBalancing TrafficOpening the App to the WorldKube Under the HoodResources
RBAC in KubeRecon 2.0Breaking Into DatastoresAPI ExplorationAbusing the IAM Role PrivilegesAbusing the Service Account PrivilegesInfiltrating the DatabaseRedis and Real-Time BiddingDeserializationCache PoisoningKube Privilege EscalationResources
Stable AccessThe Stealthy BackdoorResources
The Path to ApotheosisAutomation Tool TakeoverJenkins AlmightyHell’s KitchenTaking Over LambdaResources
The AWS SentriesPersisting in the Utmost SecrecyThe Program to ExecuteBuilding the LambdaSetting Up the Trigger EventCovering Our TracksRecovering AccessAlternative (Worse) MethodsResources
Persisting the AccessUnderstanding SparkMalicious SparkSpark TakeoverFinding Raw DataStealing Processed DataPrivilege EscalationInfiltrating RedshiftResources
Hacking Google WorkspaceAbusing CloudTrailCreating a Google Workspace Super Admin AccountSneaking a PeekClosing ThoughtsResources

Content preview from How to Hack Like a Ghost

3 Let There Be Infrastructure

In this chapter we’ll set up the backend attacking infrastructure as well as the tooling necessary to faithfully reproduce and automate almost every painful aspect of the manual setup. We’ll stick with two frameworks: Metasploit for Linux targets and SILENTTRINITY for Windows boxes.

Legacy Method

The old way to set up an attacking infrastructure would be to install each of your frameworks on a machine and place a web server in front of them to receive and route traffic according to simple pattern-matching rules. As illustrated in Figure 3-1, requests to /secretPage get forwarded to the C2 backend, while the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781098128944

How to Hack Like a Ghost

by Sparc Flow

3 Let There Be Infrastructure

Legacy Method

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

How to Hack Like a Legend

Hands on Hacking

Web Hacking Secrets - How to Hack Legally and Earn Thousands of Dollars at HackerOne

How Cybersecurity Really Works

Publisher Resources

Legacy Method

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

How to Hack Like a Legend

Hands on Hacking

Web Hacking Secrets - How to Hack Legally and Earn Thousands of Dollars at HackerOne

How Cybersecurity Really Works

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.