book

How to Hack Like a Ghost

by Sparc Flow

May 2021

Intermediate to advanced

264 pages

6h 31m

English

No Starch Press

Read now

Unlock full access

How the Book WorksThe Vague Plan
VPNs and Their FailingsLocation, Location, LocationThe Operation LaptopBouncing ServersThe Attack InfrastructureResources
Command and Control LegacyThe Search for a New C2MerlinKoadicSILENTTRINITYResources

Legacy MethodContainers and VirtualizationNamespacesUnion FilesystemCgroupsIP MasqueradingAutomating the Server SetupTuning the ServerPushing to ProductionResources
Understanding Gretsch PoliticoFinding Hidden RelationshipsScouring GitHubPulling Web DomainsFrom CertificatesBy Harvesting the InternetDiscovering the Web Infrastructure UsedResources
Practice Makes PerfectRevealing Hidden DomainsInvestigating the S3 URLsS3 Bucket SecurityExamining the BucketsInspecting the Web-Facing ApplicationInterception with WebSocketServer-Side Request ForgeryExploring the MetadataThe Dirty Secret of the Metadata APIAWS IAMExamining the Key ListResources
Server-Side Template InjectionFingerprinting the FrameworkArbitrary Code ExecutionConfirming the OwnerSmuggling BucketsQuality Backdoor Using S3Creating the AgentCreating the OperatorTrying to Break FreeChecking for Privileged ModeLinux CapabilitiesDocker SocketResources
Kubernetes OverviewIntroducing PodsBalancing TrafficOpening the App to the WorldKube Under the HoodResources
RBAC in KubeRecon 2.0Breaking Into DatastoresAPI ExplorationAbusing the IAM Role PrivilegesAbusing the Service Account PrivilegesInfiltrating the DatabaseRedis and Real-Time BiddingDeserializationCache PoisoningKube Privilege EscalationResources
Stable AccessThe Stealthy BackdoorResources
The Path to ApotheosisAutomation Tool TakeoverJenkins AlmightyHell’s KitchenTaking Over LambdaResources
The AWS SentriesPersisting in the Utmost SecrecyThe Program to ExecuteBuilding the LambdaSetting Up the Trigger EventCovering Our TracksRecovering AccessAlternative (Worse) MethodsResources
Persisting the AccessUnderstanding SparkMalicious SparkSpark TakeoverFinding Raw DataStealing Processed DataPrivilege EscalationInfiltrating RedshiftResources
Hacking Google WorkspaceAbusing CloudTrailCreating a Google Workspace Super Admin AccountSneaking a PeekClosing ThoughtsResources

Content preview from How to Hack Like a Ghost

6 Fracture

From our work so far, we have a few MXR Ads credentials, and we’ve uncovered the main ways that MXR Ads and GP handle their infrastructure, but we’re not sure what to do with our findings. We still have so many opportunities to explore, so we go back to the drawing board: a handful of GP and MXR Ads websites that we confirmed in Chapter 4 (see Listing 4-3). In Chapter 5, we followed our gut by courting the most alluring assets, the S3 buckets, which eventually led us to a server-side request forgery (SSRF) vulnerability. But now we’ll abide by a steadier and more strenuous approach.

We will go through each website, follow each ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781098128944

How to Hack Like a Ghost

by Sparc Flow

6 Fracture

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

How to Hack Like a Legend

Hands on Hacking

Web Hacking Secrets - How to Hack Legally and Earn Thousands of Dollars at HackerOne

How Cybersecurity Really Works

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

How to Hack Like a Legend

Hands on Hacking

Web Hacking Secrets - How to Hack Legally and Earn Thousands of Dollars at HackerOne

How Cybersecurity Really Works

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.