book

How to Hack Like a Ghost

by Sparc Flow

May 2021

Intermediate to advanced

264 pages

6h 31m

English

No Starch Press

Read now

Unlock full access

How the Book WorksThe Vague Plan
VPNs and Their FailingsLocation, Location, LocationThe Operation LaptopBouncing ServersThe Attack InfrastructureResources
Command and Control LegacyThe Search for a New C2MerlinKoadicSILENTTRINITYResources

Legacy MethodContainers and VirtualizationNamespacesUnion FilesystemCgroupsIP MasqueradingAutomating the Server SetupTuning the ServerPushing to ProductionResources
Understanding Gretsch PoliticoFinding Hidden RelationshipsScouring GitHubPulling Web DomainsFrom CertificatesBy Harvesting the InternetDiscovering the Web Infrastructure UsedResources
Practice Makes PerfectRevealing Hidden DomainsInvestigating the S3 URLsS3 Bucket SecurityExamining the BucketsInspecting the Web-Facing ApplicationInterception with WebSocketServer-Side Request ForgeryExploring the MetadataThe Dirty Secret of the Metadata APIAWS IAMExamining the Key ListResources
Server-Side Template InjectionFingerprinting the FrameworkArbitrary Code ExecutionConfirming the OwnerSmuggling BucketsQuality Backdoor Using S3Creating the AgentCreating the OperatorTrying to Break FreeChecking for Privileged ModeLinux CapabilitiesDocker SocketResources
Kubernetes OverviewIntroducing PodsBalancing TrafficOpening the App to the WorldKube Under the HoodResources
RBAC in KubeRecon 2.0Breaking Into DatastoresAPI ExplorationAbusing the IAM Role PrivilegesAbusing the Service Account PrivilegesInfiltrating the DatabaseRedis and Real-Time BiddingDeserializationCache PoisoningKube Privilege EscalationResources
Stable AccessThe Stealthy BackdoorResources
The Path to ApotheosisAutomation Tool TakeoverJenkins AlmightyHell’s KitchenTaking Over LambdaResources
The AWS SentriesPersisting in the Utmost SecrecyThe Program to ExecuteBuilding the LambdaSetting Up the Trigger EventCovering Our TracksRecovering AccessAlternative (Worse) MethodsResources
Persisting the AccessUnderstanding SparkMalicious SparkSpark TakeoverFinding Raw DataStealing Processed DataPrivilege EscalationInfiltrating RedshiftResources
Hacking Google WorkspaceAbusing CloudTrailCreating a Google Workspace Super Admin AccountSneaking a PeekClosing ThoughtsResources

Content preview from How to Hack Like a Ghost

10 The Enemy Inside

In the previous chapter, we took over MXR Ads’ delivery cluster. This yielded hundreds of secrets, ranging from AWS access keys to GitHub tokens, promising access to pretty much any database involved in the delivery of an ad. We are not yet admins of the AWS account, but it’s barely a nudge away. We need to make sense of all the data we gathered and use it to find a way to escalate privileges, and even perhaps uncover the hidden link between MXR Ads and Gretsch Politico.

The Path to Apotheosis

We load the AWS access keys we retrieved from Kube and check out the permissions of a random user. Kevin from Chapter 8, for instance, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781098128944

How to Hack Like a Ghost

by Sparc Flow

10 The Enemy Inside

The Path to Apotheosis

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

How to Hack Like a Legend

Hands on Hacking

Web Hacking Secrets - How to Hack Legally and Earn Thousands of Dollars at HackerOne

How Cybersecurity Really Works

Publisher Resources

The Path to Apotheosis

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

How to Hack Like a Legend

Hands on Hacking

Web Hacking Secrets - How to Hack Legally and Earn Thousands of Dollars at HackerOne

How Cybersecurity Really Works

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.