product iamge

Gray Hat Hacking: The Ethical Hacker's Handbook

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Up-to-date strategies for thwarting the latest, most insidious network attacks This fully updated, industry-standard security resource shows, step by step, how to fortify computer networks by learning and applying effective ethical hacking techniques. Based on curricula developed by the authors at major security conferences and colleges, the book features actionable planning and analysis methods as well as practical steps for identifying and combating both targeted and opportunistic attacks. Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition clearly explains the enemy’s devious weapons, skills, and tactics and offers field-tested remedies, case studies, and testing labs. You will get complete coverage of Internet of Things, mobile, and Cloud security along with penetration testing, malware analysis, and reverse engineering techniques. State-of-the-art malware, ransomware, and system exploits are thoroughly explained. • Fully revised content includes 7 new chapters covering the latest threats • Includes proof-of-concept code stored on the GitHub repository • Authors train attendees at major security conferences, including RSA, Black Hat, Defcon, and B-Sides

Author(s): Allen Harper, Ryan Linn, Stephen Sims, Michael Baucom, Huascar Tejeda, Daniel Fernandez, Moses Frost
Edition: 6
Publisher: McGraw Hill
Year: 2022

Language: English
Commentary: Vector PDF
Pages: 704
City: New York, NY
Tags: Linux; Amazon Web Services; Microsoft Azure; Cloud Computing; Debugging; Security; Python; Internet of Things; PowerShell; Linux Kernel; Docker; Memory Management; IDA Pro; Microsoft Windows; Assembly Language; C; Kubernetes; Vulnerability Scanning; Exploitation; Vulnerability Analysis; Metasploit; Shodan; Hyper-V; Embedded Systems; Red Team; Threat Models; Reverse Engineering; Ethical Hacking; Purple Team; Memory Vulnerabilities; Ghidra; Hacking; Software-Defned Radio

Cover
Praise for Gray Hat Hacking
The Ethical Hacker’s Handbook, Sixth Edition
Title
Copyright
In Memory
About the Authors
Contents at a Glance
Contents
Preface
Acknowledgements
Introduction
Preparation
Gray Hat Hacking
Gray Hat Hacking Overview
History of Ethical Hacking
Know the Enemy: Black Hat Hacking
Summary
For Further Reading
References
Programming Sur vival Skills
C Programming Language
Computer Memory
Intel Processors
Assembly Language Basics
Debugging with gdb
Python Survival Skills
Summary
For Further Reading
References
Linux Exploit Development Tools
Binary, Dynamic Information-Gathering Tools
Extending gdb with Python
Pwntools CTF Framework and Exploit Development Library
HeapME (Heap Made Easy) Heap Analysis and Collaboration Tool
Summary
For Further Reading
References
Introduction to Ghidra
Creating Our First Project
Installation and QuickStart
Summary
For Further Reading
References
IDA Pro
Introduction to IDA Pro for Reverse Engineering
What Is Disassembly?
Navigating IDA Pro
IDA Pro Features and Functionality
Debugging with IDA Pro
Summary
For Further Reading
References
Ethical Hacking
Red and Purple Teams
Introduction to Red Teams
Making Money with Red Teaming
Purple Team Basics
Summary
For Further Reading
References
Command and Control (C2)
Command and Control Systems
Payload Obfuscation
Network Evasion
EDR Evasion
Summary
For Further Reading
Building a Threat Hunting Lab
Threat Hunting and Labs
Basic Threat Hunting Lab: DetectionLab
Extending Your Lab
Summary
For Further Reading
References
Introduction to Threat Hunting
Threat Hunting Basics
Normalizing Data Sources with OSSEM
Data-Driven Hunts Using OSSEM
Exploring Hypothesis-Driven Hunts
Enter Mordor
Threat Hunter Playbook
Summary
For Further Reading
References
Hacking Systems
Basic Linux Exploits
Stack Operations and Function-Calling Procedures
Buffer Overflows
Local Buffer Overflow Exploits
Exploit Development Process
Summary
For Further Reading
Advanced Linux Exploits
Summary
For Further Reading
References
Linux Kernel Exploits
Summary
For Further Reading
References
Basic Windows Exploitation
Compiling and Debugging Windows Programs
Writing Windows Exploits
Understanding Structured Exception Handling
Data Execution Prevention
Summary
For Further Reading
References
Windows Kernel Exploitation
The Windows Kernel
Kernel Drivers
Kernel Debugging
Picking a Target
Token Stealing
Summary
For Further Reading
References
PowerShell Exploitation
Why PowerShell
Loading PowerShell Scripts
Exploitation and Post-Exploitation with PowerSploit
Using PowerShell Empire for C2
Summary
For Further Reading
Reference
Getting Shells Without Exploits
Capturing Password Hashes
Using Winexe
Using WMI
Taking Advantage of WinRM
Summary
For Further Reading
Reference
Post-Exploitation in Modern Windows Environments
Post-Exploitation
Active Directory Persistence
Summary
For Further Reading
Next-Generation Patch Exploitation
Introduction to Binary Diffing
Binary Diffing Tools
Patch Management Process
Summary
For Further Reading
References
Hacking IoT
Internet of Things to Be Hacked
Internet of Things (IoT)
Shodan IoT Search Engine
IoT Worms: It Was a Matter of Time
Summary
For Further Reading
References
Dissecting Embedded Devices
CPU
Serial Interfaces
Debug Interfaces
Software
Summary
For Further Reading
References
Exploiting Embedded Devices
Static Analysis of Vulnerabilities in Embedded Devices
Dynamic Analysis with Hardware
Dynamic Analysis with Emulation
Summary
For Further Reading
References
Software-Defined Radio
Getting Started with SDR
Learn by Example
Summary
For Further Reading
Hacking Hyper visors
Hyper visors 101
What Is a Hypervisor?
x86 Virtualization
Hardware Assisted Virtualization
Summary
References
Creating a Research Framework
Hypervisor Attack Surface
The Unikernel
The Client (Python)
Fuzzing
Summary
References
Inside Hyper-V
Environment Setup
Hyper-V Architecture
Hyper-V Synthetic Interface
Summary
For Further Reading
References
Hacking Hyper visors Case Study
Bug Analysis
Developing a Trigger
Exploitation
Summary
For Further Reading
References
Hacking the Cloud
Hacking in Amazon Web Ser vices
Amazon Web Services
Abusing Authentication Controls
Summary
For Further Reading
References
Hacking in Azure
Microsoft Azure
Constructing an Attack on Azure-Hosted Systems
Control Plane and Managed Identities
Summary
For Further Reading
References
Hacking Containers
Linux Containers
Applications
Container Security
Breaking Out of Containers
Summary
For Further Reading
References
Hacking on Kubernetes
Kubernetes Architecture
Fingerprinting Kubernetes API Servers
Hacking Kubernetes from Within
Summary
For Further Reading
References
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z