Hacking: The Next Generation. The Next Generation - Helion
ebook
Autor: Nitesh Dhanjani, Billy Rios, Brett HardinISBN: 978-14-493-7921-6
stron: 298, Format: ebook
Data wydania: 2009-08-29
Księgarnia: Helion
Cena książki: 118,15 zł (poprzednio: 137,38 zł)
Oszczędzasz: 14% (-19,23 zł)
With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.
You'll not only find valuable information on new hacks that attempt to exploit technical flaws, you'll also learn how attackers take advantage of individuals via social networking sites, and abuse vulnerabilities in wireless technologies and cloud infrastructures. Written by seasoned Internet security professionals, this book helps you understand the motives and psychology of hackers behind these attacks, enabling you to better prepare and defend against them.
- Learn how "inside out" techniques can poke holes into protected networks
- Understand the new wave of "blended threats" that take advantage of multiple application vulnerabilities to steal corporate data
- Recognize weaknesses in today's powerful cloud infrastructures and how they can be exploited
- Prevent attacks against the mobile workforce and their devices containing valuable data
- Be aware of attacks via social networking sites to obtain confidential information from executives and their assistants
- Get case studies that show how several layers of vulnerabilities can be used to compromise multinational corporations
Osoby które kupowały "Hacking: The Next Generation. The Next Generation", wybierały także:
- Profesjonalne testy penetracyjne. Zbuduj własne środowisko do testów 67,42 zł, (20,90 zł -69%)
- Windows Server 2003. Bezpieczeństwo sieci 74,69 zł, (23,90 zł -68%)
- Spring Security. Kurs video. Metody zabezpieczania aplikacji webowych 69,00 zł, (31,05 zł -55%)
- Bezpieczeństwo systemów informatycznych. Zasady i praktyka. Wydanie IV. Tom 2 99,00 zł, (49,50 zł -50%)
- Hartowanie Linuksa we wrogich środowiskach sieciowych. Ochrona serwera od TLS po Tor 59,00 zł, (29,50 zł -50%)
Spis treści
Hacking: The Next Generation. The Next Generation eBook -- spis treści
- Hacking: The Next Generation
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
- Audience
- Assumptions This Book Makes
- Contents of This Book
- Conventions Used in This Book
- Using Code Examples
- Wed Like to Hear from You
- Safari Books Online
- Acknowledgments
- 1. Intelligence Gathering: Peering Through the Windows to Your Organization
- Physical Security Engineering
- Dumpster Diving
- Hanging Out at the Corporate Campus
- Google Earth
- Social Engineering Call Centers
- Search Engine Hacking
- Google Hacking
- Automating Google Hacking
- Extracting Metadata from Online Documents
- Searching for Source Code
- Leveraging Social Networks
- Facebook and MySpace
- Abusing Facebook
- Facebook and MySpace
- Tracking Employees
- Email Harvesting with theHarvester
- Resumés
- Job Postings
- Google Calendar
- What Information Is Important?
- Summary
- Physical Security Engineering
- 2. Inside-Out Attacks: The Attacker Is the Insider
- Man on the Inside
- Cross-Site Scripting (XSS)
- Stealing Sessions
- Injecting Content
- Stealing Usernames and Passwords
- Advanced and Automated Attacks
- Cross-Site Request Forgery (CSRF)
- Inside-Out Attacks
- Content Ownership
- Abusing Flashs crossdomain.xml
- Abusing Java
- Attacking Code.google.com
- Advanced Content Ownership Using GIFARs
- Stealing Documents from Online Document Stores
- Stealing Files from the Filesystem
- Safari File Stealing
- The feed:// protocol handler
- Using Java to steal files
- Safari File Stealing
- Summary
- 3. The Way It Works: There Is No Patch
- Exploiting Telnet and FTP
- Sniffing Credentials
- Brute-Forcing Your Way In
- Hijacking Sessions
- Abusing SMTP
- Snooping Emails
- Spoofing Emails to Perform Social Engineering
- Abusing ARP
- Poisoning the Network
- Cain & Abel
- Sniffing SSH on a Switched Network
- Leveraging DNS for Remote Reconnaissance
- DNS Cache Snooping
- The snooping attack in a nutshell
- A tool to snoop DNS caches
- Sample output of cache_snoop.pl
- Summary
- Exploiting Telnet and FTP
- 4. Blended Threats: When Applications Exploit Each Other
- Application Protocol Handlers
- Finding Protocol Handlers on Windows
- Finding Protocol Handlers on Mac OS X
- Finding Protocol Handlers on Linux
- Blended Attacks
- The Classic Blended Attack: Safaris Carpet Bomb
- The FireFoxUrl Application Protocol Handler
- Mailto:// and the Vulnerability in the ShellExecute Windows API
- The iPhoto Format String Exploit
- Blended Worms: Conficker/Downadup
- Finding Blended Threats
- Summary
- Application Protocol Handlers
- 5. Cloud Insecurity: Sharing the Cloud with Your Enemy
- What Changes in the Cloud
- Amazons Elastic Compute Cloud
- Googles App Engine
- Other Cloud Offerings
- Attacks Against the Cloud
- Poisoned Virtual Machines
- Attacks Against Management Consoles
- Secure by Default
- Abusing Cloud Billing Models and Cloud Phishing
- Googling for Gold in the Cloud
- Summary
- What Changes in the Cloud
- 6. Abusing Mobile Devices: Targeting Your Mobile Workforce
- Targeting Your Mobile Workforce
- Your Employees Are on My Network
- Getting on the Network
- Direct Attacks Against Your Employees and Associates
- Putting It Together: Attacks Against a Hotspot User
- Tapping into Voicemail
- Exploiting Physical Access to Mobile Devices
- Summary
- Targeting Your Mobile Workforce
- 7. Infiltrating the Phishing Underground: Learning from Online Criminals?
- The Fresh Phish Is in the Tank
- Examining the Phishers
- No Time to Patch
- Thank You for Signing My Guestbook
- Say Hello to Pedro!
- Isnt It Ironic?
- The Loot
- Uncovering the Phishing Kits
- Phisher-on-Phisher Crime
- Infiltrating the Underground
- Google ReZulT
- Fullz for Sale!
- Meet Cha0
- Summary
- 8. Influencing Your Victims: Do What We Tell You, Please
- The Calendar Is a Gold Mine
- Information in Calendars
- Who Just Joined?
- Calendar Personalities
- Social Identities
- Abusing Social Profiles
- Stealing Social Identities
- Breaking Authentication
- Hacking the Psyche
- Summary
- The Calendar Is a Gold Mine
- 9. Hacking Executives: Can Your CEO Spot a Targeted Attack?
- Fully Targeted Attacks Versus Opportunistic Attacks
- Motives
- Financial Gain
- Converting information to currency
- Vengeance
- Benefit and Risk
- Financial Gain
- Information Gathering
- Identifying Executives
- The Trusted Circle
- Identifying the trusted circle: Network analysis
- Friends, family, and colleagues
- Twitter
- TweetStats
- Clicking links on Twitter
- Other Social Applications
- Attack Scenarios
- Email Attack
- Identifying the executive to attack
- Finding a potential lure
- Identifying the email address of the lure
- Constructing the email
- Targeting the Assistant
- Trusted circle attack on the assistant
- Leveraging the assistants trust
- Memory Sticks
- Email Attack
- Summary
- 10. Case Studies: Different Perspectives
- The Disgruntled Employee
- The Performance Review
- Spoofing into Conference Calls
- The Win
- The Silver Bullet
- The Free Lunch
- The SSH Server
- Turning the Network Inside Out
- A Fool with a Tool Is Still a Fool
- Summary
- The Disgruntled Employee
- A. Chapter 2 Source Code Samples
- Datamine.js
- Pingback.js
- External-datamine.js
- XHRIEsniperscope()
- Codecrossdomain.java
- HiddenClass.java
- B. Cache_Snoop.pl
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly