How to Hack Like a Ghost

How to Hack Like a Ghost

Author: Sparc Flow

Publisher: No Starch Press

Published: 2021-05-11

Total Pages: 238

ISBN-13: 1718501277

DOWNLOAD EBOOK

How to Hack Like a Ghost takes you deep inside the mind of a hacker as you carry out a fictionalized attack against a tech company, teaching cutting-edge hacking techniques along the way. Go deep into the mind of a master hacker as he breaks into a hostile, cloud-based security environment. Sparc Flow invites you to shadow him every step of the way, from recon to infiltration, as you hack a shady, data-driven political consulting firm. While the target is fictional, the corporation’s vulnerabilities are based on real-life weaknesses in today’s advanced cybersecurity defense systems. You’ll experience all the thrills, frustrations, dead-ends, and eureka moments of his mission first-hand, while picking up practical, cutting-edge techniques for penetrating cloud technologies. There are no do-overs for hackers, so your training starts with basic OpSec procedures, using an ephemeral OS, Tor, bouncing servers, and detailed code to build an anonymous, replaceable hacking infrastructure guaranteed to avoid detection. From there, you’ll examine some effective recon techniques, develop tools from scratch, and deconstruct low-level features in common systems to gain access to the target. Spark Flow’s clever insights, witty reasoning, and stealth maneuvers teach you how to think on your toes and adapt his skills to your own hacking tasks. You'll learn: How to set up and use an array of disposable machines that can renew in a matter of seconds to change your internet footprint How to do effective recon, like harvesting hidden domains and taking advantage of DevOps automation systems to trawl for credentials How to look inside and gain access to AWS’s storage systems How cloud security systems like Kubernetes work, and how to hack them Dynamic techniques for escalating privileges Packed with interesting tricks, ingenious tips, and links to external resources, this fast-paced, hands-on guide to penetrating modern cloud systems will help hackers of all stripes succeed on their next adventure.


How to Hack Like a God: Master the Secrets of Hacking Through Real Life Scenarios

How to Hack Like a God: Master the Secrets of Hacking Through Real Life Scenarios

Author: Sparc Flow

Publisher: Hack the Planet

Published: 2017-04-17

Total Pages: 122

ISBN-13: 9781521232682

DOWNLOAD EBOOK

Follow me on a step-by-step hacking journey where we pwn a high-profile fashion company. From zero initial access to remotely recording board meetings, we will detail every custom script and technique used in this attack, drawn from real-life findings, to paint the most realistic picture possible. Whether you are a wannabe pentester dreaming about real-life hacking experiences or an experienced ethical hacker tired of countless Metasploit tutorials, you will find unique gems in this book for you to try: -Playing with Kerberos -Bypassing Citrix & Applocker -Mainframe hacking -Fileless WMI persistence -NoSQL injections -Wiegand protocol -Exfiltration techniques -Antivirus evasion tricks -And much more advanced hacking techniques I have documented almost every tool and custom script used in this book. I strongly encourage you to test them out yourself and master their capabilities (and limitations) in an environment you own and control. Hack (safely) the Planet! (Previously published as How to Hack a Fashion Brand)


How to Hack Like a Legend

How to Hack Like a Legend

Author: Sparc Flow

Publisher: No Starch Press

Published: 2022-10-25

Total Pages: 217

ISBN-13: 1718501501

DOWNLOAD EBOOK

Tag along with a master hacker on a truly memorable attack. From reconnaissance to infiltration, you’ll experience their every thought, frustration, and strategic decision-making first-hand in this exhilarating narrative journey into a highly defended Windows environment driven by AI. Step into the shoes of a master hacker and break into an intelligent, highly defensive Windows environment. You’ll be infiltrating the suspicious (fictional) offshoring company G & S Trust and their hostile Microsoft stronghold. While the target is fictional, the corporation’s vulnerabilities are based on real-life weaknesses in today’s advanced Windows defense systems. You’ll experience all the thrills, frustrations, dead-ends, and eureka moments of the mission first-hand, while picking up practical, cutting-edge techniques for evading Microsoft’s best security systems. The adventure starts with setting up your elite hacking infrastructure complete with virtual Windows system. After some thorough passive recon, you’ll craft a sophisticated phishing campaign to steal credentials and gain initial access. Once inside you’ll identify the security systems, scrape passwords, plant persistent backdoors, and delve deep into areas you don’t belong. Throughout your task you’ll get caught, change tack on a tee, dance around defensive monitoring systems, anddisable tools from the inside. Sparc Flow’s clever insights, witty reasoning, andstealth maneuvers teach you to be patient, persevere, and adapt your skills at the drop of a hat. You’ll learn how to: Identify and evade Microsoft security systems like Advanced Threat Analysis,QRadar, MDE, and AMSI Seek out subdomains and open ports with Censys, Python scripts, and other OSINT tools Scrape password hashes using Kerberoasting Plant camouflaged C# backdoors and payloads Grab victims’ credentials with more advanced techniques like reflection anddomain replication Like other titles in the How to Hack series, this book is packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.


How to Hack Like a GHOST

How to Hack Like a GHOST

Author: Sparc Flow

Publisher:

Published: 2020-02-29

Total Pages: 236

ISBN-13:

DOWNLOAD EBOOK

There are a thousand and one ways to hack an Active Directory environment. But, what happens when end up in a full Cloud environment with thousands of servers, containers and not a single Windows machine to get you going?When we land in an environment designed in the Cloud and engineered using the latest DevOps practices, our hacker intuition needs a little nudge to follow along. How did the company build their systems and what erroneous assumptions can we take advantage of?This book covers the basics of hacking in this new era of Cloud and DevOps: Break container isolation, achieve persistence on Kubernetes cluster and navigate the treacherous sea of AWS detection features to make way with the company's most precious data.Whether you are a fresh infosec student or a Windows veteran, you will certainly find a couple of interesting tricks to help you in your next adventure.


Future Crimes

Future Crimes

Author: Marc Goodman

Publisher: Anchor

Published: 2015-02-24

Total Pages: 581

ISBN-13: 0385539010

DOWNLOAD EBOOK

NEW YORK TIMES and WALL STREET JOURNAL BESTSELLER ONE OF THE WASHINGTON POST'S 10 BEST BOOKS OF 2015 One of the world’s leading authorities on global security, Marc Goodman takes readers deep into the digital underground to expose the alarming ways criminals, corporations, and even countries are using new and emerging technologies against you—and how this makes everyone more vulnerable than ever imagined. Technological advances have benefited our world in immeasurable ways, but there is an ominous flip side: our technology can be turned against us. Hackers can activate baby monitors to spy on families, thieves are analyzing social media posts to plot home invasions, and stalkers are exploiting the GPS on smart phones to track their victims’ every move. We all know today’s criminals can steal identities, drain online bank accounts, and wipe out computer servers, but that’s just the beginning. To date, no computer has been created that could not be hacked—a sobering fact given our radical dependence on these machines for everything from our nation’s power grid to air traffic control to financial services. Yet, as ubiquitous as technology seems today, just over the horizon is a tidal wave of scientific progress that will leave our heads spinning. If today’s Internet is the size of a golf ball, tomorrow’s will be the size of the sun. Welcome to the Internet of Things, a living, breathing, global information grid where every physical object will be online. But with greater connections come greater risks. Implantable medical devices such as pacemakers can be hacked to deliver a lethal jolt of electricity and a car’s brakes can be disabled at high speed from miles away. Meanwhile, 3-D printers can produce AK-47s, bioterrorists can download the recipe for Spanish flu, and cartels are using fleets of drones to ferry drugs across borders. With explosive insights based upon a career in law enforcement and counterterrorism, Marc Goodman takes readers on a vivid journey through the darkest recesses of the Internet. Reading like science fiction, but based in science fact, Future Crimes explores how bad actors are primed to hijack the technologies of tomorrow, including robotics, synthetic biology, nanotechnology, virtual reality, and artificial intelligence. These fields hold the power to create a world of unprecedented abundance and prosperity. But the technological bedrock upon which we are building our common future is deeply unstable and, like a house of cards, can come crashing down at any moment. Future Crimes provides a mind-blowing glimpse into the dark side of technological innovation and the unintended consequences of our connected world. Goodman offers a way out with clear steps we must take to survive the progress unfolding before us. Provocative, thrilling, and ultimately empowering, Future Crimes will serve as an urgent call to action that shows how we can take back control over our own devices and harness technology’s tremendous power for the betterment of humanity—before it’s too late.


Practical Social Engineering

Practical Social Engineering

Author: Joe Gray

Publisher: No Starch Press

Published: 2022-06-14

Total Pages: 241

ISBN-13: 1718500998

DOWNLOAD EBOOK

A guide to hacking the human element. Even the most advanced security teams can do little to defend against an employee clicking a malicious link, opening an email attachment, or revealing sensitive information in a phone call. Practical Social Engineering will help you better understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature. Joe Gray, an award-winning expert on social engineering, shares case studies, best practices, open source intelligence (OSINT) tools, and templates for orchestrating and reporting attacks so companies can better protect themselves. He outlines creative techniques to trick users out of their credentials, such as leveraging Python scripts and editing HTML files to clone a legitimate website. Once you’ve succeeded in harvesting information about your targets with advanced OSINT methods, you’ll discover how to defend your own organization from similar threats. You’ll learn how to: Apply phishing techniques like spoofing, squatting, and standing up your own web server to avoid detection Use OSINT tools like Recon-ng, theHarvester, and Hunter Capture a target’s information from social media Collect and report metrics about the success of your attack Implement technical controls and awareness programs to help defend against social engineering Fast-paced, hands-on, and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.


Ghost in the Wires

Ghost in the Wires

Author: Kevin Mitnick

Publisher: Little, Brown

Published: 2011-08-15

Total Pages: 502

ISBN-13: 0316134473

DOWNLOAD EBOOK

In this "intriguing, insightful and extremely educational" novel, the world's most famous hacker teaches you easy cloaking and counter-measures for citizens and consumers in the age of Big Brother and Big Data (Frank W. Abagnale). Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies -- and no matter how fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. As the FBI's net finally began to tighten, Mitnick went on the run, engaging in an increasingly sophisticated game of hide-and-seek that escalated through false identities, a host of cities, and plenty of close shaves, to an ultimate showdown with the Feds, who would stop at nothing to bring him down. Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escapes -- and a portrait of a visionary who forced the authorities to rethink the way they pursued him, and forced companies to rethink the way they protect their most sensitive information. "Mitnick manages to make breaking computer code sound as action-packed as robbing a bank." -- NPR


Pentesting Azure Applications

Pentesting Azure Applications

Author: Matt Burrough

Publisher: No Starch Press

Published: 2018-07-23

Total Pages: 218

ISBN-13: 1593278632

DOWNLOAD EBOOK

A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.


How to Investigate Like a Rockstar

How to Investigate Like a Rockstar

Author: Sparc Flow

Publisher: Hacking the Planet

Published: 2017-08-17

Total Pages: 118

ISBN-13: 9781549527623

DOWNLOAD EBOOK

"There are two kinds of companies: those that have been breached and those that do not know it yet." The company calling us just discovered an anomaly on their most critical systems. Our job is to conduct a deep forensic analysis, perform threat assessment, and uncover all malware programs left by hackers. Digital Forensics We follow the attacker's footprint across a variety of systems and create an infection timeline to help us understand their motives. We go as deep as memory analysis, perfect disk copy, threat hunting and malware analysis while sharing insights into real crisis management. Rebuilding systems Finally, we tackle the most important issues of any security incident response: how to kick the attackers out of the systems and regain trust in machines that have been breached. For those that read hacking books like the "Art of Exploitation" or "How to Hack Like a Pornstar," you finally get to experience what it feels like to be on the other side of the Firewall!


How to Hack Humans

How to Hack Humans

Author: Seth Erickson

Publisher: Independently Published

Published: 2021-10-14

Total Pages: 130

ISBN-13: 9781685246730

DOWNLOAD EBOOK

"The brain is a computer. Stories are the programs-storytelling is how you write the code. If you want to hack humans, you need to understand how to write in the language best suited for the human-computer." No, you're not holding the latest collection of recipes for cannibals. How to Hack Humans is the business book you didn't know you needed, a unicorn in a world of publishing that is too often dry and emotionless. Are you looking to get investment for your Startup? Have an idea you know is going to sell? It can be a daunting prospect in an industry with a 90% failure rate, so how do you stand out from the crowd? Start by picking up a copy of How to Hack Humans, reading it, and realizing, hey, this Seth Erickson guy might be on to something. Learn how to use the ancient and organic art of storytelling to tap into the human brain and connect with others more efficiently. Discover how you can use the effect a story has on the brain to your advantage. Make yourself and your product memorable by using patterns. Brains love repetition! Seth guides readers on a journey through the neuroscience behind storytelling, how to use it to make yourself clear in a world full of noise, how to work around bias, how to craft an impactful story, and much more. Seth has written a business book for the entertainment generation. Can you educate yourself AND chuckle as you turn page after page? How to Hack Humans proves you can.