Hacking and Security - The Comprehensive Guide to Penetration Testing and Cybersecurity

Language

🇺🇸 English

Publisher SAP PRESS

Year / Edition 2023 / 1

Pages 1141

Authors Michael Kofler, Klaus Gebeshuber, Peter Kloep, Frank Neugebauer, André Zingsheim, Thomas Hackner, Markus Widl, Roland Aigner, Stefan Kania, Tobias Scheible, Matthias Wübbeling

Hacking and Security

Uncover security vulnerabilities and harden your system against attacks! With this guide you’ll learn to set up a virtual learning environment where you can test out hacking tools, from Kali Linux to hydra and Wireshark. Then expand your understanding of offline hacking, external safety checks, penetration testing in networks, and other essential security techniques, with step-by-step instructions. With information on mobile, cloud, and IoT security you can fortify your system against any threat!

Understand IT system vulnerabilities and identify attack vectors
Learn to secure multiple infrastructures, including Linux, Microsoft Windows, cloud, and mobile
Master pen testing with tools like Metaspolit, Kali Linux, hydra, Open-VAS, Empire, Pwnagotchi, and more

You'll learn about:

Key Concepts and Tools:
Set up your environment with Metasploitable and Juice Shop and install Kali Linux. Then explore hacking tools like nmap, hydra, and Armitage that will assist you with the more complex practices covered in later chapters.
Penetration Testing and Security Practices:
From thwarting man-in-the-middle attacks to finding vulnerabilities, walk step by step through client-side and network penetration testing. Master key security techniques like IT forensics and safety checks and see how to secure Windows servers, Linux, Samba file servers, and web applications.
Advanced Security Concepts:
Get practical instruction on more advanced topics like cloud, mobile, and IoT security. Learn how to secure Office 365 through multi-level authentication and conditional access, explore protective measures for Android and iOS, and determine IoT protocols and services.

Key Highlights:

Penetration testing
Offline hacking
Active Directory
Linux
Cloud security
Mobile and IoT security
IT forensics
Windows security
USB attacks
Web application security
Software exploitation

View Full Table of Contents

Preface
- What Hacking Has to Do with Security
- About this Book
- What’s New in the Third Edition
- Target Group
- Let’s Go!
- Foreword by Klaus Gebeshuber
- Foreword by Stefan Kania
- Greeting
1 Introduction
- 1.1 Hacking
  - 1.1.1 Hacking Contests, Capture the Flag
  - 1.1.2 Penetration Test versus Hacking
  - 1.1.3 Hacking Procedure
  - 1.1.4 Hacking Targets
  - 1.1.5 Hacking Tools
- 1.2 Security
  - 1.2.1 Why Are IT Systems So Insecure?
  - 1.2.2 Attack Vectors
  - 1.2.3 Who Is Your Enemy?
  - 1.2.4 Intrusion Detection
  - 1.2.5 Forensics
  - 1.2.6 Ten Steps to Greater Safety
  - 1.2.7 Security Is Not Visible
  - 1.2.8 Security Is Inconvenient
  - 1.2.9 The Limits of This Book
- 1.3 Exploits
  - 1.3.1 Zero-Day Exploits
  - 1.3.2 The Value of Exploits
  - 1.3.3 Exploit Types
  - 1.3.4 Finding Vulnerabilities and Exploits
  - 1.3.5 Common Vulnerabilities and Exposures
  - 1.3.6 Common Vulnerability Scoring System
  - 1.3.7 Vulnerability and Exploit Databases
  - 1.3.8 Vulnerability Scanner
  - 1.3.9 Exploit Collections
- 1.4 Authentication and Passwords
  - 1.4.1 Password Rules
  - 1.4.2 Phishing
  - 1.4.3 Storage of Passwords (Hash Codes)
  - 1.4.4 Alternatives to Passwords
  - 1.4.5 Fast Identity Online
- 1.5 Security Risk IPv6
  - 1.5.1 Security Complications
- 1.6 Legal Framework
  - 1.6.1 Unauthorized Hacking Is Punishable by Law
  - 1.6.2 Negligent Handling of IT Security Is Also a Criminal Offense
  - 1.6.3 European General Data Protection Regulation
  - 1.6.4 Critical Infrastructure, Banks
  - 1.6.5 Security Guidelines and Standards
- 1.7 Security Organizations and Government Institutions
2 Kali Linux
- 2.1 Kali Alternatives
- 2.2 Trying Out Kali Linux without Installation
  - 2.2.1 Verifying the Download
  - 2.2.2 Verifying the Signature of the Checksum File
  - 2.2.3 Trying Kali Linux in VirtualBox
  - 2.2.4 Saving Data Permanently
  - 2.2.5 Forensic Mode
- 2.3 Installing Kali Linux in VirtualBox
  - 2.3.1 Option 1: Using a Prebuilt VirtualBox Image
  - 2.3.2 Option 2: Installing Kali Linux Yourself
  - 2.3.3 Installation
  - 2.3.4 Login and sudo
  - 2.3.5 Time Zone and Time Display
  - 2.3.6 Network Connection
  - 2.3.7 Using Kali Linux via SSH
  - 2.3.8 Clipboard for Kali Linux and the Host Computer
- 2.4 Kali Linux and Hyper-V
- 2.5 Kali Linux in the Windows Subsystem for Linux
  - 2.5.1 Kali Linux in Graphic Mode
  - 2.5.2 WSL1 versus WSL2
  - 2.5.3 Practical Experience
- 2.6 Kali Linux on Raspberry Pi
- 2.7 Running Kali Linux on Apple PCs with ARM CPUs
- 2.8 Simple Application Examples
  - 2.8.1 Address Scan on the Local Network
  - 2.8.2 Port Scan of a Server
  - 2.8.3 Hacking Metasploitable
- 2.9 Internal Details of Kali
  - 2.9.1 Basic Coverage
  - 2.9.2 Package Sources
  - 2.9.3 Rolling Release
  - 2.9.4 Performing Updates
  - 2.9.5 Installing Software
  - 2.9.6 Python 2
  - 2.9.7 Network Services and Firewall
  - 2.9.8 kali-tweaks
  - 2.9.9 Undercover Mode
  - 2.9.10 PowerShell
3 Setting Up the Learning Environment: Metasploitable, Juice Shop
- 3.1 Honeypots
- 3.2 Metasploitable 2
  - 3.2.1 Installation in VirtualBox
  - 3.2.2 Network Settings
  - 3.2.3 Host-Only Network
  - 3.2.4 Using Metasploitable 2
  - 3.2.5 Hacking Metasploitable 2
  - 3.2.6 rlogin Exploit
- 3.3 Metasploitable 3 (Ubuntu Variant)
  - 3.3.1 Why No Ready-Made Images?
  - 3.3.2 Requirements
  - 3.3.3 Installation
  - 3.3.4 Starting and Stopping Metasploitable 3
  - 3.3.5 Administrating Metasploitable 3
  - 3.3.6 Network Configuration
  - 3.3.7 Hacking Metasploitable 3
- 3.4 Metasploitable 3 (Windows Variant)
  - 3.4.1 Administrating Metasploitable 3
  - 3.4.2 SSH login
  - 3.4.3 Internal Details and Installation Variants
  - 3.4.4 Overview of Services in Metasploitable 3 (Windows Variant)
  - 3.4.5 Hacking Metasploitable 3
- 3.5 Juice Shop
  - 3.5.1 Installation with Vagrant
  - 3.5.2 Installation with Docker
  - 3.5.3 Docker in Kali Linux
  - 3.5.4 Hacking Juice Shop
4 Hacking Tools
- 4.1 nmap
  - 4.1.1 Syntax
  - 4.1.2 Examples
  - 4.1.3 Variants and Alternatives
- 4.2 hydra
  - 4.2.1 Syntax
  - 4.2.2 Password Lists
  - 4.2.3 Examples
  - 4.2.4 Attacks on Web Forms and Login Pages
  - 4.2.5 Alternatives
- 4.3 sslyze, sslscan, and testssl
  - 4.3.1 sslscan and sslyze
  - 4.3.2 testssl
  - 4.3.3 Online Tests
- 4.4 whois, host, and dig
  - 4.4.1 whois
  - 4.4.2 host
  - 4.4.3 dig
  - 4.4.4 dnsrecon
- 4.5 Wireshark
  - 4.5.1 Installation
  - 4.5.2 Basic Functions
  - 4.5.3 Working Techniques
  - 4.5.4 Alternatives
- 4.6 tcpdump
  - 4.6.1 Syntax
  - 4.6.2 Examples
  - 4.6.3 ngrep
- 4.7 Netcat (nc)
  - 4.7.1 Syntax
  - 4.7.2 Examples
  - 4.7.3 socat
- 4.8 OpenVAS
  - 4.8.1 Installation
  - 4.8.2 Starting and Updating OpenVAS
  - 4.8.3 Operation
  - 4.8.4 Alive Test
  - 4.8.5 Setting Up Tasks Yourself
  - 4.8.6 High Resource Requirements
  - 4.8.7 Alternatives
- 4.9 Metasploit Framework
  - 4.9.1 Operation in Kali Linux
  - 4.9.2 Installation on Linux
  - 4.9.3 Installation on macOS
  - 4.9.4 Installation on Windows
  - 4.9.5 Updates
  - 4.9.6 The Metasploit Console (“msfconsole”)
  - 4.9.7 A Typical “msfconsole” Session
  - 4.9.8 Searching Modules
  - 4.9.9 Applying Modules
  - 4.9.10 Meterpreter
- 4.10 Empire Framework
  - 4.10.1 Installation
  - 4.10.2 Getting to Know and Setting Up Listeners
  - 4.10.3 Selecting and Creating Stagers
  - 4.10.4 Creating and Managing Agents
  - 4.10.5 Finding the Right Module
  - 4.10.6 Obtaining Local Administrator Rights with the Empire Framework
  - 4.10.7 The Empire Framework as a Multiuser System
  - 4.10.8 Alternatives
- 4.11 The Koadic Postexploitation Framework
  - 4.11.1 Installing the Server
  - 4.11.2 Using Helper Tools in the Program
  - 4.11.3 Creating Connections from a Client to the Server
  - 4.11.4 Creating a First Connection: Zombie 0
  - 4.11.5 The Modules of Koadic
  - 4.11.6 Extending Rights and Reading Password Hashes
  - 4.11.7 Conclusion and Countermeasures
- 4.12 Social Engineer Toolkit
  - 4.12.1 Syntax
  - 4.12.2 Example
  - 4.12.3 The dnstwist Command
  - 4.12.4 Other SET Modules
  - 4.12.5 Alternatives
- 4.13 Burp Suite
  - 4.13.1 Installation and Setup
  - 4.13.2 Modules
  - 4.13.3 Burp Proxy
  - 4.13.4 Burp Scanner
  - 4.13.5 Burp Intruder
  - 4.13.6 Burp Repeater
  - 4.13.7 Burp Extensions
  - 4.13.8 Alternatives
- 4.14 Sliver
  - 4.14.1 Installation
  - 4.14.2 Implants and Listeners
  - 4.14.3 Other C2 Frameworks
5 Offline Hacking
- 5.1 BIOS/EFI: Basic Principles
  - 5.1.1 The Boot Process
  - 5.1.2 EFI Settings and Password Protection
  - 5.1.3 UEFI Secure Boot
  - 5.1.4 When the EFI Is Insurmountable: Remove the Hard Drive
- 5.2 Accessing External Systems
  - 5.2.1 Booting the Notebook with Kali Linux
  - 5.2.2 Reading the Windows File System
  - 5.2.3 Vault Files
  - 5.2.4 Write Access to the Windows File System
  - 5.2.5 Linux
  - 5.2.6 macOS
  - 5.2.7 Does That Mean That Login Passwords Are Useless?
- 5.3 Accessing External Hard Drives or SSDs
  - 5.3.1 Hard Drives and SSDs Removed from Notebooks
- 5.4 Resetting the Windows Password
  - 5.4.1 Tools
  - 5.4.2 Undesirable Side Effects
  - 5.4.3 Resetting the Local Windows Password Using chntpw
  - 5.4.4 Activating a Windows Administrator User via chntpw
- 5.5 Resetting Linux and macOS Passwords
  - 5.5.1 Resetting a Linux Password
  - 5.5.2 Resetting a macOS Password
- 5.6 Encrypting Hard Drives
  - 5.6.1 BitLocker
  - 5.6.2 Access to BitLocker File Systems on Linux (dislocker)
  - 5.6.3 BitLocker Security
  - 5.6.4 BitLocker Alternatives
  - 5.6.5 macOS: FileVault
  - 5.6.6 Linux: Linux Unified Key Setup
  - 5.6.7 Security Concerns Regarding LUKS
  - 5.6.8 File System Encryption on the Server
6 Passwords
- 6.1 Hash Procedures
  - 6.1.1 Hash Collisions
  - 6.1.2 SHA-2 and SHA-3 Hash Codes
  - 6.1.3 Checksums or Hash Codes for Downloads
- 6.2 Brute-Force Password Cracking
  - 6.2.1 Estimating the Time Required for Password Cracking
- 6.3 Rainbow Tables
  - 6.3.1 Password Salting
- 6.4 Dictionary Attacks
- 6.5 Password Tools
  - 6.5.1 John the Ripper: Offline CPU Cracker
  - 6.5.2 hashcat: Offline GPU Cracker
  - 6.5.3 Crunch: Password List Generator
  - 6.5.4 hydra: Online Cracker
  - 6.5.5 makepasswd: Password Generator
  - 6.5.6 One-Time Secret: Send Passwords by Email
- 6.6 Default Passwords
- 6.7 Data Breaches
- 6.8 Multifactor Authentication
- 6.9 Implementing Secure Password Handling
  - 6.9.1 Implementation Tips
7 IT Forensics
- 7.1 Methodical Analysis of Incidents
  - 7.1.1 Digital Traces
  - 7.1.2 Forensic Investigation
  - 7.1.3 Areas of IT Forensics
  - 7.1.4 Analysis of Security Incidents
- 7.2 Postmortem Investigation
  - 7.2.1 Forensic Backup of Memory
  - 7.2.2 Recovering Deleted Files by File Carving
  - 7.2.3 Metadata and File Analysis
  - 7.2.4 System Analyses with Autopsy
  - 7.2.5 Basic System Information
  - 7.2.6 Reading the Last Activities
  - 7.2.7 Analyzing Web Activities
  - 7.2.8 Tracing Data Exchanges
- 7.3 Live Analysis
  - 7.3.1 Finding User Data
  - 7.3.2 Called Domains and URLs
  - 7.3.3 Active Network Connections
  - 7.3.4 Extracting the TrueCrypt Password
- 7.4 Forensic Readiness
  - 7.4.1 Strategic Preparations
  - 7.4.2 Operational Preparations
  - 7.4.3 Effective Logging
  - 7.4.4 Protection against Tampering
  - 7.4.5 Integrity Verification
  - 7.4.6 Digital Signatures
- 7.5 Summary
8 Wi-Fi, Bluetooth, and SDR
- 8.1 802.11x Systems: Wi-Fi
  - 8.1.1 Preparation and Infrastructure
  - 8.1.2 Wireless Equivalent Privacy
  - 8.1.3 WPA/WPA-2: Wireless Protected Access
  - 8.1.4 Wireless Protected Setup
  - 8.1.5 Wi-Fi Default Passwords
  - 8.1.6 WPA-2-KRACK Attack
  - 8.1.7 WPA-2 Enterprise
  - 8.1.8 Wi-Fi Client: Man-in-the-Middle
  - 8.1.9 WPA-3
- 8.2 Collecting WPA-2 Handshakes with Pwnagotchi
- 8.3 Bluetooth
  - 8.3.1 Bluetooth Technology
  - 8.3.2 Identifying Bluetooth Classic Devices
  - 8.3.3 Hiding (and Still Finding) Bluetooth Devices
  - 8.3.4 Bluetooth Low Energy (BTLE)
  - 8.3.5 Listening In on Bluetooth Low Energy Communication
  - 8.3.6 Identifying Apple Devices via Bluetooth
  - 8.3.7 Bluetooth Attacks
  - 8.3.8 Modern Bluetooth Attacks
- 8.4 Software-Defined Radios
  - 8.4.1 SDR Devices
  - 8.4.2 Decoding a Wireless Remote Control
9 Attack Vector USB Interface
- 9.1 USB Rubber Ducky
  - 9.1.1 Structure and Functionality
  - 9.1.2 DuckyScript
  - 9.1.3 Installing a Backdoor on Windows 11
  - 9.1.4 Use With Duck Encoder to Create the Finished Payload
- 9.2 Digispark: A Wolf in Sheep’s Clothing
  - 9.2.1 Downloading and Setting Up the Arduino Development Environment
  - 9.2.2 The Script Language of the Digispark
  - 9.2.3 Setting Up a Linux Backdoor with Digispark
- 9.3 Bash Bunny
  - 9.3.1 Structure and Functionality
  - 9.3.2 Configuring the Bash Bunny
  - 9.3.3 Status LED
  - 9.3.4 Software Installation
  - 9.3.5 Connecting to the Bash Bunny
  - 9.3.6 Connecting the Bash Bunny to the Internet: Linux Host
  - 9.3.7 Connecting the Bash Bunny to the Internet: Windows Host
  - 9.3.8 Bunny Script: The Scripting Language of the Bash Bunny
  - 9.3.9 Using Custom Extensions and Functions
  - 9.3.10 Setting Up a macOS Backdoor with Bash Bunny
  - 9.3.11 The payload.txt Files for Switch1 and Switch2
  - 9.3.12 Updating the Bash Bunny
  - 9.3.13 Key Takeaways
- 9.4 P4wnP1: The Universal Talent
  - 9.4.1 Structure and Functionality
  - 9.4.2 Installation and Connectivity
  - 9.4.3 HID Scripts
  - 9.4.4 CLI Client
  - 9.4.5 An Attack Scenario with the P4wnP1
  - 9.4.6 Creating a Dictionary
  - 9.4.7 Launching a Brute-Force Attack
  - 9.4.8 Setting Up a Trigger Action
  - 9.4.9 Deploying the P4wnP1 on the Target System
  - 9.4.10 Key Takeaways
- 9.5 MalDuino W
  - 9.5.1 The Web Interface of the MalDuino W
  - 9.5.2 The Scripting Language and the CLI
  - 9.5.3 An Attack Scenario with the MalDuino W
  - 9.5.4 How Does the Attack Work?
  - 9.5.5 Key Takeaways
- 9.6 Countermeasures
  - 9.6.1 Hardware Measures
  - 9.6.2 Software Measures
10 External Security Checks
- 10.1 Reasons for Professional Checks
- 10.2 Types of Security Checks
  - 10.2.1 Open-Source Intelligence
  - 10.2.2 Vulnerability Scan
  - 10.2.3 Vulnerability Assessment
  - 10.2.4 Penetration Test
  - 10.2.5 Red Teaming
  - 10.2.6 Purple Teaming
  - 10.2.7 Bug Bounty Programs
  - 10.2.8 Type of Performance
  - 10.2.9 Depth of Inspection: Attacker Type
  - 10.2.10 Prior to the Order
- 10.3 Legal Protection
- 10.4 Objectives and Scope
  - 10.4.1 Sample Objective
  - 10.4.2 Sample Worst-Case Scenarios
  - 10.4.3 Sample Scope
- 10.5 Implementation Methods
- 10.6 Reporting
- 10.7 Selecting the Right Provider
11 Penetration Testing
- 11.1 Gathering Information
  - 11.1.1 Searching for Information about a Company
  - 11.1.2 Using Metadata of Published Files
  - 11.1.3 Identifying the Structure of Email Addresses
  - 11.1.4 Database and Password Leaks
  - 11.1.5 Partial Automation with Maltego
  - 11.1.6 Automating Maltego Transforms
  - 11.1.7 Defense
- 11.2 Initial Access with Code Execution
  - 11.2.1 Checking External IP Addresses of the PTA
- 11.3 Scanning Targets of Interest
  - 11.3.1 Gathering Information via DNS
  - 11.3.2 Detecting Active Hosts
  - 11.3.3 Detecting Active Services with nmap
  - 11.3.4 Using nmap in Combination with Metasploit
- 11.4 Searching for Known Vulnerabilities Using nmap
- 11.5 Exploiting Known Vulnerabilities Using Metasploit
  - 11.5.1 Example: GetSimple CMS
- 11.6 Attacking Using Known or Weak Passwords
- 11.7 Email Phishing Campaigns for Companies
  - 11.7.1 Organizational Preparatory Measures
  - 11.7.2 Preparing a Phishing Campaign with Gophish
- 11.8 Phishing Attacks with Office Macros
- 11.9 Phishing Attacks with ISO and ZIP Files
  - 11.9.1 Creating an Executable File with Metasploit
  - 11.9.2 Creating a File with ScareCrow to Bypass Virus Scanners
  - 11.9.3 Disguising and Deceiving: From EXE to PDF File
  - 11.9.4 Defense
- 11.10 Attack Vector USB Phishing
- 11.11 Network Access Control and 802.1X in Local Networks
  - 11.11.1 Getting to Know the Network by Listening
  - 11.11.2 Network Access Control and 802.1X
- 11.12 Extending Rights on the System
  - 11.12.1 Local Privilege Escalation
  - 11.12.2 Bypassing Windows User Account Control Using the Default Setting
  - 11.12.3 Bypassing UAC Using the Highest Setting
- 11.13 Collecting Credentials and Tokens
  - 11.13.1 Reading Passwords from Local and Domain Accounts
  - 11.13.2 Bypassing Windows 10 Protection against mimikatz
  - 11.13.3 Stealing Windows Tokens to Impersonate a User
  - 11.13.4 Matching Users with DCSync
  - 11.13.5 Golden Ticket
  - 11.13.6 Reading Local Password Hashes
  - 11.13.7 Broadcasting within the Network by Means of Pass-the-Hash
  - 11.13.8 Man-in-the-Middle Attacks in Local Area Networks
  - 11.13.9 Basic Principles
  - 11.13.10 LLMNR/NBT-NS and SMB Relaying
- 11.14 SMB Relaying Attack on Ordinary Domain Users
  - 11.14.1 Command-and-Control
12 Securing Windows Servers
- 12.1 Local Users, Groups, and Rights
  - 12.1.1 User and Password Properties
  - 12.1.2 Local Admin Password Solution
- 12.2 Manipulating the File System
  - 12.2.1 Attacks on Virtualized Machines
  - 12.2.2 Protection
  - 12.2.3 Attacking through the Registry
- 12.3 Server Hardening
  - 12.3.1 Ensure a Secure Foundation
  - 12.3.2 Harden New Installations
  - 12.3.3 Protect Privileged Users
  - 12.3.4 Threat Detection
  - 12.3.5 Secure Virtual Machines as Well
  - 12.3.6 Security Compliance Toolkit
- 12.4 Microsoft Defender
  - 12.4.1 Defender Configuration
  - 12.4.2 Defender Administration via PowerShell
- 12.5 Windows Firewall
  - 12.5.1 Basic Configuration
  - 12.5.2 Advanced Configuration
  - 12.5.3 IP Security
- 12.6 Windows Event Viewer
  - 12.6.1 Classification of Events
  - 12.6.2 Log Types
  - 12.6.3 Linking Actions to Event Logs
  - 12.6.4 Windows Event Forwarding
  - 12.6.5 Event Viewer Tools
13 Active Directory
- 13.1 What Is Active Directory?
  - 13.1.1 Domains
  - 13.1.2 Partitions
  - 13.1.3 Access Control Lists
  - 13.1.4 Security Descriptor Propagator
  - 13.1.5 Standard Permissions
  - 13.1.6 The Confidentiality Attribute
- 13.2 Manipulating the Active Directory Database or its Data
  - 13.2.1 ntdsutil Command
  - 13.2.2 dsamain Command
  - 13.2.3 Accessing the AD Database via Backups
- 13.3 Manipulating Group Policies
  - 13.3.1 Configuration Files for Group Policies
  - 13.3.2 Example: Changing a Password
- 13.4 Domain Authentication: Kerberos
  - 13.4.1 Kerberos: Basic Principles
  - 13.4.2 Kerberos in a Theme Park
  - 13.4.3 Kerberos on Windows
  - 13.4.4 Kerberos Tickets
  - 13.4.5 krbtgt Account
  - 13.4.6 TGS Request and Reply
  - 13.4.7 Older Authentication Protocols
- 13.5 Attacks against Authentication Protocols and LDAP
- 13.6 Pass-the-Hash Attacks: mimikatz
  - 13.6.1 Setting up a Defender Exception
  - 13.6.2 Windows Credentials Editor
  - 13.6.3 mimikatz
  - 13.6.4 The mimikatz “sekurlsa” Module
  - 13.6.5 mimikatz and Kerberos
  - 13.6.6 PowerSploit
- 13.7 Golden Ticket and Silver Ticket
  - 13.7.1 Creating a Golden Ticket Using mimikatz
  - 13.7.2 Silver Ticket and Trust Ticket
  - 13.7.3 BloodHound
  - 13.7.4 Deathstar
- 13.8 Reading Sensitive Data from the Active Directory Database
- 13.9 Basic Coverage
  - 13.9.1 Core Server
  - 13.9.2 Roles in the Core Server
  - 13.9.3 Nano Server
  - 13.9.4 Updates
  - 13.9.5 Hardening the Domain Controller
- 13.10 More Security through Tiers
  - 13.10.1 Group Policies for the Tier Model
  - 13.10.2 Authentication Policies and Silos
- 13.11 Protective Measures against Pass-the-Hash and Pass-the-Ticket Attacks
  - 13.11.1 Kerberos Reset
  - 13.11.2 Kerberos Policies
  - 13.11.3 Kerberos Claims and Armoring
  - 13.11.4 Monitoring and Detection
  - 13.11.5 Microsoft Advanced Threat Analytics: Legacy
  - 13.11.6 Other Areas of Improvement in Active Directory
14 Securing Linux
- 14.1 Other Linux Chapters
- 14.2 Installation
  - 14.2.1 Server Distributions
  - 14.2.2 Partitioning the Data Medium
  - 14.2.3 IPv6
- 14.3 Software Updates
  - 14.3.1 Is a Restart Necessary?
  - 14.3.2 Automating Updates
  - 14.3.3 Configuring Automatic Updates on RHEL
  - 14.3.4 Configuring Automatic Updates on Ubuntu
  - 14.3.5 The Limits of Linux Update Systems
- 14.4 Kernel Updates: Live Patches
  - 14.4.1 Kernel Live Patches
  - 14.4.2 Kernel Live Patches for RHEL
  - 14.4.3 Kernel Live Patches on Ubuntu
- 14.5 Securing SSH
  - 14.5.1 sshd_config
  - 14.5.2 Blocking the Root Login
  - 14.5.3 Authentication with Keys
  - 14.5.4 Authenticating with Keys in the Cloud
  - 14.5.5 Blocking IPv6
- 14.6 2FA with Google Authenticator
  - 14.6.1 Setting Up Google Authenticator
  - 14.6.2 2FA with Password and One-Time Code
  - 14.6.3 What Happens if the Smartphone Is Lost?
  - 14.6.4 Authy as an Alternative to the Google Authenticator App
- 14.7 2FA with YubiKey
  - 14.7.1 PAM Configuration
  - 14.7.2 Mapping File
  - 14.7.3 SSH Configuration
- 14.8 Fail2ban
  - 14.8.1 Installation
  - 14.8.2 Configuration
  - 14.8.3 Basic Parameters
  - 14.8.4 Securing SSH
  - 14.8.5 Securing Other Services
  - 14.8.6 Securing Custom Web Applications
  - 14.8.7 Fail2ban Client
- 14.9 Firewall
  - 14.9.1 From Netfilter to ntftables
  - 14.9.2 Basic Principles
  - 14.9.3 Determining the Firewall Status
  - 14.9.4 Defining Rules
  - 14.9.5 Syntax for Firewall Rules
  - 14.9.6 Example: Simple Protection of a Web Server
  - 14.9.7 FirewallD: RHEL
  - 14.9.8 firewall-cmd Command
  - 14.9.9 ufw: Ubuntu
  - 14.9.10 Firewall Protection in the Cloud
- 14.10 SELinux
  - 14.10.1 Concept
  - 14.10.2 The Right Security Context
  - 14.10.3 Process Context: Domain
  - 14.10.4 Policies
  - 14.10.5 SELinux Parameters: Booleans
  - 14.10.6 Status
  - 14.10.7 Fixing SELinux Issues
- 14.11 AppArmor
  - 14.11.1 AppArmor on Ubuntu
  - 14.11.2 Rules: Profiles
  - 14.11.3 Structure of Rule Files
  - 14.11.4 Rule Parameters: Tunables
  - 14.11.5 Logging and Maintenance
- 14.12 Kernel Hardening
  - 14.12.1 Changing Kernel Options Using sysctl
  - 14.12.2 Setting Kernel Boot Options in the GRUB Configuration
- 14.13 Apache
  - 14.13.1 Certificates
  - 14.13.2 Certificate Files
  - 14.13.3 Apache Configuration
  - 14.13.4 HTTPS Is Not HTTPS
- 14.14 MySQL and MariaDB
  - 14.14.1 MySQL versus MariaDB
  - 14.14.2 Login System
  - 14.14.3 MySQL and MariaDB on Debian/Ubuntu
  - 14.14.4 Securing MySQL on RHEL
  - 14.14.5 Securing MariaDB on RHEL
  - 14.14.6 Hash Codes in the “mysql.user” Table: Old MySQL and MariaDB Versions
  - 14.14.7 Privileges
  - 14.14.8 Server Configuration
- 14.15 Postfix
  - 14.15.1 Postfix: Basic Settings
  - 14.15.2 Sending and Receiving Emails in Encrypted Form
  - 14.15.3 Spam and Virus Defense
- 14.16 Dovecot
  - 14.16.1 Using Custom Certificates for IMAP and POP
  - 14.16.2 SMTP Authentication for Postfix
- 14.17 Rootkit Detection and Intrusion Detection
  - 14.17.1 chkrootkit
  - 14.17.2 rkhunter
  - 14.17.3 Lynis
  - 14.17.4 ISPProtect
  - 14.17.5 Snort
  - 14.17.6 Verifying Files from Packages
  - 14.17.7 Scanning for Suspicious Ports and Processes
15 Security of Samba File Servers
- 15.1 Preliminary Considerations
  - 15.1.1 Compiling Samba, SerNet Packages
- 15.2 Basic CentOS Installation
  - 15.2.1 Partitions
  - 15.2.2 Disabling IPv6
  - 15.2.3 Installing Samba Packages on CentOS
- 15.3 Basic Debian Installation
  - 15.3.1 The Partitions
  - 15.3.2 Disabling IPv6
  - 15.3.3 Installing Samba Packages on Debian
- 15.4 Configuring the Samba Server
  - 15.4.1 Configuring the Kerberos Client
- 15.5 Samba Server in Active Directory
  - 15.5.1 Joining the Samba Server
  - 15.5.2 Testing the Server
- 15.6 Shares on the Samba Server
  - 15.6.1 File System Rights on Linux
  - 15.6.2 File System Rights on Windows
  - 15.6.3 Special Shares on a Windows Server
  - 15.6.4 The Admin Share on Samba
  - 15.6.5 Creating the Admin Share
  - 15.6.6 Creating the User Shares
- 15.7 Changes to the Registry
  - 15.7.1 Accessing the Registry from Windows
- 15.8 Samba Audit Functions
- 15.9 Firewall
  - 15.9.1 Testing the Firewall Script
  - 15.9.2 Starting Firewall Script Automatically
- 15.10 Attack Scenarios on Samba File Servers
  - 15.10.1 Known Vulnerabilities in Recent Years
- 15.11 Checking Samba File Servers
  - 15.11.1 Tests with nmap
  - 15.11.2 Testing the Samba Protocols
  - 15.11.3 Testing the Open Ports
  - 15.11.4 smb-os-discovery
  - 15.11.5 smb2-capabilities
  - 15.11.6 ssh-brute
16 Intrusion Detection Systems
- 16.1 Intrusion Detection Methods
  - 16.1.1 Pattern Recognition: Static
  - 16.1.2 Anomaly Detection (Dynamic)
- 16.2 Host-Based versus Network-Based Intrusion Detection
  - 16.2.1 Host-Based IDS
  - 16.2.2 Network-Based IDS
  - 16.2.3 NIDS Metadata
  - 16.2.4 NIDS Connection Contents
- 16.3 Responses
  - 16.3.1 Automatic Intrusion Prevention
  - 16.3.2 Walled Garden
  - 16.3.3 Swapping Computers
- 16.4 Bypassing and Manipulating Intrusion Detection
  - 16.4.1 Insertions
  - 16.4.2 Evasions
  - 16.4.3 Resource Consumption
- 16.5 Snort
  - 16.5.1 Installation and Launch
  - 16.5.2 Getting Started
  - 16.5.3 IDS or IPS
  - 16.5.4 Configuration
  - 16.5.5 Modules
  - 16.5.6 Snort Event Logging
- 16.6 Snort Rules
  - 16.6.1 Syntax of Snort Rules
  - 16.6.2 Service Rules
  - 16.6.3 General Rule Options
  - 16.6.4 Matching Options
  - 16.6.5 Hyperscan
  - 16.6.6 Inspector-Specific Options
  - 16.6.7 Managing Rule Sets with PulledPork
17 Security of Web Applications
- 17.1 Architecture of Web Applications
  - 17.1.1 Components of Web Applications
  - 17.1.2 Authentication and Authorization
  - 17.1.3 Session Management
- 17.2 Attacks against Web Applications
  - 17.2.1 Attacks against Authentication
  - 17.2.2 Session Hijacking
  - 17.2.3 HTML Injection
  - 17.2.4 Cross-Site Scripting
  - 17.2.5 Session Fixation
  - 17.2.6 Cross-Site Request Forgery
  - 17.2.7 Directory Traversal
  - 17.2.8 Local File Inclusion
  - 17.2.9 Remote File Inclusion
  - 17.2.10 File Upload
  - 17.2.11 SQL Injection
  - 17.2.12 sqlmap
  - 17.2.13 Advanced SQL Injection: Blind SQL Injection (Boolean)
  - 17.2.14 Advanced SQL Injection: Blind SQL Injection (Time)
  - 17.2.15 Advanced SQL Injection: Out-of-Band Data Exfiltration
  - 17.2.16 Advanced SQL Injection: Error-Based SQL Injection
  - 17.2.17 Command Injection
  - 17.2.18 Clickjacking
  - 17.2.19 XML Attacks
  - 17.2.20 Server Side Request Forgery
  - 17.2.21 Angular Template Injection
  - 17.2.22 Attacks on Object Serialization
  - 17.2.23 Vulnerabilities in Content Management Systems
- 17.3 Practical Analysis of a Web Application
  - 17.3.1 Information Gathering
  - 17.3.2 Testing SQL Injection
  - 17.3.3 Directory Traversal
  - 17.3.4 Port Knocking
  - 17.3.5 SSH Login
  - 17.3.6 Privilege Escalation
  - 17.3.7 Automatic Analysis via Burp
- 17.4 Protection Mechanisms and Defense against Web Attacks
  - 17.4.1 Minimizing the Server Signature
  - 17.4.2 Turning Off the Directory Listing
  - 17.4.3 Restricted Operating System Account for the Web Server
  - 17.4.4 Running the Web Server in a “chroot” Environment
  - 17.4.5 Disabling Unneeded Modules
  - 17.4.6 Restricting HTTP Methods
  - 17.4.7 Restricting the Inclusion of External Content
  - 17.4.8 Protecting Cookies from Access
  - 17.4.9 Server Timeout
  - 17.4.10 Secure Socket Layer
  - 17.4.11 HTTP Strict Transport Security
  - 17.4.12 Input and Output Validation
  - 17.4.13 Web Application Firewall
- 17.5 Security Analysis of Web Applications
  - 17.5.1 Code Analysis
  - 17.5.2 Analysis of Binary Files
  - 17.5.3 Fuzzing
18 Software Exploitation
- 18.1 Software Vulnerabilities
  - 18.1.1 Race Conditions
  - 18.1.2 Logic Error
  - 18.1.3 Format String Attacks
  - 18.1.4 Buffer Overflows
  - 18.1.5 Memory Leaks
- 18.2 Detecting Security Gaps
- 18.3 Executing Programs on x86 Systems
  - 18.3.1 Memory Areas
  - 18.3.2 Stack Operations
  - 18.3.3 Calling Functions
- 18.4 Exploiting Buffer Overflows
  - 18.4.1 Analysis of the Program Functionality
  - 18.4.2 Creating a Program Crash
  - 18.4.3 Reproducing the Program Crash
  - 18.4.4 Analysis of the Crash
  - 18.4.5 Offset Calculation
  - 18.4.6 Creating the Exploit Structure
  - 18.4.7 Generating Code
  - 18.4.8 Dealing with Prohibited Characters
- 18.5 Structured Exception Handling
- 18.6 Heap Spraying
- 18.7 Protective Mechanisms against Buffer Overflows
  - 18.7.1 Address Space Layout Randomization
  - 18.7.2 Stack Canaries or Stack Cookies
  - 18.7.3 Data Execution Prevention
  - 18.7.4 SafeSEH and Structured Exception Handling Overwrite Protection
  - 18.7.5 Protection Mechanisms against Heap Spraying
- 18.8 Bypassing Protective Measures against Buffer Overflows
  - 18.8.1 Bypassing Address Space Layout Randomization
  - 18.8.2 Bypassing Stack Cookies
  - 18.8.3 Bypassing SafeSEH and SEHOP
  - 18.8.4 Return-Oriented Programming
  - 18.8.5 DEP Bypass
- 18.9 Preventing Buffer Overflows as a Developer
- 18.10 Spectre and Meltdown
  - 18.10.1 Meltdown
  - 18.10.2 Defense Measures
  - 18.10.3 Proof of Concept (Meltdown)
  - 18.10.4 Spectre
  - 18.10.5 Proof of Concept (Spectre)
  - 18.10.6 The Successors to Spectre and Meltdown
19 Bug Bounty Programs
- 19.1 The Idea Behind Bug Bounties
  - 19.1.1 Providers
  - 19.1.2 Variants
  - 19.1.3 Earning Opportunities
- 19.2 Reporting Vulnerabilities
  - 19.2.1 Testing Activities
- 19.3 Tips and Tricks for Analysts
  - 19.3.1 Scope
  - 19.3.2 Exploring the Response Quality of the Target Company
  - 19.3.3 Take Your Time
  - 19.3.4 Finding Errors in Systems or Systems with Errors
  - 19.3.5 Spend Money
  - 19.3.6 Get Tips, Learn from the Pros
  - 19.3.7 Companies Buy Companies
  - 19.3.8 Creating a Test Plan
  - 19.3.9 Automating Standard Processes
- 19.4 Tips for Companies
20 Security in the Cloud
- 20.1 Overview
  - 20.1.1 Arguments for the Cloud
  - 20.1.2 Cloud Risks and Attack Vectors
  - 20.1.3 Recommendations
- 20.2 Amazon Simple Storage Service
  - 20.2.1 Basic Security and User Management
  - 20.2.2 The aws Command
  - 20.2.3 Encrypting Files
  - 20.2.4 Public Access to Amazon S3 Files
  - 20.2.5 Amazon S3 Hacking Tools
- 20.3 Nextcloud and ownCloud
  - 20.3.1 Installing Nextcloud
  - 20.3.2 Blocking Access to the “data Folder”
  - 20.3.3 Performing Updates
  - 20.3.4 File Encryption
  - 20.3.5 Security Testing for ownCloud and Nextcloud Installations
  - 20.3.6 Brute-Force Attacks and Protection
21 Securing Microsoft 365
- 21.1 Identities and Access Management
  - 21.1.1 Azure Active Directory and Microsoft 365
  - 21.1.2 User Management in AAD
  - 21.1.3 Application Integration
- 21.2 Security Assessment
- 21.3 Multifactor Authentication
  - 21.3.1 Preliminary Considerations
  - 21.3.2 Enabling Multifactor Authentication for a User Account
  - 21.3.3 User Configuration of Multifactor Authentication
  - 21.3.4 App Passwords for Incompatible Applications and Apps
- 21.4 Conditional Access
  - 21.4.1 Creating Policies
  - 21.4.2 Conditions for Policies
  - 21.4.3 Access Controls
- 21.5 Identity Protection
  - 21.5.1 Responding to Vulnerabilities
- 21.6 Privileged Identities
  - 21.6.1 Enabling Privileged Identities
  - 21.6.2 Configuring a User as a Privileged Identity
  - 21.6.3 Requesting Administrator Permissions
- 21.7 Detecting Malicious Code
  - 21.7.1 Protection for File Attachments
  - 21.7.2 Protection for Files in SharePoint Online and OneDrive for Business
  - 21.7.3 Protection for Links
  - 21.7.4 Protection for Links in Office Applications
- 21.8 Security in Data Centers
  - 21.8.1 Encryption of Your Data
  - 21.8.2 Access Governance
  - 21.8.3 Audits and Privacy
22 Mobile Security
- 22.1 Android and iOS Security: Basic Principles
  - 22.1.1 Sandboxing
  - 22.1.2 Authorization Concept
  - 22.1.3 Protection against Brute-Force Attacks when the Screen Is Locked
  - 22.1.4 Device Encryption
  - 22.1.5 Patch Days
- 22.2 Threats to Mobile Devices
  - 22.2.1 Theft or Loss of a Mobile Device
  - 22.2.2 Unsecured and Open Networks
  - 22.2.3 Insecure App Behavior at Runtime
  - 22.2.4 Abuse of Authorizations
  - 22.2.5 Insecure Network Communication
  - 22.2.6 Attacks on Data Backups
  - 22.2.7 Third-Party Stores
- 22.3 Malware and Exploits
  - 22.3.1 Stagefright (Android)
  - 22.3.2 Pegasus (iOS)
  - 22.3.3 Spy Apps
- 22.4 Technical Analysis of Apps
  - 22.4.1 Reverse Engineering of Apps
  - 22.4.2 Automated Vulnerability Analysis of Mobile Applications
- 22.5 Protective Measures for Android and iOS
  - 22.5.1 Avoid Rooting or Jailbreaking
  - 22.5.2 Update Operating Systems and Apps
  - 22.5.3 Device Encryption
  - 22.5.4 Antitheft Protection and Activation Lock
  - 22.5.5 Lock Screen
  - 22.5.6 Antivirus Apps
  - 22.5.7 Two-Factor Authentication
  - 22.5.8 Critical Review of Permissions
  - 22.5.9 Installing Apps from Alternative App Stores
  - 22.5.10 Using VPN Connections
  - 22.5.11 Related Topic: WebAuthn and FIDO2
  - 22.5.12 Using Android and iOS in the Enterprise
- 22.6 Apple Supervised Mode and Apple Configurator
  - 22.6.1 Conclusion
- 22.7 Enterprise Mobility Management
  - 22.7.1 Role and Authorization Management
  - 22.7.2 Device Management
  - 22.7.3 App Management
  - 22.7.4 System Settings
  - 22.7.5 Container Solutions Based on the Example of Android Enterprise
  - 22.7.6 Tracking Managed Devices
  - 22.7.7 Reporting
  - 22.7.8 Conclusion
23 Internet of Things Security
- 23.1 What Is the Internet of Things?
- 23.2 Finding IoT Vulnerabilities
  - 23.2.1 Shodan Search Engine for Publicly Accessible IoT Devices
  - 23.2.2 Using Shodan
  - 23.2.3 For Professionals: Filtering Using Search Commands
  - 23.2.4 Printer Exploitation Toolkit
  - 23.2.5 RouterSploit
  - 23.2.6 AutoSploit
  - 23.2.7 Consumer Devices as a Gateway
  - 23.2.8 Attacks from the Inside via a Port Scanner
  - 23.2.9 Sample Port Scan of an Entertainment Device
  - 23.2.10 Local Network versus Internet
  - 23.2.11 Incident Scenarios with Cheap IoT Devices
  - 23.2.12 Danger from Network Operator Interfaces
- 23.3 Securing IoT Devices in Networks
- 23.4 IoT Protocols and Services
  - 23.4.1 MQ Telemetry Transport
  - 23.4.2 Installing an MQTT Broker
  - 23.4.3 MQTT Example
  - 23.4.4 $SYS Topic Tree
  - 23.4.5 Securing the Mosquitto MQTT Broker
- 23.5 Wireless IoT Technologies
  - 23.5.1 6LoWPAN
  - 23.5.2 Zigbee
  - 23.5.3 LoRaWAN
  - 23.5.4 NFC and RFID
  - 23.5.5 NFC Hacking
- 23.6 IoT from the Developer’s Perspective
  - 23.6.1 Servers for IoT Operation
  - 23.6.2 Embedded Linux, Android, or Windows IoT Devices
  - 23.6.3 Embedded Devices and Controllers without Classic Operating Systems
- 23.7 Programming Languages for Embedded Controllers
  - 23.7.1 C
  - 23.7.2 C++
  - 23.7.3 Lua
- 23.8 Rules for Secure IoT Programming
  - 23.8.1 Processes as Simple as Possible
  - 23.8.2 Short, Testable Functions
  - 23.8.3 Transfer Values Must Be Checked in Their Entirety
  - 23.8.4 Returning Error Codes
  - 23.8.5 Fixed Boundaries in Loops
  - 23.8.6 No Dynamic Memory Allocation (or as Little as Possible)
  - 23.8.7 Make Dimensioning Buffers or Arrays Sufficiently Large
  - 23.8.8 Always Pass Buffer and Array Sizes
  - 23.8.9 Use Caution with Function Pointers
  - 23.8.10 Enabling Compiler Warnings
  - 23.8.11 String Copy for Few Resources
  - 23.8.12 Using Libraries
The Authors
Index

ℹ️ How to purchase this book?

This product has a special price upon request. You can start your order or clarify any doubts using the Contact for Price button on the page.

We have also prepared a step-by-step guide to explain how to easily request your quote.

Read the guide here →

Disclaimer

SAP, other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Our Company is not affiliated to SAP SE or any of its affiliated companies including but not limited to: Sybase, Business Objects, Hybris, Ariba and SuccessFactors. All other names, brands, logos, etc. are registered trade or service marks of their respective owners.

Home > SAP Books > English Books > Hacking and Security - The Comprehensive Guide to Penetration Testing and Cybersecurity

Hacking and Security - The Comprehensive Guide to Penetration Testing and Cybersecurity

Name: Hacking and Security - The Comprehensive Guide to Penetration Testing and Cybersecurity
Brand: SAP
SKU: BOOK-SAPPRESS-EBOOK-2023-9781493224265

Warranty

Receive the product you were expecting or we will refund your money

Free shipping

Free shipping to your email

Would you like a sample course/book?

If you need a sample of a course/book, request it in the chat below and we will be happy to provide it to you.

1 installment of $0.00 USD without interest		Total $0.00 USD
2 installments of $0.00 USD without interest		Total $0.00 USD
3 installments of $0.00 USD without interest		Total $0.00 USD
4 installments of $0.00 USD without interest		Total $0.00 USD
5 installments of $0.00 USD without interest		Total $0.00 USD
6 installments of $0.00 USD without interest		Total $0.00 USD