インターネットデパート - 取扱い商品数1000万点以上の通販サイト。送料無料商品も多数あります。

How to Hack Like a LEGEND: A hacker’s tale breaking into a secretive offshore company (Hacking the Planet Book 7) (English Edition)

価格: ¥0
カテゴリ: Kindle版
Amazon.co.jpで確認
This is the story of a hacker who met his match while breaking into a company: machine learning, behavioral analysis, artificial intelligence... Most hacking tools simply crash and burn in such a hostile environment.
What is a hacker to do when facing such a fully equipped opponent?

Cybersecurity at its best
We start by building a resilient C2 infrastructure using cloud providers, HTTP redirectors and SSH tunnels. The idea is to hide behind an array of disposable machines that we can renew in a matter of seconds to completely change our internetfootprint.
We then set up step-by-step a phishing platform: fake website, postfix server, DKIM signing, SPF and DMARC.

The Art of intrusion
Instead of hacking directly our mark(an offshore company), we target one of their suppliers that we identified using OSINT techniques. We collect a couple of passwords thanks to our phishing platform and leverage the remote Citrix access to put our first foot inside.
We bypass Applocker and Constrained Language on PowerShell to achieve code execution, then start our Active Directory reconnaissance.

Minutes later, we are kicked out of the network due to suspicious activity.

The art of exploitation
We exploit a flaw in password patterns to get back on the Citrix server. We are facing MS ATA and the QRADAR SIEM. We learn to evade them using various hacking tricks and manage to disable all new Windows Server 2016 security features (AMSI, ScriptBlock Logging, etc.).
We also face Windows next-gen antivirus (ATP) while trying to get credentials belonging to developers we suspect are working on the product used by the offshore company.
We end up backdooring the accounting software in a way to evade most security and functional tests.

Forget penetration testing, time for some red team
Our backdoor triggers a fileless malware that give us access to the second company’s internal network. After that it's just a cakewalk to achieve domain admin privileges and access personal data of thousands of shell companies and their end beneficiaries.
 

All custom attack payloads are provided and explained thoroughly in the book.

This book’s edition assumes prior knowledge of basic computer security principles such as NTLM, pass-the-hash, Windows Active Directory, group policy objects and so forth. If you are scantly comfortable with these concepts, I strongly encourage you to first read How to Hack Like a Pornstar (http://amzn.to/2iwprf6) or How to Hack Like a God (http://amzn.to/2iwA3KX) before taking on this book.