Hacking for Dummies
Hacking for Dummies
Click to enlarge
Author(s): Beaver, Kevin
ISBN No.: 9781119485476
Pages: 416
Year: 201807
Format: Trade Paper
Price: $ 41.39
Status: Out Of Print

Introduction 1 About This Book 1 Foolish Assumptions 2 Icons Used in This Book 3 Beyond the Book 3 Where to Go from Here 4 Part 1: Building the Foundation for Security Testing 5 Chapter 1: Introduction to Vulnerability and Penetration Testing 7 Straightening Out the Terminology 7 Hacker 8 Malicious user 9 Recognizing How Malicious Attackers Beget Ethical Hackers 10 Vulnerability and penetration testing versus auditing 10 Policy considerations 11 Compliance and regulatory concerns 12 Understanding the Need to Hack Your Own Systems 12 Understanding the Dangers Your Systems Face 14 Nontechnical attacks 14 Network infrastructure attacks 15 Operating system attacks 15 Application and other specialized attacks 15 Following the Security Assessment Principles 16 Working ethically 16 Respecting privacy 17 Not crashing your systems 17 Using the Vulnerability and Penetration Testing Process 18 Formulating your plan 18 Selecting tools 20 Executing the plan 22 Evaluating results 23 Moving on 23 Chapter 2: Cracking the Hacker Mindset 25 What You''re Up Against 25 Who Breaks into Computer Systems 28 Hacker skill levels 28 Hacker motivations 30 Why They Do It 30 Planning and Performing Attacks 33 Maintaining Anonymity 35 Chapter 3: Developing Your Security Testing Plan 37 Establishing Your Goals 37 Determining Which Systems to Test 40 Creating Testing Standards 43 Timing your tests 43 Running specific tests 44 Conducting blind versus knowledge assessments 45 Picking your location 46 Responding to vulnerabilities you find 46 Making silly assumptions 46 Selecting Security Assessment Tools 47 Chapter 4: Hacking Methodology 49 Setting the Stage for Testing 49 Seeing What Others See 51 Scanning Systems 52 Hosts 53 Open ports 53 Determining What''s Running on Open Ports 54 Assessing Vulnerabilities 56 Penetrating the System 58 Part 2: Putting Security Testing in Motion 59 Chapter 5: Information Gathering 61 Gathering Public Information 61 Social media 62 Web search 62 Web crawling 63 Websites 64 Mapping the Network 64 WHOIS 65 Privacy policies 66 Chapter 6: Social Engineering 67 Introducing Social Engineering 67 Starting Your Social Engineering Tests 68 Knowing Why Attackers Use Social Engineering 69 Understanding the Implications 70 Building trust 71 Exploiting the relationship 72 Performing Social Engineering Attacks 74 Determining a goal 75 Seeking information 75 Social Engineering Countermeasures 80 Policies 80 User awareness and training 80 Chapter 7: Physical Security 83 Identifying Basic Physical Security Vulnerabilities 84 Pinpointing Physical Vulnerabilities in Your Office 85 Building infrastructure 85 Utilities 87 Office layout and use 88 Network components and computers 90 Chapter 8: Passwords 95 Understanding Password Vulnerabilities 96 Organizational password vulnerabilities 97 Technical password vulnerabilities 97 Cracking Passwords 98 Cracking passwords the old-fashioned way 99 Cracking passwords with high-tech tools 102 Cracking password-protected files 110 Understanding other ways to crack passwords 112 General Password Cracking Countermeasures 117 Storing passwords 118 Creating password policies 118 Taking other countermeasures 120 Securing Operating Systems 121 Windows 121 Linux and Unix 122 Part 3: Hacking Network Hosts 123 Chapter 9: Network Infrastructure Systems 125 Understanding Network Infrastructure Vulnerabilities 126 Choosing Tools 127 Scanners and analyzers 128 Vulnerability assessment 128 Scanning, Poking, and Prodding the Network 129 Scanning ports 129 Scanning SNMP 135 Grabbing banners 137 Testing firewall rules 138 Analyzing network data 140 The MAC-daddy attack 147 Testing denial of service attacks 152 Detecting Common Router, Switch, and Firewall Weaknesses 155 Finding unsecured interfaces 155 Uncovering issues with SSL and TLS 156 Putting Up General Network Defenses 156 Chapter 10: Wireless Networks 159 Understanding the Implications of Wireless Network Vulnerabilities 159 Choosing Your Tools 160 Discovering Wireless Networks 162 Checking for worldwide recognition 162 Scanning your local airwaves 163 Discovering Wireless Network Attacks and Taking Countermeasures 165 Encrypted traffic 167 Countermeasures against encrypted traffic attacks 170 Wi-Fi Protected Setup 172 Countermeasures against the WPS PIN flaw 175 Rogue wireless devices 175 Countermeasures against rogue wireless devices 179 MAC spoofing 179 Countermeasures against MAC spoofing 183 Physical security problems 183 Countermeasures against physical security problems 184 Vulnerable wireless workstations 185 Countermeasures against vulnerable wireless workstations 185 Default configuration settings 185 Countermeasures against default configuration settings exploits 186 Chapter 11: Mobile Devices 187 Sizing Up Mobile Vulnerabilities 187 Cracking Laptop Passwords 188 Choosing your tools 188 Applying countermeasures 193 Cracking Phones and Tablets 193 Cracking iOS passwords 194 Taking countermeasures against password cracking 197 Part 4: Hacking Operating Systems 199 Chapter 12: Windows 201 Introducing Windows Vulnerabilities 202 Choosing Tools 203 Free Microsoft tools 203 All-in-one assessment tools 204 Task-specific tools 204 Gathering Information About Your Windows Vulnerabilities 205 System scanning 205 NetBIOS 208 Detecting Null Sessions 210 Mapping 211 Gleaning information 212 Countermeasures against null-session hacks 214 Checking Share Permissions 215 Windows defaults 216 Testing 216 Exploiting Missing Patches 217 Using Metasploit 220 Countermeasures against missing patch vulnerability exploits 224 Running Authenticated Scans 225 Chapter 13: Linux and macOS 227 Understanding Linux Vulnerabilities 228 Choosing Tools 229 Gathering Information About Your System Vulnerabilities 229 System scanning 229 Countermeasures against system scanning 233 Finding Unneeded and Unsecured Services 234 Searches 234 Countermeasures against attacks on unneeded services 236 Securing the rhosts and hosts.equiv Files 238 Hacks using the hosts.equiv and rhosts files 239 Countermeasures against rhosts and hosts.equiv file attacks 240 Assessing the Security of NFS 241 NFS hacks 241 Countermeasures against NFS attacks 242 Checking File Permissions 242 File permission hacks 243 Countermeasures against file permission attacks 243 Finding Buffer Overflow Vulnerabilities 244 Attacks 244 Countermeasures against buffer overflow attacks 245 Checking Physical Security 245 Physical security hacks 245 Countermeasures against physical security attacks 245 Performing General Security Tests 246 Patching 248 Distribution updates 248 Multiplatform update managers 249 Part 5: Hacking Applications 251 Chapter 14: Communication and Messaging Systems 253 Introducing Messaging System Vulnerabilities 253 Recognizing and Countering Email Attacks 254 Email bombs 255 Banners 258 SMTP attacks 260 General best practices for minimizing email security risks 269 Understanding VoIP 270 VoIP vulnerabilities 271 Countermeasures against VoIP vulnerabilities 275 Chapter 15: Web Applications and Mobile Apps 277 Choosing Your Web Security Testing Tools 278 Seeking Out Web Vulnerabilities 279 Directory traversal 279 Countermeasures against directory traversals 283 Input-filtering attacks 283 Countermeasures against input attacks 290 Default script attacks 291 Countermeasures against default script attacks 293 Unsecured login mechanisms 293 Countermeasures against unsecured login systems 297 Performing general security scans for web application vulnerabilities 297 Minimizing Web Security Risks 298 Practicing security by obscurity 299 Putting up firewalls 300 Analyzing source code 300 Uncovering Mobile App Flaws 301 Chapter 16: Databases and Storage Systems 303 Diving Into Databases 303 Choosing tools 304 Finding databases on the network 304 Cracking database passwords 305 Scanning databases for vulnerabilities 306 Following Best Practices for Minimizing Database Security Risks 307 Opening Up About Storage Systems 308 Choosing tools 309 Finding storage systems.


To be able to view the table of contents for this publication then please subscribe by clicking the button below...
To be able to view the full description for this publication then please subscribe by clicking the button below...