CART
Other versions by this Author
More New and Used
from Private Sellers
Chained Exploits : Advanced Hacking Attacks from Start to Finish
by Whitaker, Andrew; Evans, Keatron; Voth, Jack B.Edition:
1st
ISBN13:
9780321498816
ISBN10:
032149881X
Format:
Hardcover
Pub. Date:
1/1/2009
Publisher(s):
Addison-Wesley Professional
List Price: $49.99
Rent Book
(Recommended)Term
Due
Price
Short Term
Aug 2
$39.99
Semester
Sep 28
$44.99
Quarter
Aug 19
$42.49
$39.99
Buy New Book
Currently Available, Usually Ships in 24-48 Hours
$42.49
eBook
$30.42
Used Book
We're Sorry
Sold Out
Starting at $36.75
Questions About This Book?
Why should I rent this book?
Renting is easy, fast, and cheap! Renting from eCampus.com can save you hundreds of dollars compared to the cost of new or used books each semester. At the end of the semester, simply ship the book back to us with a free UPS shipping label! No need to worry about selling it back.
How do rental returns work?
Returning books is as easy as possible. As your rental due date approaches, we will email you several courtesy reminders. When you are ready to return, you can print a free UPS shipping label from our website at any time. Then, just return the book to your UPS driver or any staffed UPS location. You can even use the same box we shipped it in!
What version or edition is this?
This is the 1st edition with a publication date of 1/1/2009.
What is included with this book?
- The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any CDs, lab manuals, study guides, etc.
- The Rental copy of this book is not guaranteed to include any supplemental materials. You may receive a brand new copy, but typically, only the book itself.
Summary
The only security book that's 100% focused on today's dangerous 'chained' attacks: how they work, and how to counter them.
Author Biography
Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and Business Week. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council's Instructor of Excellence Award. Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council's Instructor of Excellence Award. Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.
Table of Contents
| Introduction | p. xvii |
| Get Your Free Credit Cards Here | p. 1 |
| Setting the Stage | p. 1 |
| The Approach | p. 1 |
| The Chained Exploit | p. 2 |
| Enumerating the PDXO Web Site | p. 3 |
| Enumerating the Credit Card Database | p. 5 |
| Stealing Credit Card Information from the Web Site | p. 11 |
| Selling the Credit Card Information on the Underground Market | p. 13 |
| Defacing the PDXO Web Site | p. 15 |
| Chained Exploit Summary | p. 16 |
| Countermeasures | p. 17 |
| Change the Default HTTP Response Header | p. 17 |
| Do Not Have Public Access to Developer Sites | p. 17 |
| Do Not Install SQL Server on the Same Machine as IIS | p. 17 |
| Sanitize Input on Web Forms | p. 18 |
| Do Not Install IIS in the Default Location | p. 18 |
| Make Your Web Site Read-Only | p. 18 |
| Remove Unnecessary Stored Procedures from Your SQL Database | p. 18 |
| Do Not Use the Default Username and Password for Your Database | p. 18 |
| Countermeasures for Customers | p. 19 |
| Conclusion | p. 20 |
| Discover What Your Boss Is Looking At | p. 21 |
| Setting the Stage | p. 21 |
| The Approach | p. 22 |
| For More Information | p. 25 |
| The Chained Exploit | p. 28 |
| Phishing Scam | p. 29 |
| Installing Executables | p. 32 |
| Setting Up the Phishing Site | p. 38 |
| Sending Mr. Minutia an E-mail | p. 38 |
| Finding the Boss's Computer | p. 42 |
| Connecting to the Boss's Computer | p. 43 |
| WinPcap | p. 45 |
| Analyzing the Packet Capture | p. 46 |
| Reassembling the Graphics | p. 48 |
| Other Possibilities | p. 51 |
| Chained Exploit Summary | p. 52 |
| Countermeasures | p. 52 |
| Countermeasures for Phishing Scams | p. 53 |
| Countermeasures for Trojan Horse Applications | p. 53 |
| Countermeasures for Packet-Capturing Software | p. 54 |
| Conclusion | p. 54 |
| Take Down Your Competitor's Web Site | p. 55 |
| Setting the Stage | p. 55 |
| The Approach | p. 57 |
| For More Information | p. 59 |
| The Chained Exploit | p. 59 |
| The Test | p. 60 |
| The One That Worked | p. 66 |
| Getting Access to the Pawn Web site | p. 68 |
| Lab-Testing the Hack | p. 70 |
| Modifying the Pawn Web Site | p. 80 |
| Other Possibilities | p. 83 |
| Chained Exploit Summary | p. 84 |
| Countermeasures | p. 85 |
| Countermeasures for Hackers Passively Finding Information about Your Company | p. 85 |
| Countermeasures for DDoS Attacks via ICMP | p. 85 |
| Countermeasures for DDoS Attacks via HTTP and Other Protocols | p. 86 |
| Countermeasures for Unauthorized Web Site Modification | p. 86 |
| Countermeasures for Compromise of Internal Employees | p. 87 |
| Conclusion | p. 88 |
| Corporate Espionage | p. 89 |
| Setting the Stage | p. 89 |
| The Approach | p. 91 |
| The Chained Exploit | p. 92 |
| Reconnaissance | p. 92 |
| Getting Physical Access | p. 96 |
| Executing the Hacks | p. 101 |
| Bringing Down the Hospital | p. 107 |
| Other Possibilities | p. 119 |
| Chained Exploit Summary | p. 120 |
| Countermeasures | p. 121 |
| Countermeasures for Physical Security Breaches and Access Systems Compromise | p. 121 |
| Countermeasures for Scanning Attacks | p. 121 |
| Countermeasures for Social Engineering | p. 122 |
| Countermeasures for Operating System Attacks | p. 122 |
| Countermeasures for Data Theft | p. 123 |
| Conclusion | p. 124 |
| Chained Corporations | p. 125 |
| Setting the Stage | p. 125 |
| The Approach | p. 126 |
| The Chained Exploit | p. 127 |
| Reconnaissance | p. 127 |
| Social Engineering Attack | p. 135 |
| More and Yet More Recon | p. 137 |
| Aggressive Active Recon | p. 140 |
| Building the Exploit Infrastructure | p. 149 |
| Testing the Exploit | p. 156 |
| Executing the Hack | p. 166 |
| Constructing the Rootkit | p. 167 |
| Game Over-The End Result | p. 172 |
| Other Possibilities | p. 173 |
| Chained Exploit Summary | p. 173 |
| Countermeasures | p. 174 |
| Countermeasures for Hackers Passively Finding Information about Your Company | p. 174 |
| Countermeasures for Social Engineering Attack on Visual IQ | p. 175 |
| Countermeasures for Recon on the Visual IQ Software | p. 175 |
| Countermeasures for Wi-Fi Attack on Quizzi Home Network | p. 175 |
| Countermeasures for the Keylogger Attack | p. 176 |
| Conclusion | p. 176 |
| Gain Physical Access to Healthcare Records | p. 177 |
| Setting the Stage | p. 177 |
| The Approach | p. 179 |
| For More Information | p. 179 |
| The Chained Exploit | p. 181 |
| Social Engineering and Piggybacking | p. 181 |
| Gaining Physical Access | p. 195 |
| Booting into Windows with Knoppix | p. 201 |
| Modifying Personally Identifiable Information or Protected Medical Information | p. 204 |
| Chained Exploit Summary | p. 205 |
| Countermeasures | p. 205 |
| Social Engineering and Piggybacking | p. 206 |
| Lock Picking | p. 208 |
| Defeating Biometrics | p. 208 |
| Compromising a PC | p. 208 |
| Conclusion | p. 209 |
| Attracking Social Networking Sites | p. 211 |
| Setting the Stage | p. 211 |
| The Approach | p. 212 |
| The Chained Exploit | p. 213 |
| Creating a Fake MySpace Web Site | p. 213 |
| Creating the Redirection Web Site | p. 217 |
| Creating a MySpace Page | p. 218 |
| Sending a Comment | p. 221 |
| Compromising the Account | p. 224 |
| Logging In to the Hacked Account | p. 224 |
| The Results | p. 227 |
| Chained Exploit Summary | p. 228 |
| Countermeasures | p. 228 |
| Avoid Using Social Networking Sites | p. 229 |
| Use a Private Profile | p. 229 |
| Be Careful about Clicking on Links | p. 229 |
| Require Last Name / E-mail Address to Be a Friend | p. 230 |
| Do Not Post Too Much Information | p. 230 |
| Be Careful When Entering Your Username/Password | p. 230 |
| Use a Strong Password | p. 230 |
| Change Your Password Frequently | p. 231 |
| Use Anti-Phishing Tools | p. 231 |
| Conclusion | p. 231 |
| Wreaking Havoc from the Parking Lot | p. 233 |
| Setting the Stage | p. 233 |
| The Approach | p. 236 |
| For More Information | p. 237 |
| Accessing Networks Through Access Points | p. 238 |
| The Chained Exploit | p. 239 |
| Connecting to an Access Point | p. 239 |
| Performing the Microsoft Kerberos Preauthentication Attack | p. 248 |
| Cracking Passwords with RainbowCrack | p. 254 |
| Pilfering the Country Club Data | p. 256 |
| Chained Exploit Summary | p. 257 |
| Countermeasures | p. 258 |
| Secure Access Points | p. 258 |
| Configure Active Directory Properly | p. 259 |
| Use an Intrusion Prevention System or Intrusion Detection System | p. 260 |
| Update Anti-Virus Software Regularly | p. 261 |
| Computer Network Security Checklist | p. 261 |
| Conclusion | p. 266 |
| Index | p. 267 |
| Table of Contents provided by Ingram. All Rights Reserved. |
Excerpts
Introduction IntroductionWhenever we tell people about the contents of this book, we always get the same response: "Isn't that illegal?" Yes, we tell them. Most of what this book covers is completely illegal if you re-create the scenarios and perform them outside of a lab environment. This leads to the question of why we would even want to create a book like this.The answer is quite simple. This book is necessary in the marketplace to educate others about chained exploits. Throughout our careers we have helped secure hundreds of organizations. The biggest weakness we saw was not in engineering a new security solution, but in education. People are just not aware of how attacks really occur. They need to be educated in how the sophisticated attacks happen so that they can know how to effectively protect against them.All the authors of this book have experience in both penetration testing (hacking into organizations with authorization to assess their weakness) as well as teaching security and ethical hacking courses for Training Camp ( http://www.trainingcamp.com ). Many of the chapters in this book come from attacks we have successfully performed in real-world penetration tests. We want to share these so that you know how to stop malicious attacks. We all agree that it is through training that we make the biggest impact, and this book serves as an extension to our passion for security awareness training. What Is a Chained Exploit?There are several excellent books in the market on information security. What has been lacking, however, is a book that covers chained exploits and effective countermeasures. A chained exploit is an attack that involves multiple exploits or attacks. Typically a hacker will use not just one method, but several, to get to his or her target.Take this scenario as an example. You get a call at 2 a.m. from a frantic coworker, saying your Web site has been breached. You jump out of bed, throw on a baseball cap and some clothes, and rush down to your workplace. When you get there, you find your manager and coworkers frenzied about what to do. You look at the Web server and go through the logs. Nothing sticks out at you. You go to the firewall and review its logs. You do not see any suspicious traffic heading for your Web server. What do you do?We hope you said, "Step back, and look at the bigger picture." Look around your infrastructure. You might have dedicated logging machines, load-balancing devices, switches, routers, backup devices, VPN (virtual private network) devices, hubs, database servers, application servers, Web servers, firewalls, encryption devices, storage devices, intruder detection devices, and much more. Within each of these devices and servers runs software. Each piece of software is a possible point of entry.In this scenario the attacker might not have directly attacked the Web server from the outside. He or she might have first compromised a router. From there, the attacker might reconfigure the router to get access to a backup server that manages all backups for your datacenter. Next the attacker might use a buffer overflow exploit against your backup software to get administrator access to the backup server. The attacker might launch an attack to confuse the intrusion detection system so that the real attack goes unnoticed. Then the attacker might
