What is included with this book?
Introduction | p. xvii |
Get Your Free Credit Cards Here | p. 1 |
Setting the Stage | p. 1 |
The Approach | p. 1 |
The Chained Exploit | p. 2 |
Enumerating the PDXO Web Site | p. 3 |
Enumerating the Credit Card Database | p. 5 |
Stealing Credit Card Information from the Web Site | p. 11 |
Selling the Credit Card Information on the Underground Market | p. 13 |
Defacing the PDXO Web Site | p. 15 |
Chained Exploit Summary | p. 16 |
Countermeasures | p. 17 |
Change the Default HTTP Response Header | p. 17 |
Do Not Have Public Access to Developer Sites | p. 17 |
Do Not Install SQL Server on the Same Machine as IIS | p. 17 |
Sanitize Input on Web Forms | p. 18 |
Do Not Install IIS in the Default Location | p. 18 |
Make Your Web Site Read-Only | p. 18 |
Remove Unnecessary Stored Procedures from Your SQL Database | p. 18 |
Do Not Use the Default Username and Password for Your Database | p. 18 |
Countermeasures for Customers | p. 19 |
Conclusion | p. 20 |
Discover What Your Boss Is Looking At | p. 21 |
Setting the Stage | p. 21 |
The Approach | p. 22 |
For More Information | p. 25 |
The Chained Exploit | p. 28 |
Phishing Scam | p. 29 |
Installing Executables | p. 32 |
Setting Up the Phishing Site | p. 38 |
Sending Mr. Minutia an E-mail | p. 38 |
Finding the Boss's Computer | p. 42 |
Connecting to the Boss's Computer | p. 43 |
WinPcap | p. 45 |
Analyzing the Packet Capture | p. 46 |
Reassembling the Graphics | p. 48 |
Other Possibilities | p. 51 |
Chained Exploit Summary | p. 52 |
Countermeasures | p. 52 |
Countermeasures for Phishing Scams | p. 53 |
Countermeasures for Trojan Horse Applications | p. 53 |
Countermeasures for Packet-Capturing Software | p. 54 |
Conclusion | p. 54 |
Take Down Your Competitor's Web Site | p. 55 |
Setting the Stage | p. 55 |
The Approach | p. 57 |
For More Information | p. 59 |
The Chained Exploit | p. 59 |
The Test | p. 60 |
The One That Worked | p. 66 |
Getting Access to the Pawn Web site | p. 68 |
Lab-Testing the Hack | p. 70 |
Modifying the Pawn Web Site | p. 80 |
Other Possibilities | p. 83 |
Chained Exploit Summary | p. 84 |
Countermeasures | p. 85 |
Countermeasures for Hackers Passively Finding Information about Your Company | p. 85 |
Countermeasures for DDoS Attacks via ICMP | p. 85 |
Countermeasures for DDoS Attacks via HTTP and Other Protocols | p. 86 |
Countermeasures for Unauthorized Web Site Modification | p. 86 |
Countermeasures for Compromise of Internal Employees | p. 87 |
Conclusion | p. 88 |
Corporate Espionage | p. 89 |
Setting the Stage | p. 89 |
The Approach | p. 91 |
The Chained Exploit | p. 92 |
Reconnaissance | p. 92 |
Getting Physical Access | p. 96 |
Executing the Hacks | p. 101 |
Bringing Down the Hospital | p. 107 |
Other Possibilities | p. 119 |
Chained Exploit Summary | p. 120 |
Countermeasures | p. 121 |
Countermeasures for Physical Security Breaches and Access Systems Compromise | p. 121 |
Countermeasures for Scanning Attacks | p. 121 |
Countermeasures for Social Engineering | p. 122 |
Countermeasures for Operating System Attacks | p. 122 |
Countermeasures for Data Theft | p. 123 |
Conclusion | p. 124 |
Chained Corporations | p. 125 |
Setting the Stage | p. 125 |
The Approach | p. 126 |
The Chained Exploit | p. 127 |
Reconnaissance | p. 127 |
Social Engineering Attack | p. 135 |
More and Yet More Recon | p. 137 |
Aggressive Active Recon | p. 140 |
Building the Exploit Infrastructure | p. 149 |
Testing the Exploit | p. 156 |
Executing the Hack | p. 166 |
Constructing the Rootkit | p. 167 |
Game Over-The End Result | p. 172 |
Other Possibilities | p. 173 |
Chained Exploit Summary | p. 173 |
Countermeasures | p. 174 |
Countermeasures for Hackers Passively Finding Information about Your Company | p. 174 |
Countermeasures for Social Engineering Attack on Visual IQ | p. 175 |
Countermeasures for Recon on the Visual IQ Software | p. 175 |
Countermeasures for Wi-Fi Attack on Quizzi Home Network | p. 175 |
Countermeasures for the Keylogger Attack | p. 176 |
Conclusion | p. 176 |
Gain Physical Access to Healthcare Records | p. 177 |
Setting the Stage | p. 177 |
The Approach | p. 179 |
For More Information | p. 179 |
The Chained Exploit | p. 181 |
Social Engineering and Piggybacking | p. 181 |
Gaining Physical Access | p. 195 |
Booting into Windows with Knoppix | p. 201 |
Modifying Personally Identifiable Information or Protected Medical Information | p. 204 |
Chained Exploit Summary | p. 205 |
Countermeasures | p. 205 |
Social Engineering and Piggybacking | p. 206 |
Lock Picking | p. 208 |
Defeating Biometrics | p. 208 |
Compromising a PC | p. 208 |
Conclusion | p. 209 |
Attracking Social Networking Sites | p. 211 |
Setting the Stage | p. 211 |
The Approach | p. 212 |
The Chained Exploit | p. 213 |
Creating a Fake MySpace Web Site | p. 213 |
Creating the Redirection Web Site | p. 217 |
Creating a MySpace Page | p. 218 |
Sending a Comment | p. 221 |
Compromising the Account | p. 224 |
Logging In to the Hacked Account | p. 224 |
The Results | p. 227 |
Chained Exploit Summary | p. 228 |
Countermeasures | p. 228 |
Avoid Using Social Networking Sites | p. 229 |
Use a Private Profile | p. 229 |
Be Careful about Clicking on Links | p. 229 |
Require Last Name / E-mail Address to Be a Friend | p. 230 |
Do Not Post Too Much Information | p. 230 |
Be Careful When Entering Your Username/Password | p. 230 |
Use a Strong Password | p. 230 |
Change Your Password Frequently | p. 231 |
Use Anti-Phishing Tools | p. 231 |
Conclusion | p. 231 |
Wreaking Havoc from the Parking Lot | p. 233 |
Setting the Stage | p. 233 |
The Approach | p. 236 |
For More Information | p. 237 |
Accessing Networks Through Access Points | p. 238 |
The Chained Exploit | p. 239 |
Connecting to an Access Point | p. 239 |
Performing the Microsoft Kerberos Preauthentication Attack | p. 248 |
Cracking Passwords with RainbowCrack | p. 254 |
Pilfering the Country Club Data | p. 256 |
Chained Exploit Summary | p. 257 |
Countermeasures | p. 258 |
Secure Access Points | p. 258 |
Configure Active Directory Properly | p. 259 |
Use an Intrusion Prevention System or Intrusion Detection System | p. 260 |
Update Anti-Virus Software Regularly | p. 261 |
Computer Network Security Checklist | p. 261 |
Conclusion | p. 266 |
Index | p. 267 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.