My Account
Log in Registration
All
Cart
Highlights
Fiction Books
Non-Fiction Books
Children's Books
Rare Books
Music
DVD & Blu-Ray
Video Games
Category
Wishlists
Cart
All
Free US shipping over $10
Trustpilot
Proud to be B-Corp

Chained Exploits Andrew Whitaker

Chained Exploits By Andrew Whitaker

Chained Exploits by Andrew Whitaker

Reviews:
$44.99
Condition - Very Good
Only 1 left
Very Good$44.99Good$23.86

Chained Exploits Summary

Chained Exploits: Advanced Hacking Attacks from Start to Finish by Andrew Whitaker

The complete guide to today's hard-to-defend chained attacks: performing them and preventing them

Nowadays, it's rare for malicious hackers to rely on just one exploit or tool; instead, they use chained exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don't cover them at all. Now there's a book that brings together start-to-finish information about today's most widespread chained exploits-both how to perform them and how to prevent them.

Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today's most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.

Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today's most effective countermeasures- both technical and human. Coverage includes:

  • Constructing convincing new phishing attacks
  • Discovering which sites other Web users are visiting
  • Wreaking havoc on IT security via wireless networks
  • Disrupting competitors' Web sites
  • Performing-and preventing-corporate espionage
  • Destroying secure files
  • Gaining access to private healthcare records
  • Attacking the viewers of social networking pages
  • Creating entirely new exploits
  • and more

Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council's Instructor of Excellence Award.

Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council's Instructor of Excellence Award.

Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.

informit.com/aw

Cover photograph (c) Corbis /

Jupiter Images

$49.99 US

$59.99 CANADA

About Andrew Whitaker

Andrew Whitaker (M.Sc., CISSP, CEI, LPT, ECSA, CHFI, CEH, CCSP, CCNP, CCVP, CCDP, CCNA, CCDA, CCENT, MCSE, MCTS, CNE, A+, Network+, Convergence+, Security+, CTP, EMCPA) is a recognized expert, trainer, and author in the field of penetration testing and security countermeasures. He works as the Director of Enterprise InfoSec and Networking and as a senior ethical hacking instructor for Training Camp. Over the past several years his courses have trained thousands of security professionals throughout the world. His security courses have also caught the attention of the Wall Street Journal, BusinessWeek, San Francisco Gate, and others.

Keatron Evans is a senior penetration tester and principal of Blink Digital Security based in Chicago, Illinois. He has more than 11 years experience doing penetration tests, vulnerability assessments, and forensics. Keatron regularly consults with and sometimes trains several government entities and corporations in the areas of network penetration, SCADA security, and other related national infrastructure security topics. He holds several information security certifications including CISSP, CSSA, CEH, CHFI, LPT, CCSP, MCSE:Security, MCT, Security+, and others.When not doing penetration tests, you can find Keatron teaching ethical hacking and forensics classes for Training Camp and a few other security training organizations.

Jack Voth has been working in the information technology field for 24 years. He holds numerous industry certifications including CISSP, MCSE, L|PT, C|EH, C|HFI, E|CSA, CTP, Security+, ACA, MCT, CEI, and CCNA. He specializes in penetration testing, vulnerability assessment, perimeter security, and voice/data networking architecture. In addition to being a co-owner and senior engineer of The Client Server, Inc., Jack has been instructing for more than six years on subject matter including Microsoft, Telecommunications Industry Association (TIA), EC-Council, ISC/2, and CompTIA.

Table of Contents

Introduction xvii

Chapter 1 Get Your Free Credit Cards Here 1

Setting the Stage 1

The Approach 1

The Chained Exploit 2

Enumerating the PDXO Web Site 3

Enumerating the Credit Card Database 5

Stealing Credit Card Information from the Web Site 11

Selling the Credit Card Information on the Underground Market 13

Defacing the PDXO Web Site 15

Chained Exploit Summary 16

Countermeasures 17

Change the Default HTTP Response Header 17

Do Not Have Public Access to Developer Sites 17

Do Not Install SQL Server on the Same Machine as IIS 17

Sanitize Input on Web Forms 18

Do Not Install IIS in the Default Location 18

Make Your Web Site Read-Only 18

Remove Unnecessary Stored Procedures from Your SQL Database 18

Do Not Use the Default Username and Password for Your Database 18

Countermeasures for Customers 19

Conclusion 20

Chapter 2 Discover What Your Boss Is Looking At 21

Setting the Stage 21

The Approach 22

For More Information 25

The Chained Exploit 28

Phishing Scam 29

Installing Executables 32

Setting Up the Phishing Site 38

Sending Mr. Minutia an E-mail 38

Finding the Boss's Computer 42

Connecting to the Boss's Computer 43

WinPcap 45

Analyzing the Packet Capture 46

Reassembling the Graphics 48

Other Possibilities 51

Chained Exploit Summary 52

Countermeasures 52

Countermeasures for Phishing Scams 53

Countermeasures for Trojan Horse Applications 53

Countermeasures for Packet-Capturing Software 54

Conclusion 54

Chapter 3 Take Down Your Competitor's Web Site 55

Setting the Stage 55

The Approach 57

For More Information 59

The Chained Exploit 59

Attack #1: The Test 60

Attack #2: The One That Worked 66

Getting Access to the Pawn Web site 68

Lab-Testing the Hack 70

Modifying the Pawn Web Site 80

Other Possibilities 83

Chained Exploit Summary 84

Countermeasures 85

Countermeasures for Hackers Passively Finding Information about Your Company 85

Countermeasures for DDoS Attacks via ICMP 85

Countermeasures for DDoS Attacks via HTTP and Other Protocols 86

Countermeasures for Unauthorized Web Site Modification 86

Countermeasures for Compromise of Internal Employees 87

Conclusion 88

Chapter 4 Corporate Espionage 89

Setting the Stage 89

The Approach 91

The Chained Exploit 92

Reconnaissance 92

Getting Physical Access 96

Executing the Hacks 101

Bringing Down the Hospital 107

Other Possibilities 119

Chained Exploit Summary 120

Countermeasures 121

Countermeasures for Physical Security Breaches and Access Systems
Compromise 121

Countermeasures for Scanning Attacks 121

Countermeasures for Social Engineering 122

Countermeasures for Operating System Attacks 122

Countermeasures for Data Theft 123

Conclusion 124

Chapter 5 Chained Corporations 125

Setting the Stage 125

The Approach 126

The Chained Exploit 127

Reconnaissance 127

Social Engineering Attack 135

More and Yet More Recon 137

Aggressive Active Recon 140

Building the Exploit Infrastructure 149

Testing the Exploit 156

Executing the Hack 166

Constructing the Rootkit 167

Game Over-The End Result 172

Other Possibilities 173

Chained Exploit Summary 173

Countermeasures 174

Countermeasures for Hackers Passively Finding Information about Your Company 174

Countermeasures for Social Engineering Attack on Visual IQ 175

Countermeasures for Recon on the Visual IQ Software 175

Countermeasures for Wi-Fi Attack on Quizzi Home Network 175

Countermeasures for the Keylogger Attack 176

Conclusion 176

Chapter 6 Gain Physical Access to Healthcare Records 177

Setting the Stage 177

The Approach 179

For More Information 179

The Chained Exploit 181

Social Engineering and Piggybacking 181

Gaining Physical Access 195

Booting into Windows with Knoppix 201

Modifying Personally Identifiable Information or Protected Medical
Information 204

Chained Exploit Summary 205

Countermeasures 205

Social Engineering and Piggybacking 206

Lock Picking 208

Defeating Biometrics 208

Compromising a PC 208

Conclusion 209

Chapter 7 Attacking Social Networking Sites 211

Setting the Stage 211

The Approach 212

The Chained Exploit 213

Creating a Fake MySpace Web Site 213

Creating the Redirection Web Site 217

Creating a MySpace Page 218

Sending a Comment 221

Compromising the Account 224

Logging In to the Hacked Account 224

The Results 227

Chained Exploit Summary 228

Countermeasures 228

Avoid Using Social Networking Sites 229

Use a Private Profile 229

Be Careful about Clicking on Links 229

Require Last Name / E-mail Address to Be a Friend 230

Do Not Post Too Much Information 230

Be Careful When Entering Your Username/Password 230

Use a Strong Password 230

Change Your Password Frequently 231

Use Anti-Phishing Tools 231

Conclusion 231

Chapter 8 Wreaking Havoc from the Parking Lot 233

Setting the Stage 233

The Approach 236

For More Information 237

Accessing Networks Through Access Points 238

The Chained Exploit 239

Connecting to an Access Point 239

Performing the Microsoft Kerberos Preauthentication Attack 248

Cracking Passwords with RainbowCrack 254

Pilfering the Country Club Data 256

Chained Exploit Summary 257

Countermeasures 258

Secure Access Points 258

Configure Active Directory Properly 259

Use an Intrusion Prevention System or Intrusion Detection System 260

Update Anti-Virus Software Regularly 261

Computer Network Security Checklist 261

Conclusion 266

TOC, 2/9/09, 9780321498816

Additional information

GOR006975357
9780321498816
032149881X
Chained Exploits: Advanced Hacking Attacks from Start to Finish by Andrew Whitaker
Andrew Whitaker
Used - Very Good
Hardback
Pearson Education (US)
20090312
312
N/A
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in very good condition, but if you are not entirely satisfied please get in touch with us

Customer Reviews - Chained Exploits