{"product_id":"hunting-cyber-criminals-isbn-9781119540922","title":"Hunting Cyber Criminals","description":"\u003cp\u003eThe skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries.\u003cbr\u003e\u003cbr\u003eThis book’s unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eThrough the eyes of the author who has several years of experience in the subject.\u003c\/li\u003e \u003cli\u003eThrough the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets.\u003c\/li\u003e \u003cli\u003eThrough the eyes of industry leaders.\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eThis book is ideal for:\u003cbr\u003e\u003cbr\u003eInvestigation professionals, forensic analysts, and CISO\/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization. \u003cbr\u003e\u003cbr\u003eSecurity analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information.\u003cbr\u003e\u003cbr\u003eCISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization’s data.\u003c\/p\u003e \u003cp\u003ePrologue xxv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Getting Started 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy This Book is Different 2\u003c\/p\u003e \u003cp\u003eWhat You Will and Won’t Find in This Book 2\u003c\/p\u003e \u003cp\u003eGetting to Know Your Fellow Experts 3\u003c\/p\u003e \u003cp\u003eA Note on Cryptocurrencies 4\u003c\/p\u003e \u003cp\u003eWhat You Need to Know 4\u003c\/p\u003e \u003cp\u003ePaid Tools and Historical Data 5\u003c\/p\u003e \u003cp\u003eWhat about Maltego? 5\u003c\/p\u003e \u003cp\u003ePrerequisites 5\u003c\/p\u003e \u003cp\u003eKnow How to Use and Configure Linux 5\u003c\/p\u003e \u003cp\u003eGet Your API Keys in Order 6\u003c\/p\u003e \u003cp\u003eImportant Resources 6\u003c\/p\u003e \u003cp\u003eOSINT Framework 6\u003c\/p\u003e \u003cp\u003eOSINT.link 6\u003c\/p\u003e \u003cp\u003eIntelTechniques 7\u003c\/p\u003e \u003cp\u003eTermbin 8\u003c\/p\u003e \u003cp\u003eHunchly 9\u003c\/p\u003e \u003cp\u003eWordlists and Generators 9\u003c\/p\u003e \u003cp\u003eSecLists 9\u003c\/p\u003e \u003cp\u003eCewl 10\u003c\/p\u003e \u003cp\u003eCrunch 10\u003c\/p\u003e \u003cp\u003eProxies 10\u003c\/p\u003e \u003cp\u003eStorm Proxies (Auto-Rotating) 10\u003c\/p\u003e \u003cp\u003eCryptocurrencies 101 11\u003c\/p\u003e \u003cp\u003eHow Do Cryptocurrencies Work? 12\u003c\/p\u003e \u003cp\u003eBlockchain Explorers 13\u003c\/p\u003e \u003cp\u003eFollowing the Money 15\u003c\/p\u003e \u003cp\u003eIdentifying Exchanges and Traders 17\u003c\/p\u003e \u003cp\u003eSummary 18\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Investigations and Threat Actors 19\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Path of an Investigator 19\u003c\/p\u003e \u003cp\u003eGo Big or Go Home 20\u003c\/p\u003e \u003cp\u003eThe Breach That Never Happened 21\u003c\/p\u003e \u003cp\u003eWhat Would You Do? 22\u003c\/p\u003e \u003cp\u003eMoral Gray Areas 24\u003c\/p\u003e \u003cp\u003eDifferent Investigative Paths 25\u003c\/p\u003e \u003cp\u003eInvestigating Cyber Criminals 26\u003c\/p\u003e \u003cp\u003eThe Beginning of the Hunt (for TDO) 27\u003c\/p\u003e \u003cp\u003eThe Dark Overlord 27\u003c\/p\u003e \u003cp\u003eList of Victims 28\u003c\/p\u003e \u003cp\u003eA Brief Overview 29\u003c\/p\u003e \u003cp\u003eCommunication Style 30\u003c\/p\u003e \u003cp\u003eGroup Structure and Members 30\u003c\/p\u003e \u003cp\u003eCyper 31\u003c\/p\u003e \u003cp\u003eArnie 32\u003c\/p\u003e \u003cp\u003eCr00k (Ping) 35\u003c\/p\u003e \u003cp\u003eNSA (Peace of Mind) 36\u003c\/p\u003e \u003cp\u003eThe Dark Overlord 38\u003c\/p\u003e \u003cp\u003eSummary 41\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Network Exploration 43\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Manual Network Exploration 45\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter Targets: Pepsi.com and Cyper.org 46\u003c\/p\u003e \u003cp\u003eAsset Discovery 46\u003c\/p\u003e \u003cp\u003eARIN Search 47\u003c\/p\u003e \u003cp\u003eSearch Engine Dorks 48\u003c\/p\u003e \u003cp\u003eDNSDumpster 49\u003c\/p\u003e \u003cp\u003eHacker Target 52\u003c\/p\u003e \u003cp\u003eShodan 53\u003c\/p\u003e \u003cp\u003eCensys (Subdomain Finder) 56\u003c\/p\u003e \u003cp\u003eCensys Subdomain Finder 56\u003c\/p\u003e \u003cp\u003eFierce 57\u003c\/p\u003e \u003cp\u003eSublist3r 58\u003c\/p\u003e \u003cp\u003eEnumall 59\u003c\/p\u003e \u003cp\u003eResults 60\u003c\/p\u003e \u003cp\u003ePhishing Domains and Typosquatting 61\u003c\/p\u003e \u003cp\u003eSummary 64\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Looking for Network Activity (Advanced NMAP Techniques) 67\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGetting Started 67\u003c\/p\u003e \u003cp\u003ePreparing a List of Active Hosts 68\u003c\/p\u003e \u003cp\u003eFull Port Scans Using Different Scan Types 68\u003c\/p\u003e \u003cp\u003eTCP Window Scan 70\u003c\/p\u003e \u003cp\u003eWorking against Firewalls and IDS 70\u003c\/p\u003e \u003cp\u003eUsing Reason Response 71\u003c\/p\u003e \u003cp\u003eIdentifying Live Servers 71\u003c\/p\u003e \u003cp\u003eFirewall Evasion 73\u003c\/p\u003e \u003cp\u003eDistributed Scanning with Proxies and TOR 73\u003c\/p\u003e \u003cp\u003eFragmented Packets\/MTU 74\u003c\/p\u003e \u003cp\u003eService Detection Trick 74\u003c\/p\u003e \u003cp\u003eLow and Slow 76\u003c\/p\u003e \u003cp\u003eBad Checksums, Decoy, and Random Data 76\u003c\/p\u003e \u003cp\u003eFirewalking 79\u003c\/p\u003e \u003cp\u003eComparing Results 79\u003c\/p\u003e \u003cp\u003eStyling NMAP Reports 81\u003c\/p\u003e \u003cp\u003eSummary 82\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Automated Tools for Network Discovery 83\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSpiderFoot 84\u003c\/p\u003e \u003cp\u003eSpiderFoot HX (Premium) 91\u003c\/p\u003e \u003cp\u003eIntrigue.io 95\u003c\/p\u003e \u003cp\u003eEntities Tab 96\u003c\/p\u003e \u003cp\u003eAnalyzing uberpeople.net 99\u003c\/p\u003e \u003cp\u003eAnalyzing the Results 104\u003c\/p\u003e \u003cp\u003eExporting Your Results 105\u003c\/p\u003e \u003cp\u003eRecon-NG 107\u003c\/p\u003e \u003cp\u003eSearching for Modules 111\u003c\/p\u003e \u003cp\u003eUsing Modules 111\u003c\/p\u003e \u003cp\u003eLooking for Ports with Shodan 115\u003c\/p\u003e \u003cp\u003eSummary 116\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Web Exploration 119\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Website Information Gathering 121\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBuiltWith 121\u003c\/p\u003e \u003cp\u003eFinding Common Sites Using Google Analytics Tracker 123\u003c\/p\u003e \u003cp\u003eIP History and Related Sites 124\u003c\/p\u003e \u003cp\u003eWebapp Information Gatherer (WIG) 124\u003c\/p\u003e \u003cp\u003eCMSMap 129\u003c\/p\u003e \u003cp\u003eRunning a Single Site Scan 130\u003c\/p\u003e \u003cp\u003eScanning Multiple Sites in Batch Mode 130\u003c\/p\u003e \u003cp\u003eDetecting Vulnerabilities 131\u003c\/p\u003e \u003cp\u003eWPScan 132\u003c\/p\u003e \u003cp\u003eDealing with WAFs\/WordPress Not Detected 136\u003c\/p\u003e \u003cp\u003eSummary 141\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Directory Hunting 143\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDirhunt 143\u003c\/p\u003e \u003cp\u003eWfuzz 146\u003c\/p\u003e \u003cp\u003ePhoton 149\u003c\/p\u003e \u003cp\u003eCrawling a Website 151\u003c\/p\u003e \u003cp\u003eIntrigue.io 152\u003c\/p\u003e \u003cp\u003eSummary 157\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Search Engine Dorks 159\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEssential Search Dorks 160\u003c\/p\u003e \u003cp\u003eThe Minus Sign 160\u003c\/p\u003e \u003cp\u003eUsing Quotes 160\u003c\/p\u003e \u003cp\u003eThe site: Operator 161\u003c\/p\u003e \u003cp\u003eThe intitle: Operator 161\u003c\/p\u003e \u003cp\u003eThe allintitle: Operator 162\u003c\/p\u003e \u003cp\u003eThe fi letype: Operator 162\u003c\/p\u003e \u003cp\u003eThe inurl: Operator 163\u003c\/p\u003e \u003cp\u003eThe cache: Operator 165\u003c\/p\u003e \u003cp\u003eThe allinurl: Operator 165\u003c\/p\u003e \u003cp\u003eThe fi lename: Operator 165\u003c\/p\u003e \u003cp\u003eThe intext: Operator 165\u003c\/p\u003e \u003cp\u003eThe Power of the Dork 166\u003c\/p\u003e \u003cp\u003eDon’t Forget about Bing and Yahoo! 169\u003c\/p\u003e \u003cp\u003eAutomated Dorking Tools 169\u003c\/p\u003e \u003cp\u003eInurlbr 169\u003c\/p\u003e \u003cp\u003eUsing Inurlbr 171\u003c\/p\u003e \u003cp\u003eSummary 173\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 WHOIS 175\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWHOIS 175\u003c\/p\u003e \u003cp\u003eUses for WHOIS Data 176\u003c\/p\u003e \u003cp\u003eHistorical WHOIS 177\u003c\/p\u003e \u003cp\u003eSearching for Similar Domains 177\u003c\/p\u003e \u003cp\u003eNamedroppers.com 177\u003c\/p\u003e \u003cp\u003eSearching for Multiple Keywords 179\u003c\/p\u003e \u003cp\u003eAdvanced Searches 181\u003c\/p\u003e \u003cp\u003eLooking for Threat Actors 182\u003c\/p\u003e \u003cp\u003eWhoisology 183\u003c\/p\u003e \u003cp\u003eAdvanced Domain Searching 187\u003c\/p\u003e \u003cp\u003eWorth the Money? Absolutely 188\u003c\/p\u003e \u003cp\u003eDomainTools 188\u003c\/p\u003e \u003cp\u003eDomain Search 188\u003c\/p\u003e \u003cp\u003eBulk WHOIS 189\u003c\/p\u003e \u003cp\u003eReverse IP Lookup 189\u003c\/p\u003e \u003cp\u003eWHOIS Records on Steroids 190\u003c\/p\u003e \u003cp\u003eWHOIS History 192\u003c\/p\u003e \u003cp\u003eThe Power of Screenshots 193\u003c\/p\u003e \u003cp\u003eDigging into WHOIS History 193\u003c\/p\u003e \u003cp\u003eLooking for Changes in Ownership 194\u003c\/p\u003e \u003cp\u003eReverse WHOIS 196\u003c\/p\u003e \u003cp\u003eCross-Checking \u003ci\u003eAll \u003c\/i\u003eInformation 197\u003c\/p\u003e \u003cp\u003eSummary 199\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Certificate Transparency and Internet Archives 201\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCertificate Transparency 201\u003c\/p\u003e \u003cp\u003eWhat Does Any of This Have to Do with Digital Investigations? 202\u003c\/p\u003e \u003cp\u003eScouting with CTFR 202\u003c\/p\u003e \u003cp\u003eCrt.sh 204\u003c\/p\u003e \u003cp\u003eCT in Action: Side-stepping Cloudflare 204\u003c\/p\u003e \u003cp\u003eTesting More Targets 208\u003c\/p\u003e \u003cp\u003eCloudFlair (Script) and Censys 209\u003c\/p\u003e \u003cp\u003eHow Does It Work? 210\u003c\/p\u003e \u003cp\u003eWayback Machine and Search Engine Archives 211\u003c\/p\u003e \u003cp\u003eSearch Engine Caches 212\u003c\/p\u003e \u003cp\u003eCachedView.com 214\u003c\/p\u003e \u003cp\u003eWayback Machine Scraper 214\u003c\/p\u003e \u003cp\u003eEnum Wayback 215\u003c\/p\u003e \u003cp\u003eScraping Wayback with Photon 216\u003c\/p\u003e \u003cp\u003eArchive.org Site Search URLs 217\u003c\/p\u003e \u003cp\u003eWayback Site Digest: A List of Every Site URL Cached by Wayback 219\u003c\/p\u003e \u003cp\u003eSummary 220\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Iris by DomainTools 221\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Basics of Iris 221\u003c\/p\u003e \u003cp\u003eGuided Pivots 223\u003c\/p\u003e \u003cp\u003eConfiguring Your Settings 223\u003c\/p\u003e \u003cp\u003eHistorical Search Setting 224\u003c\/p\u003e \u003cp\u003ePivootttt!!! 225\u003c\/p\u003e \u003cp\u003ePivoting on SSL Certificate Hashes 227\u003c\/p\u003e \u003cp\u003eKeeping Notes 228\u003c\/p\u003e \u003cp\u003eWHOIS History 230\u003c\/p\u003e \u003cp\u003eScreenshot History 232\u003c\/p\u003e \u003cp\u003eHosting History 232\u003c\/p\u003e \u003cp\u003eBringing It All Together 234\u003c\/p\u003e \u003cp\u003eA Major Find 240\u003c\/p\u003e \u003cp\u003eSummary 241\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III Digging for Gold 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Document Metadata 245\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExiftool 246\u003c\/p\u003e \u003cp\u003eMetagoofil 248\u003c\/p\u003e \u003cp\u003eRecon-NG Metadata Modules 250\u003c\/p\u003e \u003cp\u003eMetacrawler 250\u003c\/p\u003e \u003cp\u003eInteresting_Files Module 252\u003c\/p\u003e \u003cp\u003ePushpin Geolocation Modules 254\u003c\/p\u003e \u003cp\u003eIntrigue.io 257\u003c\/p\u003e \u003cp\u003eFOCA 261\u003c\/p\u003e \u003cp\u003eStarting a Project 262\u003c\/p\u003e \u003cp\u003eExtracting Metadata 263\u003c\/p\u003e \u003cp\u003eSummary 266\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Interesting Places to Look 267\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTheHarvester 268\u003c\/p\u003e \u003cp\u003eRunning a Scan 269\u003c\/p\u003e \u003cp\u003ePaste Sites 273\u003c\/p\u003e \u003cp\u003ePsbdmp.ws 273\u003c\/p\u003e \u003cp\u003eForums 274\u003c\/p\u003e \u003cp\u003eInvestigating Forum History (and TDO) 275\u003c\/p\u003e \u003cp\u003eFollowing Breadcrumbs 276\u003c\/p\u003e \u003cp\u003eTracing Cyper’s Identity 278\u003c\/p\u003e \u003cp\u003eCode Repositories 280\u003c\/p\u003e \u003cp\u003eSearchCode.com 281\u003c\/p\u003e \u003cp\u003eSearching for Code 282\u003c\/p\u003e \u003cp\u003eFalse Negatives 283\u003c\/p\u003e \u003cp\u003eGitrob 284\u003c\/p\u003e \u003cp\u003eGit Commit Logs 287\u003c\/p\u003e \u003cp\u003eWiki Sites 288\u003c\/p\u003e \u003cp\u003eWikipedia 289\u003c\/p\u003e \u003cp\u003eSummary 292\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Publicly Accessible Data Storage 293\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Exactis Leak and Shodan 294\u003c\/p\u003e \u003cp\u003eData Attribution 295\u003c\/p\u003e \u003cp\u003eShodan’s Command-Line Options 296\u003c\/p\u003e \u003cp\u003eQuerying Historical Data 296\u003c\/p\u003e \u003cp\u003eCloudStorageFinder 298\u003c\/p\u003e \u003cp\u003eAmazon S3 299\u003c\/p\u003e \u003cp\u003eDigital Ocean Spaces 300\u003c\/p\u003e \u003cp\u003eNoSQL Databases 301\u003c\/p\u003e \u003cp\u003eMongoDB 302\u003c\/p\u003e \u003cp\u003eRobot 3T 302\u003c\/p\u003e \u003cp\u003eMongo Command-Line Tools 305\u003c\/p\u003e \u003cp\u003eElasticsearch 308\u003c\/p\u003e \u003cp\u003eQuerying Elasticsearch 308\u003c\/p\u003e \u003cp\u003eDumping Elasticsearch Data 311\u003c\/p\u003e \u003cp\u003eNoScrape 311\u003c\/p\u003e \u003cp\u003eMongoDB 313\u003c\/p\u003e \u003cp\u003eElasticsearch 314\u003c\/p\u003e \u003cp\u003eScan 314\u003c\/p\u003e \u003cp\u003eSearch 315\u003c\/p\u003e \u003cp\u003eDump 317\u003c\/p\u003e \u003cp\u003eMatchDump 317\u003c\/p\u003e \u003cp\u003eCassandra 318\u003c\/p\u003e \u003cp\u003eAmazon S3 320\u003c\/p\u003e \u003cp\u003eUsing Your Own S3 Credentials 320\u003c\/p\u003e \u003cp\u003eSummary 321\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV People Hunting 323\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Researching People, Images, and Locations 325\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePIPL 326\u003c\/p\u003e \u003cp\u003eSearching for People 327\u003c\/p\u003e \u003cp\u003ePublic Records and Background Checks 330\u003c\/p\u003e \u003cp\u003eAncestry.com 331\u003c\/p\u003e \u003cp\u003eThreat Actors Have Dads, Too 332\u003c\/p\u003e \u003cp\u003eCriminal Record Searches 332\u003c\/p\u003e \u003cp\u003eImage Searching 333\u003c\/p\u003e \u003cp\u003eGoogle Images 334\u003c\/p\u003e \u003cp\u003eSearching for Gold 335\u003c\/p\u003e \u003cp\u003eFollowing the Trail 335\u003c\/p\u003e \u003cp\u003eTinEye 336\u003c\/p\u003e \u003cp\u003eEagleEye 340\u003c\/p\u003e \u003cp\u003eSearching for Images 340\u003c\/p\u003e \u003cp\u003eCree.py and Geolocation 343\u003c\/p\u003e \u003cp\u003eGetting Started 343\u003c\/p\u003e \u003cp\u003eIP Address Tracking 346\u003c\/p\u003e \u003cp\u003eSummary 347\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Searching Social Media 349\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOSINT.rest 350\u003c\/p\u003e \u003cp\u003eAnother Test Subject 355\u003c\/p\u003e \u003cp\u003eTwitter 357\u003c\/p\u003e \u003cp\u003eSocialLinks: For Maltego Users 358\u003c\/p\u003e \u003cp\u003eSkiptracer 361\u003c\/p\u003e \u003cp\u003eRunning a Search 361\u003c\/p\u003e \u003cp\u003eSearching for an Email Address 361\u003c\/p\u003e \u003cp\u003eSearching for a Phone Number 364\u003c\/p\u003e \u003cp\u003eSearching Usernames 366\u003c\/p\u003e \u003cp\u003eOne More Username Search 368\u003c\/p\u003e \u003cp\u003eUserrecon 370\u003c\/p\u003e \u003cp\u003eReddit Investigator 372\u003c\/p\u003e \u003cp\u003eA Critical “Peace” of the TDO Investigation 374\u003c\/p\u003e \u003cp\u003eSummary 375\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Profile Tracking and Password Reset Clues 377\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhere to Start (with TDO)? 377\u003c\/p\u003e \u003cp\u003eBuilding a Profile Matrix 378\u003c\/p\u003e \u003cp\u003eStarting a Search with Forums 379\u003c\/p\u003e \u003cp\u003eBan Lists 381\u003c\/p\u003e \u003cp\u003eSocial Engineering 381\u003c\/p\u003e \u003cp\u003eSE’ing Threat Actors: The “Argon” Story 383\u003c\/p\u003e \u003cp\u003eEveryone Gets SE’d—a Lesson Learned 387\u003c\/p\u003e \u003cp\u003eThe End of TDO and the KickAss Forum 388\u003c\/p\u003e \u003cp\u003eUsing Password Reset Clues 390\u003c\/p\u003e \u003cp\u003eStarting Your Verification Sheet 391\u003c\/p\u003e \u003cp\u003eGmail 391\u003c\/p\u003e \u003cp\u003eFacebook 393\u003c\/p\u003e \u003cp\u003ePayPal 394\u003c\/p\u003e \u003cp\u003eTwitter 397\u003c\/p\u003e \u003cp\u003eMicrosoft 399\u003c\/p\u003e \u003cp\u003eInstagram 400\u003c\/p\u003e \u003cp\u003eUsing jQuery Website Responses 400\u003c\/p\u003e \u003cp\u003eICQ 403\u003c\/p\u003e \u003cp\u003eSummary 405\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18 Passwords, Dumps, and Data Viper 407\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUsing Passwords 408\u003c\/p\u003e \u003cp\u003eCompleting F3ttywap’s Profile Matrix 409\u003c\/p\u003e \u003cp\u003eAn Important Wrong Turn 412\u003c\/p\u003e \u003cp\u003eAcquiring Your Data 413\u003c\/p\u003e \u003cp\u003eData Quality and Collections 1–5 413\u003c\/p\u003e \u003cp\u003eAlways Manually Verify the Data 415\u003c\/p\u003e \u003cp\u003eWhere to Find Quality Data 420\u003c\/p\u003e \u003cp\u003eData Viper 420\u003c\/p\u003e \u003cp\u003eForums: The Missing Link 421\u003c\/p\u003e \u003cp\u003eIdentifying the Real “Cr00k” 422\u003c\/p\u003e \u003cp\u003eTracking Cr00k’s Forum Movements 423\u003c\/p\u003e \u003cp\u003eTimeline Analysis 423\u003c\/p\u003e \u003cp\u003eThe Eureka Moment 427\u003c\/p\u003e \u003cp\u003eVanity over OPSEC, Every Time 429\u003c\/p\u003e \u003cp\u003eWhy This Connection is Significant 429\u003c\/p\u003e \u003cp\u003eStarting Small: Data Viper 1.0 430\u003c\/p\u003e \u003cp\u003eSummary 431\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 19 Interacting with Threat Actors 433\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDrawing Them Out of the Shadows 433\u003c\/p\u003e \u003cp\u003eWho is WhitePacket? 434\u003c\/p\u003e \u003cp\u003eThe Bev Robb Connection 435\u003c\/p\u003e \u003cp\u003eStradinatras 436\u003c\/p\u003e \u003cp\u003eObfuscation and TDO 437\u003c\/p\u003e \u003cp\u003eWho is Bill? 439\u003c\/p\u003e \u003cp\u003eSo Who Exactly is Bill? 440\u003c\/p\u003e \u003cp\u003eYoungBugsThug 440\u003c\/p\u003e \u003cp\u003eHow Did I Know It Was Chris? 441\u003c\/p\u003e \u003cp\u003eA Connection to Mirai Botnet? 442\u003c\/p\u003e \u003cp\u003eWhy Was This Discovery So Earth-Shattering? 444\u003c\/p\u003e \u003cp\u003eQuestion Everything! 445\u003c\/p\u003e \u003cp\u003eEstablishing a Flow of Information 446\u003c\/p\u003e \u003cp\u003eLeveraging Hacker Drama 447\u003c\/p\u003e \u003cp\u003eWas Any of That Real? 448\u003c\/p\u003e \u003cp\u003eLooking for Other Clues 449\u003c\/p\u003e \u003cp\u003eBringing It Back to TDO 450\u003c\/p\u003e \u003cp\u003eResolving One Final Question 451\u003c\/p\u003e \u003cp\u003eWithdrawing Bitcoin 451\u003c\/p\u003e \u003cp\u003eSummary 452\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 20 Cutting through the Disinformation of a 10-Million-Dollar Hack 453\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGnosticPlayers 454\u003c\/p\u003e \u003cp\u003eSites Hacked by GnosticPlayers 456\u003c\/p\u003e \u003cp\u003eGnostic’s Hacking Techniques 457\u003c\/p\u003e \u003cp\u003eGnosticPlayers’ Posts 459\u003c\/p\u003e \u003cp\u003eGnosticPlayers2 Emerges 461\u003c\/p\u003e \u003cp\u003eA Mysterious Third Member 462\u003c\/p\u003e \u003cp\u003eNSFW\/Photon 463\u003c\/p\u003e \u003cp\u003eThe Gloves Come Off 464\u003c\/p\u003e \u003cp\u003eMaking Contact 465\u003c\/p\u003e \u003cp\u003eGabriel\/Bildstein aka Kuroi’sh 465\u003c\/p\u003e \u003cp\u003eContacting His Friends 467\u003c\/p\u003e \u003cp\u003eWeeding through Disinformation 468\u003c\/p\u003e \u003cp\u003eVerifying with Wayback 468\u003c\/p\u003e \u003cp\u003eBringing It All Together 469\u003c\/p\u003e \u003cp\u003eData Viper 469\u003c\/p\u003e \u003cp\u003eTrust but Verify 472\u003c\/p\u003e \u003cp\u003eDomain Tools’ Iris 474\u003c\/p\u003e \u003cp\u003eVerifying with a Second Data Source 475\u003c\/p\u003e \u003cp\u003eThe End of the Line 476\u003c\/p\u003e \u003cp\u003eWhat Really Happened? 476\u003c\/p\u003e \u003cp\u003eOutofreach 476\u003c\/p\u003e \u003cp\u003eKuroi’sh Magically Appears 477\u003c\/p\u003e \u003cp\u003eWhat I Learned from Watching Lost 477\u003c\/p\u003e \u003cp\u003eWho Hacked GateHub? 478\u003c\/p\u003e \u003cp\u003eUnraveling the Lie 479\u003c\/p\u003e \u003cp\u003eWas Gabriel Involved? My Theory 479\u003c\/p\u003e \u003cp\u003eGabriel is Nclay: An Alternate Theory 479\u003c\/p\u003e \u003cp\u003eAll roads lead back to NSFW 480\u003c\/p\u003e \u003cp\u003eSummary 481\u003c\/p\u003e \u003cp\u003eEpilogue 483\u003c\/p\u003e \u003cp\u003eIndex 487\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eABOUT THE AUTHOR\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003cb\u003eVINNY TROIA\u003c\/b\u003e is a cybersecurity evangelist and hacker with Night Lion Security. He is an acknowledged expert in digital forensics investigations, security strategies, and security breach remediation. Vinny possesses deep knowledge of industry-standard security and compliance controls, is frequently seen providing security expertise on major TV and radio networks, and recently introduced Data Viper, his own threat intelligence and cyber-criminal hunting platform.   \t \u003c\/p\u003e\u003cp\u003e\u003cb\u003eTHE ART AND SCIENCE OF TRACKING CYBERCRIME TO ITS SOURCE\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eWhen your organization falls victim to cybercrime, you need to be ready to fight back. The burden of investigating digital security breaches often falls to organizations themselves, so developing a robust toolkit that enables you to track down criminals is essential. \u003ci\u003eHunting Cyber Criminals\u003c\/i\u003e is filled with proven techniques to research the source of illicit network traffic, extract intelligence from publicly available web sources, and hunt the individuals who would do harm to your organization. \u003c\/p\u003e\u003cp\u003eWith easy-to-follow examples \u003ci\u003eHunting Cyber Criminals\u003c\/i\u003e provides vital guidance on investigating cybersecurity incidents. It shows how, even starting from just a single IP address, you can embark on an investigative journey to uncover the information you need to shore up your defenses, involve law enforcement, and shut down hackers for good. Learn from Vinny Troia's unique methodology and the practical techniques used to investigate and identify members of the cyber terrorist group known as The Dark Overlord. Beyond the author's own expertise, you'll benefit from guest comments by fellow industry experts: Alex Heid, Bob Diachenko, Cat Murdoch, Chris Hadnagy, Chris Roberts, John Strand, Jonathan Cran, Leslie Carhart, Nick Furneux, Rob Fuller, Troy Hunt, and William Martin. \u003c\/p\u003e\u003cp\u003eFor cybersecurity and business professionals involved in developing cyber incident response strategies, this compendium of the latest tools, techniques, and resources will prove indispensable. Cybercrime is a reality, not just a possibility, in today's business environments. Readiness to respond starts here. \u003c\/p\u003e\u003cul\u003e \u003cli\u003eLearn about the latest cybercrime investigation tools\u003c\/li\u003e \u003cli\u003eUncover clues to identify and track hackers anywhere\u003c\/li\u003e \u003cli\u003eUse network discovery to follow unwanted network traffic\u003c\/li\u003e \u003cli\u003eSearch web databases to gather intelligence and leads\u003c\/li\u003e \u003cli\u003eUse social media to identify probable perpetrators\u003c\/li\u003e \u003cli\u003eMaster complex web scenarios and advanced search techniques\u003c\/li\u003e \u003cli\u003eEmploy expert tips and tricks in your own investigations\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003cb\u003eABOUT NIGHT LION SECURITY\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eNight Lion Security provides network, website, and IT security consulting, services. The company specializes in advanced penetration testing and IT risk management.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989391818981,"sku":"NP9781119540922","price":42.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119540922.jpg?v=1761783929","url":"https:\/\/k12savings.com\/es\/products\/hunting-cyber-criminals-isbn-9781119540922","provider":"K12savings","version":"1.0","type":"link"}