{"product_id":"hands-on-hacking-isbn-9781119561453","title":"Hands on Hacking","description":"\u003cp\u003e\u003cb\u003eA fast, hands-on introduction to offensive hacking techniques\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003ci\u003eHands-On Hacking\u003c\/i\u003e teaches readers to see through the eyes of their adversary and apply hacking techniques to better understand real-world risks to computer networks and data. Readers will benefit from the author's years of experience in the field hacking into computer networks and ultimately training others in the art of cyber-attacks. This book holds no punches and explains the tools, tactics and procedures used by ethical hackers and criminal crackers alike.\u003c\/p\u003e \u003cp\u003eWe will take you on a journey through a hacker’s perspective when focused on the computer infrastructure of a target company, exploring how to access the servers and data. Once the information gathering stage is complete, you’ll look for flaws and their known exploits—including tools developed by real-world government financed state-actors.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eAn introduction to the same hacking techniques that malicious hackers will use against an organization\u003c\/li\u003e \u003cli\u003eWritten by infosec experts with proven history of publishing vulnerabilities and highlighting security flaws\u003c\/li\u003e \u003cli\u003eBased on the tried and tested material used to train hackers all over the world in the art of breaching networks\u003c\/li\u003e \u003cli\u003eCovers the fundamental basics of how computer networks are inherently vulnerable to attack, teaching the student how to apply hacking skills to uncover vulnerabilities\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eWe cover topics of breaching a company from the external network perimeter, hacking internal enterprise systems and web application vulnerabilities. Delving into the basics of exploitation with real-world practical examples, you won't find any hypothetical academic only attacks here. From start to finish this book will take the student through the steps necessary to breach an organization to improve its security.\u003c\/p\u003e \u003cp\u003eWritten by world-renowned cybersecurity experts and educators, \u003ci\u003eHands-On Hacking\u003c\/i\u003e teaches entry-level professionals seeking to learn ethical hacking techniques. If you are looking to understand penetration testing and ethical hacking, this book takes you from basic methods to advanced techniques in a structured learning format.\u003c\/p\u003e \u003cp\u003eForeword xviii\u003c\/p\u003e \u003cp\u003eIntroduction xx\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Hacking a Business Case 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAll Computers are Broken 2\u003c\/p\u003e \u003cp\u003eThe Stakes 4\u003c\/p\u003e \u003cp\u003eWhat’s Stolen and Why It’s Valuable 4\u003c\/p\u003e \u003cp\u003eThe Internet of Vulnerable Things 4\u003c\/p\u003e \u003cp\u003eBlue, Red, and Purple Teams 5\u003c\/p\u003e \u003cp\u003eBlue Teams 5\u003c\/p\u003e \u003cp\u003eRed Teams 5\u003c\/p\u003e \u003cp\u003ePurple Teams 7\u003c\/p\u003e \u003cp\u003eHacking is Part of Your Company’s Immune System 9\u003c\/p\u003e \u003cp\u003eSummary 11\u003c\/p\u003e \u003cp\u003eNotes 12\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Hacking Ethically and Legally 13\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLaws That Affect Your Work 14\u003c\/p\u003e \u003cp\u003eCriminal Hacking 15\u003c\/p\u003e \u003cp\u003eHacking Neighborly 15\u003c\/p\u003e \u003cp\u003eLegally Gray 16\u003c\/p\u003e \u003cp\u003ePenetration Testing Methodologies 17\u003c\/p\u003e \u003cp\u003eAuthorization 18\u003c\/p\u003e \u003cp\u003eResponsible Disclosure 19\u003c\/p\u003e \u003cp\u003eBug Bounty Programs 20\u003c\/p\u003e \u003cp\u003eLegal Advice and Support 21\u003c\/p\u003e \u003cp\u003eHacker House Code of Conduct 22\u003c\/p\u003e \u003cp\u003eSummary 22\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Building Your Hack Box 23\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHardware for Hacking 24\u003c\/p\u003e \u003cp\u003eLinux or BSD? 26\u003c\/p\u003e \u003cp\u003eHost Operating Systems 27\u003c\/p\u003e \u003cp\u003eGentoo Linux 27\u003c\/p\u003e \u003cp\u003eArch Linux 28\u003c\/p\u003e \u003cp\u003eDebian 28\u003c\/p\u003e \u003cp\u003eUbuntu 28\u003c\/p\u003e \u003cp\u003eKali Linux 29\u003c\/p\u003e \u003cp\u003eVerifying Downloads 29\u003c\/p\u003e \u003cp\u003eDisk Encryption 31\u003c\/p\u003e \u003cp\u003eEssential Software 33\u003c\/p\u003e \u003cp\u003eFirewall 34\u003c\/p\u003e \u003cp\u003ePassword Manager 35\u003c\/p\u003e \u003cp\u003eEmail 36\u003c\/p\u003e \u003cp\u003eSetting Up VirtualBox 36\u003c\/p\u003e \u003cp\u003eVirtualization Settings 37\u003c\/p\u003e \u003cp\u003eDownloading and Installing VirtualBox 37\u003c\/p\u003e \u003cp\u003eHost-Only Networking 37\u003c\/p\u003e \u003cp\u003eCreating a Kali Linux VM 40\u003c\/p\u003e \u003cp\u003eCreating a Virtual Hard Disk 42\u003c\/p\u003e \u003cp\u003eInserting a Virtual CD 43\u003c\/p\u003e \u003cp\u003eVirtual Network Adapters 44\u003c\/p\u003e \u003cp\u003eLabs 48\u003c\/p\u003e \u003cp\u003eGuest Additions 51\u003c\/p\u003e \u003cp\u003eTesting Your Virtual Environment 52\u003c\/p\u003e \u003cp\u003eCreating Vulnerable Servers 53\u003c\/p\u003e \u003cp\u003eSummary 54\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Open Source Intelligence Gathering 55\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDoes Your Client Need an OSINT Review? 56\u003c\/p\u003e \u003cp\u003eWhat are You Looking For? 57\u003c\/p\u003e \u003cp\u003eWhere Do You Find It? 58\u003c\/p\u003e \u003cp\u003eOSINT Tools 59\u003c\/p\u003e \u003cp\u003eGrabbing Email Addresses from Google 59\u003c\/p\u003e \u003cp\u003eGoogle Dorking the Shadows 62\u003c\/p\u003e \u003cp\u003eA Brief Introduction to Passwd and Shadow Files 62\u003c\/p\u003e \u003cp\u003eThe Google Hacking Database 65\u003c\/p\u003e \u003cp\u003eHave You Been “Pwned” Yet? 66\u003c\/p\u003e \u003cp\u003eOSINT Framework Recon-ng 67\u003c\/p\u003e \u003cp\u003eRecon-ng Under the Hood 74\u003c\/p\u003e \u003cp\u003eHarvesting the Web 75\u003c\/p\u003e \u003cp\u003eDocument Metadata 76\u003c\/p\u003e \u003cp\u003eMaltego 80\u003c\/p\u003e \u003cp\u003eSocial Media Networks 81\u003c\/p\u003e \u003cp\u003eShodan 83\u003c\/p\u003e \u003cp\u003eProtecting Against OSINT 85\u003c\/p\u003e \u003cp\u003eSummary 86\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 The Domain Name System 87\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Implications of Hacking DNS 87\u003c\/p\u003e \u003cp\u003eA Brief History of DNS 88\u003c\/p\u003e \u003cp\u003eThe DNS Hierarchy 88\u003c\/p\u003e \u003cp\u003eA Basic DNS Query 89\u003c\/p\u003e \u003cp\u003eAuthority and Zones 92\u003c\/p\u003e \u003cp\u003eDNS Resource Records 92\u003c\/p\u003e \u003cp\u003eBIND9 95\u003c\/p\u003e \u003cp\u003eDNS Hacking Toolkit 98\u003c\/p\u003e \u003cp\u003eFinding Hosts 98\u003c\/p\u003e \u003cp\u003eWHOIS 98\u003c\/p\u003e \u003cp\u003eBrute-Forcing Hosts with Recon-ng 100\u003c\/p\u003e \u003cp\u003eHost 101\u003c\/p\u003e \u003cp\u003eFinding the SOA with Dig 102\u003c\/p\u003e \u003cp\u003eHacking a Virtual Name Server 103\u003c\/p\u003e \u003cp\u003ePort Scanning with Nmap 104\u003c\/p\u003e \u003cp\u003eDigging for Information 106\u003c\/p\u003e \u003cp\u003eSpecifying Resource Records 108\u003c\/p\u003e \u003cp\u003eInformation Leak CHAOS 111\u003c\/p\u003e \u003cp\u003eZone Transfer Requests 113\u003c\/p\u003e \u003cp\u003eInformation-Gathering Tools 114\u003c\/p\u003e \u003cp\u003eFierce 115\u003c\/p\u003e \u003cp\u003eDnsrecon 116\u003c\/p\u003e \u003cp\u003eDnsenum 116\u003c\/p\u003e \u003cp\u003eSearching for Vulnerabilities and Exploits 118\u003c\/p\u003e \u003cp\u003eSearchsploit 118\u003c\/p\u003e \u003cp\u003eOther Sources 119\u003c\/p\u003e \u003cp\u003eDNS Traffic Amplification 120\u003c\/p\u003e \u003cp\u003eMetasploit 121\u003c\/p\u003e \u003cp\u003eCarrying Out a Denial-of-Service Attack 125\u003c\/p\u003e \u003cp\u003eDoS Attacks with Metasploit 126\u003c\/p\u003e \u003cp\u003eDNS Spoofi ng 128\u003c\/p\u003e \u003cp\u003eDNS Cache Poisoning 129\u003c\/p\u003e \u003cp\u003eDNS Cache Snooping 131\u003c\/p\u003e \u003cp\u003eDNSSEC 131\u003c\/p\u003e \u003cp\u003eFuzzing 132\u003c\/p\u003e \u003cp\u003eSummary 134\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Electronic Mail 135\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Email Chain 135\u003c\/p\u003e \u003cp\u003eMessage Headers 137\u003c\/p\u003e \u003cp\u003eDelivery Status Notifications 138\u003c\/p\u003e \u003cp\u003eThe Simple Mail Transfer Protocol 141\u003c\/p\u003e \u003cp\u003eSender Policy Framework 143\u003c\/p\u003e \u003cp\u003eScanning a Mail Server 145\u003c\/p\u003e \u003cp\u003eComplete Nmap Scan Results (TCP) 149\u003c\/p\u003e \u003cp\u003eProbing the SMTP Service 152\u003c\/p\u003e \u003cp\u003eOpen Relays 153\u003c\/p\u003e \u003cp\u003eThe Post Office Protocol 155\u003c\/p\u003e \u003cp\u003eThe Internet Message Access Protocol 157\u003c\/p\u003e \u003cp\u003eMail Software 158\u003c\/p\u003e \u003cp\u003eExim 159\u003c\/p\u003e \u003cp\u003eSendmail 159\u003c\/p\u003e \u003cp\u003eCyrus 160\u003c\/p\u003e \u003cp\u003ePHP Mail 160\u003c\/p\u003e \u003cp\u003eWebmail 161\u003c\/p\u003e \u003cp\u003eUser Enumeration via Finger 162\u003c\/p\u003e \u003cp\u003eBrute-Forcing the Post Office 167\u003c\/p\u003e \u003cp\u003eThe Nmap Scripting Engine 169\u003c\/p\u003e \u003cp\u003eCVE-2014-0160: The Heartbleed Bug 172\u003c\/p\u003e \u003cp\u003eExploiting CVE-2010-4345 180\u003c\/p\u003e \u003cp\u003eGot Root? 183\u003c\/p\u003e \u003cp\u003eUpgrading Your Shell 184\u003c\/p\u003e \u003cp\u003eExploiting CVE-2017-7692 185\u003c\/p\u003e \u003cp\u003eSummary 188\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 The World Wide Web of Vulnerabilities 191\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe World Wide Web 192\u003c\/p\u003e \u003cp\u003eThe Hypertext Transfer Protocol 193\u003c\/p\u003e \u003cp\u003eHTTP Methods and Verbs 195\u003c\/p\u003e \u003cp\u003eHTTP Response Codes 196\u003c\/p\u003e \u003cp\u003eStateless 198\u003c\/p\u003e \u003cp\u003eCookies 198\u003c\/p\u003e \u003cp\u003eUniform Resource Identifiers 200\u003c\/p\u003e \u003cp\u003eLAMP: Linux, Apache, MySQL, and PHP 201\u003c\/p\u003e \u003cp\u003eWeb Server: Apache 202\u003c\/p\u003e \u003cp\u003eDatabase: MySQL 203\u003c\/p\u003e \u003cp\u003eServer-Side Scripting: PHP 203\u003c\/p\u003e \u003cp\u003eNginx 205\u003c\/p\u003e \u003cp\u003eMicrosoft IIS 205\u003c\/p\u003e \u003cp\u003eCreepy Crawlers and Spiders 206\u003c\/p\u003e \u003cp\u003eThe Web Server Hacker’s Toolkit 206\u003c\/p\u003e \u003cp\u003ePort Scanning a Web Server 207\u003c\/p\u003e \u003cp\u003eManual HTTP Requests 210\u003c\/p\u003e \u003cp\u003eWeb Vulnerability Scanning 212\u003c\/p\u003e \u003cp\u003eGuessing Hidden Web Content 216\u003c\/p\u003e \u003cp\u003eNmap 217\u003c\/p\u003e \u003cp\u003eDirectory Busting 218\u003c\/p\u003e \u003cp\u003eDirectory Traversal Vulnerabilities 219\u003c\/p\u003e \u003cp\u003eUploading Files 220\u003c\/p\u003e \u003cp\u003eWebDAV 220\u003c\/p\u003e \u003cp\u003eWeb Shell with Weevely 222\u003c\/p\u003e \u003cp\u003eHTTP Authentication 223\u003c\/p\u003e \u003cp\u003eCommon Gateway Interface 225\u003c\/p\u003e \u003cp\u003eShellshock 226\u003c\/p\u003e \u003cp\u003eExploiting Shellshock Using Metasploit 227\u003c\/p\u003e \u003cp\u003eExploiting Shellshock with cURL and Netcat 228\u003c\/p\u003e \u003cp\u003eSSL, TLS, and Heartbleed 232\u003c\/p\u003e \u003cp\u003eWeb Administration Interfaces 238\u003c\/p\u003e \u003cp\u003eApache Tomcat 238\u003c\/p\u003e \u003cp\u003eWebmin 240\u003c\/p\u003e \u003cp\u003ephpMyAdmin 241\u003c\/p\u003e \u003cp\u003eWeb Proxies 242\u003c\/p\u003e \u003cp\u003eProxychains 243\u003c\/p\u003e \u003cp\u003ePrivilege Escalation 245\u003c\/p\u003e \u003cp\u003ePrivilege Escalation Using DirtyCOW 246\u003c\/p\u003e \u003cp\u003eSummary 249\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Virtual Private Networks 251\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is a VPN? 251\u003c\/p\u003e \u003cp\u003eInternet Protocol Security 253\u003c\/p\u003e \u003cp\u003eInternet Key Exchange 253\u003c\/p\u003e \u003cp\u003eTransport Layer Security and VPNs 254\u003c\/p\u003e \u003cp\u003eUser Databases and Authentication 255\u003c\/p\u003e \u003cp\u003eSQL Database 255\u003c\/p\u003e \u003cp\u003eRADIUS 255\u003c\/p\u003e \u003cp\u003eLDAP 256\u003c\/p\u003e \u003cp\u003ePAM 256\u003c\/p\u003e \u003cp\u003eTACACS+ 256\u003c\/p\u003e \u003cp\u003eThe NSA and VPNs 257\u003c\/p\u003e \u003cp\u003eThe VPN Hacker’s Toolkit 257\u003c\/p\u003e \u003cp\u003eVPN Hacking Methodology 257\u003c\/p\u003e \u003cp\u003ePort Scanning a VPN Server 258\u003c\/p\u003e \u003cp\u003eHping3 259\u003c\/p\u003e \u003cp\u003eUDP Scanning with Nmap 261\u003c\/p\u003e \u003cp\u003eIKE-scan 262\u003c\/p\u003e \u003cp\u003eIdentifying Security Association Options 263\u003c\/p\u003e \u003cp\u003eAggressive Mode 265\u003c\/p\u003e \u003cp\u003eOpenVPN 267\u003c\/p\u003e \u003cp\u003eLDAP 275\u003c\/p\u003e \u003cp\u003eOpenVPN and Shellshock 277\u003c\/p\u003e \u003cp\u003eExploiting CVE-2017-5618 278\u003c\/p\u003e \u003cp\u003eSummary 281\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Files and File Sharing 283\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is Network-Attached Storage? 284\u003c\/p\u003e \u003cp\u003eFile Permissions 284\u003c\/p\u003e \u003cp\u003eNAS Hacking Toolkit 287\u003c\/p\u003e \u003cp\u003ePort Scanning a File Server 288\u003c\/p\u003e \u003cp\u003eThe File Transfer Protocol 289\u003c\/p\u003e \u003cp\u003eThe Trivial File Transfer Protocol 291\u003c\/p\u003e \u003cp\u003eRemote Procedure Calls 292\u003c\/p\u003e \u003cp\u003eRPCinfo 294\u003c\/p\u003e \u003cp\u003eServer Message Block 295\u003c\/p\u003e \u003cp\u003eNetBIOS and NBT 296\u003c\/p\u003e \u003cp\u003eSamba Setup 298\u003c\/p\u003e \u003cp\u003eEnum4Linux 299\u003c\/p\u003e \u003cp\u003eSambaCry (CVE-2017-7494) 303\u003c\/p\u003e \u003cp\u003eRsync 306\u003c\/p\u003e \u003cp\u003eNetwork File System 308\u003c\/p\u003e \u003cp\u003eNFS Privilege Escalation 309\u003c\/p\u003e \u003cp\u003eSearching for Useful Files 311\u003c\/p\u003e \u003cp\u003eSummary 312\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 UNIX 315\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUNIX System Administration 316\u003c\/p\u003e \u003cp\u003eSolaris 316\u003c\/p\u003e \u003cp\u003eUNIX Hacking Toolbox 318\u003c\/p\u003e \u003cp\u003ePort Scanning Solaris 319\u003c\/p\u003e \u003cp\u003eTelnet 320\u003c\/p\u003e \u003cp\u003eSecure Shell 324\u003c\/p\u003e \u003cp\u003eRPC 326\u003c\/p\u003e \u003cp\u003eCVE-2010-4435 329\u003c\/p\u003e \u003cp\u003eCVE-1999-0209 329\u003c\/p\u003e \u003cp\u003eCVE-2017-3623 330\u003c\/p\u003e \u003cp\u003eHacker’s Holy Grail EBBSHAVE 331\u003c\/p\u003e \u003cp\u003eEBBSHAVE Version 4 332\u003c\/p\u003e \u003cp\u003eEBBSHAVE Version 5 335\u003c\/p\u003e \u003cp\u003eDebugging EBBSHAVE 335\u003c\/p\u003e \u003cp\u003eR-services 338\u003c\/p\u003e \u003cp\u003eThe Simple Network Management Protocol 339\u003c\/p\u003e \u003cp\u003eEwok 341\u003c\/p\u003e \u003cp\u003eThe Common UNIX Printing System 341\u003c\/p\u003e \u003cp\u003eThe X Window System 343\u003c\/p\u003e \u003cp\u003eCron and Local Files 347\u003c\/p\u003e \u003cp\u003eThe Common Desktop Environment 351\u003c\/p\u003e \u003cp\u003eEXTREMEPARR 351\u003c\/p\u003e \u003cp\u003eSummary 353\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Databases 355\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTypes of Databases 356\u003c\/p\u003e \u003cp\u003eFlat-File Databases 356\u003c\/p\u003e \u003cp\u003eRelational Databases 356\u003c\/p\u003e \u003cp\u003eNonrelational Databases 358\u003c\/p\u003e \u003cp\u003eStructured Query Language 358\u003c\/p\u003e \u003cp\u003eUser-Defined Functions 359\u003c\/p\u003e \u003cp\u003eThe Database Hacker’s Toolbox 360\u003c\/p\u003e \u003cp\u003eCommon Database Exploitation 360\u003c\/p\u003e \u003cp\u003ePort Scanning a Database Server 361\u003c\/p\u003e \u003cp\u003eMySQL 362\u003c\/p\u003e \u003cp\u003eExploring a MySQL Database 362\u003c\/p\u003e \u003cp\u003eMySQL Authentication 373\u003c\/p\u003e \u003cp\u003ePostgreSQL 374\u003c\/p\u003e \u003cp\u003eEscaping Database Software 377\u003c\/p\u003e \u003cp\u003eOracle Database 378\u003c\/p\u003e \u003cp\u003eMongoDB 381\u003c\/p\u003e \u003cp\u003eRedis 381\u003c\/p\u003e \u003cp\u003ePrivilege Escalation via Databases 384\u003c\/p\u003e \u003cp\u003eSummary 392\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Web Applications 395\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe OWASP Top 10 396\u003c\/p\u003e \u003cp\u003eThe Web Application Hacker’s Toolkit 397\u003c\/p\u003e \u003cp\u003ePort Scanning a Web Application Server 397\u003c\/p\u003e \u003cp\u003eUsing an Intercepting Proxy 398\u003c\/p\u003e \u003cp\u003eSetting Up Burp Suite Community Edition 399\u003c\/p\u003e \u003cp\u003eUsing Burp Suite Over HTTPS 407\u003c\/p\u003e \u003cp\u003eManual Browsing and Mapping 412\u003c\/p\u003e \u003cp\u003eSpidering 415\u003c\/p\u003e \u003cp\u003eIdentifying Entry Points 418\u003c\/p\u003e \u003cp\u003eWeb Vulnerability Scanners 418\u003c\/p\u003e \u003cp\u003eZed Attack Proxy 419\u003c\/p\u003e \u003cp\u003eBurp Suite Professional 420\u003c\/p\u003e \u003cp\u003eSkipfish 421\u003c\/p\u003e \u003cp\u003eFinding Vulnerabilities 421\u003c\/p\u003e \u003cp\u003eInjection 421\u003c\/p\u003e \u003cp\u003eSQL Injection 422\u003c\/p\u003e \u003cp\u003eSQLmap 427\u003c\/p\u003e \u003cp\u003eDrupageddon 433\u003c\/p\u003e \u003cp\u003eProtecting Against SQL Injection 433\u003c\/p\u003e \u003cp\u003eOther Injection Flaws 434\u003c\/p\u003e \u003cp\u003eBroken Authentication 434\u003c\/p\u003e \u003cp\u003eSensitive Data Exposure 436\u003c\/p\u003e \u003cp\u003eXML External Entities 437\u003c\/p\u003e \u003cp\u003eCVE-2014-3660 437\u003c\/p\u003e \u003cp\u003eBroken Access Controls 439\u003c\/p\u003e \u003cp\u003eDirectory Traversal 440\u003c\/p\u003e \u003cp\u003eSecurity Misconfiguration 441\u003c\/p\u003e \u003cp\u003eError Pages and Stack Traces 442\u003c\/p\u003e \u003cp\u003eCross-Site Scripting 442\u003c\/p\u003e \u003cp\u003eThe Browser Exploitation Framework 445\u003c\/p\u003e \u003cp\u003eMore about XSS Flaws 450\u003c\/p\u003e \u003cp\u003eXSS Filter Evasion 450\u003c\/p\u003e \u003cp\u003eInsecure Deserialization 452\u003c\/p\u003e \u003cp\u003eKnown Vulnerabilities 453\u003c\/p\u003e \u003cp\u003eInsufficient Logging and Monitoring 453\u003c\/p\u003e \u003cp\u003ePrivilege Escalation 454\u003c\/p\u003e \u003cp\u003eSummary 455\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Microsoft Windows 457\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHacking Windows vs. Linux 458\u003c\/p\u003e \u003cp\u003eDomains, Trees, and Forests 458\u003c\/p\u003e \u003cp\u003eUsers, Groups, and Permissions 461\u003c\/p\u003e \u003cp\u003ePassword Hashes 461\u003c\/p\u003e \u003cp\u003eAntivirus Software 462\u003c\/p\u003e \u003cp\u003eBypassing User Account Control 463\u003c\/p\u003e \u003cp\u003eSetting Up a Windows VM 464\u003c\/p\u003e \u003cp\u003eA Windows Hacking Toolkit 466\u003c\/p\u003e \u003cp\u003eWindows and the NSA 467\u003c\/p\u003e \u003cp\u003ePort Scanning Windows Server 467\u003c\/p\u003e \u003cp\u003eMicrosoft DNS 469\u003c\/p\u003e \u003cp\u003eInternet Information Services 470\u003c\/p\u003e \u003cp\u003eKerberos 471\u003c\/p\u003e \u003cp\u003eGolden Tickets 472\u003c\/p\u003e \u003cp\u003eNetBIOS 473\u003c\/p\u003e \u003cp\u003eLDAP 474\u003c\/p\u003e \u003cp\u003eServer Message Block 474\u003c\/p\u003e \u003cp\u003eETERNALBLUE 476\u003c\/p\u003e \u003cp\u003eEnumerating Users 479\u003c\/p\u003e \u003cp\u003eMicrosoft RPC 489\u003c\/p\u003e \u003cp\u003eTask Scheduler 497\u003c\/p\u003e \u003cp\u003eRemote Desktop 497\u003c\/p\u003e \u003cp\u003eThe Windows Shell 498\u003c\/p\u003e \u003cp\u003ePowerShell 501\u003c\/p\u003e \u003cp\u003ePrivilege Escalation with PowerShell 502\u003c\/p\u003e \u003cp\u003ePowerSploit and AMSI 503\u003c\/p\u003e \u003cp\u003eMeterpreter 504\u003c\/p\u003e \u003cp\u003eHash Dumping 505\u003c\/p\u003e \u003cp\u003ePassing the Hash 506\u003c\/p\u003e \u003cp\u003ePrivilege Escalation 507\u003c\/p\u003e \u003cp\u003eGetting SYSTEM 508\u003c\/p\u003e \u003cp\u003eAlternative Payload Delivery Methods 509\u003c\/p\u003e \u003cp\u003eBypassing Windows Defender 512\u003c\/p\u003e \u003cp\u003eSummary 514\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Passwords 517\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHashing 517\u003c\/p\u003e \u003cp\u003eThe Password Cracker’s Toolbox 519\u003c\/p\u003e \u003cp\u003eCracking 519\u003c\/p\u003e \u003cp\u003eHash Tables and Rainbow Tables 523\u003c\/p\u003e \u003cp\u003eAdding Salt 525\u003c\/p\u003e \u003cp\u003eInto the \u003ci\u003e\/etc\/shadow \u003c\/i\u003e526\u003c\/p\u003e \u003cp\u003eDifferent Hash Types 530\u003c\/p\u003e \u003cp\u003eMD5 530\u003c\/p\u003e \u003cp\u003eSHA-1 531\u003c\/p\u003e \u003cp\u003eSHA-2 531\u003c\/p\u003e \u003cp\u003eSHA256 531\u003c\/p\u003e \u003cp\u003eSHA512 531\u003c\/p\u003e \u003cp\u003ebcrypt 531\u003c\/p\u003e \u003cp\u003eCRC16\/CRC32 532\u003c\/p\u003e \u003cp\u003ePBKDF2 532\u003c\/p\u003e \u003cp\u003eCollisions 533\u003c\/p\u003e \u003cp\u003ePseudo-hashing 533\u003c\/p\u003e \u003cp\u003eMicrosoft Hashes 535\u003c\/p\u003e \u003cp\u003eGuessing Passwords 537\u003c\/p\u003e \u003cp\u003eThe Art of Cracking 538\u003c\/p\u003e \u003cp\u003eRandom Number Generators 539\u003c\/p\u003e \u003cp\u003eSummary 540\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Writing Reports 543\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is a Penetration Test Report? 544\u003c\/p\u003e \u003cp\u003eCommon Vulnerabilities Scoring System 545\u003c\/p\u003e \u003cp\u003eAttack Vector 545\u003c\/p\u003e \u003cp\u003eAttack Complexity 546\u003c\/p\u003e \u003cp\u003ePrivileges Required 546\u003c\/p\u003e \u003cp\u003eUser Interaction 547\u003c\/p\u003e \u003cp\u003eScope 547\u003c\/p\u003e \u003cp\u003eConfidentiality, Integrity, and Availability Impact 547\u003c\/p\u003e \u003cp\u003eReport Writing as a Skill 549\u003c\/p\u003e \u003cp\u003eWhat Should a Report Include? 549\u003c\/p\u003e \u003cp\u003eExecutive Summary 550\u003c\/p\u003e \u003cp\u003eTechnical Summary 551\u003c\/p\u003e \u003cp\u003eAssessment Results 551\u003c\/p\u003e \u003cp\u003eSupporting Information 552\u003c\/p\u003e \u003cp\u003eTaking Notes 553\u003c\/p\u003e \u003cp\u003eDradis Community Edition 553\u003c\/p\u003e \u003cp\u003eProofreading 557\u003c\/p\u003e \u003cp\u003eDelivery 558\u003c\/p\u003e \u003cp\u003eSummary 559\u003c\/p\u003e \u003cp\u003eIndex 561\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eMATTHEW HICKEY\u003c\/b\u003e is an expert in offensive security testing, discovering vulnerabilities used by malicious attackers, as well as a developer of exploits and security testing tools. He is a co-founder of Hacker House. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eJENNIFER ARCURI\u003c\/b\u003e is an entrepreneur, public speaker and Certified Ethical Hacker. She is the CEO and founder of Hacker House.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eLeading cybersecurity expert Matthew Hickey and team teach you offensive hacking techniques!\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eCybersecurity threats are everywhere. The best way to identify the real-world risks to your computer networks and your data—and to defend against attacks—is to think like malicious hackers and understand their methods. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eHands on Hacking\u003c\/i\u003e is a crash-course on the techniques hackers use to attack and compromise organizations of all sizes with an emphasis on the practical elements of hacking. Virtual labs have been put together exclusively for this book, that readers can download for honing and testing their skills. Based on Hacker House's training courses, this book covers ethics and law, open-source intelligence gathering, domain name systems, email services, web servers, virtual private networks, file storage, database servers and web applications. We cover Linux, UNIX and the Microsoft Windows operating systems including tools and exploits used for hacking into them. \u003c\/p\u003e\u003cp\u003eRequiring no previous experience in computer hacking and only an entry level understanding of computers and networking, this book will help you to develop the curiosity, creativity, and determination that every hacker possesses, whether you're a business leader, or someone getting started as an ethical hacker. You will examine a typical company's infrastructure, explore how to access its servers and data, probe for flaws, and search for vulnerabilities. You'll run exploits which have been developed by individual hackers and government agencies, learn how they work, and use them to hack into the accompanying lab. Finally, you'll learn how to report your findings and suggest remedial action to your client or team. \u003c\/p\u003e\u003cp\u003eWritten by information security expert Matthew Hickey, who has an established history of discovering critical security vulnerabilities and teaching others to do the same, \u003ci\u003eHands on Hacking\u003c\/i\u003e helps you: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eLearn theoretical \u003ci\u003eand\u003c\/i\u003e practical aspects of hacking\u003c\/li\u003e \u003cli\u003eUnderstand what hackers can do to and for a company while creating a positive hacker-aware culture in your organization\u003c\/li\u003e \u003cli\u003eCreate Purple Teams – a mix of attackers and defenders that work together to identify and solve security issues\u003c\/li\u003e \u003cli\u003eUnderstand protocols that power networks and the Internet, learn and understand their flaws\u003c\/li\u003e \u003cli\u003eHack into Linux, Unix and Microsoft Windows operating systems\u003c\/li\u003e \u003cli\u003eAssess web applications for critical vulnerabilities and exploit them\u003c\/li\u003e \u003cli\u003eDevelop the mindset of an ethical hacker and learn the processes of professional hacking\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989345452261,"sku":"NP9781119561453","price":45.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119561453.jpg?v=1761783752","url":"https:\/\/k12savings.com\/products\/hands-on-hacking-isbn-9781119561453","provider":"K12savings","version":"1.0","type":"link"}