Overview

The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them   Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.   Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.   Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes: Constructing convincing new phishing attacks Discovering which sites other Web users are visiting Wreaking havoc on IT security via wireless networks Disrupting competitors’ Web sites Performing–and preventing–corporate espionage Destroying secure files Gaining access to private healthcare records Attacking the viewers of social networking pages Creating entirely new exploits and more   Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.   Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.   Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.   informit.com/aw Cover photograph © Corbis / Jupiter Images   $49.99 US  $59.99 CANADA

Full Product Details

Author:   Andrew Whitaker ,  Keatron Evans ,  Jack Voth
Publisher:   Pearson Education (US)
Imprint:   Addison-Wesley Educational Publishers Inc
Dimensions:   Width: 17.80cm , Height: 1.80cm , Length: 23.60cm
Weight:   0.498kg
ISBN:  

9780321498816

ISBN 10:   032149881
Pages:   312
Publication Date:   12 March 2009
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Hardback
Publisher's Status:   Out of Print
Availability:   In Print  
Limited stock is available. It will be ordered for you and shipped pending supplier's limited stock.

Table of Contents

Introduction xvii Chapter 1 Get Your Free Credit Cards Here 1 Setting the Stage 1 The Approach 1 The Chained Exploit 2 Enumerating the PDXO Web Site 3 Enumerating the Credit Card Database 5 Stealing Credit Card Information from the Web Site 11 Selling the Credit Card Information on the Underground Market 13 Defacing the PDXO Web Site 15 Chained Exploit Summary 16 Countermeasures 17 Change the Default HTTP Response Header 17 Do Not Have Public Access to Developer Sites 17 Do Not Install SQL Server on the Same Machine as IIS 17 Sanitize Input on Web Forms 18 Do Not Install IIS in the Default Location 18 Make Your Web Site Read-Only 18 Remove Unnecessary Stored Procedures from Your SQL Database 18 Do Not Use the Default Username and Password for Your Database 18 Countermeasures for Customers 19 Conclusion 20 Chapter 2 Discover What Your Boss Is Looking At 21 Setting the Stage 21 The Approach 22 For More Information 25 The Chained Exploit 28 Phishing Scam 29 Installing Executables 32 Setting Up the Phishing Site 38 Sending Mr. Minutia an E-mail 38 Finding the Boss's Computer 42 Connecting to the Boss's Computer 43 WinPcap 45 Analyzing the Packet Capture 46 Reassembling the Graphics 48 Other Possibilities 51 Chained Exploit Summary 52 Countermeasures 52 Countermeasures for Phishing Scams 53 Countermeasures for Trojan Horse Applications 53 Countermeasures for Packet-Capturing Software 54 Conclusion 54 Chapter 3 Take Down Your Competitor's Web Site 55 Setting the Stage 55 The Approach 57 For More Information 59 The Chained Exploit 59 Attack #1: The Test 60 Attack #2: The One That Worked 66 Getting Access to the Pawn Web site 68 Lab-Testing the Hack 70 Modifying the Pawn Web Site 80 Other Possibilities 83 Chained Exploit Summary 84 Countermeasures 85 Countermeasures for Hackers Passively Finding Information about Your Company 85 Countermeasures for DDoS Attacks via ICMP 85 Countermeasures for DDoS Attacks via HTTP and Other Protocols 86 Countermeasures for Unauthorized Web Site Modification 86 Countermeasures for Compromise of Internal Employees 87 Conclusion 88 Chapter 4 Corporate Espionage 89 Setting the Stage 89 The Approach 91 The Chained Exploit 92 Reconnaissance 92 Getting Physical Access 96 Executing the Hacks 101 Bringing Down the Hospital 107 Other Possibilities 119 Chained Exploit Summary 120 Countermeasures 121 Countermeasures for Physical Security Breaches and Access Systems Compromise 121 Countermeasures for Scanning Attacks 121 Countermeasures for Social Engineering 122 Countermeasures for Operating System Attacks 122 Countermeasures for Data Theft 123 Conclusion 124 Chapter 5 Chained Corporations 125 Setting the Stage 125 The Approach 126 The Chained Exploit 127 Reconnaissance 127 Social Engineering Attack 135 More and Yet More Recon 137 Aggressive Active Recon 140 Building the Exploit Infrastructure 149 Testing the Exploit 156 Executing the Hack 166 Constructing the Rootkit 167 Game Over-The End Result 172 Other Possibilities 173 Chained Exploit Summary 173 Countermeasures 174 Countermeasures for Hackers Passively Finding Information about Your Company 174 Countermeasures for Social Engineering Attack on Visual IQ 175 Countermeasures for Recon on the Visual IQ Software 175 Countermeasures for Wi-Fi Attack on Quizzi Home Network 175 Countermeasures for the Keylogger Attack 176 Conclusion 176 Chapter 6 Gain Physical Access to Healthcare Records 177 Setting the Stage 177 The Approach 179 For More Information 179 The Chained Exploit 181 Social Engineering and Piggybacking 181 Gaining Physical Access 195 Booting into Windows with Knoppix 201 Modifying Personally Identifiable Information or Protected Medical Information 204 Chained Exploit Summary 205 Countermeasures 205 Social Engineering and Piggybacking 206 Lock Picking 208 Defeating Biometrics 208 Compromising a PC 208 Conclusion 209 Chapter 7 Attacking Social Networking Sites 211 Setting the Stage 211 The Approach 212 The Chained Exploit 213 Creating a Fake MySpace Web Site 213 Creating the Redirection Web Site 217 Creating a MySpace Page 218 Sending a Comment 221 Compromising the Account 224 Logging In to the Hacked Account 224 The Results 227 Chained Exploit Summary 228 Countermeasures 228 Avoid Using Social Networking Sites 229 Use a Private Profile 229 Be Careful about Clicking on Links 229 Require Last Name / E-mail Address to Be a Friend 230 Do Not Post Too Much Information 230 Be Careful When Entering Your Username/Password 230 Use a Strong Password 230 Change Your Password Frequently 231 Use Anti-Phishing Tools 231 Conclusion 231 Chapter 8 Wreaking Havoc from the Parking Lot 233 Setting the Stage 233 The Approach 236 For More Information 237 Accessing Networks Through Access Points 238 The Chained Exploit 239 Connecting to an Access Point 239 Performing the Microsoft Kerberos Preauthentication Attack 248 Cracking Passwords with RainbowCrack 254 Pilfering the Country Club Data 256 Chained Exploit Summary 257 Countermeasures 258 Secure Access Points 258 Configure Active Directory Properly 259 Use an Intrusion Prevention System or Intrusion Detection System 260 Update Anti-Virus Software Regularly 261 Computer Network Security Checklist 261 Conclusion 266 TOC, 2/9/09, 9780321498816

Reviews

Author Information

Andrew Whitaker (Vancouver, WA), Director of Enterprise InfoSec and Networking for The Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He co-authored Penetration Testing and Network Defense. Keatron Evans (Chicago, IL) is President and Chief Security Consultant of Integra Business Services LLC, a trainer for The Training Camp, and winner of EC Council's Instructor of Excellence Award. Jack Voth (SW Florida) specializes in penetration testing, vulnerability assessment, and perimeter security. Voth co-owns The Client Server, Inc., and teaches for The Training Camp throughout the US and abroad.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions