Gray Hat Hacking: The Ethical Hacker’s Handbook, Fifth Edition

INTRODUCTION

History teaches that wars begin when governments believe the price of aggression is cheap.

—Ronald Reagan

You can’t say civilization don’t advance…in every war they kill you in a new way.

—Will Rogers

The supreme art of war is to subdue the enemy without fighting.

—Sun Tzu

The purpose of this book is to provide individuals the information once held only by governments and a few black hat hackers. In this day and age, individuals stand in the breach of cyberwar, not only against black hat hackers, but sometimes against governments. If you find yourself in this position, either alone or as a defender of your organization, we want you to be equipped with as much knowledge of the attacker as possible. To that end, we submit to you the mindset of the gray hat hacker, an ethical hacker that uses offensive techniques for defensive purposes. The ethical hacker always respects laws and the rights of others, but believes the adversary may be beat to the punch by testing oneself first.

The authors of this book want to provide you, the reader, with something we believe the industry and society in general needs: a holistic review of ethical hacking that is responsible and truly ethical in its intentions and material. This is why we keep releasing new editions of this book with a clear definition of what ethical hacking is and is not—something our society is very confused about.

We have updated the material from the fourth edition and have attempted to deliver the most comprehensive and up-to-date assembly of techniques, procedures, and material with real hands-on labs that can be replicated by the readers. Thirteen new chapters are presented, and the other chapters have been updated.

In Part I, we prepare you for the battle with all the necessary tools and techniques to get the best understanding of the more advanced topics. This section moves quite quickly but is necessary for those just starting out in the field and others looking to move to the next level. This section covers the following:

• White, black, and gray hat definitions and characteristics

• The slippery ethical issues that should be understood before carrying out any type of ethical hacking activities

• Programming survival skills, which is a must-have skill for a gray hat hacker to be able to create exploits or review source code

• Fuzzing, which is a wonderful skill for finding 0-day exploits

• Reverse engineering, which is a mandatory skill when dissecting malware or researching vulnerabilities

• Exploiting with software-defined radios

In Part II, we discuss the business side of hacking. If you are looking to move beyond hacking as a hobby and start paying the bills, this section is for you. If you are a seasoned hacking professional, we hope to offer you a few tips as well. In this section, we cover some of the softer skills required by an ethical hacker to make a living:

• How to get into the penetration testing business

• How to improve the enterprise security posture through red teaming

• A novel approach to developing a purple team

• Bug bounty programs and how to get paid finding vulnerabilities, ethically

In Part III, we discuss the skills required to exploit systems. Each of these topics has been covered before, but the old exploits don’t work anymore; therefore, we have updated the discussions to work past system protections. We cover the following topics in this section:

• How to gain shell access without exploits

• Basic and advanced Linux exploits

• Basic and advanced Windows exploits

• Using PowerShell to exploit systems

• Modern web exploits

• Using patches to develop exploits

In Part IV, we cover advanced malware analysis. In many ways, this is the most advanced topic in the field of cybersecurity. On the front lines of cyberwar is malware, and we aim to equip you with the tools and techniques necessary to perform malware analysis. In this section, we cover the following:

• Mobile malware analysis

• Recent ransomware analysis

• ATM malware analysis

• Using next-generation honeypots to find advanced attackers and malware in the network

Finally, in Part V, we are proud to discuss the topic of Internet of Things (IoT) hacking. The Internet of Things is exploding and, unfortunately, so are the vulnerabilities therein. In this section, we discuss these latest topics:

• Internet of Things to be hacked

• Dissecting embedded devices

• Exploiting embedded devices

• Malware analysis of IoT devices

We do hope you will see the value of the new content that has been provided and will also enjoy the newly updated chapters. If you are new to the field or ready to take the next step to advance and deepen your understanding of ethical hacking, this is the book for you.

Images

NOTE To ensure your system is properly configured to perform the labs, we have provided the files you will need. The lab materials and errata may be downloaded from either the GitHub repository at https://github.com/GrayHatHacking/GHHv5 or the publisher’s site, at www.mhprofessional.com.