Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright Page
Dedication
Contents at a Glance
Contents
Acknowledgments
Introduction
Chapter 1 Introduction
Defining the Threat
Threats
Attacker Motives
Threat Capabilities
Threat Class
Threat History
APT Hacker: The New Black
Targeted Organizations
Constructs of Our Demise
The Impact of Our Youth
The Economics of (In)security
Psychology of (In)security
The Big Picture
The Vulnerability of Complexity
All Together Now
The Future of Our World
Don’t Forget
Chapter 2 Empirical Data
The Problem with Our Data Set
Threat Examples
Techno-Criminals Skimmer Evolution
Techno-Criminals: Hacking Power Systems
Unsophisticated Threat: Hollywood Hacker
Unsophisticated Threat: Neighbor from Hell
Smart Persistent Threats: Kevin Mitnick
APT: Nation-States
Stuxnet and Operation Olympic Games
Duqu: The APT Reconnaissance Worm
Flame: APT Cyber-espionage Worm
APT: RSA Compromise
APT Nation-State: Iran Spying on Citizens
Cell Phone Spying: Carrier IQ
Don’t Forget
Chapter 3 APT Hacker Methodology
AHM: Strong Enough for Penetration Testers, Made for a Hacker
AHM Components (Requirements, Skills, Soft Skills)
Elegant, Big-Picture Thinkers
Advanced: Echelons of Skill
Preparation
Patience
Social Omniscience
Always Target the Weakest Link
Efficacious, Not Elite
Exploitless Exploits
The Value of Information
APT Hacker’s Thought Process
Think Outside the Box
A Side Note
A Vaudeville Story
Look for Misdirection
Think Through the Pain
Avoid Tunnel Vision
No Rules
Keep It Simple, Stupid (KISS)
Quote
APT Hacking Core Steps
Reconnaissance
Enumeration
Exploitation
Maintaining Access
Clean Up
Progression
Exfiltration
APT Hacker Attack Phases
APT Hacker Foundational Tools
Anonymous Purchasing
Anonymous Internet Activity
Anonymous Phone Calls
APT Hacker Terms
Don’t Forget
Chapter 4 An APT Approach to Reconnaissance
Reconnaissance Data
Data Categories (Technical and Nontechnical)
Data Sources (Cyber and Physical)
Data Methods (Active and Passive)
Technical Data
Registrant Information
DNS Information and Records
DNS Zones
Border Gateway Protocol: An Overview
System and Service Identification
Web Service Enumeration
Large Data Sets
Geolocation Information
Data from the Phone System
Don’t Forget
Chapter 5 Reconnaissance: Nontechnical Data
Search Engine Terms and Tips
Search Engine Commands
Search Engine Scripting
Search Engine Alerts
HUMINT: Personnel
Personnel Directory Harvesting
Directory Harvesting: HTTP Requests
Directory Harvesting: Stateful HTTP
Analyzing Results
Directory Harvesting HTML Tables
Personnel Directory: Analyzing the Final Results
E-mail Harvesting
Technical E-mail Harvesting
Nontechnical E-mail Harvesting
Geographical Data
Reconnaissance on Individuals
Nontraditional Information Repositories
Automated Individual Reconnaissance
Our Current View
Don’t Forget
Chapter 6 Spear Social Engineering
Social Engineering
Social Engineering Strategies
Assumptions
Do What Works for You
Preparation
Legitimacy Triggers
Keep It Simple, Stupid
Don’t Get Caught
Don’t Lie
Be Congruent
Social Engineering Tactics
Like Likes Like
Personality Types
Events
Tell Me What I Know
Insider Information
Name Dropping
The Right Tactic
Why Don’t You Make Me?
Spear-Phishing Methods
Spear-Phishing Goals
Technical Spear-Phishing Exploitation Tactics
Building the Story
Phishing Website Tactics
Phishing Website: Back-End Functionality
Client-Side Exploits
Custom Trojan Backdoor
Don’t Forget
Chapter 7 Phase III: Remote Targeting
Remote Presence Reconnaissance
Social Spear Phishing
Wireless Phases
APT Wireless Tools
Wireless Reconnaissance
Active Wireless Attacks
Client Hacking: APT Access Point
Getting Clients to Connect
Attacking WPA-Enterprise Clients
Access Point Component Attacks
Access Point Core Attack Config
Access Point Logging Configuration
Access Point Protocol Manipulation
Access Point Fake Servers
Don’t Forget
Chapter 8 Spear Phishing with Hardware Trojans
Phase IV Spear Phishing with Hardware Trojans
Hardware Delivery Methods
Hardware Trojans: The APT Gift
APT Wakizashi Phone
Trojaned Hardware Devices
Hardware Device Trojans with Teensy
Don’t Forget
Chapter 9 Physical Infiltration
Phase V Physical Infiltration
APT Team Super Friends
It’s Official – Size Matters
Facility Reconnaissance Tactics
Example Target Facility Types
Headquarters
Choosing Facility Asset Targets
Physical Security Control Primer
Physical Infiltration Factors
Physical Security Concentric Circles
Physical Social Engineering
Physical Social Engineering Foundations
Physical Congruence
Body Language
Defeating Physical Security Controls
Preventative Physical Controls
Detective Physical Controls
Hacking Home Security
Hacking Hotel Security
Hacking Car Security
Intermediate Asset and Lily Pad Decisions
Plant Device
Steal Asset
Take and Return Asset
Backdoor Asset
Don’t Forget
Chapter 10 APT Software Backdoors
Software Backdoor Goals
APT Backdoor: Target Data
APT Backdoors: Necessary Functions
Rootkit Functionality
Know Thy Enemy
Thy Enemies’ Actions
Responding to Thy Enemy
Network Stealth Configurations
Deployment Scenarios
American Backdoor: An APT Hacker’s Novel
Backdoor Droppers
Backdoor Extensibility
Backdoor Command and Control
Backdoor Installer
Backdoor: Interactive Control
Data Collection
Backdoor Watchdog
Backdooring Legitimate Software
Don’t Forget
Index
← Prev
Back
Next →
← Prev
Back
Next →