You are previewing Advanced Persistent Threat Hacking.
O'Reilly logo
Advanced Persistent Threat Hacking

Book Description

Master the tactics and tools of the advanced persistent threat hacker

In this book, IT security expert Tyler Wrightson reveals the mindset, skills, and effective attack vectors needed to compromise any target of choice. Advanced Persistent Threat Hacking discusses the strategic issues that make all organizations vulnerable and provides noteworthy empirical evidence. You'll learn a proven APT Hacker Methodology for systematically targeting and infiltrating an organization and its IT systems. A unique, five-phased tactical approach to APT hacking is presented with real-world examples and hands-on techniques you can use immediately to execute very effective attacks.

  • Review empirical data from actual attacks conducted by unsophisticated and elite APT hackers alike
  • Learn the APT Hacker Methodology--a systematic approach designed to ensure success, avoid failures, and minimize the risk of being caught
  • Perform in-depth reconnaissance to build a comprehensive understanding of the target
  • Obtain non-technical data about the target, including open source, human, financial, and geographical intelligence
  • Use social engineering to compromise a specific system, application, or workstation
  • Identify and attack wireless networks and wireless client devices
  • Spearphish with hardware-based Trojan devices
  • Physically infiltrate target facilities to obtain access to assets and compromise digital lily pads

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents at a Glance
  6. Contents
  7. Acknowledgments
  8. Introduction
  9. Chapter 1 Introduction
    1. Defining the Threat
      1. Threats
      2. Attacker Motives
      3. Threat Capabilities
      4. Threat Class
      5. Threat History
    2. APT Hacker: The New Black
      1. Targeted Organizations
    3. Constructs of Our Demise
      1. The Impact of Our Youth
      2. The Economics of (In)security
      3. Psychology of (In)security
      4. The Big Picture
      5. The Vulnerability of Complexity
    4. All Together Now
    5. The Future of Our World
    6. Don’t Forget
  10. Chapter 2 Empirical Data
    1. The Problem with Our Data Set
    2. Threat Examples
      1. Techno-Criminals Skimmer Evolution
      2. Techno-Criminals: Hacking Power Systems
      3. Unsophisticated Threat: Hollywood Hacker
      4. Unsophisticated Threat: Neighbor from Hell
      5. Smart Persistent Threats: Kevin Mitnick
    3. APT: Nation-States
      1. Stuxnet and Operation Olympic Games
      2. Duqu: The APT Reconnaissance Worm
      3. Flame: APT Cyber-espionage Worm
      4. APT: RSA Compromise
      5. APT Nation-State: Iran Spying on Citizens
      6. Cell Phone Spying: Carrier IQ
      7. Don’t Forget
  11. Chapter 3 APT Hacker Methodology
    1. AHM: Strong Enough for Penetration Testers, Made for a Hacker
    2. AHM Components (Requirements, Skills, Soft Skills)
      1. Elegant, Big-Picture Thinkers
      2. Advanced: Echelons of Skill
      3. Preparation
      4. Patience
      5. Social Omniscience
      6. Always Target the Weakest Link
      7. Efficacious, Not Elite
      8. Exploitless Exploits
      9. The Value of Information
    3. APT Hacker’s Thought Process
      1. Think Outside the Box
      2. A Side Note
      3. A Vaudeville Story
      4. Look for Misdirection
      5. Think Through the Pain
      6. Avoid Tunnel Vision
      7. No Rules
      8. Keep It Simple, Stupid (KISS)
      9. Quote
    4. APT Hacking Core Steps
      1. Reconnaissance
      2. Enumeration
      3. Exploitation
      4. Maintaining Access
      5. Clean Up
      6. Progression
      7. Exfiltration
    5. APT Hacker Attack Phases
      1. APT Hacker Foundational Tools
      2. Anonymous Purchasing
      3. Anonymous Internet Activity
      4. Anonymous Phone Calls
      5. APT Hacker Terms
    6. Don’t Forget
  12. Chapter 4 An APT Approach to Reconnaissance
    1. Reconnaissance Data
      1. Data Categories (Technical and Nontechnical)
      2. Data Sources (Cyber and Physical)
      3. Data Methods (Active and Passive)
    2. Technical Data
      1. Registrant Information
      2. DNS Information and Records
      3. DNS Zones
      4. Border Gateway Protocol: An Overview
      5. System and Service Identification
      6. Web Service Enumeration
      7. Large Data Sets
      8. Geolocation Information
      9. Data from the Phone System
    3. Don’t Forget
  13. Chapter 5 Reconnaissance: Nontechnical Data
    1. Search Engine Terms and Tips
      1. Search Engine Commands
      2. Search Engine Scripting
      3. Search Engine Alerts
    2. HUMINT: Personnel
    3. Personnel Directory Harvesting
      1. Directory Harvesting: HTTP Requests
      2. Directory Harvesting: Stateful HTTP
      3. Analyzing Results
      4. Directory Harvesting HTML Tables
      5. Personnel Directory: Analyzing the Final Results
    4. E-mail Harvesting
      1. Technical E-mail Harvesting
      2. Nontechnical E-mail Harvesting
    5. Geographical Data
    6. Reconnaissance on Individuals
      1. Nontraditional Information Repositories
      2. Automated Individual Reconnaissance
      3. Our Current View
    7. Don’t Forget
  14. Chapter 6 Spear Social Engineering
    1. Social Engineering
    2. Social Engineering Strategies
      1. Assumptions
      2. Do What Works for You
      3. Preparation
      4. Legitimacy Triggers
      5. Keep It Simple, Stupid
      6. Don’t Get Caught
      7. Don’t Lie
      8. Be Congruent
    3. Social Engineering Tactics
      1. Like Likes Like
      2. Personality Types
      3. Events
      4. Tell Me What I Know
      5. Insider Information
      6. Name Dropping
      7. The Right Tactic
      8. Why Don’t You Make Me?
    4. Spear-Phishing Methods
      1. Spear-Phishing Goals
      2. Technical Spear-Phishing Exploitation Tactics
      3. Building the Story
      4. Phishing Website Tactics
      5. Phishing Website: Back-End Functionality
      6. Client-Side Exploits
      7. Custom Trojan Backdoor
    5. Don’t Forget
  15. Chapter 7 Phase III: Remote Targeting
    1. Remote Presence Reconnaissance
    2. Social Spear Phishing
    3. Wireless Phases
      1. APT Wireless Tools
      2. Wireless Reconnaissance
    4. Active Wireless Attacks
    5. Client Hacking: APT Access Point
      1. Getting Clients to Connect
      2. Attacking WPA-Enterprise Clients
      3. Access Point Component Attacks
      4. Access Point Core Attack Config
      5. Access Point Logging Configuration
      6. Access Point Protocol Manipulation
      7. Access Point Fake Servers
    6. Don’t Forget
  16. Chapter 8 Spear Phishing with Hardware Trojans
    1. Phase IV Spear Phishing with Hardware Trojans
      1. Hardware Delivery Methods
      2. Hardware Trojans: The APT Gift
      3. APT Wakizashi Phone
      4. Trojaned Hardware Devices
      5. Hardware Device Trojans with Teensy
    2. Don’t Forget
  17. Chapter 9 Physical Infiltration
    1. Phase V Physical Infiltration
      1. APT Team Super Friends
      2. It’s Official – Size Matters
      3. Facility Reconnaissance Tactics
      4. Example Target Facility Types
      5. Headquarters
      6. Choosing Facility Asset Targets
    2. Physical Security Control Primer
      1. Physical Infiltration Factors
      2. Physical Security Concentric Circles
    3. Physical Social Engineering
      1. Physical Social Engineering Foundations
      2. Physical Congruence
      3. Body Language
    4. Defeating Physical Security Controls
      1. Preventative Physical Controls
      2. Detective Physical Controls
      3. Hacking Home Security
      4. Hacking Hotel Security
      5. Hacking Car Security
    5. Intermediate Asset and Lily Pad Decisions
      1. Plant Device
      2. Steal Asset
      3. Take and Return Asset
      4. Backdoor Asset
    6. Don’t Forget
  18. Chapter 10 APT Software Backdoors
    1. Software Backdoor Goals
    2. APT Backdoor: Target Data
    3. APT Backdoors: Necessary Functions
    4. Rootkit Functionality
    5. Know Thy Enemy
      1. Thy Enemies’ Actions
      2. Responding to Thy Enemy
      3. Network Stealth Configurations
    6. Deployment Scenarios
    7. American Backdoor: An APT Hacker’s Novel
      1. Backdoor Droppers
      2. Backdoor Extensibility
      3. Backdoor Command and Control
      4. Backdoor Installer
      5. Backdoor: Interactive Control
      6. Data Collection
      7. Backdoor Watchdog
    8. Backdooring Legitimate Software
    9. Don’t Forget
  19. Index