Hacking The Next Generation

ISBN-10: 0596154577

ISBN-13: 9780596154578

Edition: 2009

List price: $39.99 Buy it from $3.00
eBook available
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description:

New Starting from $30.04
eBooks Starting from $31.99
Rent
Buy
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS PowerPoint® 2010 Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $39.99
Copyright year: 2009
Publisher: O'Reilly Media, Incorporated
Publication date: 10/1/2009
Binding: Paperback
Pages: 298
Size: 7.00" wide x 9.50" long x 0.75" tall
Weight: 0.880
Language: English

Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently Senior Manager at a large consulting firm where he advises some of the largest corporations around the world on how to establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as cloud computing and virtualization. Prior to his current job, Dhanjani was Senior Director of Application Security and Assessments at a major credit bureau where he spearheaded brand new security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & Threat Modeling, and managed the Attack & Penetration team. Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security". Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON. Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in Computer Science. Dhanjani's personal blog is located at dhanjani.com.

Preface
Intelligence Gathering: Peering Through the Windows to Your Organization
Physical Security Engineering
Dumpster Diving
Hanging Out at the Corporate Campus
Google Earth
Social Engineering Call Centers
Search Engine Hacking
Google Hacking
Automating Google Hacking
Extracting Metadata from Online Documents
Searching for Source Code
Leveraging Social Networks
Facebook and MySpace
Twitter
Tracking Employees
Email Harvesting with theHarvester
Resum�s
Job Postings
Google Calendar
What Information Is Important?
Summary
Inside-Out Attacks: The Attacker Is the Insider
Man on the Inside
Cross-Site Scripting (XSS)
Stealing Sessions
Injecting Content
Stealing Usernames and Passwords
Advanced and Automated Attacks
Cross-Site Request Forgery (CSRF)
Inside-Out Attacks
Content Ownership
Abusing Flash's crossdomain.xml
Abusing Java
Advanced Content Ownership Using GIFARs
Stealing Documents from Online Document Stores
Stealing Files from the Filesystem
Safari File Stealing
Summary
The Way It Works: There Is No Patch
Exploiting Telnet and FTP
Sniffing Credentials
Brute-Forcing Your Way In
Hijacking Sessions
Abusing SMTP
Snooping Emails
Spoofing Emails to Perform Social Engineering
Abusing ARP
Poisoning the Network
Cain & Abel
Sniffing SSH on a Switched Network
Leveraging DNS for Remote Reconnaissance
DNS Cache Snooping
Summary
Blended Threats: When Applications Exploit Each Other
Application Protocol Handlers
Finding Protocol Handlers on Windows
Finding Protocol Handlers on Mac OS X
Finding Protocol Handlers on Linux
Blended Attacks
The Classic Blended Attack: Safari's Carpet Bomb
The FireFoxUrl Application Protocol Handler
Mailto:// and the Vulnerability in the ShellExecute Windows API
The iPhoto Format String Exploit
Blended Worms: Conficker/Downadup
Finding Blended Threats
Summary
Cloud Insecurity: Sharing the Cloud with Your Enemy
What Changes in the Cloud
Amazon's Elastic Compute Cloud
Google's App Engine
Other Cloud Offerings
Attacks Against the Cloud
Poisoned Virtual Machines
Attacks Against Management Consoles
Secure by Default
Abusing Cloud Billing Models and Cloud Phishing
Googling for Gold in the Cloud
Summary
Abusing Mobile Devices: Targeting Your Mobile Workforce
Targeting Your Mobile Workforce
Your Employees Are on My Network
Getting on the Network
Direct Attacks Against Your Employees and Associates
Putting It Together: Attacks Against a Hotspot User
Tapping into Voicemail
Exploiting Physical Access to Mobile Devices
Summary
Infiltrating the Phishing Underground: Learning from Online Criminals?
The Fresh Phish Is in the Tank
Examining the Phishers
No Time to Patch
Thank You for Signing My Guestbook
Say Hello to Pedro!
Isn't It Ironic?
The Loot
Uncovering the Phishing Kits
Phisher-on-Phisher Crime
Infiltrating the Underground
Google ReZulT
Fullz for Sale!
Meet Cha0
Summary
Influencing Your Victims: Do What We Tell You, Please
The Calendar Is a Gold Mine
Information in Calendars
Who Just Joined?
Calendar Personalities
Social Identities
Abusing Social Profiles
Stealing Social Identities
Breaking Authentication
Hacking the Psyche
Summary
Hacking Executives: Can Your CEO Spot a Targeted Attack?
Fully Targeted Attacks Versus Opportunistic Attacks
Motives
Financial Gain
Vengeance
Benefit and Risk
Information Gathering
Identifying Executives
The Trusted Circle
Twitter
Other Social Applications
Attack Scenarios
Email Attack
Targeting the Assistant
Memory Sticks
Summary
Case Studies: Different Perspectives
The Disgruntled Employee
The Performance Review
Spoofing into Conference Calls
The Win
The Silver Bullet
The Free Lunch
The SSH Server
Turning the Network Inside Out
A Fool with a Tool Is Still a Fool
Summary
Chapter 2 Source Code Samples
Cache_Snoop.pl
Index
×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×