| |
| |
| Preface | |
| |
| |
| |
| Intelligence Gathering: Peering Through the Windows to Your Organization | |
| |
| |
| Physical Security Engineering | |
| |
| |
| Dumpster Diving | |
| |
| |
| Hanging Out at the Corporate Campus | |
| |
| |
| Google Earth | |
| |
| |
| Social Engineering Call Centers | |
| |
| |
| Search Engine Hacking | |
| |
| |
| Google Hacking | |
| |
| |
| Automating Google Hacking | |
| |
| |
| Extracting Metadata from Online Documents | |
| |
| |
| Searching for Source Code | |
| |
| |
| Leveraging Social Networks | |
| |
| |
| Facebook and MySpace | |
| |
| |
| Twitter | |
| |
| |
| Tracking Employees | |
| |
| |
| Email Harvesting with theHarvester | |
| |
| |
| Resum�s | |
| |
| |
| Job Postings | |
| |
| |
| Google Calendar | |
| |
| |
| What Information Is Important? | |
| |
| |
| Summary | |
| |
| |
| |
| Inside-Out Attacks: The Attacker Is the Insider | |
| |
| |
| Man on the Inside | |
| |
| |
| Cross-Site Scripting (XSS) | |
| |
| |
| Stealing Sessions | |
| |
| |
| Injecting Content | |
| |
| |
| Stealing Usernames and Passwords | |
| |
| |
| Advanced and Automated Attacks | |
| |
| |
| Cross-Site Request Forgery (CSRF) | |
| |
| |
| Inside-Out Attacks | |
| |
| |
| Content Ownership | |
| |
| |
| Abusing Flash's crossdomain.xml | |
| |
| |
| Abusing Java | |
| |
| |
| Advanced Content Ownership Using GIFARs | |
| |
| |
| Stealing Documents from Online Document Stores | |
| |
| |
| Stealing Files from the Filesystem | |
| |
| |
| Safari File Stealing | |
| |
| |
| Summary | |
| |
| |
| |
| The Way It Works: There Is No Patch | |
| |
| |
| Exploiting Telnet and FTP | |
| |
| |
| Sniffing Credentials | |
| |
| |
| Brute-Forcing Your Way In | |
| |
| |
| Hijacking Sessions | |
| |
| |
| Abusing SMTP | |
| |
| |
| Snooping Emails | |
| |
| |
| Spoofing Emails to Perform Social Engineering | |
| |
| |
| Abusing ARP | |
| |
| |
| Poisoning the Network | |
| |
| |
| Cain & Abel | |
| |
| |
| Sniffing SSH on a Switched Network | |
| |
| |
| Leveraging DNS for Remote Reconnaissance | |
| |
| |
| DNS Cache Snooping | |
| |
| |
| Summary | |
| |
| |
| |
| Blended Threats: When Applications Exploit Each Other | |
| |
| |
| Application Protocol Handlers | |
| |
| |
| Finding Protocol Handlers on Windows | |
| |
| |
| Finding Protocol Handlers on Mac OS X | |
| |
| |
| Finding Protocol Handlers on Linux | |
| |
| |
| Blended Attacks | |
| |
| |
| The Classic Blended Attack: Safari's Carpet Bomb | |
| |
| |
| The FireFoxUrl Application Protocol Handler | |
| |
| |
| Mailto:// and the Vulnerability in the ShellExecute Windows API | |
| |
| |
| The iPhoto Format String Exploit | |
| |
| |
| Blended Worms: Conficker/Downadup | |
| |
| |
| Finding Blended Threats | |
| |
| |
| Summary | |
| |
| |
| |
| Cloud Insecurity: Sharing the Cloud with Your Enemy | |
| |
| |
| What Changes in the Cloud | |
| |
| |
| Amazon's Elastic Compute Cloud | |
| |
| |
| Google's App Engine | |
| |
| |
| Other Cloud Offerings | |
| |
| |
| Attacks Against the Cloud | |
| |
| |
| Poisoned Virtual Machines | |
| |
| |
| Attacks Against Management Consoles | |
| |
| |
| Secure by Default | |
| |
| |
| Abusing Cloud Billing Models and Cloud Phishing | |
| |
| |
| Googling for Gold in the Cloud | |
| |
| |
| Summary | |
| |
| |
| |
| Abusing Mobile Devices: Targeting Your Mobile Workforce | |
| |
| |
| Targeting Your Mobile Workforce | |
| |
| |
| Your Employees Are on My Network | |
| |
| |
| Getting on the Network | |
| |
| |
| Direct Attacks Against Your Employees and Associates | |
| |
| |
| Putting It Together: Attacks Against a Hotspot User | |
| |
| |
| Tapping into Voicemail | |
| |
| |
| Exploiting Physical Access to Mobile Devices | |
| |
| |
| Summary | |
| |
| |
| |
| Infiltrating the Phishing Underground: Learning from Online Criminals? | |
| |
| |
| The Fresh Phish Is in the Tank | |
| |
| |
| Examining the Phishers | |
| |
| |
| No Time to Patch | |
| |
| |
| Thank You for Signing My Guestbook | |
| |
| |
| Say Hello to Pedro! | |
| |
| |
| Isn't It Ironic? | |
| |
| |
| The Loot | |
| |
| |
| Uncovering the Phishing Kits | |
| |
| |
| Phisher-on-Phisher Crime | |
| |
| |
| Infiltrating the Underground | |
| |
| |
| Google ReZulT | |
| |
| |
| Fullz for Sale! | |
| |
| |
| Meet Cha0 | |
| |
| |
| Summary | |
| |
| |
| |
| Influencing Your Victims: Do What We Tell You, Please | |
| |
| |
| The Calendar Is a Gold Mine | |
| |
| |
| Information in Calendars | |
| |
| |
| Who Just Joined? | |
| |
| |
| Calendar Personalities | |
| |
| |
| Social Identities | |
| |
| |
| Abusing Social Profiles | |
| |
| |
| Stealing Social Identities | |
| |
| |
| Breaking Authentication | |
| |
| |
| Hacking the Psyche | |
| |
| |
| Summary | |
| |
| |
| |
| Hacking Executives: Can Your CEO Spot a Targeted Attack? | |
| |
| |
| Fully Targeted Attacks Versus Opportunistic Attacks | |
| |
| |
| Motives | |
| |
| |
| Financial Gain | |
| |
| |
| Vengeance | |
| |
| |
| Benefit and Risk | |
| |
| |
| Information Gathering | |
| |
| |
| Identifying Executives | |
| |
| |
| The Trusted Circle | |
| |
| |
| Twitter | |
| |
| |
| Other Social Applications | |
| |
| |
| Attack Scenarios | |
| |
| |
| Email Attack | |
| |
| |
| Targeting the Assistant | |
| |
| |
| Memory Sticks | |
| |
| |
| Summary | |
| |
| |
| |
| Case Studies: Different Perspectives | |
| |
| |
| The Disgruntled Employee | |
| |
| |
| The Performance Review | |
| |
| |
| Spoofing into Conference Calls | |
| |
| |
| The Win | |
| |
| |
| The Silver Bullet | |
| |
| |
| The Free Lunch | |
| |
| |
| The SSH Server | |
| |
| |
| Turning the Network Inside Out | |
| |
| |
| A Fool with a Tool Is Still a Fool | |
| |
| |
| Summary | |
| |
| |
| |
| Chapter 2 Source Code Samples | |
| |
| |
| |
| Cache_Snoop.pl | |
| |
| |
| Index | |