Cover image for How to Hack Like a Ghost

How to Hack Like a Ghost

Release Date: 2021/05/01
ISBN: 9781098128944
Topic:
0%
27
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Go deep into the mind of a master hacker as he breaks into a hostile, cloud-based security environment. Sparc Flow invites you to shadow him every step of the way, from recon to infiltration, as you hack a shady, data-driven political consulting firm. While the target is fictional, the corporation’s vulnerabilities are based on real-life weaknesses in today’s advanced cybersecurity defense systems. You’ll experience all the thrills, frustrations, dead-ends, and eureka moments of his mission first-hand, while picking up practical, cutting-edge techniques for penetrating cloud technologies.

There are no do-overs for hackers, so your training starts with basic OpSec procedures, using an ephemeral OS, Tor, bouncing servers, and detailed code to build an anonymous, replaceable hacking infrastructure guaranteed to avoid detection. From there, you’ll examine some effective recon techniques, develop tools from scratch, and deconstruct low-level features in common systems to gain access to the target. Spark Flow’s clever insights, witty reasoning, and stealth maneuvers teach you how to think on your toes and adapt his skills to your own hacking tasks.

You'll learn:

•How to set up and use an array of disposable machines that can renew in a matter of seconds to change your internet footprint
•How to do effective recon, like harvesting hidden domains and taking advantage of DevOps automation systems to trawl for credentials
•How to look inside and gain access to AWS’s storage systems
•How cloud security systems like Kubernetes work, and how to hack them
•Dynamic techniques for escalating privileges

Packed with interesting tricks, ingenious tips, and links to external resources, this fast-paced, hands-on guide to penetrating modern cloud systems will help hackers of all stripes succeed on their next adventure.

Table of Contents

  1. Title Page
  2. Copyright
  3. Dedication
  4. About the Author
  5. About the Tech Reviewer
  6. Acknowledgments
  7. Introduction
    1. How the Book Works
    2. The Vague Plan
  8. Part I: Catch Me If You Can
    1. Chapter 1: Becoming Anonymous Online
    2. VPNs and Their Failings
    3. Location, Location, Location
    4. The Operation Laptop
    5. Bouncing Servers
    6. The Attack Infrastructure
    7. Resources
    8. Chapter 2: Return of Command and Control
    9. Command and Control Legacy
    10. The Search for a New C2
    11. Merlin
    12. Koadic
    13. SILENTTRINITY
    14. Resources
    15. Chapter 3: Let There Be Infrastructure
    16. Legacy Method
    17. Containers and Virtualization
    18. Namespaces
    19. Union Filesystem
    20. Cgroups
    21. IP Masquerading
    22. Automating the Server Setup
    23. Tuning the Server
    24. Pushing to Production
    25. Resources
  9. Part II: Try Harder
    1. Chapter 4: Healthy Stalking
    2. Understanding Gretsch Politico
    3. Finding Hidden Relationships
    4. Scouring GitHub
    5. Pulling Web Domains
    6. From Certificates
    7. By Harvesting the Internet
    8. Discovering the Web Infrastructure Used
    9. Resources
    10. Chapter 5: Vulnerability Seeking
    11. Practice Makes Perfect
    12. Revealing Hidden Domains
    13. Investigating the S3 URLs
    14. S3 Bucket Security
    15. Examining the Buckets
    16. Inspecting the Web-Facing Application
    17. Interception with WebSocket
    18. Server-Side Request Forgery
    19. Exploring the Metadata
    20. The Dirty Secret of the Metadata API
    21. AWS IAM
    22. Examining the Key List
    23. Resources
  10. Part III: Total immersion
    1. Chapter 6: Fracture
    2. Server-Side Template Injection
    3. Fingerprinting the Framework
    4. Arbitrary Code Execution
    5. Confirming the Owner
    6. Smuggling Buckets
    7. Quality Backdoor Using S3
    8. Creating the Agent
    9. Creating the Operator
    10. Trying to Break Free
    11. Checking for Privileged Mode
    12. Linux Capabilities
    13. Docker Socket
    14. Resources
    15. Chapter 7: Behind the Curtain
    16. Kubernetes Overview
    17. Introducing Pods
    18. Balancing Traffic
    19. Opening the App to the World
    20. Kube Under the Hood
    21. Resources
    22. Chapter 8: Shawshank Redemption: Breaking Out
    23. RBAC in Kube
    24. Recon 2.0
    25. Breaking Into Datastores
    26. API Exploration
    27. Abusing the IAM Role Privileges
    28. Abusing the Service Account Privileges
    29. Infiltrating the Database
    30. Redis and Real-Time Bidding
    31. Deserialization
    32. Cache Poisoning
    33. Kube Privilege Escalation
    34. Resources
    35. Chapter 9: Sticky Shell
    36. Stable Access
    37. The Stealthy Backdoor
    38. Resources
  11. Part IV: The Enemy Inside
    1. Chapter 10: The Enemy Inside
    2. The Path to Apotheosis
    3. Automation Tool Takeover
    4. Jenkins Almighty
    5. Hell’s Kitchen
    6. Taking Over Lambda
    7. Resources
    8. Chapter 11: Nevertheless, We Persisted
    9. The AWS Sentries
    10. Persisting in the Utmost Secrecy
    11. The Program to Execute
    12. Building the Lambda
    13. Setting Up the Trigger Event
    14. Covering Our Tracks
    15. Recovering Access
    16. Alternative (Worse) Methods
    17. Resources
    18. Chapter 12: Apotheosis
    19. Persisting the Access
    20. Understanding Spark
    21. Malicious Spark
    22. Spark Takeover
    23. Finding Raw Data
    24. Stealing Processed Data
    25. Privilege Escalation
    26. Infiltrating Redshift
    27. Resources
    28. Chapter 13: Final Cut
    29. Hacking Google Workspace
    30. Abusing CloudTrail
    31. Creating a Google Workspace Super Admin Account
    32. Sneaking a Peek
    33. Closing Thoughts
    34. Resources
  12. Index
18.221.165.246