INTRODUCTION
There is no instance of a nation benefitting from prolonged warfare.
—Sun Tzu
To be prepared for war is one of the most effective means of preserving peace.
—George Washington
If it were a fact, it wouldn’t be called intelligence.
—Donald Rumsfeld
Like the previous editions, the purpose of this book is to provide individuals the information once held only by governments and a few black hat hackers. In each edition, we strive to update the reader on the latest security techniques. Increasingly, individuals stand in the breach of cyberwar, not only against black hat hackers, but sometimes against governments. If you find yourself in this position, either alone or as a defender of your organization, we want you to be equipped with as much knowledge of the attacker as possible. To that end, we present to you the mindset of the gray hat hacker, an ethical hacker who uses offensive techniques for defensive purposes. Ethical hacker is an honorable role—one that respects the laws and the rights of others. The ethical hacker subscribes to the notion that the adversary may be beaten to the punch by testing oneself first.
The authors of this book want to provide you, the reader, with something we believe the industry and society in general need: a holistic review of ethical hacking that is responsible and truly ethical in its intentions and material. This is why we keep releasing new editions of this book with a clear definition of what ethical hacking is and is not—something our society is very confused about.
We have updated the material from the fifth edition and have attempted to deliver the most comprehensive and up-to-date assembly of techniques, procedures, and material with real hands-on labs that can be replicated by the reader.
Eighteen new chapters are presented, and the other chapters have been updated.
In the first section, we cover the topics required to prepare you for the rest of the book. Keep in mind that all the skills you need are more than can be covered in any book, but we attempt to lay out some topics to make the rest of the book more attainable and accessible by newer members of the field. We cover the following topics:
• The role of a gray hat hacker
• The MITRE ATT&CK framework
• Programming basic skills in C, Assembly, and Python
• Linux exploit tools
• Ghidra reverse engineering tool
• IDA Pro reverse engineering tool
In the second section, we explore the topic of ethical hacking. We give you an overview of the skills being employed by professionals as they attack and defend networks. We cover the following topics:
• Red and purple teaming
• Command and control (C2) techniques
• Building a threat hunting lab on your host and in the cloud
• Threat hunting basics
In the third section, we shift gears and talk about hacking systems. Here, you will discover the skills needed to exploit Windows and Linux systems. This is a broad area of focus, where we cover these topics:
• Basic Linux exploits
• Advanced Linux exploits
• Linux kernel exploits
• Basic Windows exploits
• Windows kernel exploits
• PowerShell exploits
• Getting shells without exploits
• Post-exploitation in modern Windows environments
• Next-generation patch exploitation
In the fourth section, we cover hacking of the Internet of Things (IoT) and hardware devices. We start with an overview of this area of cybersecurity and then launch into more advanced topics, including the following:
• Overview of the Internet of Things
• Dissecting embedded devices
• Exploiting embedded devices
• Hacking software-defined radios (SDRs)
In the fifth section, we cover hacking hypervisors, which provide the software-defined networks, storage, and processing of virtual machines that undergird the majority of business systems these days. In this section, we explore the following topics:
• Overview of hypervisors
• Creating a research framework for testing hypervisors
• Looking inside Hyper-V
• Hacking hypervisors case study
In the sixth section, we cover hacking the cloud. Moving beyond standard hypervisors, which often run in private data centers, we describe the public cloud, the technologies involved, and the security implications of such. We cover these topics:
• Hacking in Amazon Web Services
• Hacking in Azure
• Hacking containers
• Hacking on Kubernetes
We hope you enjoy the new and updated chapters. If you are new to the field or are ready to take the next step to advance and deepen your understanding of ethical hacking, this is the book for you. In any event, use your powers for good!
NOTE To ensure your system is properly configured to perform the labs, we have provided the files you will need. The lab materials and errata may be downloaded from the GitHub repository at https://github.com/GrayHatHacking/GHHv6.