Premium Members Get 10% Off and Earn Rewards Find Out More

How to Hack Like a Legend: Breaking Windows

Add to Wishlist

How to Hack Like a Legend: Breaking Windows

Paperback

$29.99

View All Available Formats & Editions

Paperback
$29.99

View All Available Formats & Editions

SHIP THIS ITEM

Qualifies for Free Shipping
PICK UP IN STORE
Check Availability at Nearby Stores

Available within 2 business hours

Want it Today?
Check Store Availability

Related collections and offers

Want it Today?
Check Store Availability

Overview

Tag along with a master hacker on a truly memorable attack. From reconnaissance to infiltration, you’ll experience their every thought, frustration, and strategic decision-making first-hand in this exhilarating narrative journey into a highly defended Windows environment driven by AI.

Step into the shoes of a master hacker and break into an intelligent, highly defensive Windows environment. You’ll be infiltrating the suspicious (fictional) offshoring company G & S Trust and their hostile Microsoft stronghold. While the target is fictional, the corporation’s vulnerabilities are based on real-life weaknesses in today’s advanced Windows defense systems. You’ll experience all the thrills, frustrations, dead-ends, and eureka moments of the mission first-hand, while picking up practical, cutting-edge techniques for evading Microsoft’s best security systems.

The adventure starts with setting up your elite hacking infrastructure complete with virtual Windows system. After some thorough passive recon, you’ll craft a sophisticated phishing campaign to steal credentials and gain initial access. Once inside you’ll identify the security systems, scrape passwords, plant persistent backdoors, and delve deep into areas you don’t belong. Throughout your task you’ll get caught, change tack on a tee, dance around defensive monitoring systems, anddisable tools from the inside. Sparc Flow’s clever insights, witty reasoning, andstealth maneuvers teach you to be patient, persevere, and adapt your skills at the drop of a hat.

You’ll learn how to:

Identify and evade Microsoft security systems like Advanced Threat Analysis,QRadar, MDE, and AMSI

Seek out subdomains and open ports with Censys, Python scripts, and other OSINT tools

Scrape password hashes using Kerberoasting

Plant camouflaged C# backdoors and payloads

Grab victims’ credentials with more advanced techniques like reflection anddomain replication

Like other titles in the How to Hack series, this book is packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to penetrating and bypassing Microsoft security systems.

Product Details

ISBN-13:	9781718501508
Publisher:	No Starch Press
Publication date:	10/25/2022
Pages:	216
Sales rank:	1,040,420
Product dimensions:	7.00(w) x 9.10(h) x 0.80(d)

About the Author

Sparc Flow is a computer security expert specialized in ethical hacking, who has presented research at international security conferences like Black Hat, DEF CON, and Hack In The Box. While his day job consists of performing penetration tests against companies so they can patch security vulnerabilities, his passion is writing and sharing hacking knowledge through his acclaimed Hack the Planet books.

Acknowledgments xv

Introduction xvii

How This Book Works xix

The Vague Plan xix

Part I Starting Blocks 1

1 Bending but Never Breaking 3

Infrastructure Requirements 4

Front-line Practical Configuration 6

Attack Server 6

C2 Server 6

Resources 11

2 Buried Alive 13

Establishing Contact 14

Scouring the Web 15

Finding the Weak Links 19

Resources 21

3 Pitching a Curve Ball 23

Stealing the Look 24

Unearthing Subdomains 25

Phishing Foes 26

Spam Filters 26

Email Sandboxes 27

Antivirus 28

Credential Harvesting 28

4 Perfecting the Hook 31

Recycling Domains 31

Manipulating Headers 34

Routing Emails 35

Setting Up the Sender Policy Framework 37

Generating a Public Key for DKIM 37

Baiting the Hook 39

Building the Site 41

Diverting the Analysts 43

User Hunting 45

Resources 46

Part II First Dive In 47

5 Prison Break 49

Diving In 50

Server Recon 55

Automating Our Recon 56

A Custom PowerShell Wrapper 58

Building an MSBuild Project 60

Unrestricted PowerShell 61

Resources 64

6 Busting in and Getting Busted! 65

Planting Our PowerShell 65

Microsoft Base Code 66

Interactive Mode 67

Loading the PowerView Script 68

Deeper Recon 69

Inspecting the Data 70

Gauging the Security 72

Impersonating Users 73

Resources 74

7 Know Thy Enemy 75

Investigating the Crime Scene 76

Revealing the Enemy 78

Resources 81

Part III Back to the Arena 83

8 Through Logs and Fire 85

Password Roulette 86

Devising a Strategy 88

Neutering Script Block Logging 89

The Power of Self-Inspection 89

Bypassing String Matches 93

Resources 96

9 Russian Roulette 97

Camouflage 97

Identifying Services 99

Attacking the Database 101

Kerberos Unraveled 101

Kerberoasting Databases 102

Cracking Passwords 103

Resources 107

10 Finally Free 109

Raw SQL 110

Mimikatz: Windows' Magic Wand 112

Executing Mimikatz 113

Combating AMSI 115

Identifying the Culprit 116

Evading String Matching 117

The Final Script 119

Executing the Script 120

Harvesting Our Spoils 121

Resources 123

11 Defeating the Machines 125

Exploring the Virtual Desktop 126

Bypassing MDE 128

Accessing LSASS 130

Extracting the Credentials 131

Defeating MDE 132

Process Protection 133

Gaining Trust 134

Thread Injection 135

Alternative Routes 139

Resources 140

12 Perfecting the Backdoor 141

The Development Structure 142

Planting a Backdoor 144

Setting the Snare 144

Checking Our Surroundings 147

Calling for the Payload 150

Reworking the Empire Agent 153

The Core of Our Backdoor 155

Hijacking Commits 156

Resources 157

Part IV Salvation 159

13 Hunting for Data 161

Scoping Out the Defenses 163

Gathering Intel 164

Hunting for Data 166

Privilege Check 168

Persisting 170

Raiding the Hive 171

Gaining Trust 174

Taking Credentials 175

Resources 176

14 Jackpot 177

Pivoting 177

Cracking the Vault 181

Closing Thoughts 184

Resources 185

Index 187

From the B&N Reads Blog

Page 1 of

Editorial Reviews

"How To Hack Like a Legend is a well written, story lead, day in a life of a hacker taking you into his hacking mindset and showing the reader even failure can be turned into a successful hack. This sort of hands-on material is normally only ever gained through experiences in real life. Above all, being able to get all this information down on paper and wrapping it all up with a fictional story really shows Sparc knows what he’s talking about."
—Security Tutorials

"Another great hacker plot by Spark Flow. This is the 7th book in his series on penetration testing, and like the rest it does not disappoint . . . Short, engaging, technical, and really fun."
—LockBoxx: A Hacker's Blog

"A good addition to his series. It covers many more topics to the existing others. This book is available to everyone because all tools and techniques presented are open sources."
—OnlineBooksReview

"What sets this book apart from other cyber security books is the unique plot it follows . . . The book is written for penetration testers and red teamers, but if you have some knowledge in IT do not hesitate to pick it up. It is a great read and Sparc Flow details step-by-step every line of code and obscure tip to make it understandable by everyone."
—Tech Guide and Reviews

"A good introduction to the entire process of infiltrating and compromising a network from beginning to end, and the kind of logical and creative thinking needed to successfully compromise a well secured environment."
—Darlene Hibbs, Senior Cybersecurity Researcher, Fortra

From the Publisher

How to Hack Like a Legend: Breaking Windows

How to Hack Like a Legend: Breaking Windows

Paperback

Paperback

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

Customer Reviews

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

Related Subjects

Customer Reviews