![How to Hack Like a Legend: Breaking Windows](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.8.5)
![How to Hack Like a Legend: Breaking Windows](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.8.5)
Paperback
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
Overview
Step into the shoes of a master hacker and break into an intelligent, highly defensive Windows environment. You’ll be infiltrating the suspicious (fictional) offshoring company G & S Trust and their hostile Microsoft stronghold. While the target is fictional, the corporation’s vulnerabilities are based on real-life weaknesses in today’s advanced Windows defense systems. You’ll experience all the thrills, frustrations, dead-ends, and eureka moments of the mission first-hand, while picking up practical, cutting-edge techniques for evading Microsoft’s best security systems.
The adventure starts with setting up your elite hacking infrastructure complete with virtual Windows system. After some thorough passive recon, you’ll craft a sophisticated phishing campaign to steal credentials and gain initial access. Once inside you’ll identify the security systems, scrape passwords, plant persistent backdoors, and delve deep into areas you don’t belong. Throughout your task you’ll get caught, change tack on a tee, dance around defensive monitoring systems, anddisable tools from the inside. Sparc Flow’s clever insights, witty reasoning, andstealth maneuvers teach you to be patient, persevere, and adapt your skills at the drop of a hat.
You’ll learn how to:
- Identify and evade Microsoft security systems like Advanced Threat Analysis,QRadar, MDE, and AMSI
- Seek out subdomains and open ports with Censys, Python scripts, and other OSINT tools
- Scrape password hashes using Kerberoasting
- Plant camouflaged C# backdoors and payloads
- Grab victims’ credentials with more advanced techniques like reflection anddomain replication
Product Details
ISBN-13: | 9781718501508 |
---|---|
Publisher: | No Starch Press |
Publication date: | 10/25/2022 |
Pages: | 216 |
Sales rank: | 1,040,420 |
Product dimensions: | 7.00(w) x 9.10(h) x 0.80(d) |
About the Author
Table of Contents
Acknowledgments xv
Introduction xvii
How This Book Works xix
The Vague Plan xix
Part I Starting Blocks 1
1 Bending but Never Breaking 3
Infrastructure Requirements 4
Front-line Practical Configuration 6
Attack Server 6
C2 Server 6
Resources 11
2 Buried Alive 13
Establishing Contact 14
Scouring the Web 15
Finding the Weak Links 19
Resources 21
3 Pitching a Curve Ball 23
Stealing the Look 24
Unearthing Subdomains 25
Phishing Foes 26
Spam Filters 26
Email Sandboxes 27
Antivirus 28
Credential Harvesting 28
4 Perfecting the Hook 31
Recycling Domains 31
Manipulating Headers 34
Routing Emails 35
Setting Up the Sender Policy Framework 37
Generating a Public Key for DKIM 37
Baiting the Hook 39
Building the Site 41
Diverting the Analysts 43
User Hunting 45
Resources 46
Part II First Dive In 47
5 Prison Break 49
Diving In 50
Server Recon 55
Automating Our Recon 56
A Custom PowerShell Wrapper 58
Building an MSBuild Project 60
Unrestricted PowerShell 61
Resources 64
6 Busting in and Getting Busted! 65
Planting Our PowerShell 65
Microsoft Base Code 66
Interactive Mode 67
Loading the PowerView Script 68
Deeper Recon 69
Inspecting the Data 70
Gauging the Security 72
Impersonating Users 73
Resources 74
7 Know Thy Enemy 75
Investigating the Crime Scene 76
Revealing the Enemy 78
Resources 81
Part III Back to the Arena 83
8 Through Logs and Fire 85
Password Roulette 86
Devising a Strategy 88
Neutering Script Block Logging 89
The Power of Self-Inspection 89
Bypassing String Matches 93
Resources 96
9 Russian Roulette 97
Camouflage 97
Identifying Services 99
Attacking the Database 101
Kerberos Unraveled 101
Kerberoasting Databases 102
Cracking Passwords 103
Resources 107
10 Finally Free 109
Raw SQL 110
Mimikatz: Windows' Magic Wand 112
Executing Mimikatz 113
Combating AMSI 115
Identifying the Culprit 116
Evading String Matching 117
The Final Script 119
Executing the Script 120
Harvesting Our Spoils 121
Resources 123
11 Defeating the Machines 125
Exploring the Virtual Desktop 126
Bypassing MDE 128
Accessing LSASS 130
Extracting the Credentials 131
Defeating MDE 132
Process Protection 133
Gaining Trust 134
Thread Injection 135
Alternative Routes 139
Resources 140
12 Perfecting the Backdoor 141
The Development Structure 142
Planting a Backdoor 144
Setting the Snare 144
Checking Our Surroundings 147
Calling for the Payload 150
Reworking the Empire Agent 153
The Core of Our Backdoor 155
Hijacking Commits 156
Resources 157
Part IV Salvation 159
13 Hunting for Data 161
Scoping Out the Defenses 163
Gathering Intel 164
Hunting for Data 166
Privilege Check 168
Persisting 170
Raiding the Hive 171
Gaining Trust 174
Taking Credentials 175
Resources 176
14 Jackpot 177
Pivoting 177
Cracking the Vault 181
Closing Thoughts 184
Resources 185
Index 187