Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Hunting Cyber Criminals
A Hacker's Guide to Online Intelligence Gathering Tools and Techniques
Taschenbuch von Vinny Troia
Sprache: Englisch

40,20 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung
The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries.

This book's unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles:
* Through the eyes of the author who has several years of experience in the subject.
* Through the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets.
* Through the eyes of industry leaders.

This book is ideal for:

Investigation professionals, forensic analysts, and CISO/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization.

Security analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information.

CISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization's data.
The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries.

This book's unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles:
* Through the eyes of the author who has several years of experience in the subject.
* Through the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets.
* Through the eyes of industry leaders.

This book is ideal for:

Investigation professionals, forensic analysts, and CISO/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization.

Security analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information.

CISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization's data.
Über den Autor

ABOUT THE AUTHOR

VINNY TROIA is a cybersecurity evangelist and hacker with Night Lion Security. He is an acknowledged expert in digital forensics investigations, security strategies, and security breach remediation. Vinny possesses deep knowledge of industry-standard security and compliance controls, is frequently seen providing security expertise on major TV and radio networks, and recently introduced Data Viper, his own threat intelligence and cyber-criminal hunting platform.

Inhaltsverzeichnis

Prologue xxv

Chapter 1 Getting Started 1

Why This Book is Different 2

What You Will and Won't Find in This Book 2

Getting to Know Your Fellow Experts 3

A Note on Cryptocurrencies 4

What You Need to Know 4

Paid Tools and Historical Data 5

What about Maltego? 5

Prerequisites 5

Know How to Use and Configure Linux 5

Get Your API Keys in Order 6

Important Resources 6

OSINT Framework 6

[...] 6

IntelTechniques 7

Termbin 8

Hunchly 9

Wordlists and Generators 9

SecLists 9

Cewl 10

Crunch 10

Proxies 10

Storm Proxies (Auto-Rotating) 10

Cryptocurrencies 101 11

How Do Cryptocurrencies Work? 12

Blockchain Explorers 13

Following the Money 15

Identifying Exchanges and Traders 17

Summary 18

Chapter 2 Investigations and Threat Actors 19

The Path of an Investigator 19

Go Big or Go Home 20

The Breach That Never Happened 21

What Would You Do? 22

Moral Gray Areas 24

Different Investigative Paths 25

Investigating Cyber Criminals 26

The Beginning of the Hunt (for TDO) 27

The Dark Overlord 27

List of Victims 28

A Brief Overview 29

Communication Style 30

Group Structure and Members 30

Cyper 31

Arnie 32

Cr00k (Ping) 35

NSA (Peace of Mind) 36

The Dark Overlord 38

Summary 41

Part I Network Exploration 43

Chapter 3 Manual Network Exploration 45

Chapter Targets: [...] and [...] 46

Asset Discovery 46

ARIN Search 47

Search Engine Dorks 48

DNSDumpster 49

Hacker Target 52

Shodan 53

Censys (Subdomain Finder) 56

Censys Subdomain Finder 56

Fierce 57

Sublist3r 58

Enumall 59

Results 60

Phishing Domains and Typosquatting 61

Summary 64

Chapter 4 Looking for Network Activity (Advanced NMAP Techniques) 67

Getting Started 67

Preparing a List of Active Hosts 68

Full Port Scans Using Different Scan Types 68

TCP Window Scan 70

Working against Firewalls and IDS 70

Using Reason Response 71

Identifying Live Servers 71

Firewall Evasion 73

Distributed Scanning with Proxies and TOR 73

Fragmented Packets/MTU 74

Service Detection Trick 74

Low and Slow 76

Bad Checksums, Decoy, and Random Data 76

Firewalking 79

Comparing Results 79

Styling NMAP Reports 81

Summary 82

Chapter 5 Automated Tools for Network Discovery 83

SpiderFoot 84

SpiderFoot HX (Premium) 91

[...] 95

Entities Tab 96

Analyzing [...] 99

Analyzing the Results 104

Exporting Your Results 105

Recon-NG 107

Searching for Modules 111

Using Modules 111

Looking for Ports with Shodan 115

Summary 116

Part II Web Exploration 119

Chapter 6 Website Information Gathering 121

BuiltWith 121

Finding Common Sites Using Google Analytics Tracker 123

IP History and Related Sites 124

Webapp Information Gatherer (WIG) 124

CMSMap 129

Running a Single Site Scan 130

Scanning Multiple Sites in Batch Mode 130

Detecting Vulnerabilities 131

WPScan 132

Dealing with WAFs/WordPress Not Detected 136

Summary 141

Chapter 7 Directory Hunting 143

Dirhunt 143

Wfuzz 146

Photon 149

Crawling a Website 151

[...] 152

Summary 157

Chapter 8 Search Engine Dorks 159

Essential Search Dorks 160

The Minus Sign 160

Using Quotes 160

The site: Operator 161

The intitle: Operator 161

The allintitle: Operator 162

The fi letype: Operator 162

The inurl: Operator 163

The cache: Operator 165

The allinurl: Operator 165

The fi lename: Operator 165

The intext: Operator 165

The Power of the Dork 166

Don't Forget about Bing and Yahoo! 169

Automated Dorking Tools 169

Inurlbr 169

Using Inurlbr 171

Summary 173

Chapter 9 WHOIS 175

WHOIS 175

Uses for WHOIS Data 176

Historical WHOIS 177

Searching for Similar Domains 177

[...] 177

Searching for Multiple Keywords 179

Advanced Searches 181

Looking for Threat Actors 182

Whoisology 183

Advanced Domain Searching 187

Worth the Money? Absolutely 188

DomainTools 188

Domain Search 188

Bulk WHOIS 189

Reverse IP Lookup 189

WHOIS Records on Steroids 190

WHOIS History 192

The Power of Screenshots 193

Digging into WHOIS History 193

Looking for Changes in Ownership 194

Reverse WHOIS 196

Cross-Checking All Information 197

Summary 199

Chapter 10 Certificate Transparency and Internet Archives 201

Certificate Transparency 201

What Does Any of This Have to Do with Digital Investigations? 202

Scouting with CTFR 202

[...] 204

CT in Action: Side-stepping Cloudflare 204

Testing More Targets 208

CloudFlair (Script) and Censys 209

How Does It Work? 210

Wayback Machine and Search Engine Archives 211

Search Engine Caches 212

[...] 214

Wayback Machine Scraper 214

Enum Wayback 215

Scraping Wayback with Photon 216

[...] Site Search URLs 217

Wayback Site Digest: A List of Every Site URL Cached by Wayback 219

Summary 220

Chapter 11 Iris by DomainTools 221

The Basics of Iris 221

Guided Pivots 223

Configuring Your Settings 223

Historical Search Setting 224

Pivootttt!!! 225

Pivoting on SSL Certificate Hashes 227

Keeping Notes 228

WHOIS History 230

Screenshot History 232

Hosting History 232

Bringing It All Together 234

A Major Find 240

Summary 241

Part III Digging for Gold 243

Chapter 12 Document Metadata 245

Exiftool 246

Metagoofil 248

Recon-NG Metadata Modules 250

Metacrawler 250

Interesting_Files Module 252

Pushpin Geolocation Modules 254

[...] 257

FOCA 261

Starting a Project 262

Extracting Metadata 263

Summary 266

Chapter 13 Interesting Places to Look 267

TheHarvester 268

Running a Scan 269

Paste Sites 273

[...] 273

Forums 274

Investigating Forum History (and TDO) 275

Following Breadcrumbs 276

Tracing Cyper's Identity 278

Code Repositories 280

[...] 281

Searching for Code 282

False Negatives 283

Gitrob 284

Git Commit Logs 287

Wiki Sites 288

Wikipedia 289

Summary 292

Chapter 14 Publicly Accessible Data Storage 293

The Exactis Leak and Shodan 294

Data Attribution 295

Shodan's Command-Line Options 296

Querying Historical Data 296

CloudStorageFinder 298

Amazon S3 299

Digital Ocean Spaces 300

NoSQL Databases 301

MongoDB 302

Robot 3T 302

Mongo Command-Line Tools 305

Elasticsearch 308

Querying Elasticsearch 308

Dumping Elasticsearch Data 311

NoScrape 311

MongoDB 313

Elasticsearch 314

Scan 314

Search 315

Dump 317

MatchDump 317

Cassandra 318

Amazon S3 320

Using Your Own S3 Credentials 320

Summary 321

Part IV People Hunting 323

Chapter 15 Researching People, Images, and Locations 325

PIPL 326

Searching for People 327

Public Records and Background Checks 330

[...] 331

Threat Actors Have Dads, Too 332

Criminal Record Searches 332

Image Searching 333

Google Images 334

Searching for Gold 335

Following the Trail 335

TinEye 336

EagleEye 340

Searching for Images 340

[...] and Geolocation 343

Getting Started 343

IP Address Tracking 346

Summary 347

Chapter 16 Searching Social Media 349

[...] 350

Another Test Subject 355

Twitter 357

SocialLinks: For Maltego Users 358

Skiptracer 361

Running a Search 361

Searching for an Email Address 361

Searching for a Phone Number 364

Searching Usernames 366

One More Username Search 368

Userrecon 370

Reddit Investigator 372

A Critical "Peace" of the TDO Investigation 374

Summary 375

Chapter 17 Profile Tracking and Password Reset Clues 377

Where to Start (with TDO)? 377

Building a Profile Matrix 378

Starting a Search with Forums 379

Ban Lists 381

Social Engineering 381

SE'ing Threat Actors: The "Argon" Story 383

Everyone Gets SE'd-a Lesson Learned 387

The End of TDO and the KickAss Forum 388

Using Password Reset Clues 390

Starting Your Verification Sheet 391

Gmail 391

Facebook 393

PayPal 394

Twitter 397

Microsoft 399

Instagram 400

Using jQuery Website Responses 400

ICQ 403

Summary 405

Chapter 18 Passwords, Dumps, and Data Viper 407

Using Passwords 408

Completing F3ttywap's Profile Matrix 409

An Important Wrong Turn 412

Acquiring Your Data 413

Data Quality and Collections 1-5 413

Always Manually Verify the Data 415

Where to Find Quality Data 420

Data Viper 420

Forums: The Missing Link 421

Identifying the Real "Cr00k" 422

...
Details
Erscheinungsjahr: 2020
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 544 S.
ISBN-13: 9781119540922
ISBN-10: 1119540925
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Troia, Vinny
Hersteller: John Wiley & Sons Inc
Maße: 233 x 190 x 30 mm
Von/Mit: Vinny Troia
Erscheinungsdatum: 19.03.2020
Gewicht: 0,918 kg
Artikel-ID: 115312988
Über den Autor

ABOUT THE AUTHOR

VINNY TROIA is a cybersecurity evangelist and hacker with Night Lion Security. He is an acknowledged expert in digital forensics investigations, security strategies, and security breach remediation. Vinny possesses deep knowledge of industry-standard security and compliance controls, is frequently seen providing security expertise on major TV and radio networks, and recently introduced Data Viper, his own threat intelligence and cyber-criminal hunting platform.

Inhaltsverzeichnis

Prologue xxv

Chapter 1 Getting Started 1

Why This Book is Different 2

What You Will and Won't Find in This Book 2

Getting to Know Your Fellow Experts 3

A Note on Cryptocurrencies 4

What You Need to Know 4

Paid Tools and Historical Data 5

What about Maltego? 5

Prerequisites 5

Know How to Use and Configure Linux 5

Get Your API Keys in Order 6

Important Resources 6

OSINT Framework 6

[...] 6

IntelTechniques 7

Termbin 8

Hunchly 9

Wordlists and Generators 9

SecLists 9

Cewl 10

Crunch 10

Proxies 10

Storm Proxies (Auto-Rotating) 10

Cryptocurrencies 101 11

How Do Cryptocurrencies Work? 12

Blockchain Explorers 13

Following the Money 15

Identifying Exchanges and Traders 17

Summary 18

Chapter 2 Investigations and Threat Actors 19

The Path of an Investigator 19

Go Big or Go Home 20

The Breach That Never Happened 21

What Would You Do? 22

Moral Gray Areas 24

Different Investigative Paths 25

Investigating Cyber Criminals 26

The Beginning of the Hunt (for TDO) 27

The Dark Overlord 27

List of Victims 28

A Brief Overview 29

Communication Style 30

Group Structure and Members 30

Cyper 31

Arnie 32

Cr00k (Ping) 35

NSA (Peace of Mind) 36

The Dark Overlord 38

Summary 41

Part I Network Exploration 43

Chapter 3 Manual Network Exploration 45

Chapter Targets: [...] and [...] 46

Asset Discovery 46

ARIN Search 47

Search Engine Dorks 48

DNSDumpster 49

Hacker Target 52

Shodan 53

Censys (Subdomain Finder) 56

Censys Subdomain Finder 56

Fierce 57

Sublist3r 58

Enumall 59

Results 60

Phishing Domains and Typosquatting 61

Summary 64

Chapter 4 Looking for Network Activity (Advanced NMAP Techniques) 67

Getting Started 67

Preparing a List of Active Hosts 68

Full Port Scans Using Different Scan Types 68

TCP Window Scan 70

Working against Firewalls and IDS 70

Using Reason Response 71

Identifying Live Servers 71

Firewall Evasion 73

Distributed Scanning with Proxies and TOR 73

Fragmented Packets/MTU 74

Service Detection Trick 74

Low and Slow 76

Bad Checksums, Decoy, and Random Data 76

Firewalking 79

Comparing Results 79

Styling NMAP Reports 81

Summary 82

Chapter 5 Automated Tools for Network Discovery 83

SpiderFoot 84

SpiderFoot HX (Premium) 91

[...] 95

Entities Tab 96

Analyzing [...] 99

Analyzing the Results 104

Exporting Your Results 105

Recon-NG 107

Searching for Modules 111

Using Modules 111

Looking for Ports with Shodan 115

Summary 116

Part II Web Exploration 119

Chapter 6 Website Information Gathering 121

BuiltWith 121

Finding Common Sites Using Google Analytics Tracker 123

IP History and Related Sites 124

Webapp Information Gatherer (WIG) 124

CMSMap 129

Running a Single Site Scan 130

Scanning Multiple Sites in Batch Mode 130

Detecting Vulnerabilities 131

WPScan 132

Dealing with WAFs/WordPress Not Detected 136

Summary 141

Chapter 7 Directory Hunting 143

Dirhunt 143

Wfuzz 146

Photon 149

Crawling a Website 151

[...] 152

Summary 157

Chapter 8 Search Engine Dorks 159

Essential Search Dorks 160

The Minus Sign 160

Using Quotes 160

The site: Operator 161

The intitle: Operator 161

The allintitle: Operator 162

The fi letype: Operator 162

The inurl: Operator 163

The cache: Operator 165

The allinurl: Operator 165

The fi lename: Operator 165

The intext: Operator 165

The Power of the Dork 166

Don't Forget about Bing and Yahoo! 169

Automated Dorking Tools 169

Inurlbr 169

Using Inurlbr 171

Summary 173

Chapter 9 WHOIS 175

WHOIS 175

Uses for WHOIS Data 176

Historical WHOIS 177

Searching for Similar Domains 177

[...] 177

Searching for Multiple Keywords 179

Advanced Searches 181

Looking for Threat Actors 182

Whoisology 183

Advanced Domain Searching 187

Worth the Money? Absolutely 188

DomainTools 188

Domain Search 188

Bulk WHOIS 189

Reverse IP Lookup 189

WHOIS Records on Steroids 190

WHOIS History 192

The Power of Screenshots 193

Digging into WHOIS History 193

Looking for Changes in Ownership 194

Reverse WHOIS 196

Cross-Checking All Information 197

Summary 199

Chapter 10 Certificate Transparency and Internet Archives 201

Certificate Transparency 201

What Does Any of This Have to Do with Digital Investigations? 202

Scouting with CTFR 202

[...] 204

CT in Action: Side-stepping Cloudflare 204

Testing More Targets 208

CloudFlair (Script) and Censys 209

How Does It Work? 210

Wayback Machine and Search Engine Archives 211

Search Engine Caches 212

[...] 214

Wayback Machine Scraper 214

Enum Wayback 215

Scraping Wayback with Photon 216

[...] Site Search URLs 217

Wayback Site Digest: A List of Every Site URL Cached by Wayback 219

Summary 220

Chapter 11 Iris by DomainTools 221

The Basics of Iris 221

Guided Pivots 223

Configuring Your Settings 223

Historical Search Setting 224

Pivootttt!!! 225

Pivoting on SSL Certificate Hashes 227

Keeping Notes 228

WHOIS History 230

Screenshot History 232

Hosting History 232

Bringing It All Together 234

A Major Find 240

Summary 241

Part III Digging for Gold 243

Chapter 12 Document Metadata 245

Exiftool 246

Metagoofil 248

Recon-NG Metadata Modules 250

Metacrawler 250

Interesting_Files Module 252

Pushpin Geolocation Modules 254

[...] 257

FOCA 261

Starting a Project 262

Extracting Metadata 263

Summary 266

Chapter 13 Interesting Places to Look 267

TheHarvester 268

Running a Scan 269

Paste Sites 273

[...] 273

Forums 274

Investigating Forum History (and TDO) 275

Following Breadcrumbs 276

Tracing Cyper's Identity 278

Code Repositories 280

[...] 281

Searching for Code 282

False Negatives 283

Gitrob 284

Git Commit Logs 287

Wiki Sites 288

Wikipedia 289

Summary 292

Chapter 14 Publicly Accessible Data Storage 293

The Exactis Leak and Shodan 294

Data Attribution 295

Shodan's Command-Line Options 296

Querying Historical Data 296

CloudStorageFinder 298

Amazon S3 299

Digital Ocean Spaces 300

NoSQL Databases 301

MongoDB 302

Robot 3T 302

Mongo Command-Line Tools 305

Elasticsearch 308

Querying Elasticsearch 308

Dumping Elasticsearch Data 311

NoScrape 311

MongoDB 313

Elasticsearch 314

Scan 314

Search 315

Dump 317

MatchDump 317

Cassandra 318

Amazon S3 320

Using Your Own S3 Credentials 320

Summary 321

Part IV People Hunting 323

Chapter 15 Researching People, Images, and Locations 325

PIPL 326

Searching for People 327

Public Records and Background Checks 330

[...] 331

Threat Actors Have Dads, Too 332

Criminal Record Searches 332

Image Searching 333

Google Images 334

Searching for Gold 335

Following the Trail 335

TinEye 336

EagleEye 340

Searching for Images 340

[...] and Geolocation 343

Getting Started 343

IP Address Tracking 346

Summary 347

Chapter 16 Searching Social Media 349

[...] 350

Another Test Subject 355

Twitter 357

SocialLinks: For Maltego Users 358

Skiptracer 361

Running a Search 361

Searching for an Email Address 361

Searching for a Phone Number 364

Searching Usernames 366

One More Username Search 368

Userrecon 370

Reddit Investigator 372

A Critical "Peace" of the TDO Investigation 374

Summary 375

Chapter 17 Profile Tracking and Password Reset Clues 377

Where to Start (with TDO)? 377

Building a Profile Matrix 378

Starting a Search with Forums 379

Ban Lists 381

Social Engineering 381

SE'ing Threat Actors: The "Argon" Story 383

Everyone Gets SE'd-a Lesson Learned 387

The End of TDO and the KickAss Forum 388

Using Password Reset Clues 390

Starting Your Verification Sheet 391

Gmail 391

Facebook 393

PayPal 394

Twitter 397

Microsoft 399

Instagram 400

Using jQuery Website Responses 400

ICQ 403

Summary 405

Chapter 18 Passwords, Dumps, and Data Viper 407

Using Passwords 408

Completing F3ttywap's Profile Matrix 409

An Important Wrong Turn 412

Acquiring Your Data 413

Data Quality and Collections 1-5 413

Always Manually Verify the Data 415

Where to Find Quality Data 420

Data Viper 420

Forums: The Missing Link 421

Identifying the Real "Cr00k" 422

...
Details
Erscheinungsjahr: 2020
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 544 S.
ISBN-13: 9781119540922
ISBN-10: 1119540925
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Troia, Vinny
Hersteller: John Wiley & Sons Inc
Maße: 233 x 190 x 30 mm
Von/Mit: Vinny Troia
Erscheinungsdatum: 19.03.2020
Gewicht: 0,918 kg
Artikel-ID: 115312988
Warnhinweis

Ähnliche Produkte

Ähnliche Produkte