- Войти через:
- vk.com
- ok.ru
- google.com
- mail.ru
- yandex.ru
Wiles J., Gudaitis T., Jabbusch J., Rogers R., Lowther S. Low Tech Hacking: Street Smarts for Security Professionals
- Файл формата pdf
- размером 7,65 МБ
- Добавлен пользователем GrayH
- Описание отредактировано
Syngress, Elsevier, 2012., - 264 p., ISBN: 978-1-59749-665-0Criminals using hacking techniques can cost corporations, governments, and individuals millions of dollars each year. While the media focuses on the grand-scale attacks that have been planned for months and executed by teams and countries, there are thousands more that aren't broadcast. Low Tech Hacking focuses on the everyday hacks that, while simple in nature, actually add up to the most significant losses. Attackers are using common techniques like social engineering, wireless hacking, and targeting and surveillance to gain access to valuable data. This book contains detailed descriptions of potential threats and vulnerabilities, many of which the majority of the information systems world may be unaware. Author Jack Wiles spent many years as an inside penetration testing team leader, proving these threats and vulnerabilities exist and their countermeasures work. His contributing authors are among the best in the world in their respective areas of expertise.Social engineering: The ultimate low tech hacking threatHow easy is it?
The mind of a social engineer
The mind of a victim
Tools of the social engineering trade
One of my favorite tools of the trade
Social engineering would never work against our company
What was I able to social engineer out of Mary?
The final sting—two weeks later—Friday afternoon
Why did this scam work?
Let’s look at a few more social engineering tools
Keystroke logger—Is there one under your desk?
One of my lunchtime tools
Let’s look at that telephone butt-in set on my tool belt
Meet Mr. Phil Drake
Meet Mr. Paul Henry
Traditional AV, IDS, and IPS considerations
Traditional firewall consideration
Flaw remediation
Do you have a guest user of your credit card?
A few possible countermeasures
Always be slightly suspicious
Start to study the art of social engineering
Start a social engineering book libraryLow tech vulnerabilities: Physical securityA mini risk assessment
What did I have at risk?
What were some possible threats while out on the lake?
What were some of the possible vulnerabilities?
And finally, what about my countermeasures?
Outsider—Insider threats
Some things to consider for the security of your buildings?
Check all locks for proper operation
Use employee badges
Shredder technology keeps changing as well
Keep an eye on corporate or agency phone books
Unsecured areas are targets for tailgating
Special training for off-shift staff
Bomb threats in Chicago
Check those phone closets
Remove a few door signs
Review video security logs
Consider adding motion-sensing lights
Subterranean vulnerabilities
Clean out your elephant burial ground
Spot check those drop ceilings
Internal auditors are your friends
BONUS: Home security tipsMore about locks and ways to low tech hack themA little more about locks and lock picking
What kinds of locks are the most popular?
Purchasing better quality locks will be cost effective
Be aware of lock vulnerabilities
Forced entry—and other ways to cheat!
A time-tested low tech method of forced entry
Let’s break into a semi–high security room
Retracting the bolt to open the door
Gaining access to the lock itself
Keys and key control
Social engineering and key access
Who has the keys to your kingdom
Special key control awareness training
Bait and switch war story that could happen to you
Padlock shims are not a new threat
Some places to go to learn and have some fun
My 110-year-old puzzle
More about keys and how to make one if you don’t have one
Five pounds of my favorite keys
Ways to make a key if you didn’t bring a key machine
One final lock to talk about and then we’re done
Rim cylinder locks vs. mortise cylinder locksLow tech wireless hackingWireless 101: The electromagnetic spectrum
Why securing wireless is hard
802.11 and Bluetooth low tech hacks
DoS and availability
Layer 1 DoS attacks
Layer 2 DoS attacks
Backdoors and cracks
Crack attack
Tap, tap. Mirror, mirror .on the wallplate
Guesssst who got in
Peer-to-peer-to-hack
Ad hoc, ad finem
Going rogue
Marveling at the gambit of rogues
New SSID on the street
It’s a bird .it’s a plane .it’s a ROGUE?
Bridge bereavement
Assault by defaults
Open sesame
Default WPA keys
More Google hacking
Bypassing specific security tools
Going static
Counterfeit MACs
MAC switcharoo
HTML Free Wi-Fi /HTMLLow tech targeting and surveillance: How much could they find out about you?Initial identification
Property records, employment, and neighborhood routes
Disclosure on social networks and social media
Financials, investments, and purchase habits
Frequented locations and travel patterns
Third party disclosures
Use of signatures
Automated surveillance
Target interaction
Scanners and miniatures
Summary and recommendations
RecommendationsLow tech hacking for the penetration testerThe human condition
Selective attention
Magic is distraction
Building trust and influencing behavior
Technology matters
USB thumb drives
CDs and DVDs
Staging the effort
Target organization
Getting things in order
Deciding on location
Choosing the strategy
Choosing the technology
A useful case study
Approaching hotel staff
Approaching conference staffLow tech hacking and the law: Where can you go for help?Meet Mr. Tony Marino
Low tech hacking interview with Tony Marino, U.S. Secret Service (retired)
Meet Special Agent (SA) Gregory K. Baker, FBI
Low tech hacking interview with Special Agent (SA) Gregory K. Baker, FBIInformation security awareness training: Your most valuable countermeasure to employee riskAn introduction to information security awareness
The people and personalities of information security awareness
Data theft and employee awareness
Designing an effective information security awareness program
Repetition is the aide to memory
Touch points
To team or not to team, that is the question
Creating a business plan for your Information Security Awareness Program
The presentation
Components of an awareness program
Next steps
The Classification of Data Matrix
Manager’s Quick Reference Guide
Finding materials for your program
The importance of a good editor
Implementing an information security awareness program
Who writes the awareness standard?
Finding win-win solutions
Building a perpetual awareness program
Who should take the training?
Getting the program off the ground
Making information security accessible
A lesson learned
The dollars and cents of your program
Above and beyond
Making security part of the company mind-set
The importance of communication with other lines-of-businesses
Let’s talk more about alliances
Keeping your program viable
Other resources
Measuring your program’s success
Identifying key components and cumulative results
The mind of a social engineer
The mind of a victim
Tools of the social engineering trade
One of my favorite tools of the trade
Social engineering would never work against our company
What was I able to social engineer out of Mary?
The final sting—two weeks later—Friday afternoon
Why did this scam work?
Let’s look at a few more social engineering tools
Keystroke logger—Is there one under your desk?
One of my lunchtime tools
Let’s look at that telephone butt-in set on my tool belt
Meet Mr. Phil Drake
Meet Mr. Paul Henry
Traditional AV, IDS, and IPS considerations
Traditional firewall consideration
Flaw remediation
Do you have a guest user of your credit card?
A few possible countermeasures
Always be slightly suspicious
Start to study the art of social engineering
Start a social engineering book libraryLow tech vulnerabilities: Physical securityA mini risk assessment
What did I have at risk?
What were some possible threats while out on the lake?
What were some of the possible vulnerabilities?
And finally, what about my countermeasures?
Outsider—Insider threats
Some things to consider for the security of your buildings?
Check all locks for proper operation
Use employee badges
Shredder technology keeps changing as well
Keep an eye on corporate or agency phone books
Unsecured areas are targets for tailgating
Special training for off-shift staff
Bomb threats in Chicago
Check those phone closets
Remove a few door signs
Review video security logs
Consider adding motion-sensing lights
Subterranean vulnerabilities
Clean out your elephant burial ground
Spot check those drop ceilings
Internal auditors are your friends
BONUS: Home security tipsMore about locks and ways to low tech hack themA little more about locks and lock picking
What kinds of locks are the most popular?
Purchasing better quality locks will be cost effective
Be aware of lock vulnerabilities
Forced entry—and other ways to cheat!
A time-tested low tech method of forced entry
Let’s break into a semi–high security room
Retracting the bolt to open the door
Gaining access to the lock itself
Keys and key control
Social engineering and key access
Who has the keys to your kingdom
Special key control awareness training
Bait and switch war story that could happen to you
Padlock shims are not a new threat
Some places to go to learn and have some fun
My 110-year-old puzzle
More about keys and how to make one if you don’t have one
Five pounds of my favorite keys
Ways to make a key if you didn’t bring a key machine
One final lock to talk about and then we’re done
Rim cylinder locks vs. mortise cylinder locksLow tech wireless hackingWireless 101: The electromagnetic spectrum
Why securing wireless is hard
802.11 and Bluetooth low tech hacks
DoS and availability
Layer 1 DoS attacks
Layer 2 DoS attacks
Backdoors and cracks
Crack attack
Tap, tap. Mirror, mirror .on the wallplate
Guesssst who got in
Peer-to-peer-to-hack
Ad hoc, ad finem
Going rogue
Marveling at the gambit of rogues
New SSID on the street
It’s a bird .it’s a plane .it’s a ROGUE?
Bridge bereavement
Assault by defaults
Open sesame
Default WPA keys
More Google hacking
Bypassing specific security tools
Going static
Counterfeit MACs
MAC switcharoo
HTML Free Wi-Fi /HTMLLow tech targeting and surveillance: How much could they find out about you?Initial identification
Property records, employment, and neighborhood routes
Disclosure on social networks and social media
Financials, investments, and purchase habits
Frequented locations and travel patterns
Third party disclosures
Use of signatures
Automated surveillance
Target interaction
Scanners and miniatures
Summary and recommendations
RecommendationsLow tech hacking for the penetration testerThe human condition
Selective attention
Magic is distraction
Building trust and influencing behavior
Technology matters
USB thumb drives
CDs and DVDs
Staging the effort
Target organization
Getting things in order
Deciding on location
Choosing the strategy
Choosing the technology
A useful case study
Approaching hotel staff
Approaching conference staffLow tech hacking and the law: Where can you go for help?Meet Mr. Tony Marino
Low tech hacking interview with Tony Marino, U.S. Secret Service (retired)
Meet Special Agent (SA) Gregory K. Baker, FBI
Low tech hacking interview with Special Agent (SA) Gregory K. Baker, FBIInformation security awareness training: Your most valuable countermeasure to employee riskAn introduction to information security awareness
The people and personalities of information security awareness
Data theft and employee awareness
Designing an effective information security awareness program
Repetition is the aide to memory
Touch points
To team or not to team, that is the question
Creating a business plan for your Information Security Awareness Program
The presentation
Components of an awareness program
Next steps
The Classification of Data Matrix
Manager’s Quick Reference Guide
Finding materials for your program
The importance of a good editor
Implementing an information security awareness program
Who writes the awareness standard?
Finding win-win solutions
Building a perpetual awareness program
Who should take the training?
Getting the program off the ground
Making information security accessible
A lesson learned
The dollars and cents of your program
Above and beyond
Making security part of the company mind-set
The importance of communication with other lines-of-businesses
Let’s talk more about alliances
Keeping your program viable
Other resources
Measuring your program’s success
Identifying key components and cumulative results
- Чтобы скачать этот файл зарегистрируйтесь и/или войдите на сайт используя форму сверху.