Details

Hunting Cyber Criminals

Hunting Cyber Criminals

A Hacker's Guide to Online Intelligence Gathering Tools and Techniques
1. Aufl.

von: Vinny Troia

25,99 €

Verlag: Wiley
Format: PDF
Veröffentl.: 27.01.2020
ISBN/EAN: 9781119540892
Sprache: englisch
Anzahl Seiten: 544

In den Warenkorb
Als Gutschein
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

Titelbeschreibung

<p>The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries.<br /><br />This book’s unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles:</p> <ul> <li>Through the eyes of the author who has several years of experience in the subject.</li> <li>Through the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets.</li> <li>Through the eyes of industry leaders.</li> </ul> <p>This book is ideal for:<br /><br />Investigation professionals, forensic analysts, and CISO/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization. <br /><br />Security analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information.<br /><br />CISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization’s data.</p>

Inhaltsverzeichnis

<p>Prologue xxv</p> <p><b>Chapter 1 Getting Started 1</b></p> <p>Why This Book is Different 2</p> <p>What You Will and Won’t Find in This Book 2</p> <p>Getting to Know Your Fellow Experts 3</p> <p>A Note on Cryptocurrencies 4</p> <p>What You Need to Know 4</p> <p>Paid Tools and Historical Data 5</p> <p>What about Maltego? 5</p> <p>Prerequisites 5</p> <p>Know How to Use and Configure Linux 5</p> <p>Get Your API Keys in Order 6</p> <p>Important Resources 6</p> <p>OSINT Framework 6</p> <p>OSINT.link 6</p> <p>IntelTechniques 7</p> <p>Termbin 8</p> <p>Hunchly 9</p> <p>Wordlists and Generators 9</p> <p>SecLists 9</p> <p>Cewl 10</p> <p>Crunch 10</p> <p>Proxies 10</p> <p>Storm Proxies (Auto-Rotating) 10</p> <p>Cryptocurrencies 101 11</p> <p>How Do Cryptocurrencies Work? 12</p> <p>Blockchain Explorers 13</p> <p>Following the Money 15</p> <p>Identifying Exchanges and Traders 17</p> <p>Summary 18</p> <p><b>Chapter 2 Investigations and Threat Actors 19</b></p> <p>The Path of an Investigator 19</p> <p>Go Big or Go Home 20</p> <p>The Breach That Never Happened 21</p> <p>What Would You Do? 22</p> <p>Moral Gray Areas 24</p> <p>Different Investigative Paths 25</p> <p>Investigating Cyber Criminals 26</p> <p>The Beginning of the Hunt (for TDO) 27</p> <p>The Dark Overlord 27</p> <p>List of Victims 28</p> <p>A Brief Overview 29</p> <p>Communication Style 30</p> <p>Group Structure and Members 30</p> <p>Cyper 31</p> <p>Arnie 32</p> <p>Cr00k (Ping) 35</p> <p>NSA (Peace of Mind) 36</p> <p>The Dark Overlord 38</p> <p>Summary 41</p> <p><b>Part I Network Exploration 43</b></p> <p><b>Chapter 3 Manual Network Exploration 45</b></p> <p>Chapter Targets: Pepsi.com and Cyper.org 46</p> <p>Asset Discovery 46</p> <p>ARIN Search 47</p> <p>Search Engine Dorks 48</p> <p>DNSDumpster 49</p> <p>Hacker Target 52</p> <p>Shodan 53</p> <p>Censys (Subdomain Finder) 56</p> <p>Censys Subdomain Finder 56</p> <p>Fierce 57</p> <p>Sublist3r 58</p> <p>Enumall 59</p> <p>Results 60</p> <p>Phishing Domains and Typosquatting 61</p> <p>Summary 64</p> <p><b>Chapter 4 Looking for Network Activity (Advanced NMAP Techniques) 67</b></p> <p>Getting Started 67</p> <p>Preparing a List of Active Hosts 68</p> <p>Full Port Scans Using Different Scan Types 68</p> <p>TCP Window Scan 70</p> <p>Working against Firewalls and IDS 70</p> <p>Using Reason Response 71</p> <p>Identifying Live Servers 71</p> <p>Firewall Evasion 73</p> <p>Distributed Scanning with Proxies and TOR 73</p> <p>Fragmented Packets/MTU 74</p> <p>Service Detection Trick 74</p> <p>Low and Slow 76</p> <p>Bad Checksums, Decoy, and Random Data 76</p> <p>Firewalking 79</p> <p>Comparing Results 79</p> <p>Styling NMAP Reports 81</p> <p>Summary 82</p> <p><b>Chapter 5 Automated Tools for Network Discovery 83</b></p> <p>SpiderFoot 84</p> <p>SpiderFoot HX (Premium) 91</p> <p>Intrigue.io 95</p> <p>Entities Tab 96</p> <p>Analyzing uberpeople.net 99</p> <p>Analyzing the Results 104</p> <p>Exporting Your Results 105</p> <p>Recon-NG 107</p> <p>Searching for Modules 111</p> <p>Using Modules 111</p> <p>Looking for Ports with Shodan 115</p> <p>Summary 116</p> <p><b>Part II Web Exploration 119</b></p> <p><b>Chapter 6 Website Information Gathering 121</b></p> <p>BuiltWith 121</p> <p>Finding Common Sites Using Google Analytics Tracker 123</p> <p>IP History and Related Sites 124</p> <p>Webapp Information Gatherer (WIG) 124</p> <p>CMSMap 129</p> <p>Running a Single Site Scan 130</p> <p>Scanning Multiple Sites in Batch Mode 130</p> <p>Detecting Vulnerabilities 131</p> <p>WPScan 132</p> <p>Dealing with WAFs/WordPress Not Detected 136</p> <p>Summary 141</p> <p><b>Chapter 7 Directory Hunting 143</b></p> <p>Dirhunt 143</p> <p>Wfuzz 146</p> <p>Photon 149</p> <p>Crawling a Website 151</p> <p>Intrigue.io 152</p> <p>Summary 157</p> <p><b>Chapter 8 Search Engine Dorks 159</b></p> <p>Essential Search Dorks 160</p> <p>The Minus Sign 160</p> <p>Using Quotes 160</p> <p>The site: Operator 161</p> <p>The intitle: Operator 161</p> <p>The allintitle: Operator 162</p> <p>The fi letype: Operator 162</p> <p>The inurl: Operator 163</p> <p>The cache: Operator 165</p> <p>The allinurl: Operator 165</p> <p>The fi lename: Operator 165</p> <p>The intext: Operator 165</p> <p>The Power of the Dork 166</p> <p>Don’t Forget about Bing and Yahoo! 169</p> <p>Automated Dorking Tools 169</p> <p>Inurlbr 169</p> <p>Using Inurlbr 171</p> <p>Summary 173</p> <p><b>Chapter 9 WHOIS 175</b></p> <p>WHOIS 175</p> <p>Uses for WHOIS Data 176</p> <p>Historical WHOIS 177</p> <p>Searching for Similar Domains 177</p> <p>Namedroppers.com 177</p> <p>Searching for Multiple Keywords 179</p> <p>Advanced Searches 181</p> <p>Looking for Threat Actors 182</p> <p>Whoisology 183</p> <p>Advanced Domain Searching 187</p> <p>Worth the Money? Absolutely 188</p> <p>DomainTools 188</p> <p>Domain Search 188</p> <p>Bulk WHOIS 189</p> <p>Reverse IP Lookup 189</p> <p>WHOIS Records on Steroids 190</p> <p>WHOIS History 192</p> <p>The Power of Screenshots 193</p> <p>Digging into WHOIS History 193</p> <p>Looking for Changes in Ownership 194</p> <p>Reverse WHOIS 196</p> <p>Cross-Checking <i>All </i>Information 197</p> <p>Summary 199</p> <p><b>Chapter 10 Certificate Transparency and Internet Archives 201</b></p> <p>Certificate Transparency 201</p> <p>What Does Any of This Have to Do with Digital Investigations? 202</p> <p>Scouting with CTFR 202</p> <p>Crt.sh 204</p> <p>CT in Action: Side-stepping Cloudflare 204</p> <p>Testing More Targets 208</p> <p>CloudFlair (Script) and Censys 209</p> <p>How Does It Work? 210</p> <p>Wayback Machine and Search Engine Archives 211</p> <p>Search Engine Caches 212</p> <p>CachedView.com 214</p> <p>Wayback Machine Scraper 214</p> <p>Enum Wayback 215</p> <p>Scraping Wayback with Photon 216</p> <p>Archive.org Site Search URLs 217</p> <p>Wayback Site Digest: A List of Every Site URL Cached by Wayback 219</p> <p>Summary 220</p> <p><b>Chapter 11 Iris by DomainTools 221</b></p> <p>The Basics of Iris 221</p> <p>Guided Pivots 223</p> <p>Configuring Your Settings 223</p> <p>Historical Search Setting 224</p> <p>Pivootttt!!! 225</p> <p>Pivoting on SSL Certificate Hashes 227</p> <p>Keeping Notes 228</p> <p>WHOIS History 230</p> <p>Screenshot History 232</p> <p>Hosting History 232</p> <p>Bringing It All Together 234</p> <p>A Major Find 240</p> <p>Summary 241</p> <p><b>Part III Digging for Gold 243</b></p> <p><b>Chapter 12 Document Metadata 245</b></p> <p>Exiftool 246</p> <p>Metagoofil 248</p> <p>Recon-NG Metadata Modules 250</p> <p>Metacrawler 250</p> <p>Interesting_Files Module 252</p> <p>Pushpin Geolocation Modules 254</p> <p>Intrigue.io 257</p> <p>FOCA 261</p> <p>Starting a Project 262</p> <p>Extracting Metadata 263</p> <p>Summary 266</p> <p><b>Chapter 13 Interesting Places to Look 267</b></p> <p>TheHarvester 268</p> <p>Running a Scan 269</p> <p>Paste Sites 273</p> <p>Psbdmp.ws 273</p> <p>Forums 274</p> <p>Investigating Forum History (and TDO) 275</p> <p>Following Breadcrumbs 276</p> <p>Tracing Cyper’s Identity 278</p> <p>Code Repositories 280</p> <p>SearchCode.com 281</p> <p>Searching for Code 282</p> <p>False Negatives 283</p> <p>Gitrob 284</p> <p>Git Commit Logs 287</p> <p>Wiki Sites 288</p> <p>Wikipedia 289</p> <p>Summary 292</p> <p><b>Chapter 14 Publicly Accessible Data Storage 293</b></p> <p>The Exactis Leak and Shodan 294</p> <p>Data Attribution 295</p> <p>Shodan’s Command-Line Options 296</p> <p>Querying Historical Data 296</p> <p>CloudStorageFinder 298</p> <p>Amazon S3 299</p> <p>Digital Ocean Spaces 300</p> <p>NoSQL Databases 301</p> <p>MongoDB 302</p> <p>Robot 3T 302</p> <p>Mongo Command-Line Tools 305</p> <p>Elasticsearch 308</p> <p>Querying Elasticsearch 308</p> <p>Dumping Elasticsearch Data 311</p> <p>NoScrape 311</p> <p>MongoDB 313</p> <p>Elasticsearch 314</p> <p>Scan 314</p> <p>Search 315</p> <p>Dump 317</p> <p>MatchDump 317</p> <p>Cassandra 318</p> <p>Amazon S3 320</p> <p>Using Your Own S3 Credentials 320</p> <p>Summary 321</p> <p><b>Part IV People Hunting 323</b></p> <p><b>Chapter 15 Researching People, Images, and Locations 325</b></p> <p>PIPL 326</p> <p>Searching for People 327</p> <p>Public Records and Background Checks 330</p> <p>Ancestry.com 331</p> <p>Threat Actors Have Dads, Too 332</p> <p>Criminal Record Searches 332</p> <p>Image Searching 333</p> <p>Google Images 334</p> <p>Searching for Gold 335</p> <p>Following the Trail 335</p> <p>TinEye 336</p> <p>EagleEye 340</p> <p>Searching for Images 340</p> <p>Cree.py and Geolocation 343</p> <p>Getting Started 343</p> <p>IP Address Tracking 346</p> <p>Summary 347</p> <p><b>Chapter 16 Searching Social Media 349</b></p> <p>OSINT.rest 350</p> <p>Another Test Subject 355</p> <p>Twitter 357</p> <p>SocialLinks: For Maltego Users 358</p> <p>Skiptracer 361</p> <p>Running a Search 361</p> <p>Searching for an Email Address 361</p> <p>Searching for a Phone Number 364</p> <p>Searching Usernames 366</p> <p>One More Username Search 368</p> <p>Userrecon 370</p> <p>Reddit Investigator 372</p> <p>A Critical “Peace” of the TDO Investigation 374</p> <p>Summary 375</p> <p><b>Chapter 17 Profile Tracking and Password Reset Clues 377</b></p> <p>Where to Start (with TDO)? 377</p> <p>Building a Profile Matrix 378</p> <p>Starting a Search with Forums 379</p> <p>Ban Lists 381</p> <p>Social Engineering 381</p> <p>SE’ing Threat Actors: The “Argon” Story 383</p> <p>Everyone Gets SE’d—a Lesson Learned 387</p> <p>The End of TDO and the KickAss Forum 388</p> <p>Using Password Reset Clues 390</p> <p>Starting Your Verification Sheet 391</p> <p>Gmail 391</p> <p>Facebook 393</p> <p>PayPal 394</p> <p>Twitter 397</p> <p>Microsoft 399</p> <p>Instagram 400</p> <p>Using jQuery Website Responses 400</p> <p>ICQ 403</p> <p>Summary 405</p> <p><b>Chapter 18 Passwords, Dumps, and Data Viper 407</b></p> <p>Using Passwords 408</p> <p>Completing F3ttywap’s Profile Matrix 409</p> <p>An Important Wrong Turn 412</p> <p>Acquiring Your Data 413</p> <p>Data Quality and Collections 1–5 413</p> <p>Always Manually Verify the Data 415</p> <p>Where to Find Quality Data 420</p> <p>Data Viper 420</p> <p>Forums: The Missing Link 421</p> <p>Identifying the Real “Cr00k” 422</p> <p>Tracking Cr00k’s Forum Movements 423</p> <p>Timeline Analysis 423</p> <p>The Eureka Moment 427</p> <p>Vanity over OPSEC, Every Time 429</p> <p>Why This Connection is Significant 429</p> <p>Starting Small: Data Viper 1.0 430</p> <p>Summary 431</p> <p><b>Chapter 19 Interacting with Threat Actors 433</b></p> <p>Drawing Them Out of the Shadows 433</p> <p>Who is WhitePacket? 434</p> <p>The Bev Robb Connection 435</p> <p>Stradinatras 436</p> <p>Obfuscation and TDO 437</p> <p>Who is Bill? 439</p> <p>So Who Exactly is Bill? 440</p> <p>YoungBugsThug 440</p> <p>How Did I Know It Was Chris? 441</p> <p>A Connection to Mirai Botnet? 442</p> <p>Why Was This Discovery So Earth-Shattering? 444</p> <p>Question Everything! 445</p> <p>Establishing a Flow of Information 446</p> <p>Leveraging Hacker Drama 447</p> <p>Was Any of That Real? 448</p> <p>Looking for Other Clues 449</p> <p>Bringing It Back to TDO 450</p> <p>Resolving One Final Question 451</p> <p>Withdrawing Bitcoin 451</p> <p>Summary 452</p> <p><b>Chapter 20 Cutting through the Disinformation of a 10-Million-Dollar Hack 453</b></p> <p>GnosticPlayers 454</p> <p>Sites Hacked by GnosticPlayers 456</p> <p>Gnostic’s Hacking Techniques 457</p> <p>GnosticPlayers’ Posts 459</p> <p>GnosticPlayers2 Emerges 461</p> <p>A Mysterious Third Member 462</p> <p>NSFW/Photon 463</p> <p>The Gloves Come Off 464</p> <p>Making Contact 465</p> <p>Gabriel/Bildstein aka Kuroi’sh 465</p> <p>Contacting His Friends 467</p> <p>Weeding through Disinformation 468</p> <p>Verifying with Wayback 468</p> <p>Bringing It All Together 469</p> <p>Data Viper 469</p> <p>Trust but Verify 472</p> <p>Domain Tools’ Iris 474</p> <p>Verifying with a Second Data Source 475</p> <p>The End of the Line 476</p> <p>What Really Happened? 476</p> <p>Outofreach 476</p> <p>Kuroi’sh Magically Appears 477</p> <p>What I Learned from Watching Lost 477</p> <p>Who Hacked GateHub? 478</p> <p>Unraveling the Lie 479</p> <p>Was Gabriel Involved? My Theory 479</p> <p>Gabriel is Nclay: An Alternate Theory 479</p> <p>All roads lead back to NSFW 480</p> <p>Summary 481</p> <p>Epilogue 483</p> <p>Index 487</p>

Autorenportrait

<p><b>ABOUT THE AUTHOR</b> <p><b>VINNY TROIA</b> is a cybersecurity evangelist and hacker with Night Lion Security. He is an acknowledged expert in digital forensics investigations, security strategies, and security breach remediation. Vinny possesses deep knowledge of industry-standard security and compliance controls, is frequently seen providing security expertise on major TV and radio networks, and recently introduced Data Viper, his own threat intelligence and cyber-criminal hunting platform.

Back cover copy

<p><b>THE ART AND SCIENCE OF TRACKING CYBERCRIME TO ITS SOURCE</b> <p>When your organization falls victim to cybercrime, you need to be ready to fight back. The burden of investigating digital security breaches often falls to organizations themselves, so developing a robust toolkit that enables you to track down criminals is essential. <i>Hunting Cyber Criminals</i> is filled with proven techniques to research the source of illicit network traffic, extract intelligence from publicly available web sources, and hunt the individuals who would do harm to your organization. <p>With easy-to-follow examples <i>Hunting Cyber Criminals</i> provides vital guidance on investigating cybersecurity incidents. It shows how, even starting from just a single IP address, you can embark on an investigative journey to uncover the information you need to shore up your defenses, involve law enforcement, and shut down hackers for good. Learn from Vinny Troia's unique methodology and the practical techniques used to investigate and identify members of the cyber terrorist group known as The Dark Overlord. Beyond the author's own expertise, you'll benefit from guest comments by fellow industry experts: Alex Heid, Bob Diachenko, Cat Murdoch, Chris Hadnagy, Chris Roberts, John Strand, Jonathan Cran, Leslie Carhart, Nick Furneux, Rob Fuller, Troy Hunt, and William Martin. <p>For cybersecurity and business professionals involved in developing cyber incident response strategies, this compendium of the latest tools, techniques, and resources will prove indispensable. Cybercrime is a reality, not just a possibility, in today's business environments. Readiness to respond starts here. <ul> <li>Learn about the latest cybercrime investigation tools</li> <li>Uncover clues to identify and track hackers anywhere</li> <li>Use network discovery to follow unwanted network traffic</li> <li>Search web databases to gather intelligence and leads</li> <li>Use social media to identify probable perpetrators</li> <li>Master complex web scenarios and advanced search techniques</li> <li>Employ expert tips and tricks in your own investigations</li> </ul> <p><b>ABOUT NIGHT LION SECURITY</b> <p>Night Lion Security provides network, website, and IT security consulting, services. The company specializes in advanced penetration testing and IT risk management.

Country of final manufacture

US

Diese Produkte könnten Sie auch interessieren:

MDX Solutions
MDX Solutions
von: George Spofford, Sivakumar Harinath, Christopher Webb, Dylan Hai Huang, Francesco Civardi
PDF ebook
53,99 €
Concept Data Analysis
Concept Data Analysis
von: Claudio Carpineto, Giovanni Romano
PDF ebook
107,99 €
Handbook of Virtual Humans
Handbook of Virtual Humans
von: Nadia Magnenat-Thalmann, Daniel Thalmann
PDF ebook
150,99 €