The purpose of this book is to provide individuals the information once held only by governments and a few black hat hackers. In this day and age, individuals stand in the breach of cyberwar, not only against black hat hackers, but sometimes against governments. If you find yourself in this position, either alone or as a defender of your organization, we want you to be equipped with as much knowledge of the attacker as possible. To that end, we submit to you the mindset of the gray hat hacker, an ethical hacker that uses offensive techniques for defensive purposes. The ethical hacker always respects laws and the rights of others, but believes the adversary may be beat to the punch by testing oneself first.
The authors of this book want to provide you, the reader, with something we believe the industry and society in general needs: a holistic review of ethical hacking that is responsible and truly ethical in its intentions and material. This is why we keep releasing new editions of this book with a clear definition of what ethical hacking is and is not—something our society is very confused about.
We have updated the material from the fourth edition and have attempted to deliver the most comprehensive and up-to-date assembly of techniques, procedures, and material with real hands-on labs that can be replicated by the readers. Thirteen new chapters are presented, and the other chapters have been updated.
In Part I, we prepare you for the battle with all the necessary tools and techniques to get the best understanding of the more advanced topics. This section moves quite quickly but is necessary for those just starting out in the field and others looking to move to the next level. This section covers the following:
• White, black, and gray hat definitions and characteristics
• The slippery ethical issues that should be understood before carrying out any type of ethical hacking activities
• Programming survival skills, which is a must-have skill for a gray hat hacker to be able to create exploits or review source code
• Fuzzing, which is a wonderful skill for finding 0-day exploits
• Reverse engineering, which is a mandatory skill when dissecting malware or researching vulnerabilities
• Exploiting with software-defined radios
In Part II, we discuss the business side of hacking. If you are looking to move beyond hacking as a hobby and start paying the bills, this section is for you. If you are a seasoned hacking professional, we hope to offer you a few tips as well. In this section, we cover some of the softer skills required by an ethical hacker to make a living:
• How to get into the penetration testing business
• How to improve the enterprise security posture through red teaming
• A novel approach to developing a purple team
• Bug bounty programs and how to get paid finding vulnerabilities, ethically
In Part III, we discuss the skills required to exploit systems. Each of these topics has been covered before, but the old exploits don’t work anymore; therefore, we have updated the discussions to work past system protections. We cover the following topics in this section:
• How to gain shell access without exploits
• Basic and advanced Linux exploits
• Basic and advanced Windows exploits
• Using PowerShell to exploit systems
• Modern web exploits
• Using patches to develop exploits
In Part IV, we cover advanced malware analysis. In many ways, this is the most advanced topic in the field of cybersecurity. On the front lines of cyberwar is malware, and we aim to equip you with the tools and techniques necessary to perform malware analysis. In this section, we cover the following:
• Mobile malware analysis
• Recent ransomware analysis
Technet24 ||||||||||||||||||||
• ATM malware analysis
• Using next-generation honeypots to find advanced attackers and malware in the network
Finally, in Part V, we are proud to discuss the topic of Internet of Things (IoT) hacking. The Internet of Things is exploding and, unfortunately, so are the vulnerabilities therein. In this section, we discuss these latest topics:
• Internet of Things to be hacked
• Dissecting embedded devices
• Exploiting embedded devices
• Malware analysis of IoT devices
We do hope you will see the value of the new content that has been provided and will also enjoy the newly updated chapters. If you are new to the field or ready to take the next step to advance and deepen your understanding of ethical hacking, this is the book for you.
To ensure your system is properly configured to perform the labs, we have provided the files you will need. The lab materials and errata may be downloaded from either the GitHub repository at https://github.com/GrayHatHacking/GHHv5 or the publisher’s site, at http://www.mhprofessional.com.
CHAPTER 2. Programming Survival Skills
Why study programming? Ethical hackers should study programming and learn as much about the subject as possible in order to find vulnerabilities in programs and get them fixed before unethical hackers take advantage of them. Many security professionals come at programming from a nontraditional perspective, often having no programming experience prior to beginning their career. Bug hunting is very much a foot race: if a vulnerability exists, who will find it first? The purpose of this chapter is to give you the survival skills necessary to understand upcoming chapters and then later to find the holes in software before the black hats do.
In this chapter, we cover the following topics:
• C programming language
• Computer memory
• Intel processors
• Assembly language basics
• Debugging with gdb
• Python survival skills
C Programming Language
The C programming language was developed in 1972 by Dennis Ritchie from AT&T Bell Labs. The language was heavily used in Unix and is therefore ubiquitous. In fact, many of the staple networking programs and operating systems, as well as large applications such as Microsoft Office Suite, Adobe Reader, and browsers, are written in combinations of C, C++, Objective-C, assembly, and a couple of other lower-level languages.
GrayCS 