• Web hacking 101 How to Earn Money Hacking Ethically

    Chapter Overview

    Chapter 2
                         is an introductory background to how the internet works, including HTTP requests and responses and HTTP methods.

    Chapter 3
                       covers Open Redirects, an interesting vulnerability that involves exploiting a site to direct users to visit another site which allows an attacker to exploit a user’s trust in the vulnerable site.

    Chapter 4
                       covers HTTP Parameter Pollution and in it, you'll learn how to find systems that may be vulnerable to passing along unsafe input to third party sites.

    Chapter 5
                         covers Cross-Site Request Forgery vulnerabilities, walking through examples that show how users can be tricked into submitting information to a website they are logged into unknowingly.

    Chapter 6
                        covers HTML Injections and in it, you’ll learn how being able to inject HTML into a web page can be used maliciously. One of the more interesting takeaways is how you can use encoded values to trick sites into accepting and rendering the HTML you submit, bypassing filters.

    Chapter 7
                          covers Carriage Return Line Feed Injections and in it, looking at examples of submitting carriage return, line breaks to sites and the impact it has on rendered content.

    Chapter 8
                          covers Cross-Site Scripting, a massive topic with a huge variety of ways to achieve exploits. Cross-Site Scripting represents huge opportunities and an entire book could and probably should, be written solely on it. There is a tonne of examples I could have included here so I try to focus on the most interesting and helpful for learning.

    Chapter 9
                          covers Server-Side Template Injection, as well as client-side injections. These types of vulnerabilities take advantage of developers injecting user input directly into templates when submitted using the template syntax. The impact of these vulnerabilities depends on where they occur but can often lead to remote code executions.

    Chapter 10
                         covers structured query language (SQL) injections, which involve manipulating database queries to extract, update or delete information from a site...

    Chapter 11
                            covers Server Side Request Forgery which allows an attacker to user a remote server to make subsequent HTTP requests on the attacker’s behalf

    Chapter 12
                               covers XML External Entity vulnerabilities resulting from a sites parsing of extensible markup language (XML). These types of vulnerabilities can include things like reading private files, remote code execution, etc.

    Chapter 13
                               covers Remote Code Execution, or the ability for an attacker to execute arbitrary code on a victim server. This type of vulnerability is among the most dangerous since an attacker can control what code is executed and is usually rewarded as such.

    Chapter 14
                         covers memory-related vulnerabilities, a type of vulnerability that can be tough to find and are typically related to low-level programming languages. However, discovering these types of bugs can lead to some pretty serious vulnerabilities.

    Chapter 15
                          covers Sub Domain Takeovers, something I learned a lot about researching this book and should be largely credited to Mathias, Frans, and the Dectectify team. Essentially here, a site refers to a subdomain hosting with a third-party service but never actually claims the appropriate address from that service. This would allow an attacker to register the address from the third party so that all traffic, which believes it is on the victim’s domain, is actually on an attacker’s.

    Chapter 16
                           covers Race Conditions, a vulnerability that involves two or more processes performing action based on conditions that should only permit one action to occur. For example, think of bank transfers, you shouldn’t be able to perform two transfers of $500 when your balance is only $500. However, a race condition vulnerability could permit it.

    Chapter 17
                           covers Insecure Direct Object Reference vulnerabilities whereby an attacker can read or update objections (database records, files, etc) which they should not have permission to.

    Chapter 18
                            covers application logic based vulnerabilities. This chapter has grown into a catch-all for vulnerabilities I consider linked to programming logic flaws. I’ve found these types of vulnerabilities may be easier for a beginner to find instead of looking for weird and creative ways to submit malicious input to a site.

    Chapter 19
                              covers the topic of how to get started. This chapter is meant to help you consider where and how to look for vulnerabilities as opposed to a step by step guide to hacking a site. It is based on my experience and how I approach sites...

    Chapter 20
                           is arguably one of the most important book chapters as it provides advice on how to write an effective report. All the hacking in the world means nothing if you can’t properly report the issue to the necessary company. As such, I scoured some big-name bounty paying companies for their advice on how best to report and got advice from Hacker One. Make sure to pay close attention here.

    Chapter 21
                           switches gears. Here we dive into recommended hacking tools. The initial draft of this chapter was donated by Michiel Prins from Hacker One. Since then it’s grown to a living list of helpful tools I’ve found and used.

    Chapter 22
                            is dedicated to helping you take your hacking to the next level. Here I walk you through some awesome resources for continuing to learn. Again, at the risk of sounding like a broken record, big thanks to Michiel Prins for contributing to the original list which started this chapter.

    Chapter 23
                               concludes the book and covers off some key terms you should know while hacking. While most are discussed in other chapters, some aren’t so I’d recommend taking a read here.

    Also, Subscribe to my youtube channel

  • Penetration Testing Basics


      First, this is an introduction to the field of security assessments and penetration testing. Becoming really good at these tasks takes a lot of work. You should use this as a starting point. It is not a blueprint with a set of instructions for you to follow exactly on your way to an exciting career in information security. The most important thing you can do is to get your hands dirty and practice, practice, practice so you can keep growing your skills, knowledge, and experience.

     There are plenty of places to acquire software and systems to test against. The most important thing you should know before you get started is that a lot of the tools and techniques we are going to be talking about throughout this book can cause system outages and data loss or corruption. Once you start working with tools and programs that are designed to break things, you can cause breakage. As a result, it’s essential that you only work on systems that are yours to start with. Get yourself a lab and work there. Virtual machines and free software are your friends here.

     The moment that you start working with clients or employers performing penetration testing or security assessments — and this can’t be said enough times — make sure to get permission. Informed consent is your friend because inevitably you will cause some damage. Whether you intend to or not, you will run across a fragile system or a piece of software that misbehaves. Outages will occur, so it’s best to make sure everyone is on board with all of this. Let them know that you may cause outages and that is very, very rare instances you may cause data loss or corruption. It happens. Once you cause damage or downtime, the very last thing you want to do is to have the client or your employer come back to you and say you didn’t let them know it was possible. Get everything in writing.

     Once you have everything in writing and everyone knows what is possible, you can get started on all of the fun work, which is what you are about to do here. Keep in mind that in spite of what you see on TV and in the movies, breaking into systems isn’t nearly as simple, as a general rule, as a few taps of the keyboard. It’s tedious and can be a lot of hard work. Once you’ve popped your first box, though, it makes the time and effort worth it.

                                                                                  Enjoy the ride!

    Also, Subscribe to my youtube channel

  • The Web Application Hacker's Handbook

    Tools You Will Need

    This book is strongly geared toward hands-on techniques you can use to attack web applications. After reading the book, you will understand the specifics of each individual task, what it involves technology, and why it helps you detect and exploit vulnerabilities. The book is emphatically not about downloading a tool, pointing it at a target application, and believing what the tool’s output tells you about the state of the application’s security.

    That said, you will find several tools useful, and sometimes indispensable when performing the tasks and techniques we describe. All of these are available on the Internet. We recommend that you download and experiment with each tool as you read about it.

    Also, Subscribe to my youtube channel

  • The Mobile Application Hacker's Handbook

    Tools You Will Need

    This book is strongly geared toward hands-on practical techniques that you can use to attack mobile
    applications. After reading this book you will understand the different types of vulnerabilities that affect mobile applications and have the practical knowledge to attack and exploit them. The emphasis of the book is on practical and human-driven exploitation as opposed to running automated tools on the target application.

    That said, you will find several tools useful, and sometimes indispensable when performing the tasks and techniques we describe. All of these are available on the Internet. We recommend that you download and experiment with each tool as you read about it.

    While in most cases it is possible to follow the practical examples in a simulated or emulated environment, there is no substitute for running an application on a physical device. Therefore, we would recommend that, where possible, the examples be followed on a real device.

    Also, Subscribe to my youtube channel

  • Advanced Penetration Testing + EXERCICES

    Advanced Penetration Testing + EXERCICES

    ways and be able to confidently develop their own tools.

    Chapter 1,
                         “Medical Records (In)Security,” discusses attacks to hospital infrastructure with concepts such as macro attacks and man-in-the-browser techniques. Introduction to Command & Control (C2) is explored.

    Chapter 2,
                     “Stealing Research,” will explore attacks using Java Applets and more advanced C2 within the context of an attack against a research university.

    Chapter 3,
                        “Twenty-First Century Heist,” considers ways of penetrating high-security targets such as banks and highly advanced C2 techniques using the DNS protocol.

    Chapter 4,
                        “Pharma Karma,” examines an attack against a pharmaceutical company and against this backdrop introduces client-side exploits and integrating third-party frameworks such as Metasploit into your C2.

    Chapter 5,
                        “Guns and Ammo,” examines ransomware simulation and using Tor hidden services to mask the physical location of the C2 infrastructure.

    Chapter 6,
                       “Criminal Intelligence,” uses the backdrop of an intrusion against a police HQ to illustrate the use of “creeper” boxes for long-term engagements where temporary physical access is possible. Other concepts such as privilege escalation and deploying attacks using HTML applications are introduced.

    Chapter 7, 
                         “War Games,” discusses an attack against a classified data network and explains concepts such as open-source intelligence gathering and advanced concepts in Command & Control.

    Chapter 8,
                          “Hack Journalists,” shows how to attack a publisher and use their own technologies and workflows against them. Emerging rich media content and experimental C2 methodologies are considered. Advanced concepts in social engineering are introduced.

    Chapter 9,
                         “Northern Exposure,” is a hypothetical attack against a hostile rogue state by a government Tailored Access Operations (TAO) team. North Korea is used as a convenient example. We discuss advanced discreet network mapping and means of attacking smartphones, including the creation of hostile code for iOS and Android phones. So, without further ado—on with the show.

    Also, Subscribe to my youtube channel

  • Penetration Testing

    Penetration Testing
    A Hands-on Introduction to Hacking

    • Part I: The Basics
    Chapter 0
                           we start out with some basic definitions of the phases of penetration testing.

    Chapter 1
                           we build our small practice laboratory, which we will use to work through the exercises in this book. With many books, it’s possible to just download a few programs onto your existing platform but to simulate a penetration test, our approach is a bit more involved. I recommend that u take the time to set up your lab and work through the hands-on examples with me. Though this book can serve as a reference and reminder n the field, I believe it is best to first practice your pentesting skills at home.

    Chapter 2
                           we start with the basics of using Kali Linux and Linux operating systems in general. Next,

    Chapter 3
                       covers the basics of programming. Some readers may already have a working knowledge in these areas and can skip past them. When I first started out, I had some programming experience in C and Java, but I didn’t have a background in scripting and had practically no background in Linux—a skillset that was assumed by most of the hacking tutorials I encountered. Thus, I have provided a primer ere. If you are new to these areas, please do continue your studies outside f this book. Linux-based operating systems are becoming more and more prevalent as the platforms for mobile devices and web services, so skills in his area will benefit you even if you don’t pursue a career in information security. Likewise, knowing how to script your common tasks can only make
    your life easier, regardless of your career. e look at the basics of using the Metasploit Framework, a tool we will everage throughout this book,

    Chapter 4
                           Though we will also learn to perform many tasks without Metasploit, it is a go-to tool for many testers in the field and is constantly evolving to include the latest threats and techniques.

    • Part II: Assessments

    Next, we start working through a simulated penetration test.

    Chapter 5
                       we begin by gathering data about our target—both by searching freely available information online and by engaging our target systems. We then start searching for vulnerabilities using a combination of querying the systems and research

    Chapter 6. Chapter 7
    we look at techniques to capture traffic that might include sensitive data.

    • Part III: Attacks


    Chapter 8
                      we look at exploiting the vulnerabilities we found on the network with a variety of tools and techniques, including Metasploit and purely manual exploitation. We then look at methods for attacking what is often the weakest link in a network’s security—password management—in

    Chapter 9
                        We next look at some more advanced exploitation techniques. Not all vulnerabilities are in a service listening on the network. Web browsers, DF readers, Java, Microsoft Office—they all have been subject to security issues. As clients work harder to secure their networks, attacking client-side software may be the key to getting a foothold in the network. We look xviii Introduction t leveraging client-side attacks

    Chapter 10. In Chapter 11
                                                   we combine client-side attacks with a look at social engineering or attacking the human element—the part of the environment that cannot be patched. After all, with client-side attacks, the software in question must open a malicious file of some sort, so we must convince the user to help us out.

    Chapter 12
                        we look at some methods of bypassing antivirus software, as many of your clients will deploy it. If you have high enough privileges on a system, you may e able to just turn antivirus programs off, but a better solution is to breeze right past antivirus programs undetected, which can be done even if you are saving malicious programs to the hard drive.

    Chapter 13
                        we pick up with the next phase of our penetration test, ost exploitation. Some say the pentest truly begins after exploitation. This s where you leverage your access to find additional systems to attack, sensitive information to steal, and so on. If you continue your penetration testing studies, you will spend a good deal of time working on the latest and greatest post-exploitation techniques. After post-exploitation, we look at a few additional skills you will need
    to be a well-rounded penetration tester. We will take a brief look at assessing the security of custom web applications

    Chapter 14
                          Everyone has a website these days, so it’s a good skill to cultivate. Next, we will look at assessing the security of wireless networks

    Chapter 15
                          looking at methods for racking commonly deployed cryptographic systems.

    • Part IV: Exploit Development

    Chapters 16, 17, 18, and 19
                                                   discuss the basics of writing your own exploits. e will look at finding vulnerabilities, exploiting them with common techniques, and even writing our own Metasploit module. Up until these chapters, weave relied on tools and publicly available exploits for a lot of our exercises. As you advance in infosec, you may want to find new bugs (called ero-days) and report them to vendors for a possible bounty. You can then release a public exploit and/or Metasploit module to help other pentesters est their customers’ environments for the issue you discovered.

    • Part V: Mobile Hacking


    Chapter 20
    we close with a relatively new area of penetration testing—assessing the security of mobile devices. We look at my own tool, the Smartphone Pentest Framework. Perhaps after mastering the skills in this book, you will endeavor to develop and release a security tool of your own. f course, this book doesn’t cover every single facet of information security, nor every tool or technique. If it did, this book would have been several times longer and come out a good deal later, and I need to get back
    to my research. So here you have it: a hands-on introduction to hacking. It is n honor to be with you on this important step on your journey into information security. I hope that you learn a lot from this book and that it inspires you to continue your studies and become an active member of this exciting
    and rapidly developing field.

    Also, Subscribe to my youtube channel