Livro The Secret of Hacking - Fourth

Começando a postar sobre livros de Segurança da Informação, compartilho abaixo o índice do excelente livro "The Secret of Hacking - Fourth", que adquiri recentemente e comecei a ler ainda há pouco. Estou com planos de me certificar em CEH e CompTIA Security+, e sendo assim, toda literatura atualizada (como é o caso desse livro), é bem-vinda. Eis o índice (2012 release):

Chapter 1: Computer Hacking Methodology

• Hacking view for programmers, users, analyst, ethical hacker, managers/CEO, administrators

• IT Act/Laws & How to bypass

• Technology security aspects (Firewall, AV, IPS, IDS,cloud security)

• Steps of Hacking

• Reconnaissance

• Enumerate ion & Scanning

• Obtaining Access

• Maintaining Access & Erasing Evidence

• How to Defect Scanning (IP, Windows, Linux and Mac) and port scanning a site

Chapter 2 Setting up your Lab environment

• How criminals & hackers catches by LEA & Govt.

• How to Defect them:

• Anonymous Payment processing

• Buy any item anonymously on internet (Digital currency convert system)

• Send /Receive money anonymously

• Ultimate PayPal guide for Hackers

• Browsing anonymously (HTTPs Proxies, or TOR Network)

• Offshore VPN, VPS

• List of free VPN providers

• Tunneling for anonymity (SSH Tunneling)

• Covert channel on Phone for secure browsing

• Design Bulletproof C&C environment (FLUX, FAST FLUX) ,TUN and TAP

Chapter 3 Advanced Malware, Trojans and Backdoor's development

• Malware types & capabilities

• Polymorphism Metamorphism and latest Malware techniques

• Writing Trojans, RAT, Key loggers

• Writing Self-Modifying Code

• Writing BOTNETS (HTTP & IRC)

• Design 100% anonymous Command and control

• Design & Development using source code Ubot, Spyeye

• Writing Boot kit, Root kit & Bios Level Root kits

• Advanced persistent threat (APT) * Distributed malware

• Avoiding Malware UAC alerts

• Avoiding Malware reverse engineering

• Actual Attack &Exercise with source code

Chapter 4 Cryptography & Reverse engineering

• Avoiding Malware Detections-100% FUD (Scan time & Behavior)

• Online & offline crypters, Reverse engineering stuff / anti-reversing methods

• Debuggers and debugger design

• General-Purpose CPU Registers

• The Stack, Debug Events

• Soft, Memory & Hardware Breakpoints

• Immunity Debugger ,Olledbg, Soft ICE, IDA pro, protectionid

• Dll& code injection

• Reverse Engineering using bindiff

• SSL hacking & Stenography

Chapter 5 Application & Website attacks

• Introduction of SQL injection, XSS

• Live Hacking tools (python)

• XSS attacks and benefits

• Hacking Web Authentication

• How hackers target and hack your site

• Application Fuzzing with OWASP Web Goat and Burp Suite

• How to prevent web application attacks

Chapter 6 Art of Exploitation

• Fuzzing Windows Drivers, OllyDbg Tricks for Exploit Development

• Using fuzzers (SPIKE) to find vulnerabilities

• Exploit Development

• Metasploit for Exploit development-

• File based (PDf, RTF, XLS, etc)

• Browser based

• Network based

• Social Engineering - SET

• How to make FUD payloads & Exploits

• Custom Encoding, encryption

• Shell coding

• Incorporating Custom Shell code Into The Metasploit Framework

• Exploitation mitigations

• In-depth review of GS, ASLR, DEP, SafeSEH and SEHOP

• Bypassing NX (bypassing DEP,ASLR, SafeSEH,etc)

• Implementing a universal bypass of DEP and ASLR in IE8,etc

• Writing Custom Encoders with no null Bytes

• SSL based Malwares

• Source code

Chapter 7 Network Hacking

• Scanning and target detection & prevention

• Sniffing and MITM Attacks

• CISO IOS Hacking

• DNS Hacking (Beginner to Advance)

• DDOS on Email, IP, phone, SMS

• Python tools for penetration testers

• VoIP Penetration Testing & VoIP Hacking

• How to design Secure Tele communication (SIP, Device, mobile)

Chapter 8 Cracking & Securing Wireless Systems

• Wifi Technology

• Cracking wifi passwords

• Wifi Hacking & create fake access point's

• Satellite Hacking

Chapter 9 Final Attack

• Planning

• Spreading ways

• Local Attacks-Hacking using tennyusb

• File Based attacks

• Remote Attacks

• Mass Level attack

• Ways for different type of Mass level attacks (Iframe, Magazine, and Social eng.)

• Ways to Send Bulk SMS and Emails, Spread Malware via BOTS, facebooks

• BREAKING BANKING APPLICATIONS & MASS ATTACK

• Man-in-the-browser’ Attack

• How to Buy /sell credit card numbers

Chapter 10 Securing Systems & Networks

• Prevention for Advanced Digital attacks -APT

• Design Secure System

• Prevent outside attacks using VPN & load balancer

• Design PFSense Firewall network

Appendix A about the DVD

Special Features:

• New Powerful Content

• DVD with Latest Tools + Source code

• Better classification on Videos with comments -Video Membership

• Virtual lab to test and design exploits, malwares, shell codes, etc