Hacking the Planet

This is not a book about information security. Certainly not about IT. This is a book about hacking: specifically, how to infiltrate a company's network, locate their most critical data, and make off with it without triggering whatever shiny new security tool the company wasted their budget on. Whether you are a wannabe ethical hacker or an experienced pentester frustrated by outdated books and false media reports, this book is definitely for you. We will set up a fake — but realistic enough — target and go in detail over the main steps to pwn the company: building phishing malware, finding vulnerabilities, rooting Windows domains, pwning a mainframe, etc.

Ever wondered how hackers breach big corporations? Wonder no more. We detail a step-by-step real life scenario to hack a luxury brand, steal credit card data and spy on board members. Art of exploitation. We start by building a small hardware backdoor that we plant in a retail store owned by our target brand. You get to learn about the Wiegand protocol and how to bypass card readers found in all major shops and companies. Network security. Using our backdoor as a pivot, we infiltrate the internal network and exploit NTLM vulnerabilities to connect to a random server. We bypass Applocker rules and elevate privileges to take control over the streaming screens in the shop. But, that's not enough for us now is it? We map the company's network architecture and bounce from server to server using "Pass-the-ticket” techniques and domain trusts in a Windows Forest. We land on HQ networks at the other end of the globe. Art of intrusion. Once inside the main network, we hack a couple of servers (Golden ticket, Token impersonation, etc.) and manage to break into an IBM Z Mainframe, where credit card data is stored. We exfiltrate data from the Mainframe, then smuggle them off the network without triggering the DLP software. Finally, we explore how to execute code on the laptop of every board member and spy on their meetings. No metasploit and other old hacking tricks. We go through each hacking trick step-by-step: from bypassing Citrix/Applocker to abusing Kerberos and hacking a Mainframe. The idea is to help you replicate these procedures during your engagements. All custom attack payloads are provided and explained thoroughly in the book.

This is the story of one hacker who met his match in the form of machine learning, behavioral analysis, artificial intelligence, and a dedicated SOC team while breaking into an offshore service provider. Most hacking tools simply crash and burn in such a hostile environment. What is a hacker to do when facing such a fully equipped opponent? In this new edition, we cover step-by-step tricks and techniques to circumvent next-generation security vendors that gracefully sponsor the many big shot hacking conferences, including Unmanaged PowerShell, C# Reflection, DKIM signatures, Kerberoasting, terminating protected processes and many more essential tips for hacking and red team assignments alike. Better buckle up, this is going to be one hell of a ride! This book's edition assumes prior knowledge of basic Windows principles such as NTLM, pass-the-hash, Windows Active Directory, group policy objects and so forth. If you are scantly comfortable with these concepts, I strongly encourage you to first read How to Hack Like a Pornstar or How to Hack Like a God before taking on this book.