思维导图备注

Hacking_ The Next Generation - Nitesh Dhanjani; Billy Rios; Br
首页 收藏书籍 阅读记录
  • 书签 我的书签
  • 添加书签 添加书签 移除书签 移除书签

3. The Way It Works: There Is No Patch

浏览 27 扫码
  • 小字体
  • 中字体
  • 大字体
2022-02-24 01:15:07
请 登录 再阅读
上一篇:
下一篇:
  • 书签
  • 添加书签 移除书签
  • Preface
    • Audience
    • Assumptions This Book Makes
    • Contents of This Book
    • Conventions Used in This Book
    • Using Code Examples
    • We’d Like to Hear from You
    • Safari® Books Online
    • Acknowledgments
  • 1. Intelligence Gathering: Peering Through the Windows to Your Organization
    • Physical Security Engineering
      • Dumpster Diving
      • Hanging Out at the Corporate Campus
    • Google Earth
    • Social Engineering Call Centers
    • Search Engine Hacking
      • Google Hacking
      • Automating Google Hacking
      • Extracting Metadata from Online Documents
      • Searching for Source Code
    • Leveraging Social Networks
      • Facebook and MySpace
      • Twitter
    • Tracking Employees
      • Email Harvesting with theHarvester
      • Resumés
      • Job Postings
      • Google Calendar
    • What Information Is Important?
    • Summary
  • 2. Inside-Out Attacks: The Attacker Is the Insider
    • Man on the Inside
    • Cross-Site Scripting (XSS)
      • Stealing Sessions
      • Injecting Content
      • Stealing Usernames and Passwords
      • Advanced and Automated Attacks
    • Cross-Site Request Forgery (CSRF)
      • Inside-Out Attacks
    • Content Ownership
      • Abusing Flash’s crossdomain.xml
      • Abusing Java
    • Advanced Content Ownership Using GIFARs
      • Stealing Documents from Online Document Stores
    • Stealing Files from the Filesystem
      • Safari File Stealing
    • Summary
  • 3. The Way It Works: There Is No Patch
    • Exploiting Telnet and FTP
      • Sniffing Credentials
      • Brute-Forcing Your Way In
      • Hijacking Sessions
    • Abusing SMTP
      • Snooping Emails
      • Spoofing Emails to Perform Social Engineering
    • Abusing ARP
      • Poisoning the Network
      • Cain & Abel
      • Sniffing SSH on a Switched Network
      • Leveraging DNS for Remote Reconnaissance
      • DNS Cache Snooping
    • Summary
  • 4. Blended Threats: When Applications Exploit Each Other
    • Application Protocol Handlers
      • Finding Protocol Handlers on Windows
      • Finding Protocol Handlers on Mac OS X
      • Finding Protocol Handlers on Linux
    • Blended Attacks
      • The Classic Blended Attack: Safari’s Carpet Bomb
      • The FireFoxUrl Application Protocol Handler
      • Mailto:// and the Vulnerability in the ShellExecute Windows API
      • The iPhoto Format String Exploit
      • Blended Worms: Conficker/Downadup
    • Finding Blended Threats
    • Summary
  • 5. Cloud Insecurity: Sharing the Cloud with Your Enemy
    • What Changes in the Cloud
      • Amazon’s Elastic Compute Cloud
      • Google’s App Engine
      • Other Cloud Offerings
    • Attacks Against the Cloud
      • Poisoned Virtual Machines
      • Attacks Against Management Consoles
      • Secure by Default
      • Abusing Cloud Billing Models and Cloud Phishing
      • Googling for Gold in the Cloud
    • Summary
  • 6. Abusing Mobile Devices: Targeting Your Mobile Workforce
    • Targeting Your Mobile Workforce
      • Your Employees Are on My Network
      • Getting on the Network
      • Direct Attacks Against Your Employees and Associates
      • Putting It Together: Attacks Against a Hotspot User
      • Tapping into Voicemail
      • Exploiting Physical Access to Mobile Devices
    • Summary
  • 7. Infiltrating the Phishing Underground: Learning from Online Criminals?
    • The Fresh Phish Is in the Tank
    • Examining the Phishers
      • No Time to Patch
      • Thank You for Signing My Guestbook
      • Say Hello to Pedro!
      • Isn’t It Ironic?
    • The Loot
      • Uncovering the Phishing Kits
      • Phisher-on-Phisher Crime
    • Infiltrating the Underground
      • Google ReZulT
      • Fullz for Sale!
      • Meet Cha0
    • Summary
  • 8. Influencing Your Victims: Do What We Tell You, Please
    • The Calendar Is a Gold Mine
      • Information in Calendars
      • Who Just Joined?
      • Calendar Personalities
    • Social Identities
      • Abusing Social Profiles
      • Stealing Social Identities
      • Breaking Authentication
    • Hacking the Psyche
    • Summary
  • 9. Hacking Executives: Can Your CEO Spot a Targeted Attack?
    • Fully Targeted Attacks Versus Opportunistic Attacks
    • Motives
      • Financial Gain
      • Vengeance
      • Benefit and Risk
    • Information Gathering
      • Identifying Executives
      • The Trusted Circle
      • Twitter
      • Other Social Applications
    • Attack Scenarios
      • Email Attack
      • Targeting the Assistant
      • Memory Sticks
    • Summary
  • 10. Case Studies: Different Perspectives
    • The Disgruntled Employee
      • The Performance Review
      • Spoofing into Conference Calls
      • The Win
    • The Silver Bullet
      • The Free Lunch
      • The SSH Server
      • Turning the Network Inside Out
      • A Fool with a Tool Is Still a Fool
    • Summary
  • A. Chapter 2 Source Code Samples
    • Datamine.js
    • Pingback.js
    • External-datamine.js
    • XHRIEsniperscope()
    • Codecrossdomain.java
    • HiddenClass.java
  • B. Cache_Snoop.pl
  • Index
暂无相关搜索结果!
    展开/收起文章目录

    二维码

    手机扫一扫,轻松掌上学

    《Hacking_ The Next Generation - Nitesh Dhanjani; Billy Rios; Br》电子书下载

    请下载您需要的格式的电子书,随时随地,享受学习的乐趣!
    EPUB 电子书

    书签列表

      阅读记录

      阅读进度: 0.00% ( 0/0 ) 重置阅读进度