Hunting Cyber Criminals
A Hacker's Guide to Online Intelligence Gathering Tools and Techniques
1. Auflage März 2020
544 Seiten, Softcover
Wiley & Sons Ltd
Weitere Versionen
The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries.
This book's unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles:
* Through the eyes of the author who has several years of experience in the subject.
* Through the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets.
* Through the eyes of industry leaders.
This book is ideal for:
Investigation professionals, forensic analysts, and CISO/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization.
Security analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information.
CISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization's data.
Chapter 1 Getting Started 1
Chapter 2 Investigations and Threat Actors 19
Part I Network Exploration 43
Chapter 3 Manual Network Exploration 45
Chapter 4 Looking for Network Activity (Advanced NMAP Techniques) 67
Chapter 5 Automated Tools for Network Discovery 83
Part II Web Exploration 119
Chapter 6 Website Information Gathering 121
Chapter 7 Directory Hunting 143
Chapter 8 Search Engine Dorks 159
Chapter 9 WHOIS 175
Chapter 10 Certificate Transparency and Internet Archives 201
Chapter 11 Iris by DomainTools 221
Part III Digging for Gold 243
Chapter 12 Document Metadata 245
Chapter 13 Interesting Places to Look 267
Chapter 14 Publicly Accessible Data Storage 293
Part IV People Hunting 323
Chapter 15 Researching People, Images, and Locations 325
Chapter 16 Searching Social Media 349
Chapter 17 Profile Tracking and Password Reset Clues 377
Chapter 18 Passwords, Dumps, and Data Viper 407
Chapter 19 Interacting with Threat Actors 433
Chapter 20 Cutting through the Disinformation of a 10-Million-Dollar Hack 453
Epilogue 483
Index 487
VINNY TROIA is a cybersecurity evangelist and hacker with Night Lion Security. He is an acknowledged expert in digital forensics investigations, security strategies, and security breach remediation. Vinny possesses deep knowledge of industry-standard security and compliance controls, is frequently seen providing security expertise on major TV and radio networks, and recently introduced Data Viper, his own threat intelligence and cyber-criminal hunting platform.
