• Complain

Sparc Flow - How to Investigate Like a Rockstar: Hacking the Planet

Here you can read online Sparc Flow - How to Investigate Like a Rockstar: Hacking the Planet full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2017, publisher: sparc Flow, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Sparc Flow How to Investigate Like a Rockstar: Hacking the Planet
  • Book:
    How to Investigate Like a Rockstar: Hacking the Planet
  • Author:
  • Publisher:
    sparc Flow
  • Genre:
  • Year:
    2017
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

How to Investigate Like a Rockstar: Hacking the Planet: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "How to Investigate Like a Rockstar: Hacking the Planet" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

There are two kinds of companies: those that have been breached and those that do not know it yet.The company calling us just discovered an anomaly on their most critical systems. Our job is to conduct a deep forensic analysis, perform threat assessment, and uncover all malware programs left by hackers.Digital ForensicsWe follow the attackers footprint across a variety of systems and create an infection timeline to help us understand their motives. We go as deep as memory analysis, perfect disk copy, threat hunting and malware analysis while sharing insights into real crisis management.Rebuilding systemsFinally, we tackle the most important issues of any security incident response: how to kick the attackers out of the systems and regain trust in machines that have been breached.For those that read hacking books like the Art of Exploitation or How to Hack Like a Pornstar, you finally get to experience what it feels like to be on the other side of the Firewall!

Sparc Flow: author's other books


Who wrote How to Investigate Like a Rockstar: Hacking the Planet? Find out the surname, the name of the author of the book and a list of all author's works by series.

How to Investigate Like a Rockstar: Hacking the Planet — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "How to Investigate Like a Rockstar: Hacking the Planet" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make

How to Investigate Like a Rockstar

Live a real crisis to master

the secrets of forensic analysis

Copyright 2017 Sparc FLOW

All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.

Foreword

There are two kinds of companies: those that have been breached and those that do not know it yet. And when they finally find out if they are that lucky a violent panic sets in that quickly escalates to the executive level.

This book describes in detail such an incident inspired by real life events, from the first doubtful call made by a bank to the height of tension caused by preliminary forensic analysis.

We will go as deep as memory analysis, perfect disk copy, threat hunting and data carving while sharing insights into real crisis management: how to steer people in the right direction, what are the crucial reflexes of a first responder, what to say and do in the first minutes of a security incident, and how to address the inevitable challenge of security versus business continuity.

Finally, we will tackle the most important issue of all: how to rebuild a trusted and secure information system.

We will find out how we can regain trust in machines that have been breached, and how we can make sure attackers will not come back to exact a bitter revenge.

Note: Custom scripts and special commands documented in this book are publicly available at www.hacklikeapornstar.com.

Important disclaimer

The examples in this book are entirely fictional. The tools and techniques presented are open-source, and thus available to everyone. Investigators and pentesters use them regularly in assignments, but so do attackers. If you recently suffered a breach and found a technique or tool illustrated in this book, this neither incriminates the author of this book in any way nor implies any connection between the author and the perpetrators.

Any actions and/or activities related to the material contained within this book is solely your responsibility. Misuse of the information in this book can result in criminal charges being brought against the persons in question. The author will not be held responsible in the event any criminal charges are brought against any individuals using the information in this book to break the law.

This book does not promote hacking, software cracking, and/or piracy. All of the information provided in this book is for educational purposes only. It will help companies secure their networks against the attacks presented, and it will help investigators assess the evidence collected during an incident.

Performing any hack attempts or tests without written permission from the owner of the computer system is illegal.

httpamznto2jiQrzY httpamznto2iwprf6 httpsamznto2uWh1Up - photo 1

http://amzn.to/2jiQrzY

httpamznto2iwprf6 httpsamznto2uWh1Up httpamznto2gadyea - photo 2

http://amzn.to/2iwprf6

httpsamznto2uWh1Up httpamznto2gadyea Content table The first - photo 3

https://amzn.to/2uWh1Up

httpamznto2gadyea Content table The first call To pity distress is - photo 4

http://amzn.to/2gadyea

Content table

The first call

To pity distress is but human; to relieve it is Godlike.

Horace Mann

Like most major security incidents, our story begins with a distress call at 6 am:

Hello, this is LeoStrat Inc. I am trying to reach the Computer Emergency Response Team to report unusual activity on our mainframe. We have reason to believe malicious actors have attempted to access sensitive banking information, and we would like you to assist us in conducting an investigation.

Very well. Please do not perform any actions on the machine until we are on-site.

Given the nature of the incident, we quickly dispatch a first responder to assess the severity and sophistication of the attack. Are we talking about a classic malware, a rootkit or a targeted attack? What kind of evidence do we have? Which other machines are infected?

The small detail that troubles us, though, is the nature of the machine reportedly impacted. How can there be malware on a mainframe? These systems do not even have public vulnerabilities listed on popular websites .

Actually, we are surprised that the attacker even bothered to target this legacy machine in the first place.

In any case, in preparation for going on-site we arrange our regular toolkit:

  • Laptop with both Linux Kali and Windows for analysis purposes. Some like to use SIFT virtual machine, which comes with pre-installed forensic tools.
  • A few empty external hard drives. There are never enough of these, so we take as many as we can.
  • A bootable USB key containing a Debian distribution.
  • A USB key containing classic forensic tools, and also clean versions of Linux and Windows binaries (cmd.exe, bash, etc.).
  • Multiple screwdrivers in case we need to deal with physical machines.
  • Physical write blocker to perform forensically sound copies (more on this later).
  • Miscellaneous equipment: RJ45 USB adapter, USB hub, USB-C to USB adapter, male to female USB cable and SATA to USB adapter
Action plan

We arrive on LeoStrats main site at 7 am and request the same three items we always ask for in an investigation:

  • A fresh update on the situation
  • All documents describing the network and system architecture
  • Contact information of every key IT component inside the company (network admins, mainframe admins, Linux admins, Windows admins, security officer, CTO, etc.)

People tend to believe that a forensic investigator is some kind of wizard who can instantly ward off evil with his magic wand. This could not be further from the truth.

It is a challenge to dive into an unknown ecosystem and deal with its intricate complexities. That is why it is crucial to both get as many documents as possible and also to quickly identify key people who can assist us in the investigation by mapping critical machines, extracting logs, creating accounts, contacting personnel, etc.

While LeoStrart is building its crisis team and setting up shifts, we get a description of the incident by a mainframe admin (also called sysadmin or sysprog):

We noticed an unusual spike in the CP workload around 4 am. Our sysprog checked the JES SPOOL and found a JOB consuming almost all I/O. The JOB was submitted by an unknown account called G09861.

Before asking what the heck a JES SPOOL is, we start with a somewhat nave question:

So, we understand that some banking data was leaked? Precisely what kind of data are we talking about?

Oh, on the Z machine we have client accounts, pension funds, balance files, personal information, tax returns you name it.

And thats when it hits us! The mainframe is not their good ol legacy machine; its where almost all of their core business is processed! This is promising.

Now that they have our attention, let us break down what just happened on their mainframe.

Lets start with the machine itself. A mainframe is a big Iron machine that powers up to 20 billion transactions per day without breaking a sweat : wire transfers, money withdrawals, flight bookings, etc. Its Z series by IBM is used by 75% of Fortune 500 companies and is without question the foundation of our modern business economy.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «How to Investigate Like a Rockstar: Hacking the Planet»

Look at similar books to How to Investigate Like a Rockstar: Hacking the Planet. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «How to Investigate Like a Rockstar: Hacking the Planet»

Discussion, reviews of the book How to Investigate Like a Rockstar: Hacking the Planet and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.