| Preface | p. ix |
| Intelligence Gathering: Peering Through the Windows to Your Organization | p. 1 |
| Physical Security Engineering | p. 1 |
| Dumpster Diving | p. 2 |
| Hanging Out at the Corporate Campus | p. 3 |
| Google Earth | p. 5 |
| Social Engineering Call Centers | p. 6 |
| Search Engine Hacking | p. 7 |
| Google Hacking | p. 8 |
| Automating Google Hacking | p. 9 |
| Extracting Metadata from Online Documents | p. 9 |
| Searching for Source Code | p. 12 |
| Leveraging Social Networks | p. 13 |
| Facebook and MySpace | p. 13 |
| Twitter | p. 16 |
| Tracking Employees | p. 17 |
| Email Harvesting with theHarvester | p. 18 |
| Resumés | p. 19 |
| Job Postings | p. 21 |
| Google Calendar | p. 23 |
| What Information Is Important? | p. 24 |
| Summary | p. 25 |
| Inside-Out Attacks: The Attacker Is the Insider | p. 27 |
| Man on the Inside | p. 28 |
| Cross-Site Scripting (XSS) | p. 28 |
| Stealing Sessions | p. 29 |
| Injecting Content | p. 30 |
| Stealing Usernames and Passwords | p. 32 |
| Advanced and Automated Attacks | p. 36 |
| Cross-Site Request Forgery (CSRF) | p. 39 |
| Inside-Out Attacks | p. 39 |
| Content Ownership | p. 50 |
| Abusing Flash's crossdomain.xml | p. 51 |
| Abusing Java | p. 52 |
| Advanced Content Ownership Using GIFARs | p. 55 |
| Stealing Documents from Online Document Stores | p. 57 |
| Stealing Files from the Filesystem | p. 64 |
| Safari File Stealing | p. 65 |
| Summary | p. 70 |
| The Way It Works: There Is No Patch | p. 71 |
| Exploiting Telnet and FTP | p. 72 |
| Sniffing Credentials | p. 72 |
| Brute-Forcing Your Way In | p. 74 |
| Hijacking Sessions | p. 75 |
| Abusing SMTP | p. 76 |
| Snooping Emails | p. 78 |
| Spoofing Emails to Perform Social Engineering | p. 79 |
| Abusing ARP | p. 80 |
| Poisoning the Network | p. 81 |
| Cain & Abel | p. 82 |
| Sniffing SSH on a Switched Network | p. 83 |
| Leveraging DNS for Remote Reconnaissance | p. 85 |
| DNS Cache Snooping | p. 86 |
| Summary | p. 90 |
| Blended Threats: When Applications Exploit Each Other | p. 91 |
| Application Protocol Handlers | p. 93 |
| Finding Protocol Handlers on Windows | p. 96 |
| Finding Protocol Handlers on Mac OS X | p. 99 |
| Finding Protocol Handlers on Linux | p. 101 |
| Blended Attacks | p. 102 |
| The Classic Blended Attack: Safari's Carpet Bomb | p. 103 |
| The FireFoxUrl Application Protocol Handler | p. 108 |
| Mailto:// and the Vulnerability in the ShellExecute Windows API | p. 111 |
| The iPhoto Format String Exploit | p. 114 |
| Blended Worms: Conficker/Downadup | p. 115 |
| Finding Blended Threats | p. 118 |
| Summary | p. 119 |
| Cloud Insecurity: Sharing the Cloud with Your Enemy | p. 121 |
| What Changes in the Cloud | p. 121 |
| Amazon's Elastic Compute Cloud | p. 122 |
| Google's App Engine | p. 122 |
| Other Cloud Offerings | p. 123 |
| Attacks Against the Cloud | p. 123 |
| Poisoned Virtual Machines | p. 124 |
| Attacks Against Management Consoles | p. 126 |
| Secure by Default | p. 140 |
| Abusing Cloud Billing Models and Cloud Phishing | p. 141 |
| Googling for Gold in the Cloud | p. 144 |
| Summary | p. 146 |
| Abusing Mobile Devices: Targeting Your Mobile Workforce | p. 149 |
| Targeting Your Mobile Workforce | p. 150 |
| Your Employees Are on My Network | p. 150 |
| Getting on the Network | p. 152 |
| Direct Attacks Against Your Employees and Associates | p. 162 |
| Putting It Together: Attacks Against a Hotspot User | p. 166 |
| Tapping into Voicemail | p. 171 |
| Exploiting Physical Access to Mobile Devices | p. 174 |
| Summary | p. 175 |
| Infiltrating the Phishing Underground: Learning from Online Criminals? | p. 177 |
| The Fresh Phish Is in the Tank | p. 178 |
| Examining the Phishers | p. 179 |
| No Time to Patch | p. 179 |
| Thank You for Signing My Guestbook | p. 182 |
| Say Hello to Pedro! | p. 184 |
| Isn't It Ironic? | p. 189 |
| The Loot | p. 190 |
| Uncovering the Phishing Kits | p. 191 |
| Phisher-on-Phisher Crime | p. 193 |
| Infiltrating the Underground | p. 195 |
| Google ReZulT | p. 196 |
| Fullz for Sale! | p. 197 |
| Meet Cha0 | p. 198 |
| Summary | p. 200 |
| Influencing Your Victims: Do What We Tell You, Please | p. 201 |
| The Calendar Is a Gold Mine | p. 201 |
| Information in Calendars | p. 202 |
| Who Just Joined? | p. 203 |
| Calendar Personalities | p. 204 |
| Social Identities | p. 206 |
| Abusing Social Profiles | p. 207 |
| Stealing Social Identities | p. 210 |
| Breaking Authentication | p. 212 |
| Hacking the Psyche | p. 217 |
| Summary | p. 220 |
| Hacking Executives: Can Your CEO Spot a Targeted Attack? | p. 223 |
| Fully Targeted Attacks Versus Opportunistic Attacks | p. 223 |
| Motives | p. 224 |
| Financial Gain | p. 224 |
| Vengeance | p. 225 |
| Benefit and Risk | p. 226 |
| Information Gathering | p. 226 |
| Identifying Executives | p. 226 |
| The Trusted Circle | p. 227 |
| Twitter | p. 230 |
| Other Social Applications | p. 232 |
| Attack Scenarios | p. 232 |
| Email Attack | p. 233 |
| Targeting the Assistant | p. 238 |
| Memory Sticks | p. 239 |
| Summary | p. 240 |
| Case Studies: Different Perspectives | p. 241 |
| The Disgruntled Employee | p. 241 |
| The Performance Review | p. 241 |
| Spoofing into Conference Calls | p. 243 |
| The Win | p. 245 |
| The Silver Bullet | p. 245 |
| The Free Lunch | p. 246 |
| The SSH Server | p. 247 |
| Turning the Network Inside Out | p. 249 |
| A Fool with a Tool Is Still a Fool | p. 252 |
| Summary | p. 253 |
| Chapter 2 Source Code Samples | p. 255 |
| Cache_Snoop.pl | p. 265 |
| Index | p. 269 |
| Table of Contents provided by Ingram. All Rights Reserved. |