Bøger af Christopher Atkins

Phishing is an attack technique where an attacker uses fraudulent emails or texts, or copycats websites to get a victim to share valuable personal information such as account numbers, social security numbers, or victim's login user-name and password. This technique is also used to trick the victim into running malicious code on the system, so that an attacker can control the user's system and thereby get acces to user's or organization's sensitive data. This book is an introduction for the reader in the world of Phishing attacks. The book focuses on the different kinds of Phishing attacks and provides an overview of some of the common open source tools that can be used to execute Phishing campaigns. Red teams, pentesters, attackers, etc. all use Phishing techniques to compromise a user's machine. It is necessary for Red teams and pentesters to understand the various payload delivery mechanisms used by current threat profiles. The book then delves into the common Phishing payload delivery mechanisms used by current threat profiles. It also introduces some new and uncommon payload delivery techniques that the author has used in the past to bypass and get through email filters as well as end-point detection systems. The second edition of this book adds new ways that are used by current threat actors to take over and compromise their victims. This includes exploiting Windows URIs, Outlook and Contact application files, utilizing and compromising cloud services, etc.

Phishing is an attack technique where an attacker uses fraudulent emails or texts, or copycats websites to get a victim to share valuable personal information such as account numbers, social security numbers, or victim's login user-name and password. This technique is also used to trick the victim into running malicious code on the system, so that an attacker can control the user's system and thereby get acces to user's or organization's sensitive data. This book is an introduction for the reader in the world of Phishing attacks. The book focuses on the different kinds of Phishing attacks and provides an overview of some of the common open source tools that can be used to execute Phishing campaigns. Red teams, pentesters, attackers, etc. all use Phishing techniques to compromise a user's machine. It is necessary for Red teams and pentesters to understand the various payload delivery mechanisms used by current threat profiles. The book then delves into the common Phishing payload delivery mechanisms used by current threat profiles. It also introduces some new and uncommon payload delivery techniques that the author has used in the past to bypass and get through email filters as well as end-point detection systems.

For attackers, aggressive collection of data often leads to the disclosure of infrastructure, initial access techniques, and malware being unceremoniously pulled apart by analysts. The application of machine learning in the defensive space has not only increased the cost of being an attacker, but has also limited a techniques' operational life significantly. In the world that attackers currently find themselves in:1. Mass data collection and analysis is accessible to defensive software, and by extension, defensive analysts2. Machine learning is being used everywhere to accelerate defensive maturityAttackers are always at a disadvantage, as we as humans try to defeat auto-learning systems that use every bypass attempt to learn more about us, and predict future bypass attempts. This is especially true for public research, and static bypasses. However, as we will present here, machine learning isn't just for blue teams. In this book we will show how we can actually use machine learning, neural network algorithms that can allow us as pentesters, red teamers, offensive security analysts, etc. to create programs that can help automate steps in offensive attacks. We will see how simple classification, clustering techniques to RNNs, CNNs, etc. can be used to create offensive security programs that can identify vulnerabilities in systems. This book presents real world examples that can help pentesters and red teamers to learn about these algorithms as well as examples that can allow to understand how to use them.

The book delves into specific details and methodology of how to perform secuity assessments against the SCADA and Industrial control systems. The goal of this book is to provide a roadmap to the security assessors such as security analysts, pentesters, security architects, etc. and use the existing techniques that they are aware about and apply them to perform security asessments against the SCADA world. The book shows that the same techniques used to assess IT environments can be used for assessing the efficacy of defenses that protect the ICS/SCADA systems as well.