Books & Videos

Table of Contents

  1. Chapter 1 Intelligence Gathering: Peering Through the Windows to Your Organization

    1. Physical Security Engineering

    2. Google Earth

    3. Social Engineering Call Centers

    4. Search Engine Hacking

    5. Leveraging Social Networks

    6. Tracking Employees

    7. What Information Is Important?

    8. Summary

  2. Chapter 2 Inside-Out Attacks: The Attacker Is the Insider

    1. Man on the Inside

    2. Cross-Site Scripting (XSS)

    3. Cross-Site Request Forgery (CSRF)

    4. Content Ownership

    5. Advanced Content Ownership Using GIFARs

    6. Stealing Files from the Filesystem

    7. Summary

  3. Chapter 3 The Way It Works: There Is No Patch

    1. Exploiting Telnet and FTP

    2. Abusing SMTP

    3. Abusing ARP

    4. Summary

  4. Chapter 4 Blended Threats: When Applications Exploit Each Other

    1. Application Protocol Handlers

    2. Blended Attacks

    3. Finding Blended Threats

    4. Summary

  5. Chapter 5 Cloud Insecurity: Sharing the Cloud with Your Enemy

    1. What Changes in the Cloud

    2. Attacks Against the Cloud

    3. Summary

  6. Chapter 6 Abusing Mobile Devices: Targeting Your Mobile Workforce

    1. Targeting Your Mobile Workforce

    2. Summary

  7. Chapter 7 Infiltrating the Phishing Underground: Learning from Online Criminals?

    1. The Fresh Phish Is in the Tank

    2. Examining the Phishers

    3. The Loot

    4. Infiltrating the Underground

    5. Summary

  8. Chapter 8 Influencing Your Victims: Do What We Tell You, Please

    1. The Calendar Is a Gold Mine

    2. Social Identities

    3. Hacking the Psyche

    4. Summary

  9. Chapter 9 Hacking Executives: Can Your CEO Spot a Targeted Attack?

    1. Fully Targeted Attacks Versus Opportunistic Attacks

    2. Motives

    3. Information Gathering

    4. Attack Scenarios

    5. Summary

  10. Chapter 10 Case Studies: Different Perspectives

    1. The Disgruntled Employee

    2. The Silver Bullet

    3. Summary

  1. Appendix Chapter 2 Source Code Samples

    1. Datamine.js

    2. Pingback.js

    3. External-datamine.js

    4. XHRIEsniperscope()

    5. Codecrossdomain.java

    6. HiddenClass.java

  2. Appendix Cache_Snoop.pl

  3. Colophon