IT Security & Ethical Hacking Handbook
Stefano Novelli
Authors and Collaborators
Testi, Progettazione ed Esecuzione
Stefano Novelli
Translator
Marco Stefano Doria
Proofreader
Marco Silvestri
Audio (web series)
Mirko Marcattili
Distributed and promoted by
inforge.net - your hacks community
Purchase Now !
Just with Paypal
Just with Paypal
Book Details
Price
|
2.00 USD | |
|---|---|---|
Pages
| 230 p | |
File Size
|
2,372 KB | |
File Type
|
PDF format | |
Original Text
| 2017, in Italy | |
Copyright
| The textual content and the images of Hacklog: Volume ebook are released under Creative Commons 4.0 license – non-replicable, no derived works, commercialization. The owner of the rights for this document is Stefano Novelli, and its distribution is by inforge.net. |
Welcome to Hacklog, the Cyber Security and Ethical Hacking course. My
name is Stefano Novelli, and I am the author of this course – I decided to write
this document to give anybody the chance to approach cyber security in a more
accessible way, compared to traditional channels.
Hacklog is the result of many years of study in the Hacking and IT Security
fields: it encompasses testimonies, techniques and considerations, collected from
documents, training courses and first-hand experience in the Security industry.
As a course, Hacklog is designed for who wishes to learn and have an insight
over Cyber Security; this manual is not aimed to offer professional training to IT
Security experts, and is not intended to replace any University-grade guide book.
This course has been designed for you – as a student or a self-taught reader –
who wish to familiarize with Ethical Hacking and Cyber Security, learn the main
techniques to run security tests on your machines and protect yourself from the
intruders buzzing in the dark world of cyber-crime.
I would be a liar if I told you that you can start over without any IT
knowledge. However, I don’t mean to discourage you, but it’s quite the contrary:
the fact that you’re here is a very good start! This means you want to learn, and I
can tell you this is a very important, if not crucial, fact.
While you read this document, I will demand you to:
Have a positive attitude towards the course, don’t get discouraged soon!
Learn more about what is not too clear for you.
Take notes, with pen and paper if you wish!
Get in touch with other people if you can’t understand any part of it.
Please, keep in mind that the IT basics will be taken for granted, such as the
difference between hardware and software, what is an operative system, how to
download programs, and so on. Let’s begin already! Enjoy your reading.
Anonymity
Over the years, anonymity on Internet became one of the most crucial issues,
to the point that nowadays a huge range of tools is out there to help us leaving no
traces around. The need for being invisible online is not only a prerogative of
cyber-criminals: in some parts of the world (such as China, Saudi Arabia, Iran
or North Korea), government censorship is so strong that anonymity is necessary
not to be tracked by public or private spy services and to avoid penalties in those
country where Death Penalty is still inflicted. In the rest of the world, anonymity
can be useful for other scenarios, i.e. to report poor working conditions or
questionable internal policies of a given company, as well as to be free to use the
net outside a strongly analytical system, refraining from sharing information
about what we buy or sell, what we like or dislike with the Internet Big
Companies, thus escaping the mass social experiment run by the major global
powers.
Anonymity is also a fundamental feature for hacktivists, namely those who
practice digital activism. One example is the Anonymous movement, and such
name clearly reflects the need to be untraceable during online protests.
If you need to secure your IT structure, you should actually consider another
good reason: to be anonymous as a means of prevention, avoiding any
exposition to the Internet, where you can potentially be attacked by anyone.
Instead, if you work in the IT investigation field, you may be interested in
knowing the tools used by cyber-criminals to execute their attacks staying
anonymous and avoiding controls.
Table of Contents
Translator's Foreword
Foreword
Anonymity
1. Operative System
1.1 Which distro?
1.1.1 Virtual Machines
1.1.2 Live Distros
1.1.3 The Terminal
2. Data Traces
2.1 MAC Address
2.1.1 Identifying the MAC Address
2.1.2 MAC Spoofing
2.2 Hostname
2.2.1 Changing the Hostname
2.3 Domain Name System
2.3.1 Choosing DNS
2.3.2 Changing DNS
2.3.3 Cache DNS
2.4 IP Address
2.4.1 Determining the IP in use
2.4.2 Proxy
2.4.2.1 Proxy types
2.4.2.2 Where you can find Proxies
2.4.2.3 How to use Proxies
2.4.2.4 How safe are Proxies?
3. Secure communications
3.1 VPN (Virtual Private Network)
3.1.1 VPN Types
3.1.1.1 PPTP, for the speed seekers
3.1.1.2 L2TP/IPsec, for the security and responsiveness enthusiasts
3.1.1.3 OpenVPN, for top security users
3.1.1.4 SSTP, for Windows users
3.1.2 Which VPN?
3.1.3 How to choose a VPN
3.1.3.1 Avoid Free VPNs
3.1.3.2 No Logs Policy
3.1.3.3 If they haven’t got your data, they can’t catch you
3.1.3.4 International Data Retention Laws
3.1.3.5 Payment Methods
3.1.3.6 DMCA Notices
3.1.4 VPN List
3.1.4.1. Multi Hop (cascading) VPNs
3.1.5 Using the VPN
3.1.6 Testing the quality of a VPN
3.1.6.1 Torrent Test
3.1.6.2 DNS Leak Test
3.1.6.3 Kill Switch (protection against disconnections)
4. Clearnet and Deep Web
4.1 TOR
4.1.1 What’s the TOR network
4.1.2 TOR Projects
4.1.3 TOR installation
4.1.4 TOR use cases
4.1.4.1 TOR as a Browser
4.1.4.2 TOR as a P2P
4.1.4.3 TOR as Chat
4.1.4.4 TOR as a Proxy Software
4.1.5 TOR Relay
4.1.6 TOR Bridges
4.1.6.1 Bridges advanced use
4.1.7 Pluggable Transports
4.1.7.1 MEEK & Scramblesuit Protocols
4.1.8 Testing the quality of TOR
4.1.8.1 TOR Test via Browser
4.1.9 TOR and Deep Web
4.1.9.1 Where to find .onion sites?
4.1.10 Is the TOR network really safe??
4.1.10.1 TOR and HTTP protocol
4.1.10.2 TOR and compromised exit-nodes
4.1.10.3 TOR Browser and the issues with “pre-built” products
4.1.10.4 TOR, Google & CO.
4.1.10.5 TOR is not idiot-proof
4.2 I2P
4.2.1 Using I2P
4.2.1.1 Installing I2P
4.2.1.2 First launch of I2P
4.2.1.3 Configuring a Browser with I2P
4.2.1.4 I2P useful resources
4.2.1.5 Anonymous navigation in Clearnet
4.2.1.6 Where to find I2P sites?
4.2.1.7 Difficulties with I2P
4.3 Freenet
4.3.1 Freenet installation
4.3.2 Configuring Freenet
4.3.3 Using Freenet
4.3.4 Freenet useful resource
4.3.5 Security in Freenet
5. Combo Network
5.1 TOR via VPN
5.1.1 How to perform TOR via VPN
5.2 VPN via TOR
5.2.1 How to perform VPN via TOR
5.3 TOR over TOR
5.3.1 Tortilla
5.3.2 Is TOR over TOR helpful?
6. Local Resources
6.1 Private browsing
6.1.1 How to enable the Private or Incognito mode
6.1.2 What the Private/Incognito mode does (and doesn’t do)
6.2 HTTPS
6.2.1 Controlling HTTPS protocols
6.3 Cookies
6.3.1 Cookies impact over security
6.3.2 Controlling cookies
6.4 “Special” Cookies
6.4.1 “Special” Cookies impact over security
6.4.2 How to block Flash Cookies
6.4.3 How to block DOM Storage
6.5 Javascript
6.5.1 JavaScript impact over security
6.5.2 Controlling JavaScript
6.6 Flash
6.6.1 Flash impact over security
6.6.2 Controlling Flash
6.7 Java
6.7.1 Java impact over security
6.7.2 Controlling Java
6.8 ActiveX
6.8.1 ActiveX impact over security
6.8.2 Controlling ActiveX
6.9 WebRTC
6.9.1 WebRTC impact over security
6.9.2 Controlling WebRTC
6.10 Browser Fingerprinting
6.10.1 Defining the Browser Fingerprinting
6.10.2 Defending yourself from Browser Fingerprinting
6.11 File Downloading
6.12 Browser Security Test
7. Data Security
7.1 Data Integrity
7.1.1 Checksum & Hash
7.1.1.1 Hash Types
7.1.1.2 Calculating a Checksum
7.1.1.3 Checksum in common use
7.2 Data Encryption
7.2.1 PGP, Pretty Good Privacy
7.2.2 GPG, GNU Privacy Guard
7.2.2.1 Understanding the public/private key
7.2.2.2 Creating your own PGP key
7.2.2.3 Importing, exporting and revoking a PGP/GPG key
7.2.2.4 PGP/GPG to encrypt and decrypt a file
7.2.2.5 PGP/GPG for data signature
7.2.2.6 PGP/GPG for data integrity
7.2.2.7 PGP/GPG for email encryption
7.2.3 Where to store the PGP/GPG keys
7.3 Disk Encryption
7.3.1 TrueCrypt
7.3.2 Veracrypt
7.3.2.1 Installing Veracrypt
7.3.2.2 Using Veracrypt
7.3.3 Zulucrypt, LUKS and family
7.4 Steganography
7.4.1 Steganography with LSB method
7.4.1.1 LSB Steganography Tools
7.4.1.2 Steghide
7.4.2 Cover Generation Steganography
7.4.2.1 Pure Steganography with SPAM method
7.4.2.2 Pure Steganography with PGP method
7.5 Data Backup
7.5.1 How many Backups do you need?
7.5.2 Rsync
7.5.2.1 Rsync installation
7.5.2.2 Local copy with Rsync
7.5.2.3 Remote copy with Rsync
7.6 Cold Boot RAM Extraction
7.6.1 How to perform CBRE
7.7 Metadata & EXIF Data
7.7.1 How to view the EXIF Data
7.7.1.1 MAT: Metadata Anonymisation Toolkit
7.7.1.2 Alternate software for Metadata
7.8 Camera sensors
7.9 Data Shredding
7.9.1 How to perform Data Shredding
7.9.1.1 Disk Cleaners
7.9.1.2 File Shredding
7.9.1.3 Physical Drive Destruction
8. Data Recovery
8.1 Post-Mortem Forensics
8.1.1 Which OS for P.M. Forensics?
8.1.2 Caine OS
8.1.2.1 TestDisk or PhotoRec, which one?
8.1.2.2 PhotoRec Mini Use Guide
9. Vulnerability
9.1 General Precautions
10. Enhanced OSs
10.1 Live OS
10.1.1 Tails OS
10.1.2 Live OS & Persistence: the risks
10.1.3 Live OS & Virtual Machines: the risks
10.2 Virtualized environments
10.2.1 Qubes OS
10.2.1.1 Virtualization logic
10.2.1.2 Network and Storage Domains
10.2.1.3 Why use Qubes and not Tails OS?
10.2.2 Qubes OS + Tais
10.2.3 Qubes OS + Whonix
10.2.4 Subgraph OS
10.2.4.1 Hardened like few others
10.2.4.2 Network and Anonymity
10.3 Pentest Distros
11. Online Identity
11.1 NEVER combine your identities
11.2 NEVER use the same data
11.3 Watch Out for your Habits
11.4 Disposable email
11.5 If you manage a Site/Blog/Forum
11.6 Things you should NEVER do
12. Online Payments
12.1 Buying in the Dark Net
12.1.1 Dark Net Markets
12.1.1.1 Types of Dark Net Markets
12.1.1.2 Where to find the Dark Net Markets?
12.2 Crypto-currencies
12.2.1 Precautions with Crypto-currencies
12.2.2 Bitcoin
12.2.2.1 How Bitcoins work
12.2.2.2 How to obtain Bitcoins
12.2.2.3 Making Bitcoins untraceable
12.2.3 Beyond Bitcoin
13. Be Free
Acknowledgments
Authors and Collaborators
Sources & Resources
Special Thanks
Donors
Bookscreen
Translator's Foreword
Marco S. Doria is a professional translator and proofreader, working in the
IT, Media and Marketing translation Industries since 2013. He loves computers,
music, books, technology and, especially, his wife Laura and his daughter
Penelope. He also wrote two short novellas in Italian. Contact:
marcostefanodoria@gmail.com
I first came across the Hacklog Project by chance. I was talking with a
colleague about how I wished to further explore the IT Security world, and he
mentioned the Hacklog Volume 1, a very interesting handbook written by Stefano Novelli.
Since I was looking for new materials to improve as a Technical Translator, I
immediately got my digital copy and started reading it.
I felt like captured! I couldn’t stop reading… every chapter ran away so fast
that I immediately felt to start over again.
Hacklog Volume 1 really opened my eyes about topics like Anonymity,
Navigation Safety… Freedom! Yes, freedom! Because I learned how to use the
Web more consciously; I learned how to be free from the control of big data
companies dwelling on our personal information and habits.
I felt I had to contribute to this incredible, open project! So why not translate it?
Immediately, I mailed Stefano about this idea, and we started this adventure quite soon!
Being the son of one of the first IT Consultants in my area, I was close
enough to the computer world to know the basic bits-and-bolts; therefore I really
can say that translating Hacklog Volume 1 has been my best professional
experience to date.
I really hope you enjoy it as much as I did working on the English version. I
would like to thank Stefano for this incredible opportunity and Marco Silvestri,
who really helped me out reviewing the whole translation and adding true value to it.
Now, don’t wait any further: enjoy your reading and… be free!
Marco Silvestri. Contact: marco.silvestri777@gmail.com
I already had the chance to work with Stefano as text reviewer for the Italian
edition of Hacklog and while I was doing that I felt it was a good opportunity for
me to learn something about the IT world I barely knew about. Internet security
is extremely useful even if you don't work with computers and I think it's really
important to have an idea of what happens every time you connect to the
network and what lies underneath it.
When Stefano told me he wanted to publish an English version of the book I
was really enthusiast cause I thought a lot of people could have enjoyed this
book as much as I did.
I had the chance to help Marco, the translator that made this English version
possible and Stefano Novelli, the mind behind the project, and I would like to
thank them both for giving me the opportunity to help with the book.