Contents
Chapter 1 Get Your Free Credit Cards Here
Enumerating the Credit Card Database
Stealing Credit Card Information from the Web Site
Selling the Credit Card Information on the Underground Market
Change the Default HTTP Response Header
Do Not Have Public Access to Developer Sites
Do Not Install SQL Server on the Same Machine as IIS
Do Not Install IIS in the Default Location
Remove Unnecessary Stored Procedures from Your SQL Database
Do Not Use the Default Username and Password for Your Database
Chapter 2 Discover What Your Boss Is Looking At
Connecting to the Boss’s Computer
Countermeasures for Phishing Scams
Countermeasures for Trojan Horse Applications
Countermeasures for Packet-Capturing Software
Chapter 3 Take Down Your Competitor’s Web Site
Attack #2: The One That Worked
Getting Access to the Pawn Web site
Countermeasures for Hackers Passively Finding Information about Your Company
Countermeasures for DDoS Attacks via ICMP
Countermeasures for DDoS Attacks via HTTP and Other Protocols
Countermeasures for Unauthorized Web Site Modification
Countermeasures for Compromise of Internal Employees
Countermeasures for Physical Security Breaches and Access Systems Compromise
Countermeasures for Scanning Attacks
Countermeasures for Social Engineering
Countermeasures for Operating System Attacks
Countermeasures for Data Theft
Chapter 5 Chained Corporations
Building the Exploit Infrastructure
Countermeasures for Hackers Passively Finding Information about Your Company
Countermeasures for Social Engineering Attack on Visual IQ
Countermeasures for Recon on the Visual IQ Software
Countermeasures for Wi-Fi Attack on Quizzi Home Network
Countermeasures for the Keylogger Attack
Chapter 6 Gain Physical Access to Healthcare Records
Social Engineering and Piggybacking
Booting into Windows with Knoppix
Modifying Personally Identifiable Information or Protected Medical Information
Social Engineering and Piggybacking
Chapter 7 Attacking Social Networking Sites
Creating a Fake MySpace Web Site
Creating the Redirection Web Site
Logging In to the Hacked Account
Avoid Using Social Networking Sites
Be Careful about Clicking on Links
Require Last Name / E-mail Address to Be a Friend
Do Not Post Too Much Information
Be Careful When Entering Your Username/Password
Change Your Password Frequently
Chapter 8 Wreaking Havoc from the Parking Lot
Accessing Networks Through Access Points
Performing the Microsoft Kerberos Preauthentication Attack
Cracking Passwords with RainbowCrack
Pilfering the Country Club Data
Configure Active Directory Properly
Use an Intrusion Prevention System or Intrusion Detection System
Update Anti-Virus Software Regularly