Hunting Cyber Criminals
eBook - ePub

Hunting Cyber Criminals

A Hacker's Guide to Online Intelligence Gathering Tools and Techniques

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Hunting Cyber Criminals

A Hacker's Guide to Online Intelligence Gathering Tools and Techniques

About this book

The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries. This book's unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles:

  • Through the eyes of the author who has several years of experience in the subject.
  • Through the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets.
  • Through the eyes of industry leaders.

This book is ideal for: Investigation professionals, forensic analysts, and CISO/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization. Security analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information. CISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization's data.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Hunting Cyber Criminals by Vinny Troia in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2020
Print ISBN
9781119540922
eBook ISBN
9781119540991
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

CHAPTER 1
Getting Started

This chapter covers the important items that you should know before getting started, as well as topics like what you will and won't find in this book, the top takeaways from this book that will be discussed regularly in subsequent chapters, and some prerequisites to help ease your journey in cyber investigations.
Some of you may be looking for a reason to get into the field. Some of you may already be in the field and looking for new techniques to use during your own investigations.
In either case, I feel the need to warn you that starting an investigation can be like running a marathon. It can be slow and tedious, and take forever to get where you're going.
You need to be extremely self‐motivated because trying to connect dots in an entire Internet of unorganized clues and information can be extremely discouraging.
But if you press on, and muster through that initial pain, it will eventually happen.
There is a feeling you will eventually find during an investigation. It's the same feeling experienced by coders or hackers—it triggers the moment you pull on that first major thread or unlock that first tumbler, which gives way to the second, and the third … and eventually the entire world lights up.
There is nothing better or more exhilarating than entering “the zone.” It's like a precision laser‐focused state—your own “bullet time”—where you can't be slowed or stopped until you've solved the puzzle, hacked the system, or accomplished the thing that you're working on. It's a rush better than any stimulant or drug—in a word, it's amazing.
Throughout this book, I will provide you with information on my own personal arsenal of tools that I hope will help guide you to exactly that place. I will also provide you with my own experiences and thought processes using many of those tools, because I've found that it can be much more helpful to learn how a person uses a particular tool, rather than just re‐creating a user's manual.

Why This Book Is Different

I have read a number of digital investigation books, and they all seem to just list every tool possible, provide a short summary of what that tool does, and move on to the next. Almost like herding software cattle.
Many of the OSINT and investigative books I read or referenced before starting this book made me feel overwhelmed with information, like trying to understand a technical encyclopedia without actually giving you any guidance or useful advice tied to what you are reading.
I feel this book is different because I deep dive into the tools and try to provide stories behind actual investigations and how those tools were used in a way that actually proved useful (or not).
Another difference is that the examples won't only show you positive results with every example. I hate when other books do that because the results are typically unrealistic. Real testing often yields no useful information, which is something I will show when comparing different tools.

What You Will and Won't Find in This Book

This book will cover a lot of tools and technical uses of those tools. It will also cover my thought process and the stories behind how I used certain tools to further an investigation.
This book will contain a number of my personal experiences during actual investigations or breach scenarios. While the names may be changed to protect the companies or people involved (but mostly to protect me), the stories and scenarios presented are completely nonfiction. I have a very “out‐of‐the‐box” approach to life, so I will offer life lessons and hacks along the way that may someday help you.
I also don't like that most technical books only feature the perspective of a single person (the author).
I will be the first to admit that I don't know everything about OSINT or digital investigations. Many different facets of technology can come up during an investigation that may require a unique perspective or an understanding that comes from years of hands‐on experience, which is why I have always tried to surround myself with people that I respect and that I feel are experts I can learn from.
I thought it would be really interesting to you, the reader, if I also included the opinions and experiences of some of those people alongside my own. Since I am writing a book on a subject, why not also include the opinions of people who are also really good at said subject?
So I asked a handful of people that I consider experts in their field to contribute a story, an opinion, or even a technique on some part of the information‐gathering or investigative process.
I found each of their stories to be unique and thought‐provoking, and I know you will, too!

Getting to Know Your Fellow Experts

I would like to give a very special thank‐you and shout‐out to the following people for their contributions as experts in this book (in alphabetical order):
  • Alex Heid
    VP research, SecurityScoreCard & founder of HackMiami
  • Bob Diachenko
    Security Researcher, Founder of SecurityDiscovery.com
  • Cat Murdock
    Threat and Attack Simulation, Guidepoint Security
  • Chris Hadnagy
    Chief Human Hacker, Social‐Engineer, LLC, SEVillage owner
  • Chris Roberts
    Chief Security Strategist, Attivo Networks
  • Leslie Carhart
    Principal Threat Hunter, Dragos, Inc.
  • John Strand
    Founder, Black Hills Information Security, Senior SANS Instructor
  • Jonathan Cran
    Founder, Intrigue.io, Head of Research, Kenna Security
  • Nick Furneux
    Computer Forensic Investigator, Crypto Investigation Expert
  • Rob Fuller
    Red Team Heavyweight
  • Troy Hunt
    Security Researcher, Microsoft VP, Founder, Have I Been Pwned
  • William Martin
    Researcher, developer of SMBetray

A Note on Cryptocurrencies

An extra super shout‐out to Nick Furneux for writing the primer to crypto investigations later in this chapter. For those interested in really diving into how to investigate cryptocurrencies, please check...

Table of contents

  1. Cover
  2. Table of Contents
  3. Prologue
  4. CHAPTER 1: Getting Started
  5. CHAPTER 2: Investigations and Threat Actors
  6. Part I: Network Exploration
  7. Part II: Web Exploration
  8. Part III: Digging for Gold
  9. Part IV: People Hunting
  10. Epilogue
  11. Index
  12. End User License Agreement