دانلود کتاب Hacking Connected Cars: Tactics, Techniques, and Procedures

فهرست مطالب :

Cover
Title Page
Copyright
About the Author
Acknowledgments
Contents at a Glance
Contents
Foreword
Foreword
Introduction
For Non-Automotive Experts
Automotive Networking
Target Audience
How This Book Is Structured
What’s on the Website
Summary
Part I Tactics, Techniques, and Procedures
Chapter 1 Pre-Engagement
Penetration Testing Execution Standard
Scope Definition
Architecture
Full Disclosure
Release Cycles
IP Addresses
Source Code
Wireless Networks
Start and End Dates
Hardware Unique Serial Numbers
Rules of Engagement
Timeline
Testing Location
Work Breakdown Structure
Documentation Collection and Review
Example Documents
Project Management
Conception and Initiation
Definition and Planning
Launch or Execution
Performance/Monitoring
Project Close
Lab Setup
Required Hardware and Software
Laptop Setup
Rogue BTS Option 1: OsmocomBB
Rogue BTS Option 2: BladeRF + YateBTS
Setting Up Your WiFi Pineapple Tetra
Summary
Chapter 2 Intelligence Gathering
Asset Register
Reconnaissance
Passive Reconnaissance
Active Reconnaissance
Summary
Chapter 3 Threat Modeling
STRIDE Model
Threat Modeling Using STRIDE
VAST
PASTA
Stage 1: Define the Business and Security Objectives
Stage 2: Define the Technical Scope
Stage 3: Decompose the Application
Stage 4: Identify Threat Agents
Stage 5: Identify the Vulnerabilities
Stage 6: Enumerate the Exploits
Stage 7: Perform Risk and Impact Analysis
Summary
Chapter 4 Vulnerability Analysis
Passive and Active Analysis
WiFi
Bluetooth
Summary
Chapter 5 Exploitation
Creating Your Rogue BTS
Configuring NetworkinaPC
Bringing Your Rogue BTS Online
Hunting for the TCU
When You Know the MSISDN of the TCU
When You Know the IMSI of the TCU
When You Don’t Know the IMSI or MSISDN of the TCU
Cryptanalysis
Encryption Keys
Impersonation Attacks
Summary
Chapter 6 Post Exploitation
Persistent Access
Creating a Reverse Shell
Linux Systems
Placing the Backdoor on the System
Network Sniffing
Infrastructure Analysis
Examining the Network Interfaces
Examining the ARP Cache
Examining DNS
Examining the Routing Table
Identifying Services
Fuzzing
Filesystem Analysis
Command-Line History
Core Dump Files
Debug Log Files
Credentials and Certificates
Over-the-Air Updates
Summary
Part II Risk Management
Chapter 7 Risk Management
Frameworks
Establishing the Risk Management Program
SAE J3061
ISO/SAE AWI 21434
HEAVENS
Threat Modeling
STRIDE
PASTA
TRIKE
Summary
Chapter 8 Risk-Assessment Frameworks
HEAVENS
Determining the Threat Level
Determining the Impact Level
Determining the Security Level
EVITA
Calculating Attack Potential
Summary
Chapter 9 PKI in Automotive
VANET
On-board Units
Roadside Unit
PKI in a VANET
Applications in a VANET
VANET Attack Vectors
802.11p Rising
Frequencies and Channels
Cryptography
Public Key Infrastructure
V2X PKI
IEEE US Standard
Certificate Security
Hardware Security Modules
Trusted Platform Modules
Certificate Pinning
PKI Implementation Failures
Summary
Chapter 10 Reporting
Penetration Test Report
Summary Page
Executive Summary
Scope
Methodology
Limitations
Narrative
Tools Used
Risk Rating
Findings
Remediation
Report Outline
Risk Assessment Report
Introduction
References
Functional Description
Head Unit
System Interface
Threat Model
Threat Analysis
Impact Assessment
Risk Assessment
Security Control Assessment
Example Risk Assessment Table
Summary
Index
EULA