Bøger af Carlos a. Barbero Muñoz

Existe amplia información sobre Ingeniería Social en internet y otros medios (Description in English below). Lo que diferencia este libro de la literatura existente es precisamente la descripción de las prácticas y herramientas que constituyen el punto de partida para quien se inicie en esta disciplina. Aquí se describen todo tipo de técnicas, físicas y lógicas, para perpetrar ataques basados en Ingeniería Social: phising, obtención de información a través de fuentes abiertas (OSINT), técnicas de manipulación de personas, operaciones psicológicas (PSYOPS), métodos de suplantación, detección de mentiras, programación neurolingüística (PNL), lockpicking, etc. Description in English: Currently, the market has a wide range of systems, products and services focused on computer security: antivirus, firewalls, IDS, WAF, etc. All these measures are indispensable and have become a priority for any company or organization in order to secure their assets, but Social Engineering relates to the advantage that techniques can be used as an attempt against the vulnerabilities inherent to human beings, and as is well known, there is no patch or update that offers effective protection against this type of attack. What firewall could be installed in a human brain? With what rules would you configure it? Why use complex systems in developing hacking techniques when a phone call could provide us with an administrator password? This is one of the techniques that can be followed by a hacking specialist through Social Engineering, who will surely not waste time investigating complex attack vectors, exploits or Zero Day vulnerabilities if a friendly receptionist can be easily convinced to insert an infected USB into a company PC, or for a saturated telephone operator of a telecommunications company to provide personal details of a subscriber. There is a lot of information about Social Engineering in different books and on the Internet. The differentiating element of this book is the importance given to the practices and tools that someone starting out in this discipline should know as a starting point. Throughout this book, all kinds of techniques, physical and logical, to perpetrate attacks based on Social Engineering will be described: phishing, obtaining information through open sources (OSINT), techniques of manipulation of people, psychological operations (PSYOPS ), impersonation methods, lie detection, neurolinguistic programming (NLP), lockpicking, etc.

El objetivo de este libro es introducirte en el mundo del pentesting o hacking de sistemas informáticos, desde el punto de vista de un atacante o hacker, así como del lado de un administrador de sistemas o responsable de la seguridad informática de una red, para saber qué medidas preventivas ayudarán a proteger tu infraestructura de las debilidades de seguridad (Description in English below). Description in English: The objective of this book is to introduce readers to the world of pentesting or hacking of computer systems, from the point of view of an attacker or hacker, as well as on a system's administrator viewpoint or by the person responsible for the computer security of a network, to know what preventive measures will help protect your infrastructure from security weaknesses. In a first block, the necessary protocols are described to understand in detail how the information systems and the applications that run on them communicate. In addition, the techniques used to identify systems that may be susceptible to attack will be shown, as well as the collection of information regarding users, in order to create a defined and effective attack vector. Under the main operating systems, Microsoft Windows and Linux, the second block will focus on exploiting and discovering vulnerabilities, as well as how to use automated tools to exploit them, maintaining a session once security is compromised, and breaking of passwords. In addition, the main exploiting techniques will be explained and used, and the main Internet sites will be shown, essential to learn how to download and execute these techniques efficiently in real life. All chapters of the book begin with a description of the techniques to be used. After that, the installation, configuration and administration processes are explained with practical examples.

El objetivo de este libro es introducir al lector en el mundo del pentesting web o hacking de páginas y aplicaciones web. (Description in English below). Se centra en la seguridad de páginas web y el modo de mejorar los niveles de seguridad. Además, podrás conocer las diferentes técnicas de ataque de manera guiada contra aplicaciones web, así como las contramedidas para proteger tus recursos. Desprintion in English: The objective of this book is to introduce readers to the world of Web Pentesting or Hacking of Pages and Web Applications. In it, you will be able to know the different attack techniques in a guided way against Web applications, as well as the recommended countermeasures to protect your resources from this type of attack. Web pages and applications are one of the technologies in the IT world with the highest growth over time. The famous trend of bringing all services to the Web world. It has gone from a small number of Web portals available in the past, to a total presence of all kinds of companies on the Internet, being, today, one of the means of communication capable of providing more effective services between companies and customers. For this reason, this book focuses on the security of this type of Web applications and how to improve security levels. Where the best way to understand your security is to know how attacks are carried out and how their vulnerabilities are exploited.

El libro describe todos los aspectos teóricos relacionados con las redes Wifi, por ejemplo, protocolos, estándares, algoritmos de cifrado, así como los legales, para posteriormente abordar aspectos técnicos relacionados con la seguridad de los diferentes tipos de redes inalámbricas, el equipo de laboratorio y las herramientas a utilizar (Description in English below). Además, incluye una parte dedicada al hacking de las radiocomunicaciones, que pese a ser una de las tecnologías más veteranas, se encuentra en una renovada etapa, dada la aparición de dispositivos como los SDR, que unidos a las nuevas herramientas informáticas desarrolladas, proporcionan una nueva dimensión en el hacking de radiofrecuencia. Description in English: The objective of this book is to introduce readers to the world of security and hacking, specifically in the field of wireless networks, which are present not only in homes or corporate environments, but in a large number of public places, with the which constitute a widely used as well as vulnerable communication channel.Firstly, all the theoretical aspects related to Wi-Fi networks are described, such as protocols, standards, encryption algorithms, as well as the legal ones, and later on, technical aspects related to the security of different types of wireless networks are addressed. Laboratory needed and the tools to be used. This is eminently practical content, which will allow the reader to start from scratch in this exciting world, starting with installing the Kali Linux distribution that will be used for pentesting, and then learning how to correctly manipulate the capture equipment, scanning the means in search of targets, analyze the signal, monitor the traffic and implement the different attacks that can be carried out on open networks, WEP or WPA / WPA2. All the attacks shown in this book are staged step by step, in a practical way, so that the reader can fully reproduce them in a laboratory and acquire the necessary skills to audit the security of this type of network. In addition, this book includes a part dedicated to radio communication hacking, which despite being one of the oldest technologies, is in a renewed stage of splendor, given the appearance of devices such as SDRs, which together with new computer tools developed, they provide a new dimension in radio frequency hacking. It will also detail how to configure and use a low-cost SDR to put into practice the concepts learned and enter this exciting world in a simple and economic way.