Hacking connected cars : tactics, techniques, and procedures /

Chapter 3 Threat Modeling -- STRIDE Model -- Threat Modeling Using STRIDE -- VAST -- PASTA -- Stage 1: Define the Business and Security Objectives -- Stage 2: Define the Technical Scope -- Stage 3: Decompose the Application -- Stage 4: Identify Threat Agents -- Stage 5: Identify the Vulnerabilities...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Knight, Alissa (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Indianapolis, Indiana : John Wiley & Sons, Inc., [2020]
Temas:
Automated vehicles.
Automated vehicles > Security measures.
Penetration testing (Computer security)
Véhicules autonomes.
Véhicules autonomes > Sécurité > Mesures.
Tests d'intrusion.
COMPUTERS > Security > Cryptography & Encryption.
Automated vehicles
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright
  • About the Author
  • Acknowledgments
  • Contents at a Glance
  • Contents
  • Foreword
  • Foreword
  • Introduction
  • For Non-Automotive Experts
  • Automotive Networking
  • Target Audience
  • How This Book Is Structured
  • What's on the Website
  • Summary
  • Part I Tactics, Techniques, and Procedures
  • Chapter 1 Pre-Engagement
  • Penetration Testing Execution Standard
  • Scope Definition
  • Architecture
  • Full Disclosure
  • Release Cycles
  • IP Addresses
  • Source Code
  • Wireless Networks
  • Start and End Dates
  • Hardware Unique Serial Numbers
  • Rules of Engagement
  • Timeline
  • Testing Location
  • Work Breakdown Structure
  • Documentation Collection and Review
  • Example Documents
  • Project Management
  • Conception and Initiation
  • Definition and Planning
  • Launch or Execution
  • Performance/Monitoring
  • Project Close
  • Lab Setup
  • Required Hardware and Software
  • Laptop Setup
  • Rogue BTS Option 1: OsmocomBB
  • Rogue BTS Option 2: BladeRF + YateBTS
  • Setting Up Your WiFi Pineapple Tetra
  • Summary
  • Chapter 2 Intelligence Gathering
  • Asset Register
  • Reconnaissance
  • Passive Reconnaissance
  • Active Reconnaissance
  • Bringing Your Rogue BTS Online
  • Hunting for the TCU
  • When You Know the MSISDN of the TCU
  • When You Know the IMSI of the TCU
  • When You Don't Know the IMSI or MSISDN of the TCU
  • Cryptanalysis
  • Encryption Keys
  • Impersonation Attacks
  • Summary
  • Chapter 6 Post Exploitation
  • Persistent Access
  • Creating a Reverse Shell
  • Linux Systems
  • Placing the Backdoor on the System
  • Network Sniffing
  • Infrastructure Analysis
  • Examining the Network Interfaces
  • Examining the ARP Cache
  • Examining DNS
  • Examining the Routing Table
  • Identifying Services
  • Fuzzing
  • Filesystem Analysis
  • Command-Line History
  • Core Dump Files
  • Debug Log Files
  • Credentials and Certificates
  • Over-the-Air Updates
  • Summary
  • Part II Risk Management
  • Chapter 7 Risk Management
  • Frameworks
  • Establishing the Risk Management Program
  • SAE J3061
  • ISO/SAE AWI 21434
  • HEAVENS
  • Threat Modeling
  • STRIDE
  • PASTA
  • TRIKE
  • Summary
  • Chapter 8 Risk-Assessment Frameworks
  • HEAVENS
  • Determining the Threat Level
  • Determining the Impact Level
  • Determining the Security Level
  • EVITA
  • Calculating Attack Potential
  • Summary
  • Chapter 9 PKI in Automotive

Ejemplares similares