Home Unlabelled Book Review: "How To Hack Like a Pornstar"

Book Review: "How To Hack Like a Pornstar"

By
Monday, April 03, 2017
Read
Add Comment
"How To Hack Like a PORNSTAR: A Step by Step Process for Breaking into a Bank (Or Any Company Really)" by Sparc Flow is a great practical book on penetration testing. It's tried and true penetration testing methods from a black hat perspective. True to form, Sparc Flow is an alias the writer uses to stay anonymous. And in turn, I haven't actually seen many prior reference to the handle on The Internet, although it seems he created the sudoname several places to promote the book. The book is really cheap and reads really fast, at ~$13 for about 130 pages, I was able to read it in only one to two sittings. I give it 7 / 10 stars and recommend it to anyone looking to get into penetration testing, especially those that feel stuck or unempowered at the "script kiddie" level. That said, I also recommend it to experienced penetration testers, both as a good review and because it contains such a wide breadth. I continuously uncovered new or interesting tidbits I didn't know before, such as the main frame hacking. Like my typical reviews, here are the chapters of the book, as to get a good sense for its contents:

1. Safety First
  1.1 Blank Slate
  1.2 Network Anonymity
    1.2.1 First Layer- Blend in
    1.2.2 Second Layer - Smuggle data like a champion
    1.2.3 Third layer - The last stand
  1.3 System Anonymity
2. Getting in
  2.1 Gotta phish them all
    2.1.1 Emails emails emails
    2.1.2 Email content
    2.1.3 Malicious File
      2.1.3.1 VBA pure breed
      2.1.3.2 PowerShell to the rescue
      2.1.3.3 The Empire strikes
      2.1.3.4 Meterpreter in VBA
    2.1.4 Summary
  2.2 Public exposure
    2.2.1 Mapping public IP addresses
    2.2.2 Web applications
      2.2.2.1 up.sph-assets.com
      2.2.2.2 career.sph-assets.com
      2.2.2.3 info.sph-assets.com
      2.2.2.4 catalog.sph-assets.com
    2.2.3 Miscellaneous services
3. North of the (Fire) Wall 
  3.1 Know the enemy
  3.2 The first touch down
  3.3 Stairway to heaven
     3.3.1 Socks proxy
     3.3.2 Meterpreter
  3.4. Fooling Around
    3.4.1 A lonely (j)boss
    3.4.2 Rise and Fall
    3.4.3 Its raining passwords
4. Inside the Nest 
  4.1 Active Directory
  4.2 Where are we going?
  4.3 Password reuse
  4.4 Missing link
  4.5 More passwords
5. Hunting for data 
  5.1 Exfiltration technique
  5.2 Strategic files
  5.3 Emails
     5.3.1 Targeted approach
     5.3.2 Broad approach
  5.4 Customer records
6. Hacking the unthinkable
  6.1 Pole position
  6.2 Riding the beast
  6.3 Hunting for files
  6.4 Hold on, isn't that cheating?
  6.5 Rewind-First contact
  6.6 Then there were CICS
  6.7 Programs, transactions,and some p0wnage
7. Summary    

My favorite review of the book is probably this one, "Considering the shit title, this actually isn't too bad a document in terms of guiding through some techniques and why they are being used". As previously mentioned, the book also takes several steps to help protect hackers identities, and actually takes the position of black hat or malicious hacking. Starting with setting the attackers up with an anonymized machine, internet connection, and vpn from which to perform their attacks, the book expertly sets the stage for black hat style hacking, a computer hacking book we don't often see from a technical perspective. Overall, I really enjoyed the techniques covered, from advanced phishing payloads and obfuscation techniques, to pivoting from a production environment into a corporate environment and enumerating a windows domains in search of sensitive information. One of my favorite aspects of the book is that it introduces a wide variety of topics and demonstrates not only how to exploit them, but gives a bunch of sources in terms of theory, practical exploitation advice, and tools, if the reader wants to go deeper on any specific technique. I found myself thinking this is how I would write a book on general computer hacking, showing practical examples on a wide array of subjects while offering sources to dive deeper on any specific subject. The book feels real world and practical, as if pulled from his own experiences pentesting, in that regard it reminded me a lot of The Hacker Playbook, I'd say the only reason this book it's not as good as THP is because it doesn't have as much theory or content as THP. Finally, I will say it's a bit odd that the site the book advertises as it's companion site, hacklikeapornstar.com, currently redirects to a Russian photography site. That said they have a github with lots of code from the book. Hope you enjoy the book as much as I did!
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us