Hacking Connected Cars: Tactics, Techniques, and Procedures

Author:   Alissa Knight
Publisher:   John Wiley & Sons Inc
ISBN:  

9781119491804


Pages:   272
Publication Date:   20 March 2020
Format:   Paperback
Availability:   In Print   Availability explained
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Our Price $78.95 Quantity:  
Add to Cart

Share |

Hacking Connected Cars: Tactics, Techniques, and Procedures


Add your own review!

Overview

Full Product Details

Author:   Alissa Knight
Publisher:   John Wiley & Sons Inc
Imprint:   John Wiley & Sons Inc
Dimensions:   Width: 18.50cm , Height: 1.80cm , Length: 23.30cm
Weight:   0.362kg
ISBN:  

9781119491804


ISBN 10:   1119491800
Pages:   272
Publication Date:   20 March 2020
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Active
Availability:   In Print   Availability explained
This item will be ordered in for you from one of our suppliers. Upon receipt, we will promptly dispatch it out to you. For in store availability, please contact us.

Table of Contents

About the Author v Acknowledgments vii Foreword xv Introduction xix Part I Tactics, Techniques, and Procedures 1 Chapter 1 Pre-Engagement 3 Penetration Testing Execution Standard 4 Scope Definition 6 Architecture 7 Full Disclosure 7 Release Cycles 7 IP Addresses 7 Source Code 8 Wireless Networks 8 Start and End Dates 8 Hardware Unique Serial Numbers 8 Rules of Engagement 9 Timeline 10 Testing Location 10 Work Breakdown Structure 10 Documentation Collection and Review 11 Example Documents 11 Project Management 13 Conception and Initiation 15 Definition and Planning 16 Launch or Execution 22 Performance/Monitoring 23 Project Close 24 Lab Setup 24 Required Hardware and Software 25 Laptop Setup 28 Rogue BTS Option 1: OsmocomBB 28 Rogue BTS Option 2: BladeRF + YateBTS 32 Setting Up Your WiFi Pineapple Tetra 35 Summary 36 Chapter 2 Intelligence Gathering 39 Asset Register 40 Reconnaissance 41 Passive Reconnaissance 42 Active Reconnaissance 56 Summary 59 Chapter 3 Threat Modeling 61 STRIDE Model 63 Threat Modeling Using STRIDE 65 VAST 74 PASTA 76 Stage 1: Define the Business and Security Objectives 77 Stage 2: Define the Technical Scope 78 Stage 3: Decompose the Application 79 Stage 4: Identify Threat Agents 80 Stage 5: Identify the Vulnerabilities 82 Stage 6: Enumerate the Exploits 82 Stage 7: Perform Risk and Impact Analysis 83 Summary 85 Chapter 4 Vulnerability Analysis 87 Passive and Active Analysis 88 WiFi 91 Bluetooth 100 Summary 105 Chapter 5 Exploitation 107 Creating Your Rogue BTS 108 Configuring NetworkinaPC 109 Bringing Your Rogue BTS Online 112 Hunting for the TCU 113 When You Know the MSISDN of the TCU 113 When You Know the IMSI of the TCU 114 When You Don't Know the IMSI or MSISDN of the TCU 114 Cryptanalysis 117 Encryption Keys 118 Impersonation Attacks 123 Summary 132 Chapter 6 Post Exploitation 133 Persistent Access 133 Creating a Reverse Shell 134 Linux Systems 136 Placing the Backdoor on the System 137 Network Sniffing 137 Infrastructure Analysis 138 Examining the Network Interfaces 139 Examining the ARP Cache 139 Examining DNS 141 Examining the Routing Table 142 Identifying Services 143 Fuzzing 143 Filesystem Analysis 148 Command-Line History 148 Core Dump Files 148 Debug Log Files 149 Credentials and Certificates 149 Over-the-Air Updates 149 Summary 150 Part II Risk Management 153 Chapter 7 Risk Management 155 Frameworks 156 Establishing the Risk Management Program 158 SAE J3061 159 ISO/SAE AWI 21434 163 HEAVENS 164 Threat Modeling 166 STRIDE 168 PASTA 171 TRIKE 175 Summary 176 Chapter 8 Risk-Assessment Frameworks 179 HEAVENS 180 Determining the Threat Level 180 Determining the Impact Level 183 Determining the Security Level 186 EVITA 187 Calculating Attack Potential 189 Summary 192 Chapter 9 PKI in Automotive 193 VANET 194 On-board Units 196 Roadside Unit 196 PKI in a VANET 196 Applications in a VANET 196 VANET Attack Vectors 197 802.11p Rising 197 Frequencies and Channels 197 Cryptography 198 Public Key Infrastructure 199 V2X PKI 200 IEEE US Standard 201 Certificate Security 201 Hardware Security Modules 201 Trusted Platform Modules 202 Certificate Pinning 202 PKI Implementation Failures 203 Summary 203 Chapter 10 Reporting 205 Penetration Test Report 206 Summary Page 206 Executive Summary 207 Scope 208 Methodology 209 Limitations 211 Narrative 211 Tools Used 213 Risk Rating 214 Findings 215 Remediation 217 Report Outline 217 Risk Assessment Report 218 Introduction 219 References 220 Functional Description 220 Head Unit 220 System Interface 221 Threat Model 222 Threat Analysis 223 Impact Assessment 224 Risk Assessment 224 Security Control Assessment 226 Example Risk Assessment Table 229 Summary 230 Index 233

Reviews

Author Information

Alissa Knight has worked in cybersecurity for more than 20 years. For the past ten years, she has focused her vulnerability research into hacking connected cars, embedded systems, and IoT devices for clients in the United States, Middle East, Europe, and Asia. She continues to work with some of the world's largest automobile manufacturers and OEMs on building more secure connected cars. Alissa is the Group CEO of Brier & Thorn and is also the managing partner at Knight Ink, where she blends hacking with content creation of written and visual content for challenger brands and market leaders in cybersecurity. As a serial entrepreneur, Alissa was the CEO of Applied Watch and Netstream, companies she sold in M&A transactions to publicly traded companies in international markets. Her passion professionally is meeting and learning from extraordinary leaders around the world and sharing her views on the disruptive forces reshaping global markets. Alissa's long-term goal is to help as many organizations as possible develop and execute on their strategic plans and focus on their areas of increased risk, bridging silos to effectively manage risk across organizational boundaries, and enable them to pursue intelligent risk taking as a means to long-term value creation. You can learn more about Alissa on her homepage at http://www.alissaknight.com, connect with her on LinkedIn, or follow her on Twitter @alissaknight.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions
Shopping Cart
Your cart is empty
Shopping cart
Mailing List