Skip to main content

Picture 1 of 2

Stock photo
Stock photo
Hacking Connected Cars by Alissa Knight (trade pbk) very good condition - Picture 1 of 2
Hacking Connected Cars by Alissa Knight (trade pbk) very good condition - Picture 2 of 2

Hacking Connected Cars : Tactics, Techniques, and Procedures by Alissa Knight (2020, Trade Paperback)

mysteryspotbc (737)
100% positive feedback
Price:
US $24.95
ApproximatelyRM 107.25
+ $18.38 shipping
Estimated delivery Wed, 11 Jun - Wed, 25 Jun
Returns:
30 days return. Buyer pays for return shipping. If you use an eBay shipping label, it will be deducted from your refund amount.
Condition:
Very Good

About this product

Product Identifiers

PublisherWiley & Sons, Incorporated, John
ISBN-101119491800
ISBN-139781119491804
eBay Product ID (ePID)241012545

Product Key Features

Number of Pages272 Pages
LanguageEnglish
Publication NameHacking Connected Cars : Tactics, Techniques, and Procedures
Publication Year2020
SubjectSecurity / Cryptography
TypeTextbook
AuthorAlissa Knight
Subject AreaComputers
FormatTrade Paperback

Dimensions

Item Height0.7 in
Item Weight16 Oz
Item Length9.2 in
Item Width7.3 in

Additional Product Features

Intended AudienceScholarly & Professional
Dewey Edition23
Dewey Decimal629.046
Table Of ContentAbout the Author v Acknowledgments vii Foreword xv Introduction xix Part I Tactics, Techniques, and Procedures 1 Chapter 1 Pre-Engagement 3 Penetration Testing Execution Standard 4 Scope Definition 6 Architecture 7 Full Disclosure 7 Release Cycles 7 IP Addresses 7 Source Code 8 Wireless Networks 8 Start and End Dates 8 Hardware Unique Serial Numbers 8 Rules of Engagement 9 Timeline 10 Testing Location 10 Work Breakdown Structure 10 Documentation Collection and Review 11 Example Documents 11 Project Management 13 Conception and Initiation 15 Definition and Planning 16 Launch or Execution 22 Performance/Monitoring 23 Project Close 24 Lab Setup 24 Required Hardware and Software 25 Laptop Setup 28 Rogue BTS Option 1: OsmocomBB 28 Rogue BTS Option 2: BladeRF + YateBTS 32 Setting Up Your WiFi Pineapple Tetra 35 Summary 36 Chapter 2 Intelligence Gathering 39 Asset Register 40 Reconnaissance 41 Passive Reconnaissance 42 Active Reconnaissance 56 Summary 59 Chapter 3 Threat Modeling 61 STRIDE Model 63 Threat Modeling Using STRIDE 65 Vast 74 Pasta 76 Stage 1: Define the Business and Security Objectives 77 Stage 2: Define the Technical Scope 78 Stage 3: Decompose the Application 79 Stage 4: Identify Threat Agents 80 Stage 5: Identify the Vulnerabilities 82 Stage 6: Enumerate the Exploits 82 Stage 7: Perform Risk and Impact Analysis 83 Summary 85 Chapter 4 Vulnerability Analysis 87 Passive and Active Analysis 88 WiFi 91 Bluetooth 100 Summary 105 Chapter 5 Exploitation 107 Creating Your Rogue BTS 108 Configuring NetworkinaPC 109 Bringing Your Rogue BTS Online 112 Hunting for the TCU 113 When You Know the MSISDN of the TCU 113 When You Know the IMSI of the TCU 114 When You Don''t Know the IMSI or MSISDN of the TCU 114 Cryptanalysis 117 Encryption Keys 118 Impersonation Attacks 123 Summary 132 Chapter 6 Post Exploitation 133 Persistent Access 133 Creating a Reverse Shell 134 Linux Systems 136 Placing the Backdoor on the System 137 Network Sniffing 137 Infrastructure Analysis 138 Examining the Network Interfaces 139 Examining the ARP Cache 139 Examining DNS 141 Examining the Routing Table 142 Identifying Services 143 Fuzzing 143 Filesystem Analysis 148 Command-Line History 148 Core Dump Files 148 Debug Log Files 149 Credentials and Certificates 149 Over-the-Air Updates 149 Summary 150 Part II Risk Management 153 Chapter 7 Risk Management 155 Frameworks 156 Establishing the Risk Management Program 158 SAE J3061 159 ISO/SAE AWI 21434 163 HEAVENS 164 Threat Modeling 166 STRIDE 168 PASTA 171 TRIKE 175 Summary 176 Chapter 8 Risk-Assessment Frameworks 179 HEAVENS 180 Determining the Threat Level 180 Determining the Impact Level 183 Determining the Security Level 186 EVITA 187 Calculating Attack Potential 189 Summary 192 Chapter 9 PKI in Automotive 193 VANET 194 On-board Units 196 Roadside Unit 196 PKI in a VANET 196 Applications in a VANET 196 VANET Attack Vectors 197 802.11p Rising 197 Frequencies and Channels 197 Cryptography 198 Public Key Infrastructure 199 V2X PKI200 IEEE US Standard 201 Certificate Security 201 Hardware Security Modules 201 Trusted Platform Modules 202 Certificate Pinning 202 PKI Implementation Failures 203 Summary 203 Chapter 10 Reporting 205 Penetration Test Report 206 Summary Page 206 Executive Summary 207 Scope 208 Methodology 209 Limitations 211 Narrative 211 Tools Used 213 Risk Rating 214 Findings 215 Remediation 217 Report Outline 217 Risk Assessment Report 218 Introduction 219 References 220 Functional Description 220 Head Unit 220 System Interface 221 Threat Model 222 Threat Analysis 223 Impact Assessment 224 Risk Assessment 224 Security Control Assessment 226 Example Risk Assessment Table 229 Summary 230 Index 233
SynopsisA field manual on contextualizing cyber threats, vulnerabilities, and risks to connected cars through penetration testing and risk assessment Hacking Connected Cars deconstructs the tactics, techniques, and procedures (TTPs) used to hack into connected cars and autonomous vehicles to help you identify and mitigate vulnerabilities affecting cyber-physical vehicles. Written by a veteran of risk management and penetration testing of IoT devices and connected cars, this book provides a detailed account of how to perform penetration testing, threat modeling, and risk assessments of telematics control units and infotainment systems. This book demonstrates how vulnerabilities in wireless networking, Bluetooth, and GSM can be exploited to affect confidentiality, integrity, and availability of connected cars. Passenger vehicles have experienced a massive increase in connectivity over the past five years, and the trend will only continue to grow with the expansion of The Internet of Things and increasing consumer demand for always-on connectivity. Manufacturers and OEMs need the ability to push updates without requiring service visits, but this leaves the vehicle's systems open to attack. This book examines the issues in depth, providing cutting-edge preventative tactics that security practitioners, researchers, and vendors can use to keep connected cars safe without sacrificing connectivity. Perform penetration testing of infotainment systems and telematics control units through a step-by-step methodical guide Analyze risk levels surrounding vulnerabilities and threats that impact confidentiality, integrity, and availability Conduct penetration testing using the same tactics, techniques, and procedures used by hackers From relatively small features such as automatic parallel parking, to completely autonomous self-driving cars--all connected systems are vulnerable to attack. As connectivity becomes a way of life, the need for security expertise for in-vehicle systems is becoming increasingly urgent. Hacking Connected Cars provides practical, comprehensive guidance for keeping these vehicles secure., A field manual decomposing the tactics, techniques, and procedures used for risk analysis and exploitation of vulnerabilities in connected cars, As technology makes its way into passenger vehicles driven largely by consumer demands for always-on connectivity and a push to leverage technology to decrease traffic congestion by connecting automobiles to the smart cities around them, automobiles which were once isolated in-vehicle networks are now suddenly reachable from anywhere. This connectivity poses a significant risk to passengers of connected cars and autonomous vehicles as OEMs and automakers adapt to understand the new domain of cybersecurity when historically, safety was their only concern. Alissa Knight, a 20-year veteran of risk management and penetration testing of IoT devices and connected cars, provides a comprehensive guide for performing penetration testing, risk assessments, and risk treatments of connected passenger vehicles. Written for cybersecurity professionals who may not be experts in vehicle mechatronics, Hacking Connected Cars provides a complete reference on the tactics, techniques, and procedures required to identify and mitigate vulnerabilities in cyber-physical vehicles. With thorough summaries of the points covered in each chapter, detailed step-by-step procedures for performing a penetration tests and risk assessments of connected cars with near surgical precision, and explanatory diagrams, Hacking Connected Cars examines the issues involved and provides cutting-edge preventive tactics to secure these systems. You will learn to find the vulnerabilities in these systems before adversaries targeting your systems do using their own methods to perform penetration testing of infotainment systems and telematics control units, as well as how to analyze risk levels surrounding vulnerabilities and threats affecting confidentiality, integrity, and availability. Hacking Connected Cars offers vital tools to help security practitioners, researchers, and vendors keep connected cars safe without sacrificing connectivity. It examines: Electronic and telematics control units (ECUs and TCUs), Man-in-the-middle attacks, Attacks affecting confidentiality, integrity, and availability, Risk assessment, threat modeling, and risk treatment frameworks, TCU and head unit kill chains in a penetration test, Reverse engineering binaries and static code analysis, Key exchange and other cryptanalysis attacks, On-board diagnostics assessments, Vulnerabilities affecting common ECU/TCU/HU operating system platforms Book jacket.
No ratings or reviews yet
Be the first to write a review

You may also like