Security

How to Hack Like a Legend – Book review

There is not a day that goes by without some distressing news about a cyber security breach that hit a major a company. From Google to Equifax, no one is really safe these days.

How do hackers manage to hack into the most secure companies in the world and most importantly how do they stay in the shadows, always evading law enforcement agents?

These are some of the questions that are answered by Sparc Flow in his book How to Hack Like a Legend.

The book features a real-life hacking scenario, where a hacker breaks into an offshore company by first hacking their software supplier. The scenario is explicitly laid out, from preparing the infrastructure to ensure anonymity to building a complex malware that evades security checks and infecting the supplier.

What sets this book apart from other cyber security books is the unique plot it follows. The reader shadows a hacker in their journey of breaking into a company and gets a real grasp of the hacker’s state of mind. Sure, the technical tricks and tools displayed are astounding, but what really impressed us is the way hackers anticipate, adapt and react to various unknown variables when breaking in to a foreign network.And the reader is there to witness it and absorb it all in real time!

As most of you already know, an Antivirus begs to be bypassed by any hacker with some expertise in the field. Thus, in How to Hack Like a Legend, Sparc Flow mostly focuses on how to bypass next-generation security tools deployed by many companies to detect Advanced Persistent Threats (APT).

Some important very specific topics covered by the book include:

  • Effective OSINT and reconnaissance
  • How to build a resilient C2C Infrastructure
  • Setting up a trustworthy phishing platform (SPF, DKIM, etc.)
  • How to bypass AMSI, PowerShell Constrained Mode and other security features in Windows 10
  • Evading QRADAR SIEM
  • How to circumvent Microsoft ATA and Microsoft ATP
  • How to bypass new security tools based on Machine Learning and Behavioral Analysis
  • How to build fileless malware using C# Reflection
  • Kerberoasting and password cracking

Conclusion

The book is written for penetration testers and red teamers, but if you have some knowledge in IT do not hesitate to pick it up. It is a great read and Sparc Flow details step-by-step every line of code and obscure tip to make it understandable by everyone. Every custom script is also available through a Github link to readers.

For real beginners, it is maybe more interesting to start with something more accessible like “How to Hack Like a GOD” a “How to Hack Like a Pornstar” by Sparc Flow, both available at the following link.

 

Leave a Reply

Your email address will not be published. Required fields are marked *