Atjaunināt sīkdatņu piekrišanu

E-grāmata: Penetration Testing

4.17/5 (727 ratings by Goodreads)
  • Formāts: EPUB+DRM
  • Izdošanas datums: 14-Jun-2014
  • Izdevniecība: No Starch Press,US
  • Valoda: eng
  • ISBN-13: 9781593275952
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 34,72 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Penetration TestingPalielināt
  • Formāts: EPUB+DRM
  • Izdošanas datums: 14-Jun-2014
  • Izdevniecība: No Starch Press,US
  • Valoda: eng
  • ISBN-13: 9781593275952
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine based lab that includes Kali Linux and vulnerable operating systems, you ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you ll experience the key stages of an actual assessment including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: Crack passwords and wireless network keys with brute-forcing and wordlists Test web applications for vulnerabilities Use the Metasploit Framework to launch exploits and write your own Metasploit modules Automate social-engineering attacks Bypass antivirus software Turn access to one machine into total control of the enterprise in the post exploitation phase You ll even explore writing your own exploits. Then it s on to mobile hacking Weidman s particular area of research with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

Recenzijas

"The explanatory subtitle of this book is 'A Hands-On Introduction to Hacking,' and it's exactly what you'll get. This is the best book for pentesting beginners that I ever had the pleasure of reading." Help Net Security

"An excellent resource into the realm of penetration testing." Ethical Hacker

"Practical, useful and insightful. How hackers work and how you can use the same methods and tools to guard your systems against attack." Sandra Henry-Stocker, IT World

"Weidman's presentation has much to recommend it to the technical security professional. Definitely a recommended read." Richard Austin, IEEE Cipher

"An excellent resource into the realm of penetration testing." Xavier Mertins, TrueSec

"A sound introduction to pentesting." ACM Computing Reviews

"A great book on infosec, detailing a large sum of computer penetration testing and exploitation." Dan Borges, Lockboxx

"A great introduction to finding vulnerabilities in your system penetration testing made accessible, and well illustrated too." MagPi Magazine

"This is one of the top books you must read if you are new to penetration testing . . . Not only is the book still relevant to the community, new courses are being created that center around this book. Including a new one taught by Georgia herself! And although Georgia is currently working on a new version, this book is still a must have in any hackers collection." Davin Jackson, Alpha Cyber Security, Books to Start Your Penetration Testing Journey

"Arguably, one of the best books I have ever read as a beginner. I learned about different domains of security and penetration testing, and the author never slipped from the point and got distracted. Overall, an excellent informational resource, a great introduction to penetration testing." Sudo Realm

"Penetration Testing: A Hands-on Introduction to Hacking, by Ms. Georgia Weidman, is one of the best book for to start with and for advancing the career in the field of penetration testing. I personally suggest the learners to start with this as the use of words are very simple which makes learning easy, also the methods are well explained for novice to grasp." Kamal Dev, KamalDev.me

"The Bible for IT-based testing." Dave, @CyberOutsider

Foreword xix
Peter Van Eeckhoutte
Acknowledgments xxiii
Introduction xxv
A Note of Thanks
xxvi
About This Book
xxvi
Part I: The Basics
xxvii
Part II: Assessments
xxvii
Part III: Attacks
xxvii
Part IV: Exploit Development
xxviii
Part V: Mobile Hacking
xxviii
0 Penetration Testing Primer
1(8)
The Stages of the Penetration Test
2(4)
Pre-engagement
2(2)
Information Gathering
4(1)
Threat Modeling
4(1)
Vulnerability Analysis
4(1)
Exploitation
4(1)
Post Exploitation
Reporting
5(1)
Summary
6(3)
Part I The Basics
1 Setting Up Your Virtual Lab
9(46)
Installing VMware
9(1)
Setting Up Kali Linux
10(18)
Configuring the Network for Your Virtual Machine
13(4)
Installing Nessus
17(3)
Installing Additional Software
20(2)
Setting Up Android Emulators
22(5)
Smartphone Pentest Framework
27(1)
Target Virtual Machines
28(1)
Creating the Windows XP Target
29(19)
VMware Player on Microsoft Windows
29(2)
VMware Fusion on Mac OS
31(1)
Installing and Activating Windows
32(3)
Installing VMware Tools
35(2)
Turning Off Windows Firewall
37(1)
Setting User Passwords
37(1)
Setting a Static IP Address
38(1)
Making XP Act Like It's a Member of a Windows Domain
39(1)
Installing Vulnerable Software
40(6)
Installing Immunity Debugger and Mona
46(2)
Setting Up the Ubuntu 8.10 Target
48(1)
Creating the Windows 7 Target
48(6)
Creating a User Account
48(2)
Opting Out of Automatic Updates
50(1)
Setting a Static IP Address
51(1)
Adding a Second Network Interface
52(1)
Installing Additional Software
52(2)
Summary
54(1)
2 Using Kali Linux
55(20)
Linux Command Line
56(1)
The Linux Filesystem
56(1)
Changing Directories
56(1)
Learning About Commands: The Man Pages
57(1)
User Privileges
58(3)
Adding a User
58(1)
Adding a User to the sudoers File
59(1)
Switching Users and Using sudo
59(1)
Creating a New File or Directory
60(1)
Copying, Moving, and Removing Files
60(1)
Adding Text to a File
61(1)
Appending Text to a File
61(1)
File Permissions
61(1)
Editing Files
62(2)
Searching for Text
63(1)
Editing a File with vi
63(1)
Data Manipulation
64(2)
Using grep
65(1)
Using sed
65(1)
Pattern Matching with awk
66(1)
Managing Installed Packages
66(1)
Processes and Services
67(1)
Managing Networking
67(2)
Setting a Static IP Address
68(1)
Viewing Network Connections
69(1)
Netcat: The Swiss Army Knife of TCP/IP Connections
69(3)
Check to See If a Port Is Listening
70(1)
Opening a Command Shell Listener
70(1)
Pushing a Command Shell Back to a Listener
71(1)
Automating Tasks with cron Jobs
72(1)
Summary
73(2)
3 Programming
75(12)
Bash Scripting
75(6)
Ping
76(1)
A Simple Bash Script
76(1)
Running Our Script
77(1)
Adding Functionality with if Statements
77(1)
A for Loop
78(1)
Streamlining the Results
79(2)
Python Scripting
81(3)
Connecting to a Port
83(1)
if Statements in Python
83(1)
Writing and Compiling C Programs
84(1)
Summary
85(2)
4 Using The Metasploit Framework
87(26)
Starting Metasploit
88(2)
Finding Metasploit Modules
90(4)
The Module Database
90(1)
Built-In Search
91(3)
Setting Module Options
94(2)
RHOST
94(1)
RPORT
95(1)
SMBPIPE
95(1)
Exploit Target
95(1)
Payloads (or Shellcode)
96(2)
Finding Compatible Payloads
96(1)
A Test Run
97(1)
Types of Shells
98(1)
Bind Shells
98(1)
Reverse Shells
98(1)
Setting a Payload Manually
99(2)
Msfcli
101(2)
Getting Help
101(1)
Showing Options
101(1)
Payloads
102(1)
Creating Standalone Payloads with Msfvenom
103(4)
Choosing a Payload
104(1)
Setting Options
104(1)
Choosing an Output Format
104(1)
Serving' Payloads
105(1)
Using the Multi/Handler Module
105(2)
Using an Auxiliary Module
107(2)
Summary
109(4)
Part II Assessments
5 Information Gathering
113(20)
Open Source Intelligence Gathering
114(9)
Netcraft
114(1)
Whois Lookups
115(1)
DNS Reconnaissance
116(2)
Searching for Email Addresses
118(1)
Maltego
119(4)
Port Scanning
123(9)
Manual Port Scanning
124(1)
Port Scanning with Nmap
125(7)
Summary
132(1)
6 Finding Vulnerabilities
133(22)
From Nmap Version Scan to Potential Vulnerability
133(1)
Nessus
134(8)
Nessus Policies
134(4)
Scanning with Nessus
138(2)
A Note About Nessus Rankings
140(1)
Why Use Vulnerability Scanners?
141(1)
Exporting Nessus Results
141(1)
Researching Vulnerabilities
142(1)
The Nmap Scripting Engine
142(2)
Running a Single NSE Script
144(2)
Metasploit Scanner Modules
146(1)
Metasploit Exploit Check Functions
147(1)
Web Application Scanning
148(3)
Nikto
149(1)
Attacking XAMPP
149(1)
Default Credentials
150(1)
Manual Analysis
151(2)
Exploring a Strange Port
151(2)
Finding Valid Usernames
153(1)
Summary
153(2)
7 Capturing Traffic
155(24)
Networking for Capturing Traffic
156(1)
Using Wireshark
156(4)
Capturing Traffic
156(2)
Filtering Traffic
158(1)
Following a TCP Stream
159(1)
Dissecting Packets
160(1)
ARP Cache Poisoning
160(7)
ARP Basics
161(2)
IP Forwarding
163(1)
ARP Cache Poisoning with Arpspoof
164(1)
Using ARP Cache Poisoning to Impersonate the Default Gateway
165(2)
DNS Cache Poisoning
167(3)
Getting Started
168(1)
Using Dnsspoof
169(1)
SSL Attacks
170(3)
SSL Basics
170(1)
Using Ettercap for SSL Man-in-the-Middle Attacks
171(2)
SSL Stripping
173(2)
Using SSLstrip
174(1)
Summary
175(4)
Part III Attacks
8 Exploitation
179(18)
Revisiting MS08-067
180(2)
Metasploit Payloads
180(1)
Meterpreter
181(1)
Exploiting WebDAV Default Credentials
182(4)
Running a Script on the Target Web Server
183(1)
Uploading a Msfvenom Payload
183(3)
Exploiting Open phpMyAdmin
186(2)
Downloading a File with TFTP
187(1)
Downloading Sensitive Files
188(2)
Downloading a Configuration File
188(1)
Downloading the Windows SAM
189(1)
Exploiting a Buffer Overflow in Third-Party Software
190(1)
Exploiting Third-Party Web Applications
191(2)
Exploiting a Compromised Service
193(1)
Exploiting Open NFS Shares
194(2)
Summary
196(1)
9 Password Attacks
197(18)
Password Management
197(1)
Online Password Attacks
198(5)
Wordlists
199(3)
Guessing Usernames and Passwords with Hydra
202(1)
Offline Password Attacks
203(10)
Recovering Password Hashes from a Windows SAM File
204(2)
Dumping Password Hashes with Physical Access
206(2)
LM vs. NTLM Hashing Algorithms
208(1)
The Trouble with LM Password Hashes
209(1)
John the Ripper
210(2)
Cracking Linux Passwords
212(1)
Cracking Configuration File Passwords
212(1)
Rainbow Tables
213(1)
Online Password-Cracking Services
213(1)
Dumping Plaintext Passwords from Memory with Windows Credential Editor
213(1)
Summary
214(1)
10 Client-Side Exploitation
215(28)
Bypassing Filters with Metasploit Payloads
216(2)
All Ports
216(1)
HTTP and HTTPS Payloads
217(1)
Client-Side Attacks
218(22)
Browser Exploitation
219(6)
PDF Exploits
225(5)
Java Exploits
230(5)
browser autopwn
235(2)
Winamp
237(3)
Summary
240(3)
11 Social Engineering
243(14)
The Social-Engineer Toolkit
244(1)
Spear-Phishing Attacks
245(5)
Choosing a Payload
246(1)
Setting Options
247(1)
Naming Your File
247(1)
Single or Mass Email
247(1)
Creating the Template
248(1)
Setting the Target
248(1)
Setting Up a Listener
249(1)
Web Attacks
250(3)
Mass Email Attacks
253(2)
Multipronged Attacks
255(1)
Summary
255(2)
12 Bypassing Antivirus Applications
257(20)
Trojans
258(2)
Msfvenom
258(2)
How Antivirus Applications Work
260(1)
Microsoft Security Essentials
261(1)
VirusTotal
262(1)
Getting Past an Antivirus Program
263(11)
Encoding
263(3)
Custom Cross Compiling
266(3)
Encrypting Executables with Hyperion
269(1)
Evading Antivirus with Veil-Evasion
270(4)
Hiding in Plain Sight
274(1)
Summary
274(3)
13 Post Exploitation
277(36)
Meterpreter
278(2)
Using the upload Command
279(1)
getuid
279(1)
Other Meterpreter Commands
280(1)
Meterpreter Scripts
280(1)
Metasploit Post-Exploitation Modules
281(2)
Railgun
283(1)
Local Privilege Escalation
283(8)
getsystem on Windows
283(1)
Local Escalation Module for Windows
284(1)
Bypassing UAC on Windows
285(2)
Udev Privilege Escalation on Linux
287(4)
Local Information Gathering
291(5)
Searching for Files
291(1)
Keylogging
292(1)
Gathering Credentials
292(2)
net Commands
294(1)
Another Way In
295(1)
Checking Bash History
295(1)
Lateral Movement
296(8)
PSExec
296(2)
Pass the Hash
298(1)
SSHExec
299(1)
Token Impersonation
300(1)
Incognito
301(1)
SMB Capture
302(2)
Pivoting
304(5)
Adding a Route in Metasploit
305(1)
Metasploit Port Scanners
306(1)
Running an Exploit through a Pivot
306(1)
Socks4a and ProxyChains
307(2)
Persistence
309(2)
Adding a User
309(1)
Metasploit Persistence
310(1)
Creating a Linux cron Job
311(1)
Summary
311(2)
14 Web Application Testing
313(26)
Using Burp Proxy
314(5)
SQL Injection
319(4)
Testing for SQL Injection Vulnerabilities
320(1)
Exploiting SQL Injection Vulnerabilities
321(1)
Using SQLMap
321(2)
XPath Injection
323(1)
Local File Inclusion
324(3)
Remote File Inclusion
327(1)
Command Execution
327(2)
Cross-Site Scripting
329(6)
Checking for a Reflected XSS Vulnerability
330(1)
Leveraging XSS with the Browser Exploitation Framework
331(4)
Cross-Site Request Forgery
335(1)
Web Application Scanning with w3af
335(2)
Summary
337(2)
15 Wireless Attacks
339(22)
Setting Up
339(2)
Viewing Available Wireless Interfaces
340(1)
Scan for Access Points
341(1)
Monitor Mode
341(1)
Capturing Packets
342(1)
Open Wireless
343(1)
Wired Equivalent Privacy
343(7)
WEP Weaknesses
346(1)
Cracking WEP Keys with Aircrack-ng
347(3)
Wi-Fi Protected Access
350(1)
WPA2
351(5)
The Enterprise Connection Process
351(1)
The Personal Connection Process
351(1)
The Four-Way Handshake
352(1)
Cracking WPA/WPA2 Keys
353(3)
Wi-Fi Protected Setup
356(1)
Problems with WPS
356(1)
Cracking WPS with Bully
357(1)
Summary
357(4)
Part IV Exploit Development
16 A Stack-Based Buffer Overflow In Linux
361(18)
Memory Theory
362(2)
Linux Buffer Overflow
364(14)
A Vulnerable Program
365(1)
Causing a Crash
366(1)
Running GDB
367(5)
Crashing the Program in GDB
372(1)
Controlling EIP
373(2)
Hijacking Execution
375(1)
Endianness
376(2)
Summary
378(1)
17 A Stack-Based Buffer Overflow In Windows
379(22)
Searching For a Known Vulnerability in War-FTP
380(2)
Causing a Crash
382(2)
Locating EIP
384(6)
Generating a Cyclical Pattern to Determine Offset
385(3)
Verifying Offsets
388(2)
Hijacking Execution
390(5)
Getting a Shell
395(5)
Summary
400(1)
18 Structured Exception Handler Overwrites
401(20)
SEH Overwrite Exploits
403(4)
Passing Control to SEH
407(1)
Finding the Attack String in Memory
408(3)
POP POP RET
411(1)
SafeSEH
412(4)
Using a Short Jump
416(2)
Choosing a Payload
418(1)
Summary
419(2)
19 Fuzzing, Porting Exploits, And Metasploit Modules
421(24)
Fuzzing Programs
421(6)
Finding Bugs with Code Review
422(1)
Fuzzing a Trivial FTP Server
422(2)
Attempting a Crash
424(3)
Porting Public Exploits to Meet Your Needs
427(5)
Finding a Return Address
429(1)
Replacing Shellcode
430(1)
Editing the Exploit
430(2)
Writing Metasploit Modules
432(7)
A Similar Exploit String Module
435(1)
Porting Our Exploit Code
435(4)
Exploitation Mitigation Techniques
439(3)
Stack Cookies
440(1)
Address Space Layout Randomization
440(1)
Data Execution Prevention
441(1)
Mandatory Code Signing
441(1)
Summary
442(3)
Part V Mobile Hacking
20 Using The Smartphone Pentest Framework
445(28)
Mobile Attack Vectors
446(1)
Text Messages
446(1)
Near Field Communication
446(1)
QR Codes
447(1)
The Smartphone Pentest Framework
447(6)
Setting Up SPF
447(2)
Android Emulators
449(1)
Attaching a Mobile Modem
449(1)
Building the Android App
449(1)
Deploying the App
450(2)
Attaching the SPF Server and App
452(1)
Remote Attacks
453(1)
Default iPhone SSH Login
453(1)
Client-Side Attacks
454(4)
Client-Side Shell
454(2)
USSD Remote Control
456(2)
Malicious Apps
458(6)
Creating Malicious SPF Agents
459(5)
Mobile Post Exploitation
464(8)
Information Gathering
464(1)
Remote Control
465(1)
Pivoting Through Mobile Devices
466(5)
Privilege Escalation
471(1)
Summary
472(1)
Resources 473(4)
Index 477
Georgia Weidman is a penetration tester and researcher, as well as the founder of Bulb Security, a security consulting firm. She presents at conferences around the world, including Black Hat, ShmooCon, and DerbyCon, and teaches classes on topics such as penetration testing, mobile hacking, and exploit development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97815932759526e.html
Keywords: