舉報(bào) 
會(huì)員
Learn Penetration Testing
Sendinginformationviatheinternetisnotentirelyprivate,asevidencedbytheriseinhacking,malwareattacks,andsecuritythreats.Withthehelpofthisbook,you'lllearncrucialpenetrationtestingtechniquestohelpyouevaluateenterprisedefenses.You'llstartbyunderstandingeachstageofpentestinganddeployingtargetvirtualmachines,includingLinuxandWindows.Next,thebookwillguideyouthroughperformingintermediatepenetrationtestinginacontrolledenvironment.Withthehelpofpracticalusecases,you'llalsobeabletoimplementyourlearninginreal-worldscenarios.Bystudyingeverythingfromsettingupyourlab,informationgatheringandpasswordattacks,throughtosocialengineeringandpostexploitation,you'llbeabletosuccessfullyovercomesecuritythreats.Thebookwillevenhelpyouleveragethebesttools,suchasKaliLinux,Metasploit,BurpSuite,andotheropensourcepentestingtoolstoperformthesetechniques.Towardthelaterchapters,you'llfocusonbestpracticestoquicklyresolvesecuritythreats.Bytheendofthisbook,you'llbewellversedwithvariouspenetrationtestingtechniquessoastobeabletotacklesecuritythreatseffectively
目錄(339章)
倒序
- coverpage
- Title Page
- Copyright and Credits
- Learn Penetration Testing
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Section 1: The Basics
- Introduction to Penetration Testing
- Technical requirements
- What is penetration testing?
- Stages of a penetration test
- Pre-engagement
- Scoping
- Timelines
- Dealing with third parties
- Payment
- Your "get out of jail free card"
- Intelligence gathering
- Threat modeling
- Vulnerability analysis
- Exploitation
- Post-exploitation
- Reporting
- Executive summary
- Technical report
- Getting started with your lab
- Creating virtual machines in VMware Hyper-V and VirtualBox
- Microsoft Hyper-V
- VMware
- VirtualBox
- Target machines
- Metasploitable
- Summary
- Questions
- Getting Started with Kali Linux
- Technical requirements
- An introduction to Kali Linux
- Installing and configuring Kali Linux
- Installation
- Installing Kali Linux on macOS
- Installing Kali Linux using the Windows Subsystem for Linux (WSL)
- Installing Kali Linux using VirtualBox
- Configuring Kali Linux
- Basic commands in Kali Linux
- Scripting in Kali Linux
- The essential tools of Kali Linux
- Nmap
- Aircrack-ng
- John the Ripper (JTR) and Hydra
- SET
- Burp Suite
- Summary
- Questions
- Section 2: Exploitation
- Performing Information Gathering
- Technical requirements
- Passive information gathering
- Using the internet
- Google dorks
- Shodan
- Shodan scripting
- Using Kali Linux
- Maltego
- Active information gathering
- Nmap
- Vulnerability scanning
- OpenVAS
- Nessus
- Capturing traffic
- Wireshark
- tcpdump
- Summary
- Questions
- Mastering Social Engineering
- Technical requirements
- What is social engineering?
- Pretexting
- Phishing
- Spear phishing
- Tailgating
- Social engineering tools
- The social engineering toolkit (SET)
- Gophish
- Modlishka
- Wifiphisher
- Creating a social engineering campaign
- Installing Modlishka
- Executing the attack
- Using SET to create a phishing campaign
- Summary
- Questions
- Diving into the Metasploit Framework
- Technical requirements
- Introducing Metasploit
- Updating the Metasploit Framework
- Linking the Metasploit Framework to a database
- Enhancing your experience within Metasploit
- Using Metasploit to exploit a remote target
- Finding modules
- Exploit-DB
- Rapid7 exploit database
- 0day.today
- Adding modules
- Metasploit options shells and payloads
- Options
- Shells
- Payloads
- Working with MSFvenom
- Summary
- Questions
- Understanding Password Attacks
- Technical requirements
- Introduction to password attacks
- Working with wordlists
- Password profiling
- Password mutation
- Offline password attacks
- John the Ripper
- Hashcat
- Online password attacks
- Hydra
- Medusa
- Ncrack
- Dumping passwords from memory
- Summary
- Questions
- Working with Burp Suite
- Technical requirements
- Understanding Burp Suite
- Preparing your environment
- Installing Burp Suite Professional
- Setting up OWASP BWA
- Configuring your browser
- Exploring and configuring Burp Suite components
- Burp Suite tools
- Proxy
- Target
- Scanner
- Repeater
- Intruder
- Sequencer
- Decoder
- Comparer
- Extender
- Summary
- Questions
- Attacking Web Applications
- Technical requirements
- Preparing your environment
- Types of web application security testing
- The components of a web application
- Web application architecture
- Web application languages
- Python
- Ruby
- Java
- Understanding the HTTP protocol
- HTTP requests and responses
- Common web application attacks
- Inclusion attacks (LFI/RFI)
- Cross-Site Request Forgery (CSRF)
- Cross-site scripting (XSS)
- SQL injection (SQLi)
- Command execution
- Attacking web applications
- Nikto
- Using Sqlmap
- Performing attacks using Sqlmap
- Information gathering
- Dumping user details from SQL tables
- Creating a backdoor using PHP
- Performing XSS attacks
- Performing a reflective XSS attack
- Performing a stored XSS attack
- Performing a file inclusion attack
- Performing a command execution attack
- Summary
- Questions
- Getting Started with Wireless Attacks
- Technical requirements
- Exploring wireless attacks
- Wireless network architecture
- Wireless frames
- Notable wireless frames
- Wireless security protocols
- WEP
- WPA
- Wi-Fi Protected Access version 2 (WPA2)
- Wi-Fi Protected Access version 3 (WPA3)
- Types of wireless attacks
- Compatible hardware
- Wireless adapters
- Wireless attack tools
- Wifiphisher
- Aircrack-ng suite
- Airmon-ng
- Airodump-ng
- Aireplay-ng
- Airgeddon
- The Evil Twin attack
- Cracking WEP WPA and WPA2
- Cracking WPA/WPA2
- Cracking WEP
- Summary
- Questions
- Section 3: Post Exploitation
- Moving Laterally and Escalating Your Privileges
- Technical requirements
- Discovering post-exploitation techniques
- Lateral movement
- Privilege escalation
- Pivoting
- Preparing your environment
- Post-exploitation tools
- Metasploit Framework
- Metasploit post modules
- Empire
- Responder
- Mimikatz
- Performing post-exploitation attacks
- Performing credential harvesting
- Performing Overpass-the-Hash
- Performing lateral movement
- Performing a Pass-the-Ticket attack
- Summary
- Questions
- Antivirus Evasion
- Technical requirements
- The evolution of antivirus technologies
- Out with the old
- In with the new
- Concepts of antivirus evasion
- Antivirus evasion techniques
- Encoders
- Custom compiling
- Obfuscation
- Getting started with antivirus evasion
- MSFvenom
- Veil Evasion
- TheFatRat
- Custom compiling
- Testing evasion techniques
- VirusTotal
- Summary
- Questions
- Maintaining Control within the Environment
- Technical requirements
- The importance of maintaining access
- Techniques used to maintain access
- Backdoor
- C2
- Linux cron jobs
- Living off the land
- Using tools for persistence
- The Metasploit Framework
- Empire
- Summary
- Questions
- Section 4: Putting It All Together
- Reporting and Acting on Your Findings
- Technical requirements
- The importance of a penetration testing report
- What goes into a penetration test report?
- Cover page
- Executive summary
- Background
- Overall posture
- Risk ranking
- General findings
- Strategic roadmap
- Technical report
- Tools used
- Information gathering
- Vulnerability assessment and exploitation
- Post-exploitation
- Conclusion
- Tools for report writing
- Methodologies
- Nodes
- Issues and evidence
- Recommending remediation options
- Information gathering
- Social engineering
- Vulnerabilities and OS hardening
- Passwords
- Web applications
- Privilege escalation and lateral movement
- Summary
- Questions
- Where Do I Go from Here?
- Technical requirements
- Knowledge maintenance
- Network penetration testing
- Wireless penetration testing
- Web application penetration testing
- Online training
- Cybrary
- Pentester Academy
- Pentesterlab
- Certifications
- eLearnSecurity
- Offensive security
- Global Information Assurance Certifications (GIACs)
- Toolkit maintenance
- Purposefully vulnerable resources
- Vulnhub
- Hack The Box
- Summary
- Assessments
- Chapter 1: Introduction to Penetration Testing
- Chapter 2: Getting Started with Kali Linux
- Chapter 3: Performing Information Gathering
- Chapter 4: Mastering Social Engineering
- Chapter 5: Diving into the Metasploit Framework
- Chapter 6: Understanding Password Attacks
- Chapter 7: Working with Burp Suite
- Chapter 8: Attacking Web Applications
- Chapter 9: Getting Started with Wireless Attacks
- Chapter 10: Moving Laterally and Escalating your Privileges
- Chapter 11: Antivirus Evasion
- Chapter 12: Maintaining Control within the Environment
- Chapter 13: Reporting and Acting on Your Findings
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時(shí)間:2021-06-24 14:10:13
推薦閱讀
- 同仁眼超聲診斷手冊(cè)
- 臨床檢驗(yàn)一萬個(gè)為什么:病原檢驗(yàn)分冊(cè)
- 皮膚美容激光治療原理與技術(shù)
- 生命的探問:弗蘭克爾談生命的意義與價(jià)值
- 老年癡呆居家康復(fù)指導(dǎo)
- Learn Data Structures and Algorithms with Golang
- Learning Geospatial Analysis with Python
- 走進(jìn)孤獨(dú)的世界:為家長(zhǎng)專業(yè)解讀自閉癥
- PET/CT圖譜
- 普胸外科手術(shù)精解
- 老年疾病預(yù)防與康復(fù)保健
- 中國(guó)口腔種植體概覽
- 脊髓損傷者生活自助手冊(cè)
- 口腔癌、口咽癌:全生命周期診療及康復(fù)
- 毛德西方藥心悟
- 同仁眼科疑難病例精析:同仁眼科臨床病例討論會(huì)1
- 如何應(yīng)對(duì)乳腺癌:寫給患者和家屬的書
- 膽管癌
- 甲狀腺惡性腫瘤超聲及病理圖譜
- 中國(guó)結(jié)直腸癌肝轉(zhuǎn)移MDT臨床實(shí)踐共識(shí)(2021年版)
- 實(shí)用不孕不育診斷與治療技術(shù)
- 肺癌免疫治療新進(jìn)展
- 實(shí)用精神科疾病診療與護(hù)理實(shí)踐
- 神經(jīng)系統(tǒng)疾病診治絕招
- 新編臨床眼科學(xué)
- 口腔門診麻醉并發(fā)癥及處理
- 實(shí)用骨科學(xué)(第2版)
- 躁郁之心:我與躁郁癥共處的30年(經(jīng)典版)(下)
- 從經(jīng)典案例學(xué)習(xí)老年精神病學(xué)
- 現(xiàn)代皮膚科學(xué)
