舉報 
會員
Hands-On Penetration Testing with Kali NetHunter
KaliNetHunterisaversionofthepopularandpowerfulKaliLinuxpentestingplatform,designedtobeinstalledonmobiledevices.Hands-OnPenetrationTestingwithKaliNetHunterwillteachyouthecomponentsofNetHunterandhowtoinstallthesoftware.You’llalsolearnaboutthedifferenttoolsincludedandhowtooptimizeanduseapackage,obtaindesiredresults,performtests,andmakeyourenvironmentmoresecure.StartingwithanintroductiontoKaliNetHunter,youwilldelveintodifferentphasesofthepentestingprocess.Thisbookwillshowyouhowtobuildyourpenetrationtestingenvironmentandsetupyourlab.Youwillgaininsightintogatheringintellectualdata,exploitingvulnerableareas,andgainingcontrolovertargetsystems.Asyouprogressthroughthebook,youwillexploretheNetHuntertoolsavailableforexploitingwiredandwirelessdevices.Youwillworkthroughnewwaystodeployexistingtoolsdesignedtoreducethechancesofdetection.Intheconcludingchapters,youwilldiscovertipsandbestpracticesforintegratingsecurityhardeningintoyourAndroidecosystem.Bytheendofthisbook,youwillhavelearnedtosuccessfullyuseamobilepenetrationtestingdevicebasedonKaliNetHunterandAndroidtoaccomplishthesametasksyouwouldtraditionally,butinasmallerandmoremobileformfactor.
目錄(295章)
倒序
- coverpage
- Title Page
- Copyright and Credits
- Hands-On Penetration Testing with Kali NetHunter
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Section 1: Exploring Kali NetHunter
- Introduction to Kali NetHunter
- What is Kali NetHunter?
- Tools within Kali NetHunter
- MAC Changer
- The MITM framework
- HID attacks
- DuckHunter HID
- BadUSB MITM attacks
- The MANA Wireless Toolkit
- Software defined radio
- Network Mapper
- The Metasploit Payload Generator
- Searchsploit
- The Android platform and security model
- The Android architecture
- The Application layer
- The Application Framework Layer
- Android Libraries
- Android Runtime
- Kernel
- The Android security model
- Android Device Manager
- SafetyNet
- Verify applications
- Application services
- Android updates
- The Google Play Store
- Google Play Protect
- Installing NetHunter
- Building Kali NetHunter for a specific device (optional)
- Additional optional hardware
- Summary
- Understanding the Phases of the Pentesting Process
- The need for penetration testing
- Types of hackers
- White hat
- Grey hat
- Black hat
- Script kiddie
- Suicide hacker
- Hacktivist
- State-sponsored hacker
- Penetration testing
- Blue teaming vs red teaming vs purple team
- Blue team
- Red team
- Purple team
- Types of penetration tests
- Phases of penetration testing
- The pre-attack phase
- The attack phase
- The post-attack phase
- Penetration testing methodologies and frameworks
- OWASP testing framework
- PCI penetration testing guide
- Penetration Testing Execution Standard
- Open Source Security Testing Methodology Manual
- Phases of penetration testing
- Reconnaissance
- Scanning
- Gaining access
- Maintaining access
- Clearing tracks
- Deliverables
- Summary
- Section 2: Common Pentesting Tasks and Tools
- Intelligence-Gathering Tools
- Technical requirements
- Objectives of intelligence gathering
- Information for the taking
- Types of information available
- Network information
- Organizational data
- Tools for gathering useful information
- Using Shodan
- Working with filters
- Using Metagoofil
- Exercise using Metagoofil to collect information
- Using Nikto
- Exercise – working with Nikto
- What is robots.txt?
- Using Parsero
- Exercise – working with Parsero
- Using wget
- Exercise – working with wget
- Using HTTrack
- Exercise – using HTTrack
- Google Hacking
- Exercise – what's the Right Search Engine
- Location
- Social networking
- Using Echosec
- Exercise – working with Echosec
- Working with Recon-Ng
- Going for technical data
- Using WHOIS
- Exercise – getting the most from WHOIS
- nslookup
- Reverse DNS Lookups
- Looking up an NS record
- Querying an MX record
- Querying an SOA record
- Querying another DNS
- Using dnsenum
- Exercise – working with dnsenum
- Using DNSMAP
- Using traceroute
- Summary
- Further reading
- Scanning and Enumeration Tools
- Technical requirements
- Scanning
- Conducting a scan
- Troubleshooting scanning results
- Determining whether a host is up or down
- Exercise – working with ping
- Using Nmap
- Exercise – Performing a Ping Sweep with Nmap
- Port scanning
- Full Open/TCP connect scans
- Stealth scans
- XMAS scans
- FIN scans
- NULL scans
- ACK scans
- Tuning and tweaking
- UDP scanning
- Banner grabbing
- Exercise using Telnet to banner-grab
- Exercise – using nmap to banner-grab
- Enumeration with NetHunter
- Enumerating DNS
- Enumerating SMTP
- Exercise – using NMAP to enumerate
- Exercise – working with smtp-user-enum
- Working with SMB
- Exercise – using enum4linux
- Exercise – using acccheck
- Exercise – using SMBmap
- Summary
- Further reading
- Penetrating the Target
- Technical requirements
- Concerning passwords
- Choosing an approach to cracking
- Passive techniques
- Man-in-the-Middle
- Exercise – working with SSL strip
- Active techniques
- Working with Ncrack
- Exercise – working with Ncrack
- Offline attacks
- Rainbow tables
- Exercise – creating the rainbow table
- Exercise – working with rtgen
- Putting it together
- Exercise – recovering passwords with hashcat
- Executing applications
- Escalating privileges
- Executing applications on the target
- Exercise – planting a backdoor with Netcat
- Summary
- Further reading
- Clearing Tracks and Removing Evidence from a Target
- Clearing tracks
- Types of logs and their locations
- DHCP server logs
- Syslog messages
- Packet analysis
- Web server logs
- Database logs
- Event logs
- Clearing logs on Windows
- Using PowerShell to clear logs in Windows
- Using the command prompt to clear logs in Windows
- Clearing logs in Linux
- Summary
- Section 3: Advanced Pentesting Tasks and Tools
- Packet Sniffing and Traffic Analysis
- The need for sniffing traffic
- Types of packet-sniffing techniques
- Active sniffing
- Passive sniffing
- Tools and techniques of packet sniffing
- Aircrack-ng
- Observing wireless networks using airmon-ng
- Arpspoof
- Dsniff
- Kismet
- Tcpdump
- TShark
- The MITM framework
- Packet analysis techniques
- Dsniff
- Tshark
- Urlsnarf
- Tcpdump
- Summary
- Targeting Wireless Devices and Networks
- Wireless network topologies
- Independent Basic Service Set
- Basic Service Set
- Extended Service Set
- Wireless standards
- Service Set Identifier
- Wireless authentication modes
- Wireless encryption standard
- Wired Equivalent Privacy
- Wi-Fi Protected Access
- Wi-Fi Protected Access 2
- Wireless threats
- Wireless attacks
- Exercise – checking whether a wireless card supports injection
- Exercise – detecting access points and their manufacturers
- Exercise – discovering the WPS version of an access point
- Exercise – de-authentication attacks
- Exercise – de-authenticating a specific client
- Exercise – detecting a de-authentication attack
- Exercise – discovering hidden SSIDs
- Exercise – cracking WEP and WPA
- Cracking WEP Encryption
- Bluetooth hacking
- Summary
- Avoiding Detection
- Scanning
- Stealth scanning
- Decoys
- Idle scans
- MAC spoofing
- Fragmentation
- Metasploit Payload Generator
- Encrypting traffic
- Summary
- Hardening Techniques and Countermeasures
- Security threats and countermeasures
- Viruses
- Other common viruses
- Client system security
- The Windows baseline
- The Windows registry
- User accounts
- Patch management
- Windows Firewall
- Disabling services
- The Linux baseline
- Security scanner for Linux
- Disabling services in Linux
- Hardening networking devices
- Hardening mobile devices
- Summary
- Building a Lab
- Technical requirements
- Hypervisor
- Type 1
- Type 2
- Vulnerable systems
- Setting up the lab
- Step 1 – installing the hypervisor
- Step 2 – obtaining vulnerable systems
- Step 3 – setting up Metasploitable
- Step 4 – setting up the OWASP broken web applications project
- Summary
- Selecting a Kali Device and Hardware
- Small computers
- Gem PDA
- Raspberry Pi 2 and 3
- ODROID U2
- Mobile hardware
- External components
- Wireless adapters
- OTG cables
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-07-02 12:39:24
推薦閱讀
- Web漏洞分析與防范實戰:卷1
- 網絡安全應急管理與技術實踐
- 數字化轉型浪潮下的數據安全最佳實踐指南
- 計算機網絡安全基礎(第5版)
- Instant Java Password and Authentication Security
- 信息安全等級保護測評與整改指導手冊
- 信息安全導論(第2版)
- Mastering Linux Security and Hardening
- 網絡空間安全:拒絕服務攻擊檢測與防御
- 云計算安全:關鍵技術、原理及應用
- 黑客攻防入門
- Manga Studio 5 Beginner's Guide
- 惡意軟件、Rootkit和僵尸網絡
- 一本書講透混合云安全
- ATT&CK框架實踐指南(第2版)
- 云原生安全
- 網絡安全技術及應用實踐教程
- 智能制造的信息安全
- 黑客防線2011合訂本(下半年)
- 隱私保護計算
- 網絡安全管理
- 漏洞管理實戰:網絡風險管理的策略方法
- 數字與安全:數智時代安全先鋒
- 網絡空間安全防御與態勢感知
- 信息系統等級保護安全建設技術方案設計實現與應用
- 物聯網安全與隱私保護
- 網絡安全治理新格局
- 云計算安全實踐:從入門到精通
- VMware vSphere Security Cookbook
- 數據安全與隱私計算
