舉報 
會員
Learn Penetration Testing
Sendinginformationviatheinternetisnotentirelyprivate,asevidencedbytheriseinhacking,malwareattacks,andsecuritythreats.Withthehelpofthisbook,you'lllearncrucialpenetrationtestingtechniquestohelpyouevaluateenterprisedefenses.You'llstartbyunderstandingeachstageofpentestinganddeployingtargetvirtualmachines,includingLinuxandWindows.Next,thebookwillguideyouthroughperformingintermediatepenetrationtestinginacontrolledenvironment.Withthehelpofpracticalusecases,you'llalsobeabletoimplementyourlearninginreal-worldscenarios.Bystudyingeverythingfromsettingupyourlab,informationgatheringandpasswordattacks,throughtosocialengineeringandpostexploitation,you'llbeabletosuccessfullyovercomesecuritythreats.Thebookwillevenhelpyouleveragethebesttools,suchasKaliLinux,Metasploit,BurpSuite,andotheropensourcepentestingtoolstoperformthesetechniques.Towardthelaterchapters,you'llfocusonbestpracticestoquicklyresolvesecuritythreats.Bytheendofthisbook,you'llbewellversedwithvariouspenetrationtestingtechniquessoastobeabletotacklesecuritythreatseffectively
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Chapter 13: Reporting and Acting on Your Findings
- Chapter 12: Maintaining Control within the Environment
- Chapter 11: Antivirus Evasion
- Chapter 10: Moving Laterally and Escalating your Privileges
品牌:中圖公司
上架時間:2021-06-24 12:16:39
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-06-24 14:10:13
- Other Books You May Enjoy
- Chapter 13: Reporting and Acting on Your Findings
- Chapter 12: Maintaining Control within the Environment
- Chapter 11: Antivirus Evasion
- Chapter 10: Moving Laterally and Escalating your Privileges
- Chapter 9: Getting Started with Wireless Attacks
- Chapter 8: Attacking Web Applications
- Chapter 7: Working with Burp Suite
- Chapter 6: Understanding Password Attacks
- Chapter 5: Diving into the Metasploit Framework
- Chapter 4: Mastering Social Engineering
- Chapter 3: Performing Information Gathering
- Chapter 2: Getting Started with Kali Linux
- Chapter 1: Introduction to Penetration Testing
- Assessments
- Summary
- Hack The Box
- Vulnhub
- Purposefully vulnerable resources
- Toolkit maintenance
- Global Information Assurance Certifications (GIACs)
- Offensive security
- eLearnSecurity
- Certifications
- Pentesterlab
- Pentester Academy
- Cybrary
- Online training
- Web application penetration testing
- Wireless penetration testing
- Network penetration testing
- Knowledge maintenance
- Technical requirements
- Where Do I Go from Here?
- Questions
- Summary
- Privilege escalation and lateral movement
- Web applications
- Passwords
- Vulnerabilities and OS hardening
- Social engineering
- Information gathering
- Recommending remediation options
- Issues and evidence
- Nodes
- Methodologies
- Tools for report writing
- Conclusion
- Post-exploitation
- Vulnerability assessment and exploitation
- Information gathering
- Tools used
- Technical report
- Strategic roadmap
- General findings
- Risk ranking
- Overall posture
- Background
- Executive summary
- Cover page
- What goes into a penetration test report?
- The importance of a penetration testing report
- Technical requirements
- Reporting and Acting on Your Findings
- Section 4: Putting It All Together
- Questions
- Summary
- Empire
- The Metasploit Framework
- Using tools for persistence
- Living off the land
- Linux cron jobs
- C2
- Backdoor
- Techniques used to maintain access
- The importance of maintaining access
- Technical requirements
- Maintaining Control within the Environment
- Questions
- Summary
- VirusTotal
- Testing evasion techniques
- Custom compiling
- TheFatRat
- Veil Evasion
- MSFvenom
- Getting started with antivirus evasion
- Obfuscation
- Custom compiling
- Encoders
- Antivirus evasion techniques
- Concepts of antivirus evasion
- In with the new
- Out with the old
- The evolution of antivirus technologies
- Technical requirements
- Antivirus Evasion
- Questions
- Summary
- Performing a Pass-the-Ticket attack
- Performing lateral movement
- Performing Overpass-the-Hash
- Performing credential harvesting
- Performing post-exploitation attacks
- Mimikatz
- Responder
- Empire
- Metasploit post modules
- Metasploit Framework
- Post-exploitation tools
- Preparing your environment
- Pivoting
- Privilege escalation
- Lateral movement
- Discovering post-exploitation techniques
- Technical requirements
- Moving Laterally and Escalating Your Privileges
- Section 3: Post Exploitation
- Questions
- Summary
- Cracking WEP
- Cracking WPA/WPA2
- Cracking WEP WPA and WPA2
- The Evil Twin attack
- Airgeddon
- Aireplay-ng
- Airodump-ng
- Airmon-ng
- Aircrack-ng suite
- Wifiphisher
- Wireless attack tools
- Wireless adapters
- Compatible hardware
- Types of wireless attacks
- Wi-Fi Protected Access version 3 (WPA3)
- Wi-Fi Protected Access version 2 (WPA2)
- WPA
- WEP
- Wireless security protocols
- Notable wireless frames
- Wireless frames
- Wireless network architecture
- Exploring wireless attacks
- Technical requirements
- Getting Started with Wireless Attacks
- Questions
- Summary
- Performing a command execution attack
- Performing a file inclusion attack
- Performing a stored XSS attack
- Performing a reflective XSS attack
- Performing XSS attacks
- Creating a backdoor using PHP
- Dumping user details from SQL tables
- Information gathering
- Performing attacks using Sqlmap
- Using Sqlmap
- Nikto
- Attacking web applications
- Command execution
- SQL injection (SQLi)
- Cross-site scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Inclusion attacks (LFI/RFI)
- Common web application attacks
- HTTP requests and responses
- Understanding the HTTP protocol
- Java
- Ruby
- Python
- Web application languages
- Web application architecture
- The components of a web application
- Types of web application security testing
- Preparing your environment
- Technical requirements
- Attacking Web Applications
- Questions
- Summary
- Extender
- Comparer
- Decoder
- Sequencer
- Intruder
- Repeater
- Scanner
- Target
- Proxy
- Burp Suite tools
- Exploring and configuring Burp Suite components
- Configuring your browser
- Setting up OWASP BWA
- Installing Burp Suite Professional
- Preparing your environment
- Understanding Burp Suite
- Technical requirements
- Working with Burp Suite
- Questions
- Summary
- Dumping passwords from memory
- Ncrack
- Medusa
- Hydra
- Online password attacks
- Hashcat
- John the Ripper
- Offline password attacks
- Password mutation
- Password profiling
- Working with wordlists
- Introduction to password attacks
- Technical requirements
- Understanding Password Attacks
- Questions
- Summary
- Working with MSFvenom
- Payloads
- Shells
- Options
- Metasploit options shells and payloads
- Adding modules
- 0day.today
- Rapid7 exploit database
- Exploit-DB
- Finding modules
- Using Metasploit to exploit a remote target
- Enhancing your experience within Metasploit
- Linking the Metasploit Framework to a database
- Updating the Metasploit Framework
- Introducing Metasploit
- Technical requirements
- Diving into the Metasploit Framework
- Questions
- Summary
- Using SET to create a phishing campaign
- Executing the attack
- Installing Modlishka
- Creating a social engineering campaign
- Wifiphisher
- Modlishka
- Gophish
- The social engineering toolkit (SET)
- Social engineering tools
- Tailgating
- Spear phishing
- Phishing
- Pretexting
- What is social engineering?
- Technical requirements
- Mastering Social Engineering
- Questions
- Summary
- tcpdump
- Wireshark
- Capturing traffic
- Nessus
- OpenVAS
- Vulnerability scanning
- Nmap
- Active information gathering
- Maltego
- Using Kali Linux
- Shodan scripting
- Shodan
- Google dorks
- Using the internet
- Passive information gathering
- Technical requirements
- Performing Information Gathering
- Section 2: Exploitation
- Questions
- Summary
- Burp Suite
- SET
- John the Ripper (JTR) and Hydra
- Aircrack-ng
- Nmap
- The essential tools of Kali Linux
- Scripting in Kali Linux
- Basic commands in Kali Linux
- Configuring Kali Linux
- Installing Kali Linux using VirtualBox
- Installing Kali Linux using the Windows Subsystem for Linux (WSL)
- Installing Kali Linux on macOS
- Installation
- Installing and configuring Kali Linux
- An introduction to Kali Linux
- Technical requirements
- Getting Started with Kali Linux
- Questions
- Summary
- Metasploitable
- Target machines
- VirtualBox
- VMware
- Microsoft Hyper-V
- Creating virtual machines in VMware Hyper-V and VirtualBox
- Getting started with your lab
- Technical report
- Executive summary
- Reporting
- Post-exploitation
- Exploitation
- Vulnerability analysis
- Threat modeling
- Intelligence gathering
- Your "get out of jail free card"
- Payment
- Dealing with third parties
- Timelines
- Scoping
- Pre-engagement
- Stages of a penetration test
- What is penetration testing?
- Technical requirements
- Introduction to Penetration Testing
- Section 1: The Basics
- Disclaimer
- Reviews
- Get in touch
- Conventions used
- Download the color images
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewer
- About the author
- Contributors
- Packt.com
- Why subscribe?
- About Packt
- Dedication
- Learn Penetration Testing
- Copyright and Credits
- Title Page
- coverpage
- coverpage
- Title Page
- Copyright and Credits
- Learn Penetration Testing
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Section 1: The Basics
- Introduction to Penetration Testing
- Technical requirements
- What is penetration testing?
- Stages of a penetration test
- Pre-engagement
- Scoping
- Timelines
- Dealing with third parties
- Payment
- Your "get out of jail free card"
- Intelligence gathering
- Threat modeling
- Vulnerability analysis
- Exploitation
- Post-exploitation
- Reporting
- Executive summary
- Technical report
- Getting started with your lab
- Creating virtual machines in VMware Hyper-V and VirtualBox
- Microsoft Hyper-V
- VMware
- VirtualBox
- Target machines
- Metasploitable
- Summary
- Questions
- Getting Started with Kali Linux
- Technical requirements
- An introduction to Kali Linux
- Installing and configuring Kali Linux
- Installation
- Installing Kali Linux on macOS
- Installing Kali Linux using the Windows Subsystem for Linux (WSL)
- Installing Kali Linux using VirtualBox
- Configuring Kali Linux
- Basic commands in Kali Linux
- Scripting in Kali Linux
- The essential tools of Kali Linux
- Nmap
- Aircrack-ng
- John the Ripper (JTR) and Hydra
- SET
- Burp Suite
- Summary
- Questions
- Section 2: Exploitation
- Performing Information Gathering
- Technical requirements
- Passive information gathering
- Using the internet
- Google dorks
- Shodan
- Shodan scripting
- Using Kali Linux
- Maltego
- Active information gathering
- Nmap
- Vulnerability scanning
- OpenVAS
- Nessus
- Capturing traffic
- Wireshark
- tcpdump
- Summary
- Questions
- Mastering Social Engineering
- Technical requirements
- What is social engineering?
- Pretexting
- Phishing
- Spear phishing
- Tailgating
- Social engineering tools
- The social engineering toolkit (SET)
- Gophish
- Modlishka
- Wifiphisher
- Creating a social engineering campaign
- Installing Modlishka
- Executing the attack
- Using SET to create a phishing campaign
- Summary
- Questions
- Diving into the Metasploit Framework
- Technical requirements
- Introducing Metasploit
- Updating the Metasploit Framework
- Linking the Metasploit Framework to a database
- Enhancing your experience within Metasploit
- Using Metasploit to exploit a remote target
- Finding modules
- Exploit-DB
- Rapid7 exploit database
- 0day.today
- Adding modules
- Metasploit options shells and payloads
- Options
- Shells
- Payloads
- Working with MSFvenom
- Summary
- Questions
- Understanding Password Attacks
- Technical requirements
- Introduction to password attacks
- Working with wordlists
- Password profiling
- Password mutation
- Offline password attacks
- John the Ripper
- Hashcat
- Online password attacks
- Hydra
- Medusa
- Ncrack
- Dumping passwords from memory
- Summary
- Questions
- Working with Burp Suite
- Technical requirements
- Understanding Burp Suite
- Preparing your environment
- Installing Burp Suite Professional
- Setting up OWASP BWA
- Configuring your browser
- Exploring and configuring Burp Suite components
- Burp Suite tools
- Proxy
- Target
- Scanner
- Repeater
- Intruder
- Sequencer
- Decoder
- Comparer
- Extender
- Summary
- Questions
- Attacking Web Applications
- Technical requirements
- Preparing your environment
- Types of web application security testing
- The components of a web application
- Web application architecture
- Web application languages
- Python
- Ruby
- Java
- Understanding the HTTP protocol
- HTTP requests and responses
- Common web application attacks
- Inclusion attacks (LFI/RFI)
- Cross-Site Request Forgery (CSRF)
- Cross-site scripting (XSS)
- SQL injection (SQLi)
- Command execution
- Attacking web applications
- Nikto
- Using Sqlmap
- Performing attacks using Sqlmap
- Information gathering
- Dumping user details from SQL tables
- Creating a backdoor using PHP
- Performing XSS attacks
- Performing a reflective XSS attack
- Performing a stored XSS attack
- Performing a file inclusion attack
- Performing a command execution attack
- Summary
- Questions
- Getting Started with Wireless Attacks
- Technical requirements
- Exploring wireless attacks
- Wireless network architecture
- Wireless frames
- Notable wireless frames
- Wireless security protocols
- WEP
- WPA
- Wi-Fi Protected Access version 2 (WPA2)
- Wi-Fi Protected Access version 3 (WPA3)
- Types of wireless attacks
- Compatible hardware
- Wireless adapters
- Wireless attack tools
- Wifiphisher
- Aircrack-ng suite
- Airmon-ng
- Airodump-ng
- Aireplay-ng
- Airgeddon
- The Evil Twin attack
- Cracking WEP WPA and WPA2
- Cracking WPA/WPA2
- Cracking WEP
- Summary
- Questions
- Section 3: Post Exploitation
- Moving Laterally and Escalating Your Privileges
- Technical requirements
- Discovering post-exploitation techniques
- Lateral movement
- Privilege escalation
- Pivoting
- Preparing your environment
- Post-exploitation tools
- Metasploit Framework
- Metasploit post modules
- Empire
- Responder
- Mimikatz
- Performing post-exploitation attacks
- Performing credential harvesting
- Performing Overpass-the-Hash
- Performing lateral movement
- Performing a Pass-the-Ticket attack
- Summary
- Questions
- Antivirus Evasion
- Technical requirements
- The evolution of antivirus technologies
- Out with the old
- In with the new
- Concepts of antivirus evasion
- Antivirus evasion techniques
- Encoders
- Custom compiling
- Obfuscation
- Getting started with antivirus evasion
- MSFvenom
- Veil Evasion
- TheFatRat
- Custom compiling
- Testing evasion techniques
- VirusTotal
- Summary
- Questions
- Maintaining Control within the Environment
- Technical requirements
- The importance of maintaining access
- Techniques used to maintain access
- Backdoor
- C2
- Linux cron jobs
- Living off the land
- Using tools for persistence
- The Metasploit Framework
- Empire
- Summary
- Questions
- Section 4: Putting It All Together
- Reporting and Acting on Your Findings
- Technical requirements
- The importance of a penetration testing report
- What goes into a penetration test report?
- Cover page
- Executive summary
- Background
- Overall posture
- Risk ranking
- General findings
- Strategic roadmap
- Technical report
- Tools used
- Information gathering
- Vulnerability assessment and exploitation
- Post-exploitation
- Conclusion
- Tools for report writing
- Methodologies
- Nodes
- Issues and evidence
- Recommending remediation options
- Information gathering
- Social engineering
- Vulnerabilities and OS hardening
- Passwords
- Web applications
- Privilege escalation and lateral movement
- Summary
- Questions
- Where Do I Go from Here?
- Technical requirements
- Knowledge maintenance
- Network penetration testing
- Wireless penetration testing
- Web application penetration testing
- Online training
- Cybrary
- Pentester Academy
- Pentesterlab
- Certifications
- eLearnSecurity
- Offensive security
- Global Information Assurance Certifications (GIACs)
- Toolkit maintenance
- Purposefully vulnerable resources
- Vulnhub
- Hack The Box
- Summary
- Assessments
- Chapter 1: Introduction to Penetration Testing
- Chapter 2: Getting Started with Kali Linux
- Chapter 3: Performing Information Gathering
- Chapter 4: Mastering Social Engineering
- Chapter 5: Diving into the Metasploit Framework
- Chapter 6: Understanding Password Attacks
- Chapter 7: Working with Burp Suite
- Chapter 8: Attacking Web Applications
- Chapter 9: Getting Started with Wireless Attacks
- Chapter 10: Moving Laterally and Escalating your Privileges
- Chapter 11: Antivirus Evasion
- Chapter 12: Maintaining Control within the Environment
- Chapter 13: Reporting and Acting on Your Findings
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-24 14:10:13
