舉報 
會員
Advanced Infrastructure Penetration Testing
Ifyouareasystemadministrator,SOCanalyst,penetrationtester,oranetworkengineerandwanttotakeyourpenetrationtestingskillsandsecurityknowledgetothenextlevel,thenthisbookisforyou.SomepriorexperiencewithpenetrationtestingtoolsandknowledgeofLinuxandWindowscommand-linesyntaxisbeneficial.
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Summary
- Threats to connected cars
- Hacking connected cars
- Poor physical security
品牌:中圖公司
上架時間:2021-06-24 18:02:28
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-06-24 19:13:50
- Other Books You May Enjoy
- Summary
- Threats to connected cars
- Hacking connected cars
- Poor physical security
- Insecure software/firmware
- Insufficient security configurability
- Insecure mobile interface
- Insecure cloud interface
- Privacy concerns
- Lack of transport encryption
- Insecure network services
- Insufficient authentication/authorization
- Insecure web interface
- The OWASP IoT Project
- Case study – Mirai Botnet
- Cloud interfaces and third-party API
- Network services
- Web interfaces
- Firmware
- Devices and appliances
- IoT attack surfaces
- Standards organizations
- IP Smart Objects protocols suite
- The IoT communication stack
- IoT protocols
- IoT project architecture
- The IoT ecosystem
- Internet of Things Exploitation
- Summary
- The router exploitation framework
- Router attacks
- Router bootup process
- Router components
- Exploiting routers
- BGP attacks
- Border Gateway Protocol
- Enhanced Interior Gateway Routing Protocol
- Interior Gateway Routing Protocol
- Defenses
- Persistent poisoning
- Seq++ attack
- Remote false adjacency
- MaxAge LSAs
- Disguised LSA
- OSPF attacks
- Open Shortest Path First
- RIPv1 reflection DDoS
- Routing Information Protocol
- Exploiting routing protocols
- Routing fundamentals
- Routing and Router Vulnerabilities
- Summary
- Qualys SSL Labs
- Heartbleed attack
- BREACH attack (CVE-2013-3587)
- CRIME attack (CVE-2012-4929)
- BEAST attack (CVE-2011-3389)
- POODLE attack (CVE-2014-3566)
- DROWN attack (CVE-2016-0800)
- SSL attacks
- Secure Sockets Layer/Transport Layer Security
- IPSec
- Tunneling protocols
- VPN fundamentals
- Cryptographic attacks
- Key management
- Steganography
- Digital signatures
- Hash functions and message integrity
- Asymmetric cryptosystem
- Symmetric cryptosystem
- Cryptosystem types
- Kerckhoffs' principle for cryptosystems
- Modern ciphers
- Classical ciphers
- Ciphers
- Cryptosystems
- Cryptography
- Insecure VPN Exploitation
- Summary
- SiGploit – Telecom Signaling Exploitation Framework
- VoLTE attacks
- VoLTE Exploitation
- Viproy – VoIP penetration testing kit
- Embedding malware
- Spam over Internet Telephony
- SIP registration hijacking
- SIP attacks
- Eavesdropping
- Denial-of-Service
- VoIP attacks
- VoIP exploitation
- Session Initiation Protocol
- H.248 and Media Gateway Control Protocol
- Secure Real-time Transport Protocol
- RTP/RTCP
- Skinny Call Control Protocol
- H.323
- VoIP fundamentals
- VoIP Exploitation
- Summary
- Attacking STP
- Spanning Tree Protocol attacks
- Private VLAN attacks
- VLAN double tagging
- Switch spoofing
- VLAN hopping attacks
- VLAN configuration
- Types of VLANs
- VLAN attacks
- ARP attacks
- Rogue DHCP server
- DHCP starvation
- DHCP attacks
- Media Access Control Security
- MAC attack
- LAN switching
- Switching in networking
- VLAN Exploitation
- Summary
- Defending against PowerShell attacks
- Nishang – PowerShell for penetration testing
- PowerSploit
- Interactive PowerShell
- Weaponized PowerShell with Metasploit
- Metasploit Persistence scripts
- Writing your own Metasploit module
- Bypassing antivirus with the Veil-Framework
- Starting Metasploit
- Posts
- NOPs
- Encoders
- Auxiliaries
- Payloads
- Exploits
- Modules
- Metasploit architecture
- Dissecting Metasploit Framework
- Metasploit and PowerShell for Post-Exploitation
- Summary
- Continuous security with Zed Attack Proxy
- Rotten Apple project for testing continuous integration or continuous delivery system security
- Continuous integration server penetration testing
- Continuous integration attacks
- Installing Jenkins
- Continuous integration with GitHub and Jenkins
- DevOps
- Continuous integration versus continuous delivery
- Types of tests
- Continuous integration
- Software development methodologies
- Exploiting Git and Continuous Integration Servers
- Summary
- Building a penetration testing laboratory
- Docker vulnerability static analysis with Clair
- Docker bench security
- Database passwords and data theft
- Poisoned images
- Docker breakout
- DoS and resource abuse
- Kernel exploits
- Docker exploitation
- Docker containers
- Cloud computing security challenges
- Cloud computing
- Virtualization
- Docker fundamentals
- Docker Exploitation
- Summary
- Dumping Active Directory domain credentials from an NTDS.dit file
- Dumping LSASS memory with Task Manager (get domain admin credentials)
- Pass the credential
- Dumping all domain credentials with Mimikatz
- 14-068 Kerberos vulnerability on a domain controller
- Passwords in SYSVOL and group policy preferences
- SPN scanning
- Kerberos TGS service ticket offline cracking (Kerberoast)
- Kerberos attacks
- PowerView
- Active Directory attacks
- PowerShell and Active Directory
- Lightweight Directory Access Protocol
- Kerberos authentication
- Single Sign-On
- Active Directory
- Active Directory Exploitation
- Summary
- Attacks on database servers
- SDNPWN
- DELTA: SDN security evaluation framework
- SDNs penetration testing
- SDN attacks
- Software-Defined Network penetration testing
- DDoS scrubbing centers
- Defending against DDoS attacks
- Types of DDoS attacks
- DDoS attacks
- Sniffing attacks
- DNS attacks
- DNS security
- Insecure SNMP configuration
- Services enumeration
- Machine learning model evaluation metrics
- Machine learning systems' workflow
- Reinforcement
- Semi-supervised learning
- Unsupervised learning
- Supervised learning
- Machine learning for intrusion detection
- Intrusion detection systems
- UDP Scanning
- SSDP scanning
- ICMP scanning
- TCP communication
- In-depth network scanning
- Open Systems Interconnection model
- Data center multi-tier model design
- Wireless network
- Personal area network
- Wide area network
- Metropolitan area network
- Local area network
- Communication networks
- Transmission modes
- Hybrid topology
- Mesh topology
- Tree topology
- Ring topology
- Star topology
- Bus topology
- Network topologies
- Networking fundamentals
- Corporate Network and Database Exploitation
- Summary
- Linux hardening
- Linux return oriented programming
- Non-executable stack
- Stack canaries
- Address space layout randomization
- Buffer overflow prevention techniques
- Linux Exploit Suggester
- Case study CVE-2016-4484 – Cryptsetup Initrd root Shell
- Logical and hardware-related bugs
- Race conditions
- Kernel heap vulnerabilities
- Kernel stack vulnerabilities
- Memory corruption vulnerabilities
- Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write
- Arbitrary kernel read/write
- NULL pointer dereference
- Linux kernel vulnerabilities
- Memory models and the address spaces
- Security-Enhanced Linux
- Threads
- Process
- Linux kernel subsystems
- System calls
- UserLand versus kernel land
- Linux kernel exploitation
- Linux privilege checker
- Privilege escalation
- OS detection with Nmap
- Linux enumeration with LinEnum
- Linux attack vectors
- Access control models
- Security controls
- Security models
- Jobs cron and crontab
- The power of the find command
- The chroot command
- The chown command
- The chmod command
- Permissions
- Users and groups
- Linux directory structure
- Redirection
- Streams
- Linux commands
- Linux basics
- Advanced Linux Exploitation
- Summary
- Reporting
- Methodology
- Realism
- Pentesting maturity and scoring model
- Penetration testing limitations and challenges
- Technical report
- Executive summary
- Reporting
- Cleanup
- Further penetration into infrastructure
- Persistence
- Data exfiltration
- High-profile targets
- Pillaging
- Infrastructure analysis
- Post-exploitation
- Exploitation
- Start a scan
- Starting Nexpose
- Installing Nexpose
- Vulnerability assessment with Nexpose
- Vulnerability analysis
- Motivation modeling
- Threat capability analysis
- Threat agents analysis
- Business process analysis
- Business asset analysis
- Threat modeling
- Geospatial intelligence
- Imagery intelligence
- Open source intelligence
- Signal intelligence
- Human intelligence
- Information system and network analysis
- Physical analysis
- Social engineering attacks
- Public intelligence
- Intelligence gathering
- Non-disclosure agreement
- Payment information
- Emergency contact information
- A get out of jail free card
- The objectives and scope
- Pre-engagement
- Penetration testing steps
- Payment Card Industry Data Security Standard
- Penetration Testing Execution Standard
- Information Systems Security Assessment Framework
- Open Source Security Testing Methodology Manual
- Guidance
- Procedures
- Standards
- Policies
- Pentesting standards and guidance
- Purple teaming
- Blue teaming
- Red teaming
- The penetration testing teams
- Gray box pentesting
- Black box pentesting
- White box pentesting
- Penetration testing types
- Penetration testing overview
- Clearing tracks
- Maintaining access
- Gaining access
- Vulnerability scanning
- Network scanning
- Port scanning
- Scanning
- Active reconnaissance
- Passive reconnaissance
- Reconnaissance
- Hacking phases
- Types of hackers
- Hacking concepts and phases
- Information security management program
- Information Assurance
- Risk analysis
- Defense in depth
- Least privilege and need to know
- Availability
- Integrity
- Confidentiality
- Information security overview
- Introduction to Advanced Infrastructure Penetration Testing
- Disclaimer
- Reviews
- Get in touch
- Conventions used
- Download the color images
- Download the example code files
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewer
- About the author
- Contributors
- PacktPub.com
- Why subscribe?
- Packt Upsell
- Title Page
- coverpage
- coverpage
- Title Page
- Packt Upsell
- Why subscribe?
- PacktPub.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Introduction to Advanced Infrastructure Penetration Testing
- Information security overview
- Confidentiality
- Integrity
- Availability
- Least privilege and need to know
- Defense in depth
- Risk analysis
- Information Assurance
- Information security management program
- Hacking concepts and phases
- Types of hackers
- Hacking phases
- Reconnaissance
- Passive reconnaissance
- Active reconnaissance
- Scanning
- Port scanning
- Network scanning
- Vulnerability scanning
- Gaining access
- Maintaining access
- Clearing tracks
- Penetration testing overview
- Penetration testing types
- White box pentesting
- Black box pentesting
- Gray box pentesting
- The penetration testing teams
- Red teaming
- Blue teaming
- Purple teaming
- Pentesting standards and guidance
- Policies
- Standards
- Procedures
- Guidance
- Open Source Security Testing Methodology Manual
- Information Systems Security Assessment Framework
- Penetration Testing Execution Standard
- Payment Card Industry Data Security Standard
- Penetration testing steps
- Pre-engagement
- The objectives and scope
- A get out of jail free card
- Emergency contact information
- Payment information
- Non-disclosure agreement
- Intelligence gathering
- Public intelligence
- Social engineering attacks
- Physical analysis
- Information system and network analysis
- Human intelligence
- Signal intelligence
- Open source intelligence
- Imagery intelligence
- Geospatial intelligence
- Threat modeling
- Business asset analysis
- Business process analysis
- Threat agents analysis
- Threat capability analysis
- Motivation modeling
- Vulnerability analysis
- Vulnerability assessment with Nexpose
- Installing Nexpose
- Starting Nexpose
- Start a scan
- Exploitation
- Post-exploitation
- Infrastructure analysis
- Pillaging
- High-profile targets
- Data exfiltration
- Persistence
- Further penetration into infrastructure
- Cleanup
- Reporting
- Executive summary
- Technical report
- Penetration testing limitations and challenges
- Pentesting maturity and scoring model
- Realism
- Methodology
- Reporting
- Summary
- Advanced Linux Exploitation
- Linux basics
- Linux commands
- Streams
- Redirection
- Linux directory structure
- Users and groups
- Permissions
- The chmod command
- The chown command
- The chroot command
- The power of the find command
- Jobs cron and crontab
- Security models
- Security controls
- Access control models
- Linux attack vectors
- Linux enumeration with LinEnum
- OS detection with Nmap
- Privilege escalation
- Linux privilege checker
- Linux kernel exploitation
- UserLand versus kernel land
- System calls
- Linux kernel subsystems
- Process
- Threads
- Security-Enhanced Linux
- Memory models and the address spaces
- Linux kernel vulnerabilities
- NULL pointer dereference
- Arbitrary kernel read/write
- Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write
- Memory corruption vulnerabilities
- Kernel stack vulnerabilities
- Kernel heap vulnerabilities
- Race conditions
- Logical and hardware-related bugs
- Case study CVE-2016-4484 – Cryptsetup Initrd root Shell
- Linux Exploit Suggester
- Buffer overflow prevention techniques
- Address space layout randomization
- Stack canaries
- Non-executable stack
- Linux return oriented programming
- Linux hardening
- Summary
- Corporate Network and Database Exploitation
- Networking fundamentals
- Network topologies
- Bus topology
- Star topology
- Ring topology
- Tree topology
- Mesh topology
- Hybrid topology
- Transmission modes
- Communication networks
- Local area network
- Metropolitan area network
- Wide area network
- Personal area network
- Wireless network
- Data center multi-tier model design
- Open Systems Interconnection model
- In-depth network scanning
- TCP communication
- ICMP scanning
- SSDP scanning
- UDP Scanning
- Intrusion detection systems
- Machine learning for intrusion detection
- Supervised learning
- Unsupervised learning
- Semi-supervised learning
- Reinforcement
- Machine learning systems' workflow
- Machine learning model evaluation metrics
- Services enumeration
- Insecure SNMP configuration
- DNS security
- DNS attacks
- Sniffing attacks
- DDoS attacks
- Types of DDoS attacks
- Defending against DDoS attacks
- DDoS scrubbing centers
- Software-Defined Network penetration testing
- SDN attacks
- SDNs penetration testing
- DELTA: SDN security evaluation framework
- SDNPWN
- Attacks on database servers
- Summary
- Active Directory Exploitation
- Active Directory
- Single Sign-On
- Kerberos authentication
- Lightweight Directory Access Protocol
- PowerShell and Active Directory
- Active Directory attacks
- PowerView
- Kerberos attacks
- Kerberos TGS service ticket offline cracking (Kerberoast)
- SPN scanning
- Passwords in SYSVOL and group policy preferences
- 14-068 Kerberos vulnerability on a domain controller
- Dumping all domain credentials with Mimikatz
- Pass the credential
- Dumping LSASS memory with Task Manager (get domain admin credentials)
- Dumping Active Directory domain credentials from an NTDS.dit file
- Summary
- Docker Exploitation
- Docker fundamentals
- Virtualization
- Cloud computing
- Cloud computing security challenges
- Docker containers
- Docker exploitation
- Kernel exploits
- DoS and resource abuse
- Docker breakout
- Poisoned images
- Database passwords and data theft
- Docker bench security
- Docker vulnerability static analysis with Clair
- Building a penetration testing laboratory
- Summary
- Exploiting Git and Continuous Integration Servers
- Software development methodologies
- Continuous integration
- Types of tests
- Continuous integration versus continuous delivery
- DevOps
- Continuous integration with GitHub and Jenkins
- Installing Jenkins
- Continuous integration attacks
- Continuous integration server penetration testing
- Rotten Apple project for testing continuous integration or continuous delivery system security
- Continuous security with Zed Attack Proxy
- Summary
- Metasploit and PowerShell for Post-Exploitation
- Dissecting Metasploit Framework
- Metasploit architecture
- Modules
- Exploits
- Payloads
- Auxiliaries
- Encoders
- NOPs
- Posts
- Starting Metasploit
- Bypassing antivirus with the Veil-Framework
- Writing your own Metasploit module
- Metasploit Persistence scripts
- Weaponized PowerShell with Metasploit
- Interactive PowerShell
- PowerSploit
- Nishang – PowerShell for penetration testing
- Defending against PowerShell attacks
- Summary
- VLAN Exploitation
- Switching in networking
- LAN switching
- MAC attack
- Media Access Control Security
- DHCP attacks
- DHCP starvation
- Rogue DHCP server
- ARP attacks
- VLAN attacks
- Types of VLANs
- VLAN configuration
- VLAN hopping attacks
- Switch spoofing
- VLAN double tagging
- Private VLAN attacks
- Spanning Tree Protocol attacks
- Attacking STP
- Summary
- VoIP Exploitation
- VoIP fundamentals
- H.323
- Skinny Call Control Protocol
- RTP/RTCP
- Secure Real-time Transport Protocol
- H.248 and Media Gateway Control Protocol
- Session Initiation Protocol
- VoIP exploitation
- VoIP attacks
- Denial-of-Service
- Eavesdropping
- SIP attacks
- SIP registration hijacking
- Spam over Internet Telephony
- Embedding malware
- Viproy – VoIP penetration testing kit
- VoLTE Exploitation
- VoLTE attacks
- SiGploit – Telecom Signaling Exploitation Framework
- Summary
- Insecure VPN Exploitation
- Cryptography
- Cryptosystems
- Ciphers
- Classical ciphers
- Modern ciphers
- Kerckhoffs' principle for cryptosystems
- Cryptosystem types
- Symmetric cryptosystem
- Asymmetric cryptosystem
- Hash functions and message integrity
- Digital signatures
- Steganography
- Key management
- Cryptographic attacks
- VPN fundamentals
- Tunneling protocols
- IPSec
- Secure Sockets Layer/Transport Layer Security
- SSL attacks
- DROWN attack (CVE-2016-0800)
- POODLE attack (CVE-2014-3566)
- BEAST attack (CVE-2011-3389)
- CRIME attack (CVE-2012-4929)
- BREACH attack (CVE-2013-3587)
- Heartbleed attack
- Qualys SSL Labs
- Summary
- Routing and Router Vulnerabilities
- Routing fundamentals
- Exploiting routing protocols
- Routing Information Protocol
- RIPv1 reflection DDoS
- Open Shortest Path First
- OSPF attacks
- Disguised LSA
- MaxAge LSAs
- Remote false adjacency
- Seq++ attack
- Persistent poisoning
- Defenses
- Interior Gateway Routing Protocol
- Enhanced Interior Gateway Routing Protocol
- Border Gateway Protocol
- BGP attacks
- Exploiting routers
- Router components
- Router bootup process
- Router attacks
- The router exploitation framework
- Summary
- Internet of Things Exploitation
- The IoT ecosystem
- IoT project architecture
- IoT protocols
- The IoT communication stack
- IP Smart Objects protocols suite
- Standards organizations
- IoT attack surfaces
- Devices and appliances
- Firmware
- Web interfaces
- Network services
- Cloud interfaces and third-party API
- Case study – Mirai Botnet
- The OWASP IoT Project
- Insecure web interface
- Insufficient authentication/authorization
- Insecure network services
- Lack of transport encryption
- Privacy concerns
- Insecure cloud interface
- Insecure mobile interface
- Insufficient security configurability
- Insecure software/firmware
- Poor physical security
- Hacking connected cars
- Threats to connected cars
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-24 19:13:50
