最新章節(jié)
- Summary
- Delivering the report
- Building the report
- About your company
- Appendix C - attached diagrams
- Appendix B - attached reports
品牌:中圖公司
上架時間:2021-07-02 18:39:39
出版社:Packt Publishing
本書數(shù)字版權(quán)由中圖公司提供,并由其授權(quán)上海閱文信息技術(shù)有限公司制作發(fā)行
- Summary 更新時間:2021-07-02 21:36:31
- Delivering the report
- Building the report
- About your company
- Appendix C - attached diagrams
- Appendix B - attached reports
- Appendix A - tools used
- Conclusion
- Detailed findings
- Summary of findings
- Description of risk rating scale
- Objectives of the penetration test
- The scope of the project
- Executive summary
- Table of contents
- Cover sheet
- Structure of a penetration test report
- Importance of defining risk
- Gathering all your data
- Writing Up the Penetration Testing Report
- Summary
- Destruction by the penetration tester
- Stakeholder-sponsored destruction
- Destroying equipment
- LUKS Nuke blowing up partition
- Using DD and mkfs to clear drives
- ClearLogs for Windows
- CLI tips for hiding your tracks
- Shredding files with shred
- Clearev with Metasploit
- Covering your tracks
- Cleaning up any trails left behind
- Cleaning Up and Getting Out
- Summary
- Using XSS for cookie retrieval
- Burp suite with intercept
- Session management
- Error handling issues
- SQL Injection fun with Sqlmap
- Validating data error handling and logic
- Wfuzz
- Apache-users
- Role based access control
- Identity-based testing
- Using Skipfish for web application recon
- Uniscan
- Infrastructure and design weaknesses
- Using OWASP ZAP to find session issues
- Stored XSS attack
- Reflected XSS attack
- Cross-site scripting attacks
- Manipulation by client-side testing
- Web Application Attacks
- Summary
- Employee/vendor identification
- Secure access
- Physical security considerations
- Scanning with Hcitool
- Blueranger
- Btscanner
- Bluelog
- Bluetooth probing
- Attacking WEP with wifite
- Monitoring the airway with Kismet
- Cracking WPA2 with aircrack-ng
- Wireless-based attacks
- MAC flooding with Macof
- Smurf attacks using hping3
- Land attacks with hping3
- Various attacks with hping3
- Denial-of-service checks
- Rogue DHCP server
- snmp-check
- Wired-based attacks
- Attacks on the Network Infrastructure
- Summary
- Free USB drives for all!!
- Dumpster diving
- Scenario 2
- Scenario 1
- Impersonation to get the goods
- Social engineering experiments
- Medusa
- Ncrack
- THC-Hydra
- John the Ripper
- Cracking utilities
- Online locations
- Crunching wordlists
- Creating rainbows with RainbowCrack
- Generating rainbow tables and wordlists
- Password-based Attacks
- Summary
- Intercepting SSL traffic with SSLsplit
- SSLStrip
- Ettercap
- ARP spoofing
- Understanding spoofing attacks
- Wireshark
- WinDump
- Tcpdump
- Sniffing tools
- Traffic sniffing tools and techniques
- Traffic Sniffing and Spoofing
- Summary
- Using SET for client-side exploitation
- Using BeEF for browser-based exploitation
- Understanding client-side attacks
- Exploiting our targets with Metasploit
- Getting started with Metasploit
- Performing scans against the environment
- Getting started with OpenVAS
- OpenVAS
- Scanning techniques
- Vulnerability scanning tools
- Vulnerability Scanning and Metasploit
- Summary
- Split utility
- Playing with tar
- File utilities
- Automating evidence collection
- Verifying automation
- stunnel setup on the client – Raspberry Pi
- stunnel to the rescue
- Setting up a reverse SSH tunnel
- Command and control server SSH setup
- Inside server SSH setup
- Setting up secure connectivity
- Command and control servers
- Setting up and maintaining the Command and Control Server
- Summary
- Enumerating your findings
- Using Netdiscover to find undocumented IPs
- Protocol fuzzing with DotDotPwn
- Detecting a web application firewall
- Firewall reconnaissance with Firewalk
- Fingerprinting systems with P0f
- Checking for DNS recursion with NSE
- Probing the network with Nmap
- Checking for a DNS BIND version
- DNS reconnaissance with DNSRecon
- Enumerating DNS with dnsmap
- Utilizing whois for information gathering
- Search engines as an information source
- Where to look for information – checking out the toolbox!
- Understanding the current environment
- Information Gathering
- Summary
- Penetration system software setup
- Building the systems for the penetration test
- Organization chart
- Data flow diagram
- Understanding the network diagram – onshore IT example
- Documentation
- Scoping criteria
- Defining objectives with stakeholder questionnaires
- Understanding the engagement
- Why does penetration testing take place?
- Planning and Preparation
- Questions
- Piracy
- Errata
- Customer support
- Reader feedback
- Conventions
- Who this book is for
- What you need for this book
- What this book covers
- Preface
- Customer Feedback
- Why subscribe?
- www.PacktPub.com
- About the Reviewer
- About the Author
- Credits
- Title Page
- coverpage
- coverpage
- Title Page
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Errata
- Piracy
- Questions
- Planning and Preparation
- Why does penetration testing take place?
- Understanding the engagement
- Defining objectives with stakeholder questionnaires
- Scoping criteria
- Documentation
- Understanding the network diagram – onshore IT example
- Data flow diagram
- Organization chart
- Building the systems for the penetration test
- Penetration system software setup
- Summary
- Information Gathering
- Understanding the current environment
- Where to look for information – checking out the toolbox!
- Search engines as an information source
- Utilizing whois for information gathering
- Enumerating DNS with dnsmap
- DNS reconnaissance with DNSRecon
- Checking for a DNS BIND version
- Probing the network with Nmap
- Checking for DNS recursion with NSE
- Fingerprinting systems with P0f
- Firewall reconnaissance with Firewalk
- Detecting a web application firewall
- Protocol fuzzing with DotDotPwn
- Using Netdiscover to find undocumented IPs
- Enumerating your findings
- Summary
- Setting up and maintaining the Command and Control Server
- Command and control servers
- Setting up secure connectivity
- Inside server SSH setup
- Command and control server SSH setup
- Setting up a reverse SSH tunnel
- stunnel to the rescue
- stunnel setup on the client – Raspberry Pi
- Verifying automation
- Automating evidence collection
- File utilities
- Playing with tar
- Split utility
- Summary
- Vulnerability Scanning and Metasploit
- Vulnerability scanning tools
- Scanning techniques
- OpenVAS
- Getting started with OpenVAS
- Performing scans against the environment
- Getting started with Metasploit
- Exploiting our targets with Metasploit
- Understanding client-side attacks
- Using BeEF for browser-based exploitation
- Using SET for client-side exploitation
- Summary
- Traffic Sniffing and Spoofing
- Traffic sniffing tools and techniques
- Sniffing tools
- Tcpdump
- WinDump
- Wireshark
- Understanding spoofing attacks
- ARP spoofing
- Ettercap
- SSLStrip
- Intercepting SSL traffic with SSLsplit
- Summary
- Password-based Attacks
- Generating rainbow tables and wordlists
- Creating rainbows with RainbowCrack
- Crunching wordlists
- Online locations
- Cracking utilities
- John the Ripper
- THC-Hydra
- Ncrack
- Medusa
- Social engineering experiments
- Impersonation to get the goods
- Scenario 1
- Scenario 2
- Dumpster diving
- Free USB drives for all!!
- Summary
- Attacks on the Network Infrastructure
- Wired-based attacks
- snmp-check
- Rogue DHCP server
- Denial-of-service checks
- Various attacks with hping3
- Land attacks with hping3
- Smurf attacks using hping3
- MAC flooding with Macof
- Wireless-based attacks
- Cracking WPA2 with aircrack-ng
- Monitoring the airway with Kismet
- Attacking WEP with wifite
- Bluetooth probing
- Bluelog
- Btscanner
- Blueranger
- Scanning with Hcitool
- Physical security considerations
- Secure access
- Employee/vendor identification
- Summary
- Web Application Attacks
- Manipulation by client-side testing
- Cross-site scripting attacks
- Reflected XSS attack
- Stored XSS attack
- Using OWASP ZAP to find session issues
- Infrastructure and design weaknesses
- Uniscan
- Using Skipfish for web application recon
- Identity-based testing
- Role based access control
- Apache-users
- Wfuzz
- Validating data error handling and logic
- SQL Injection fun with Sqlmap
- Error handling issues
- Session management
- Burp suite with intercept
- Using XSS for cookie retrieval
- Summary
- Cleaning Up and Getting Out
- Cleaning up any trails left behind
- Covering your tracks
- Clearev with Metasploit
- Shredding files with shred
- CLI tips for hiding your tracks
- ClearLogs for Windows
- Using DD and mkfs to clear drives
- LUKS Nuke blowing up partition
- Destroying equipment
- Stakeholder-sponsored destruction
- Destruction by the penetration tester
- Summary
- Writing Up the Penetration Testing Report
- Gathering all your data
- Importance of defining risk
- Structure of a penetration test report
- Cover sheet
- Table of contents
- Executive summary
- The scope of the project
- Objectives of the penetration test
- Description of risk rating scale
- Summary of findings
- Detailed findings
- Conclusion
- Appendix A - tools used
- Appendix B - attached reports
- Appendix C - attached diagrams
- About your company
- Building the report
- Delivering the report
- Summary 更新時間:2021-07-02 21:36:31
