舉報 
會員
Applied Network Security
最新章節:
Summary
Thisbookisfornetworksecurityprofessionals,cybersecurityprofessionals,andPentesterswhoarewellversedwithfundamentalsofnetworksecurityandnowwanttomasterit.Sowhetheryou’reacybersecurityprofessional,hobbyist,businessmanager,orstudentaspiringtobecominganethicalhackerorjustwanttolearnmoreaboutthecybersecurityaspectoftheITindustry,thenthisbookisdefinitelyforyou.
最新章節
- Summary
- Lab 1-setting up an Evil Portal on the Pineapple
- Using the Pineapple for offensive security
- Threat hunting platforms
- SET browser exploit lab
- What tools are used for offensive security?
品牌:中圖公司
上架時間:2021-07-02 18:53:54
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Summary 更新時間:2021-07-02 23:31:38
- Lab 1-setting up an Evil Portal on the Pineapple
- Using the Pineapple for offensive security
- Threat hunting platforms
- SET browser exploit lab
- What tools are used for offensive security?
- What is offensive security?
- Offensive Security and Threat Hunting
- Summary
- Enabling the landing page
- Reporting data
- Logging data with Pineapple
- Reporting data
- Getting connected managing your network and broadcasting Wi-Fi
- Performing a scan
- Getting connected
- Lab 1-how to set up
- For penetration testing
- The Wi-Fi Pineapple
- Wireless vulnerability
- The history of Wi-Fi - the WLAN standard
- Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra
- Summary
- Lab 4-execute Snort as Daemon
- Alert explanation
- Show log alert
- Lab 3-execute Snort
- Rule options
- Lab 2-create the following snort.conf and icmp.rules files
- Lab 1-installing Snort and creating ICMP rules lab
- How?
- Snort as an IPS
- IDS versus IPS
- Alert status
- Splunk
- Security Information and Event Management (SIEM)
- Who and when?
- Why?
- Summary of differences
- Physical
- Network-based
- Host based
- IPS
- IDS
- Detection Systems
- Sources
- Summary
- IOT and botnets
- IOT vulnerabilities and cyber security
- What is the Internet of Things?
- The Internet of Things
- Summary
- What the glitch?
- A KeyGrabber?
- Disabling ports
- How does the Rubber Ducky work?
- An evil USB
- A possible threat
- A deeper look into USB
- Injectable Devices
- Summary
- How to detect an evil twin?
- The dangers of public Wi-Fi and evil twins
- What tools are used for setting up an evil twin?
- What is DNS spoofing?
- What is address spoofing?
- What is an evil twin?
- Evil Twins and Spoofing
- Summary
- Defenses against web application attacks
- What is BeEF and how to use it?
- Using Autopwn2
- What is Autopwn?
- What tools are used for web application penetration testing?
- Web application exploits
- Web Application Exploits
- Summary
- Passive OS detection
- Sniffing
- OS fingerprinting ISN
- Wireless sniffing
- VLAN hopping
- TCP port scanning
- ACK scan
- ARP poisoning commands
- ARP cache poisoning
- Teardrop attack (aka Nestea)
- Ping of death
- Malformed packets
- A DNS query
- SYN scan
- The TCP three way handshake
- Handling files
- Viewing the packet
- Layering
- Sending and receiving
- Creating our first packet
- Scapy
- Scapy
- Summary
- Hunting for web app vulnerabilities with Open Web Application Security Project (OWASP) ZAP
- Extracting data with SQLmap
- Finding vulnerabilities from a targeted sites
- Bypass blocked and filtered websites
- Bypassing authentication
- Attack vectors for web applications
- Ways to defend against SQL injection attacks
- Examples of SQL injection attacks
- SQL injection
- SQL command examples
- What is SQL and how does it work?
- SQL Injection
- Links to download tools
- References
- Summary
- What defences are there against hash password attacks?
- How do pass the hash attacks impact businesses?
- How are hashes cracked?
- What tools are used to get the hash?
- How do hackers obtain the hash?
- Cryptographic hash functions
- Authentication protocols
- What is a hash?
- Passing and Cracking the Hash
- Summary
- Installing MITMF using Kali Linux
- Tools for MITM attacks
- Examples of MITM
- Related types of attacks
- What is an MITM attack?
- Advanced Network Attacks
- Summary
- BeEF with SET
- BeEF with man-in-the-middle framework (MITMF)
- BeEF with BetterCap
- Browser hijacking
- Browser exploitation with BeEF
- How to reduce your chances of being attacked
- Preventative measures against XSS attacks
- Cross site scripting (XSS) attacks
- How SQL injections work
- What are web injections?
- Social engineering
- Social Engineering Toolkit and Browser Exploitation
- References
- Summary
- Evasion and antivirus signatures
- What are some vulnerabilities in antivirus protection?
- What is antivirus protection?
- Veil-PowerTools
- The scenario
- Intrusion with a PDF
- How do hackers hide their attack?
- Veil-Pillage
- Veil-Evasion
- Veil Framework
- References
- Summary
- Your defence
- Android RAT
- MS Word-embedded RAT
- PDF-embedded RAT
- Ways to disguise your RAT though Metasploit
- Remote Access Trojans
- Creating a RAT Using Msfvenom
- Summary
- The short version (a cheat-sheet for the aircrack-ng suite)
- How to make a strong password
- The password lists
- The Transmission Control Protocol (TCP) handshake
- The steps
- Wi-Fi cracking tools
- What is packet injection?
- The requirements
- The method
- What's the right way to do it?
- Why should we crack our own Wi-Fi?
- How to Crack Wi-Fi Passwords
- Summary
- Countermeasures
- Starting the listener
- Commands
- Output to a file
- Using a list
- The reason switch
- UDP scan
- Gathering version info
- Evading firewalls
- Spoofing and decoy scans
- Scanning a subnet
- Lab 3-scanning
- Brute-force passwords
- Sparta
- Lab 2
- Wireshark filter cheat sheet
- Using Wireshark filters
- Lab 1-a scan to search for DDoS reflection UDP services
- Scan with a set of scripts
- Scan using a specific NSE script
- Save in all formats
- Save default output to file
- Nmap output formats
- Lighter banner-grabbing detection
- More aggressive service detection
- Standard service detection
- Detect OS and services
- Service and OS detection
- Scan using TCP connect
- Scan using TCP SYN scan (default)
- Nmap port scan types
- Scan all 65535 ports
- Scan 100 most common ports (fast)
- Scan a range of ports
- Scan a single port
- Nmap port selection
- Scan a subnet
- Scan a range of IPs
- Scan a host
- Scan a single IP
- Why network sniffing is important
- What is network sniffing?
- Sniffing the Network
- References
- Summary
- Building an assessment
- Mitigation against threats
- False positives
- Knowns and unknowns
- Wi-Fi vulnerabilities
- Security for individuals versus companies
- Our defense
- Recent events and statistics of network attacks
- Current technologies
- Ethical hacking issues
- The hacking process
- Hacker tools
- Hackers (and their types) defined
- Murphy's law
- Introduction to Network Security
- Questions
- Piracy
- Errata
- Downloading the color images of this book
- Customer support
- Reader feedback
- Conventions
- Who this book is for
- What you need for this book
- What this book covers
- Preface
- Customer Feedback
- www.PacktPub.com
- About the Reviewer
- About the Authors
- Credits
- 版權信息
- 封面
- 封面
- 版權信息
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Introduction to Network Security
- Murphy's law
- Hackers (and their types) defined
- Hacker tools
- The hacking process
- Ethical hacking issues
- Current technologies
- Recent events and statistics of network attacks
- Our defense
- Security for individuals versus companies
- Wi-Fi vulnerabilities
- Knowns and unknowns
- False positives
- Mitigation against threats
- Building an assessment
- Summary
- References
- Sniffing the Network
- What is network sniffing?
- Why network sniffing is important
- Scan a single IP
- Scan a host
- Scan a range of IPs
- Scan a subnet
- Nmap port selection
- Scan a single port
- Scan a range of ports
- Scan 100 most common ports (fast)
- Scan all 65535 ports
- Nmap port scan types
- Scan using TCP SYN scan (default)
- Scan using TCP connect
- Service and OS detection
- Detect OS and services
- Standard service detection
- More aggressive service detection
- Lighter banner-grabbing detection
- Nmap output formats
- Save default output to file
- Save in all formats
- Scan using a specific NSE script
- Scan with a set of scripts
- Lab 1-a scan to search for DDoS reflection UDP services
- Using Wireshark filters
- Wireshark filter cheat sheet
- Lab 2
- Sparta
- Brute-force passwords
- Lab 3-scanning
- Scanning a subnet
- Spoofing and decoy scans
- Evading firewalls
- Gathering version info
- UDP scan
- The reason switch
- Using a list
- Output to a file
- Commands
- Starting the listener
- Countermeasures
- Summary
- How to Crack Wi-Fi Passwords
- Why should we crack our own Wi-Fi?
- What's the right way to do it?
- The method
- The requirements
- What is packet injection?
- Wi-Fi cracking tools
- The steps
- The Transmission Control Protocol (TCP) handshake
- The password lists
- How to make a strong password
- The short version (a cheat-sheet for the aircrack-ng suite)
- Summary
- Creating a RAT Using Msfvenom
- Remote Access Trojans
- Ways to disguise your RAT though Metasploit
- PDF-embedded RAT
- MS Word-embedded RAT
- Android RAT
- Your defence
- Summary
- References
- Veil Framework
- Veil-Evasion
- Veil-Pillage
- How do hackers hide their attack?
- Intrusion with a PDF
- The scenario
- Veil-PowerTools
- What is antivirus protection?
- What are some vulnerabilities in antivirus protection?
- Evasion and antivirus signatures
- Summary
- References
- Social Engineering Toolkit and Browser Exploitation
- Social engineering
- What are web injections?
- How SQL injections work
- Cross site scripting (XSS) attacks
- Preventative measures against XSS attacks
- How to reduce your chances of being attacked
- Browser exploitation with BeEF
- Browser hijacking
- BeEF with BetterCap
- BeEF with man-in-the-middle framework (MITMF)
- BeEF with SET
- Summary
- Advanced Network Attacks
- What is an MITM attack?
- Related types of attacks
- Examples of MITM
- Tools for MITM attacks
- Installing MITMF using Kali Linux
- Summary
- Passing and Cracking the Hash
- What is a hash?
- Authentication protocols
- Cryptographic hash functions
- How do hackers obtain the hash?
- What tools are used to get the hash?
- How are hashes cracked?
- How do pass the hash attacks impact businesses?
- What defences are there against hash password attacks?
- Summary
- References
- Links to download tools
- SQL Injection
- What is SQL and how does it work?
- SQL command examples
- SQL injection
- Examples of SQL injection attacks
- Ways to defend against SQL injection attacks
- Attack vectors for web applications
- Bypassing authentication
- Bypass blocked and filtered websites
- Finding vulnerabilities from a targeted sites
- Extracting data with SQLmap
- Hunting for web app vulnerabilities with Open Web Application Security Project (OWASP) ZAP
- Summary
- Scapy
- Scapy
- Creating our first packet
- Sending and receiving
- Layering
- Viewing the packet
- Handling files
- The TCP three way handshake
- SYN scan
- A DNS query
- Malformed packets
- Ping of death
- Teardrop attack (aka Nestea)
- ARP cache poisoning
- ARP poisoning commands
- ACK scan
- TCP port scanning
- VLAN hopping
- Wireless sniffing
- OS fingerprinting ISN
- Sniffing
- Passive OS detection
- Summary
- Web Application Exploits
- Web application exploits
- What tools are used for web application penetration testing?
- What is Autopwn?
- Using Autopwn2
- What is BeEF and how to use it?
- Defenses against web application attacks
- Summary
- Evil Twins and Spoofing
- What is an evil twin?
- What is address spoofing?
- What is DNS spoofing?
- What tools are used for setting up an evil twin?
- The dangers of public Wi-Fi and evil twins
- How to detect an evil twin?
- Summary
- Injectable Devices
- A deeper look into USB
- A possible threat
- An evil USB
- How does the Rubber Ducky work?
- Disabling ports
- A KeyGrabber?
- What the glitch?
- Summary
- The Internet of Things
- What is the Internet of Things?
- IOT vulnerabilities and cyber security
- IOT and botnets
- Summary
- Sources
- Detection Systems
- IDS
- IPS
- Host based
- Network-based
- Physical
- Summary of differences
- Why?
- Who and when?
- Security Information and Event Management (SIEM)
- Splunk
- Alert status
- IDS versus IPS
- Snort as an IPS
- How?
- Lab 1-installing Snort and creating ICMP rules lab
- Lab 2-create the following snort.conf and icmp.rules files
- Rule options
- Lab 3-execute Snort
- Show log alert
- Alert explanation
- Lab 4-execute Snort as Daemon
- Summary
- Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra
- The history of Wi-Fi - the WLAN standard
- Wireless vulnerability
- The Wi-Fi Pineapple
- For penetration testing
- Lab 1-how to set up
- Getting connected
- Performing a scan
- Getting connected managing your network and broadcasting Wi-Fi
- Reporting data
- Logging data with Pineapple
- Reporting data
- Enabling the landing page
- Summary
- Offensive Security and Threat Hunting
- What is offensive security?
- What tools are used for offensive security?
- SET browser exploit lab
- Threat hunting platforms
- Using the Pineapple for offensive security
- Lab 1-setting up an Evil Portal on the Pineapple
- Summary 更新時間:2021-07-02 23:31:38
