• Advanced penetration testing for highly-secured environments:Employee the most advanced pentesting techniques and tools to build highly-secured systems and environments
  • 點閱:29
  • 作者: by Lee Allen, Kevin Cardwell
  • 出版社:Packt Publishing Ltd.
  • 出版年:2016
  • 集叢名:Community experience distilled
  • ISBN:9781784392024 ; 9781784395810
  • 格式:EPUB,PDF
  • 版次:2nd ed.

Employ the most advanced pentesting techniques and tools to build highly-secured systems and environments
About This Book
Learn how to build your own pentesting lab environment to practice advanced techniques
Customize your own scripts, and learn methods to exploit 32-bit and 64-bit programs

Explore a vast variety of stealth techniques to bypass a number of protections when penetration testing
Who This Book Is For
This book is for anyone who wants to improve their skills in penetration testing. As it follows a step-by-step approach, anyone from a novice to an experienced security tester can learn effective techniques to deal with highly secured environments.
Whether you are brand new or a seasoned expert, this book will provide you with the skills you need to successfully create, customize, and plan an advanced penetration test.
What You Will Learn
A step-by-step methodology to identify and penetrate secured environments
Get to know the process to test network services across enterprise architecture when defences are in place
Grasp different web application testing methods and how to identify web application protections that are deployed
Understand a variety of concepts to exploit software
Gain proven post-exploitation techniques to exfiltrate data from the target
Get to grips with various stealth techniques to remain undetected and defeat the latest defences
Be the first to find out the latest methods to bypass firewalls
Follow proven approaches to record and save the data from tests for analysis
In Detail
The defences continue to improve and become more and more common, but this book will provide you with a number or proven techniques to defeat the latest defences on the networks. The methods and techniques contained will provide you with a powerful arsenal of best practices to increase your penetration testing successes.
The processes and methodology will provide you techniques that will enable you to be successful, and the step by step instructions of information gathering and intelligence will allow you to gather the required information on the targets you are testing. The exploitation and post-exploitation sections will supply you with the tools you would need to go as far as the scope of work will allow you. The challenges at the end of each chapter are designed to challenge you and provide real-world situations that will hone and perfect your penetration testing skills. You will start with a review of several well respected penetration testing methodologies, and following this you will learn a step-by-step methodology of professional security testing, including stealth, methods of evasion, and obfuscation to perform your tests and not be detected!
The final challenge will allow you to create your own complex layered architecture with defences and protections in place, and provide the ultimate testing range for you to practice the methods shown throughout the book. The challenge is as close to an actual penetration test assignment as you can get!
Style and approach
The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and foot printing

Lee Allen
Lee Allen is currently the vulnerability management program lead for one of the Fortune 500. Among many other responsibilities, he performs security assessments and penetration testing. Lee is very passionate and driven about the subject of penetration testing and security research. His journey into the exciting world of security began back in the 80s, while visiting BBSs with his trusty Commodore 64 and a room carpeted with 5 ¼-inch floppy disks. Over the years, he has continued his attempts at remaining up to date with the latest and greatest in the security industry and the community. He has several industry certifications, including OSWP, and has been working in the IT industry for over 15 years. His hobbies include validating and reviewing proof-of-concept exploit code, programming, security research, attending security conferences, discussing technology, writing, and skiing. He lives in Ohio with his wife, Kellie, and their 6 children, Heather, Kristina, Natalie, Mason, Alyssa, and Seth.

Kevin Cardwell
Kevin Cardwell currently works as a freelance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities in the USA, Middle East, Africa, Asia and the UK. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He is a technical editor of the Learning Tree course, Penetration Testing Techniques and Computer Forensics. He has presented at the Black Hat USA, Hacker Halted, ISSA, and TakeDownCon conferences, as well as many others. He has chaired the cybercrime and cyber defense summit in Oman and was the executive chairman of the oil and gas cyber defense summit. He is the author of Building Virtual Pentesting Labs for Advanced Penetration Testing and Backtrack – Testing Wireless Network Security. He holds a BS in computer science from National University in California and an MS in software engineering from the Southern Methodist University (SMU) in Texas. He developed the strategy and training development plan for the first Government CERT in the country of Oman, which was recently rated as the top CERT in the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority and developed the team to man the first Commercial Security Operations Center in Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe, and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to commercial companies, governments, federal agencies, major banks, and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman, and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices, and other applications as well.

  • Preface(第ix頁)
  • Chapter 1:Penetration Testing Essentials(第1頁)
    • Methodology defined(第1頁)
    • Example methodologies(第2頁)
    • Abstract methodology(第21頁)
    • Summary(第22頁)
  • Chapter 2:Preparing a Test Environment(第23頁)
    • Introducing VMware Workstation(第23頁)
    • Installing VMware Workstation(第24頁)
    • Network design(第25頁)
    • Understanding the default architecture(第30頁)
    • Creating the switches(第38頁)
    • Putting it all together(第39頁)
    • Summary(第48頁)
  • Chapter 3:Assessment Planning(第49頁)
    • Introducing advanced penetration testing(第49頁)
    • Before testing begins(第52頁)
    • Planning for action(第56頁)
    • Installing LibreOffice(第59頁)
    • Effectively managing your test results(第60頁)
    • Introduction to the Dradis framework(第65頁)
    • Summary(第78頁)
  • Chapter 4:Intelligence Gathering(第79頁)
    • Introducing reconnaissance(第80頁)
    • DNS recon(第83頁)
    • Gathering and validating domain and IP information(第98頁)
    • Using search engines to do your job for you(第101頁)
    • Creating network baselines with scanPBNJ(第108頁)
    • Summary(第112頁)
  • Chapter 5:Network Service Attacks(第113頁)
    • Configuring and testing our lab clients(第114頁)
    • Angry IP Scanner(第116頁)
    • Nmap – getting to know you(第117頁)
    • SNMP – a goldmine of information just waiting to be discovered(第134頁)
    • Network baselines with ScanPBNJ(第136頁)
    • Enumeration avoidance techniques(第141頁)
    • Reader challenge(第144頁)
    • Summary(第145頁)
  • Chapter 6:Exploitation(第147頁)
    • Exploitation – why bother?(第148頁)
    • Manual exploitation(第148頁)
    • Getting files to and from victim machines(第165頁)
    • Passwords – something you know…(第169頁)
    • Metasploit – learn it and love it(第171頁)
    • Reader challenge(第181頁)
    • Summary(第182頁)
  • Chapter 7:Web Application Attacks(第185頁)
    • Practice makes perfect(第186頁)
    • Configuring pfSense(第190頁)
    • Detecting load balancers(第199頁)
    • Detecting web application firewalls (WAF)(第202頁)
    • Taking on Level 3 – Kioptrix(第204頁)
    • Web Application Attack and Audit framework (w3af)(第204頁)
    • Introduction to browser plugin HackBar(第221頁)
    • Reader challenge(第222頁)
    • Summary(第226頁)
  • Chapter 8:Exploitation Concepts(第227頁)
    • Buffer overflows – a refresher(第228頁)
    • 64-bit exploitation(第237頁)
    • Introducing vulnserver(第246頁)
    • Fuzzing tools included in Kali(第248頁)
    • Social Engineering Toolkit(第260頁)
    • Fast-Track(第265頁)
    • Reader challenge(第266頁)
    • Summary(第266頁)
  • Chapter 9:Post-Exploitation(第269頁)
    • Rules of Engagement(第270頁)
    • Data gathering, network analysis, and pillaging(第272頁)
    • Pivoting(第314頁)
    • Reader challenge(第316頁)
    • Summary(第316頁)
  • Chapter 10:Stealth Techniques(第319頁)
    • Lab preparation(第320頁)
    • Stealth scanning through the firewall(第331頁)
    • Now you see me, now you don't – avoiding IDS(第335頁)
    • Blending in(第337頁)
    • PfSense SSH logs(第341頁)
    • Looking at traffic patterns(第341頁)
    • Cleaning up compromised hosts(第341頁)
    • Miscellaneous evasion techniques(第342頁)
    • Reader challenge(第344頁)
    • Summary(第345頁)
  • Chapter 11:Data Gathering and Reporting(第347頁)
    • Record now – sort later(第348頁)
    • Old school – the text editor method(第348頁)
    • Dradis framework for collaboration(第353頁)
    • The report(第355頁)
    • Reader challenge(第365頁)
    • Summary(第366頁)
  • Chapter 12:Penetration Testing Challenge(第367頁)
    • Firewall lab setup(第367頁)
    • The scenario(第378頁)
    • The virtual lab setup(第379頁)
    • The challenge(第383頁)
    • The walkthrough(第385頁)
    • Reporting(第391頁)
    • Summary(第392頁)
  • Index(第393頁)
紙本書 NT$ 1920
NT$ 1536

還沒安裝 HyRead 3 嗎?馬上免費安裝~
QR Code