• Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
  • 點閱:3
  • 作者: by Lee Allen
  • 出版社:Packt Publishing Ltd.
  • 出版年:2012
  • ISBN:9781849517744; 9781849517751
  • 格式:EPUB 流式,PDF,JPG

◆ Learn how to perform an efficient, organized, and effective penetration test from start to finish
◆ Gain hands-on penetration testing experience by building and testing a virtual lab environment that includes commonly found security measures such as IDS and firewalls
◆ Take the challenge and perform a virtual penetration test against a fictional corporation from start to finish and then verify your results by walking through step-by-step solutions
◆ Detailed step-by-step guidance on managing testing results and writing clearly organized and effective penetration testing reports
◆ Properly scope your penetration test to avoid catastrophe

◆ Understand in detail how the testing process works from start to finish, not just how to use specific tools
◆ Use advanced techniques to bypass security controls and remain hidden while testing
◆ Create a segmented virtual network with several targets, IDS and firewall
◆ Generate testing reports and statistics
◆ Perform an efficient, organized, and effective penetration test from start to finish
Although the book is intended for someone that has a solid background in information security the step-by-step instructions make it easy to follow for all skill levels.
You will learn Linux skills, how to setup your own labs, and much much more.

Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500.
His journey into the exciting world of security began in the 1980s while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5.25-inch diskettes.
Throughout the years, he has continued his attempts at remaining up-to-date with the latest and greatest in the security industry and the security community.
He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years.
His hobbies and obsessions include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, 3D Game development, and skiing.

He is currently working on his next project which is focused on teaching penetration testing skills using a unique integrated blend of 3D Gaming and hands on learning.
After all learning should be fun!
Lee can be found at @tallenz on twitter.com.

  • Preface
  • Chapter 1:Planning and Scoping for a Successful Penetration Test
    • Introduction to advanced penetration testing
    • Before testing begins
    • Planning for action
    • Exploring BackTrack
    • Installing OpenOffice
    • Effectively manage your test results
    • Introduction to the Dradis Framework
    • Summary
  • Chapter 2:Advanced Reconnaissance Techniques
    • Introduction to reconnaissance
    • DNS recon
    • Gathering and validating domain and IP information
    • Using search engines to do your job for you
    • Summary
  • Chapter 3:Enumeration:Choosing Your Targets Wisely
    • Adding another virtual machine to our lab
    • Nmap — getting to know you
    • SNMP:A goldmine of information just waiting to be discovered
    • Creating network baselines with scanPBNJ
    • Enumeration avoidance techniques
    • Summary
  • Chapter 4:Remote Exploitation
    • Exploitation – Why bother?
    • Target practice – Adding a Kioptrix virtual machine
    • Manual exploitation
    • Getting files to and from victim machines
    • Passwords:Something you know…
    • Metasploit — learn it and love it
    • Summary
  • Chapter 5:Web Application Exploitation
    • Practice makes perfect
    • Detecting load balancers
    • Detecting Web Application Firewalls(WAF)
    • Taking on Level 3 – Kioptrix
    • Web Application Attack and Audit Framework(w3af)
    • Introduction to Mantra
    • Summary
  • Chapter 6:Exploits and Client-Side Attacks
    • Buffer overflows—A refresher
    • Introduction to fuzzing
    • Introducing vulnserver
    • Fuzzing tools included in BackTrack
    • Fast-Track
    • Social Engineering Toolkit
    • Summary
  • Chapter 7:Post-Exploitation
    • Rules of engagement
    • Data gathering, network analysis, and pillaging
    • Pivoting
    • Summary
  • Chapter 8:Bypassing Firewalls and Avoiding Detection
    • Lab preparation
    • Stealth scanning through the firewall
    • Now you see me, now you don't — Avoiding IDS
    • Blending in
    • Looking at traffic patterns
    • Cleaning up compromised hosts
    • Miscellaneous evasion techniques
    • Summary
  • Chapter 9:Data Collection Tools and Reporting
    • Record now — Sort later
    • Old school — The text editor method
    • Dradis framework for collaboration
    • The report
    • Challenge to the reader
    • Summary
  • Chapter 10:Setting Up Virtual Test Lab Environments
    • Why bother with setting up labs?
    • Keeping it simple
    • Adding complexity or emulating target environments
    • Summary
  • Chapter 11:Take the Challenge – Putting It All Together
    • The scenario
    • The setup
    • The challenge
    • The walkthrough
    • Reporting
    • Summary
  • Index
紙本書 NT$ 1920
NT$ 1152

還沒安裝 HyRead 3 嗎?馬上免費安裝~
QR Code