• Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
  • 點閱:40
  • 作者: by Lee Allen
  • 出版社:Packt Publishing Ltd.
  • 出版年:2012
  • ISBN:9781849517744; 9781849517751
  • 格式:EPUB 流式,PDF

◆ Learn how to perform an efficient, organized, and effective penetration test from start to finish
◆ Gain hands-on penetration testing experience by building and testing a virtual lab environment that includes commonly found security measures such as IDS and firewalls
◆ Take the challenge and perform a virtual penetration test against a fictional corporation from start to finish and then verify your results by walking through step-by-step solutions
◆ Detailed step-by-step guidance on managing testing results and writing clearly organized and effective penetration testing reports
◆ Properly scope your penetration test to avoid catastrophe

◆ Understand in detail how the testing process works from start to finish, not just how to use specific tools
◆ Use advanced techniques to bypass security controls and remain hidden while testing
◆ Create a segmented virtual network with several targets, IDS and firewall
◆ Generate testing reports and statistics
◆ Perform an efficient, organized, and effective penetration test from start to finish
Although the book is intended for someone that has a solid background in information security the step-by-step instructions make it easy to follow for all skill levels.
You will learn Linux skills, how to setup your own labs, and much much more.

Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500.
His journey into the exciting world of security began in the 1980s while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5.25-inch diskettes.
Throughout the years, he has continued his attempts at remaining up-to-date with the latest and greatest in the security industry and the security community.
He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years.
His hobbies and obsessions include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, 3D Game development, and skiing.

He is currently working on his next project which is focused on teaching penetration testing skills using a unique integrated blend of 3D Gaming and hands on learning.
After all learning should be fun!
Lee can be found at @tallenz on twitter.com.

  • Preface(第1頁)
  • Chapter 1:Planning and Scoping for a Successful Penetration Test(第7頁)
    • Introduction to advanced penetration testing(第7頁)
    • Before testing begins(第10頁)
    • Planning for action(第14頁)
    • Exploring BackTrack(第24頁)
    • Installing OpenOffice(第26頁)
    • Effectively manage your test results(第26頁)
    • Introduction to the Dradis Framework(第32頁)
    • Summary(第42頁)
  • Chapter 2:Advanced Reconnaissance Techniques(第43頁)
    • Introduction to reconnaissance(第44頁)
    • DNS recon(第47頁)
    • Gathering and validating domain and IP information(第61頁)
    • Using search engines to do your job for you(第64頁)
    • Summary(第78頁)
  • Chapter 3:Enumeration:Choosing Your Targets Wisely(第79頁)
    • Adding another virtual machine to our lab(第80頁)
    • Nmap — getting to know you(第84頁)
    • SNMP:A goldmine of information just waiting to be discovered(第100頁)
    • Creating network baselines with scanPBNJ(第106頁)
    • Enumeration avoidance techniques(第111頁)
    • Summary(第113頁)
  • Chapter 4:Remote Exploitation(第115頁)
    • Exploitation – Why bother?(第115頁)
    • Target practice – Adding a Kioptrix virtual machine(第116頁)
    • Manual exploitation(第118頁)
    • Getting files to and from victim machines(第137頁)
    • Passwords:Something you know…(第140頁)
    • Metasploit — learn it and love it(第148頁)
    • Summary(第158頁)
  • Chapter 5:Web Application Exploitation(第159頁)
    • Practice makes perfect(第160頁)
    • Detecting load balancers(第177頁)
    • Detecting Web Application Firewalls(WAF)(第180頁)
    • Taking on Level 3 – Kioptrix(第182頁)
    • Web Application Attack and Audit Framework(w3af)(第182頁)
    • Introduction to Mantra(第197頁)
    • Summary(第200頁)
  • Chapter 6:Exploits and Client-Side Attacks(第201頁)
    • Buffer overflows—A refresher(第202頁)
    • Introduction to fuzzing(第210頁)
    • Introducing vulnserver(第213頁)
    • Fuzzing tools included in BackTrack(第215頁)
    • Fast-Track(第227頁)
    • Social Engineering Toolkit(第233頁)
    • Summary(第237頁)
  • Chapter 7:Post-Exploitation(第239頁)
    • Rules of engagement(第240頁)
    • Data gathering, network analysis, and pillaging(第242頁)
    • Pivoting(第284頁)
    • Summary(第286頁)
  • Chapter 8:Bypassing Firewalls and Avoiding Detection(第287頁)
    • Lab preparation(第288頁)
    • Stealth scanning through the firewall(第297頁)
    • Now you see me, now you don't — Avoiding IDS(第301頁)
    • Blending in(第304頁)
    • Looking at traffic patterns(第306頁)
    • Cleaning up compromised hosts(第308頁)
    • Miscellaneous evasion techniques(第309頁)
    • Summary(第311頁)
  • Chapter 9:Data Collection Tools and Reporting(第313頁)
    • Record now — Sort later(第314頁)
    • Old school — The text editor method(第314頁)
    • Dradis framework for collaboration(第319頁)
    • The report(第322頁)
    • Challenge to the reader(第330頁)
    • Summary(第331頁)
  • Chapter 10:Setting Up Virtual Test Lab Environments(第333頁)
    • Why bother with setting up labs?(第333頁)
    • Keeping it simple(第334頁)
    • Adding complexity or emulating target environments(第343頁)
    • Summary(第354頁)
  • Chapter 11:Take the Challenge – Putting It All Together(第355頁)
    • The scenario(第355頁)
    • The setup(第356頁)
    • The challenge(第362頁)
    • The walkthrough(第363頁)
    • Reporting(第377頁)
    • Summary(第378頁)
  • Index(第379頁)
紙本書 NT$ 1920
NT$ 1152

還沒安裝 HyRead 3 嗎?馬上免費安裝~
QR Code