-
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
- 點閱:6
- 作者: by Lee Allen
- 出版社:Packt Publishing Ltd.
- 出版年:2012
- ISBN:9781849517744; 9781849517751
- 格式:EPUB 流式,PDF,JPG
- 頁數:414
- 字數:444261
◆ Learn how to perform an efficient, organized, and effective penetration test from start to finish
◆ Gain hands-on penetration testing experience by building and testing a virtual lab environment that includes commonly found security measures such as IDS and firewalls
◆ Take the challenge and perform a virtual penetration test against a fictional corporation from start to finish and then verify your results by walking through step-by-step solutions
◆ Detailed step-by-step guidance on managing testing results and writing clearly organized and effective penetration testing reports
◆ Properly scope your penetration test to avoid catastrophe
◆ Use advanced techniques to bypass security controls and remain hidden while testing
◆ Create a segmented virtual network with several targets, IDS and firewall
◆ Generate testing reports and statistics
◆ Perform an efficient, organized, and effective penetration test from start to finish
Although the book is intended for someone that has a solid background in information security the step-by-step instructions make it easy to follow for all skill levels.
You will learn Linux skills, how to setup your own labs, and much much more.
- Preface
- Chapter 1:Planning and Scoping for a Successful Penetration Test
- Introduction to advanced penetration testing
- Before testing begins
- Planning for action
- Exploring BackTrack
- Installing OpenOffice
- Effectively manage your test results
- Introduction to the Dradis Framework
- Summary
- Chapter 2:Advanced Reconnaissance Techniques
- Introduction to reconnaissance
- DNS recon
- Gathering and validating domain and IP information
- Using search engines to do your job for you
- Summary
- Chapter 3:Enumeration:Choosing Your Targets Wisely
- Adding another virtual machine to our lab
- Nmap — getting to know you
- SNMP:A goldmine of information just waiting to be discovered
- Creating network baselines with scanPBNJ
- Enumeration avoidance techniques
- Summary
- Chapter 4:Remote Exploitation
- Exploitation – Why bother?
- Target practice – Adding a Kioptrix virtual machine
- Manual exploitation
- Getting files to and from victim machines
- Passwords:Something you know…
- Metasploit — learn it and love it
- Summary
- Chapter 5:Web Application Exploitation
- Practice makes perfect
- Detecting load balancers
- Detecting Web Application Firewalls(WAF)
- Taking on Level 3 – Kioptrix
- Web Application Attack and Audit Framework(w3af)
- Introduction to Mantra
- Summary
- Chapter 6:Exploits and Client-Side Attacks
- Buffer overflows—A refresher
- Introduction to fuzzing
- Introducing vulnserver
- Fuzzing tools included in BackTrack
- Fast-Track
- Social Engineering Toolkit
- Summary
- Chapter 7:Post-Exploitation
- Rules of engagement
- Data gathering, network analysis, and pillaging
- Pivoting
- Summary
- Chapter 8:Bypassing Firewalls and Avoiding Detection
- Lab preparation
- Stealth scanning through the firewall
- Now you see me, now you don't — Avoiding IDS
- Blending in
- Looking at traffic patterns
- Cleaning up compromised hosts
- Miscellaneous evasion techniques
- Summary
- Chapter 9:Data Collection Tools and Reporting
- Record now — Sort later
- Old school — The text editor method
- Dradis framework for collaboration
- The report
- Challenge to the reader
- Summary
- Chapter 10:Setting Up Virtual Test Lab Environments
- Why bother with setting up labs?
- Keeping it simple
- Adding complexity or emulating target environments
- Summary
- Chapter 11:Take the Challenge – Putting It All Together
- The scenario
- The setup
- The challenge
- The walkthrough
- Reporting
- Summary
- Index