Kooperativer Bibliotheksverbund

UID:

Format: ix, 198 Seiten : , Diagramme.

ISBN: 978-1-78439-293-2

Note: Auf dem Cover: "Quick answers to common problems"

Additional Edition: Erscheint auch als Online-Ausgabe ISBN 1-78439-990-6

Additional Edition: Erscheint auch als Online-Ausgabe ISBN 978-1-78439-990-0

Language: English

Subjects: Computer Science

URL: Inhaltsverzeichnis

UID:

Format: 1 online resource (190 p.)

Edition: 1st edition

ISBN: 1-78398-599-2

Series Statement: Community Experience Distilled

Content: Build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux In Detail As attackers develop more effective and complex ways to compromise computerized systems, penetration testing skills and tools are in high demand. A tester must have varied skills to combat these threats or fall behind. This book provides practical and customizable guides to set up a variety of exciting challenge projects that can then be tested with Kali Linux. Learn how to create, customize, and exploit penetration testing scenarios and assault courses. Start by building flawed fortresses for Windows and Linux servers, allowing your testers to exploit common and not-so-common vulnerabilities to break down the gates and storm the walls. Mimic the human element with practical examples of social engineering projects. Facilitate vulnerable wireless and mobile installations and cryptographic weaknesses, and replicate the Heartbleed vulnerability. Finally, combine your skills and work to create a full red-team assessment environment that mimics the sort of corporate network encountered in the field. What You Will Learn Set up vulnerable services for both Windows and Linux Create dummy accounts for social engineering manipulation Set up Heartbleed replication for vulnerable SSL servers Develop full-size labs to challenge current and potential testers Construct scenarios that can be applied to Capture the Flag style challenges Add physical components to your scenarios and fire USB missile launchers at your opponents Challenge your own projects with a best-practice exploit guide to each scenario

Note: Bibliographic Level Mode of Issuance: Monograph , Intro -- Kali Linux CTF Blueprints -- Table of Contents -- Kali Linux CTF Blueprints -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers, and more -- Why subscribe? -- Free access for Packt account holders -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Reading guide -- A warning -- Conventions -- Reader feedback -- Customer support -- Downloading the example code -- Errata -- Piracy -- Questions -- 1. Microsoft Environments -- Creating a vulnerable machine -- Securing a machine -- Creating a secure network -- Basic requirements -- Setting up a Linux network -- Setting up a Windows network -- Hosting vulnerabilities -- Scenario 1 - warming Adobe ColdFusion -- Setup -- Variations -- Scenario 2 - making a mess with MSSQL -- Setup -- Variations -- Scenario 3 - trivializing TFTP -- Vulnerabilities -- Flag placement and design -- Testing your flags -- Making the flag too easy -- Making your finding too hard -- Alternate ideas -- Post-exploitation and pivoting -- Exploitation guides -- Scenario 1 - traverse the directories like it ain't no thing -- Scenario 2 - your database is bad and you should feel bad -- Scenario 3 - TFTP is holier than the Pope -- Challenge modes -- Summary -- 2. Linux Environments -- Differences between Linux and Microsoft -- The setup -- Scenario 1 - learn Samba and other dance forms -- Setup -- Configuration -- Testing -- Variations -- Information disclosure -- File upload -- Scenario 2 - turning on a LAMP -- Setup -- The PHP -- Variations -- Out-of-date versions -- Login bypass -- SQL injection -- Dangerous PHP -- PHPMyAdmin -- Scenario 3 - destructible distros -- Setup -- Variations -- Scenario 4 - tearing it up with Telnet -- Setup -- Variations -- Default credentials -- Buffer overflows -- Flag placement and design. , Exploitation guides -- Scenario 1 - smashing Samba -- Scenario 2 - exploiting XAMPP -- Scenario 3 - like a privilege -- Scenario 4 - tampering with Telnet -- Summary -- 3. Wireless and Mobile -- Wireless environment setup -- Software -- Hardware -- Scenario 1 - WEP, that's me done for the day -- Code setup -- Network setup -- Scenario 2 - WPA-2 -- Setup -- Scenario 3 - pick up the phone -- Setup -- Important things to remember -- Exploitation guides -- Scenario 1 - rescue the WEP key -- Scenario 2 - potentiating partial passwords -- Scenario 3.1 - be a geodude with geotagging -- Scenario 3.2 - ghost in the machine or man in the middle -- Scenario 3.3 - DNS spoof your friends for fun and profit -- Summary -- 4. Social Engineering -- Scenario 1 - maxss your haxss -- Code setup -- Scenario 2 - social engineering: do no evil -- Setup -- Variations -- Scenario 3 - hunting rabbits -- Core principles -- Potential avenues -- Connecting methods -- Creating an OSINT target -- Scenario 4 - I am a Stegosaurus -- Visual steganography -- Exploitation guides -- Scenario 1 - cookie theft for fun and profit -- Scenario 2 - social engineering tips -- Scenario 3 - exploitation guide -- Scenario 4 - exploitation guide -- Summary -- 5. Cryptographic Projects -- Crypto jargon -- Scenario 1 - encode-ageddon -- Generic encoding types -- Random encoding types -- Scenario 2 - encode + Python = merry hell -- Setup -- Substitution cipher variations -- Scenario 3 - RC4, my god, what are you doing? -- Setup -- Implementations -- Scenario 4 - Hishashin -- Setup -- Hashing variations -- Scenario 5 - because Heartbleed didn't get enough publicity as it is -- Setup -- Variations -- Exploitation guides -- Scenario 1 - decode-alypse now -- Scenario 2 - trans subs and other things that look awkward in your history -- Automatic methods -- Scenario 3 - was that a 1 or a 0 or a 1?. , Scenario 4 - hash outside of Colorado -- Scenario 5 - bleeding hearts -- Summary -- 6. Red Teaming -- Chapter guide -- Scoring systems -- Setting scenarios -- Reporting -- Reporting example -- Reporting explanation -- CTF-style variations -- DEFCON game -- Physical components -- Attack and defense -- Jeopardy -- Scenario 1 - ladders, why did it have to be ladders? -- Network diagram -- Brief -- Setting up virtual machines -- DMZ -- missileman -- secret1 -- secret2 -- secret3 -- Attack guide -- Variations -- Dummy devices -- Combined OSINT trail -- The missile base scenario summary -- Scenario 2 - that's no network, it's a space station -- Network diagram -- Brief -- Setting up a basic network -- Attack of the clones -- Customizing cloned VMs -- Workstation1 -- Workstation2 -- Workstation3 -- Workstation4 -- Workstation5 -- Attack guide -- Variations -- The network base scenario summary -- Summary -- A. Appendix -- Further reading -- Recommended competitions -- Existing vulnerable VMs -- Index. , English

Additional Edition: ISBN 1-78398-598-4

Additional Edition: ISBN 1-322-00677-6

Language: English

Keywords: Electronic books.

URL: Click to View

UID:

Format: 1 online resource (210 pages)

Edition: Third edition.

ISBN: 9781788622745 (e-book)

Note: Includes index. , "Fully revised and updated to cover KRACK."--Cover.

Additional Edition: Print version: Buchanan, Cameron. Kali Linux wireless penetration testing : beginner's guide : master wireless testing techniques to survey and attack wireless networks with Kali Linux, including the KRACK attack. Birmingham, England ; Mumbai, [India] : Packt Publishing, 2017 ISBN 9781788831925

Language: English

Keywords: Electronic books.

URL: Click to View

UID:

Format: 1 online resource (214 p.)

Edition: Second edition.

ISBN: 1-78328-042-5

Content: If you are a security professional, pentester, or anyone interested in getting to grips with wireless penetration testing, this is the book for you. Some familiarity with Kali Linux and wireless concepts is beneficial.

Note: "Learn by doing : less theory, more results." , Includes index. , Cover; Copyright; Credits; About the Authors; About the Reviewer; www.PacktPub.com; Disclaimer; Table of Contents; Preface; Chapter 1: Wireless Lab Setup; Hardware requirements; Software requirements; Installing Kali; Time for action - installing Kali; Setting up the access point; Time for action - configuring the access point; Setting up the wireless card; Time for action - configuring your wireless card; Connecting to the access point; Time for action - configuring your wireless card; Summary; Chapter 2: WLAN and its Inherent Insecurities; Revisiting WLAN frames , Time for action - creating a monitor mode interfaceTime for action - sniffing wireless packets; Time for action - viewing management, control, and data frames; Time for action - sniffing data packets for our network; Time for action - packet injection; Important note on WLAN sniffing and injection; Time for action - experimenting with your adapter; The role of regulatory domains in wireless; Time for action - experimenting with your adapter; Summary; Chapter 3: Bypassing WLAN Authentication; Hidden SSIDs; Time for action - uncovering hidden SSIDs; MAC filters , Time for action - beating MAC filtersOpen Authentication; Time for action - bypassing Open Authentication; Shared Key Authentication; Time for action - bypassing Shared Authentication; Summary; Chapter 4: WLAN Encryption Flaws; WLAN encryption; WEP encryption; Time for action - cracking WEP; WPA/WPA2; Time for action - cracking WPA-PSK weak passphrases; Speeding up WPA/WPA2 PSK cracking; Time for action - speeding up the cracking process; Decrypting WEP and WPA packets; Time for action - decrypting WEP and WPA packets; Connecting to WEP and WPA networks , Time for action - connecting to a WEP networkTime for action - connecting to a WPA network; Summary; Chapter 5: Attacks on the WLAN Infrastructure; Default accounts and credentials on the access point; Time for action - cracking default accounts on the access points; Denial of service attacks; Time for action - deauthentication DoS attacks; Evil twin and access point MAC spoofing; Time for action - evil twins and MAC spoofing; A rogue access point; Time for action - cracking WEP; Summary; Chapter 6: Attacking the Client; Honeypot and Mis-Association attacks , Time for action - orchestrating a Mis-Association attackThe Caffe Latte attack; Time for action - conducting a Caffe Latte attack; Deauthentication and disassociation attacks; Time for action - deauthenticating the client; The Hirte attack; Time for action - cracking WEP with the Hirte attack; AP-less WPA-Personal cracking; Time for action - AP-less WPA cracking; Summary; Chapter 7: Advanced WLAN Attacks; A man-in-the-middle attack; Time for action - man-in-the-middle attack; Wireless Eavesdropping using MITM; Time for action - Wireless Eavesdropping; Session hijacking over wireless , Time for action - session hijacking over wireless , English

Additional Edition: ISBN 1-78328-041-7

Additional Edition: ISBN 1-336-28860-4

Language: English

UID:

Format: 1 online resource (650 pages) : , illustrations (some color)

Edition: 1st edition

ISBN: 1-78712-097-X

Series Statement: Learning path

Content: Unleash the power of Python scripting to execute effective and efficient penetration tests About This Book Sharpen your pentesting skills with Python Develop your fluency with Python to write sharper scripts for rigorous security testing Get stuck into some of the most powerful tools in the security world Who This Book Is For If you are a Python programmer or a security researcher who has basic knowledge of Python programming and wants to learn about penetration testing with the help of Python, this course is ideal for you. Even if you are new to the field of ethical hacking, this course can help you find the vulnerabilities in your system so that you are ready to tackle any kind of attack or intrusion. What You Will Learn Familiarize yourself with the generation of Metasploit resource files and use the Metasploit Remote Procedure Call to automate exploit generation and execution Exploit the Remote File Inclusion to gain administrative access to systems with Python and other scripting languages Crack an organization's Internet perimeter and chain exploits to gain deeper access to an organization's resources Explore wireless traffic with the help of various programs and perform wireless attacks with Python programs Gather passive information from a website using automated scripts and perform XSS, SQL injection, and parameter tampering attacks Develop complicated header-based attacks through Python In Detail Cybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level. In the first module, we'll show you how to get to grips with the fundamentals. This means you'll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. You'll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat. In the next module you'll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even mor...

Note: Authors: Christopher Duffy [and six others]. Cf. Credits page.

Additional Edition: ISBN 1-78712-818-0

Language: English

UID:

Format: 1 online resource (210 pages)

Edition: 3rd edition

Content: Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition presents wireless pentesting from the ground up, and has been updated with the latest methodologies, including full coverage of the KRACK attack. About This Book Learn wireless penetration testing with Kali Linux Detect hidden wireless networks and discover their names Explore advanced Wi-Fi hacking techniques including rogue access point hosting and probe sniffing Develop your encryption cracking skills and gain an insight into the methods used by attackers and the underlying technologies that facilitate these attacks Who This Book Is For Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is suitable for anyone who wants to learn more about pentesting and how to understand and defend against the latest wireless network attacks. What You Will Learn Understand the KRACK attack in full detail Create a wireless lab for your experiments Sniff out wireless packets, hidden networks, and SSIDs Capture and crack WPA-2 keys Sniff probe requests and track users through their SSID history Attack radius authentication systems Sniff wireless traffic and collect interesting data Decrypt encrypted traffic with stolen keys In Detail As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. This has been highlighted again recently with the discovery of the KRACK attack which enables attackers to potentially break into Wi-Fi networks encrypted with WPA2. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes. Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. You'll learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte. Style and approach Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is a practical, hands-on guide to modern wi-fi network hacking. It covers both the theory and practice of wireless pentesting, offering detailed, real-wor...

Additional Edition: ISBN 1-78883-192-6

Language: English