UID:
almahu_9949987789702882
Umfang:
1 online resource (404 pages) :
,
illustrations (chiefly color).
Ausgabe:
Third edition.
ISBN:
9780443264795
,
0443264791
Serie:
Beiträge Zur Komparativen Theologie Series ; Volume 41
Inhalt:
Professional Penetration Testing: Creating and Learning in a Hacking Lab, Third Edition walks the reader through the entire process of setting up and running a pen test lab. Penetration testing—the act of testing a computer network to find security vulnerabilities before they are maliciously exploited—is a crucial component of information security in any organization. Chapters cover planning, metrics, and methodologies, the details of running a pen test, including identifying and verifying vulnerabilities, and archiving, reporting and management practices. The material presented will be useful to beginners through advanced practitioners. Here, author Thomas Wilhelm has delivered penetration testing training to countless security professionals, and now through the pages of this book, the reader can benefit from his years of experience as a professional penetration tester and educator. After reading this book, the reader will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios. "...this is a detailed and thorough examination of both the technicalities and the business of pen-testing, and an excellent starting point for anyone getting into the field." –Network Security.
Anmerkung:
Front Cover -- Professional Penetration Testing: Creating and Learning in a Hacking Lab -- Copyright Page -- Contents -- About the author -- About the technical editor -- Preface -- Acknowledgments -- 1 Introduction -- Introduction -- About this edition -- Who is this book written for? -- Getting set up -- Professional penetration testing -- Online supporting materials -- Pentest.TV -- Vulnerable virtual machines -- Physical devices -- About the author -- Consultant versus in-house expert -- Principal consultant versus practice director -- Offensive versus defensive -- Remote versus in-office work -- Pentesting focus-application versus networking -- Freelance versus employed work -- Summary -- 2 Ethics and hacking -- Introduction -- Getting permission to hack -- Code of Ethics Canons-ISC2 -- Why stay ethical? -- Black Hat hackers -- White Hat hackers -- Gray Hat hackers -- Ethical standards -- Certifications -- Respect for the public -- Respect for the certification -- Respect for my employer -- Respect for myself -- Contractor -- Employer -- Educational and institutional organizations -- Information Systems Security Association -- Internet Activities Board -- Institute of Electrical and Electronics Engineers -- Computer crime laws -- Types of Laws -- Civil law -- Criminal law -- Administrative/regulatory law -- Type of computer crimes and attacks -- US federal laws -- US state laws -- International laws -- Treaties -- Canada -- United Kingdom -- Australia -- Japan -- Safe Harbor and Directive 95/46/EC -- Contractual agreements -- Confidentiality agreement -- Company obligations -- Contractor obligations -- Auditing and monitoring -- Conflict management -- Summary -- References -- 3 Picking your pentesting focus -- Introduction -- Hacking domains -- Code penetration testing -- Static Application Security Testing.
,
Dynamic Application Security Testing -- Interactive Application Security Testing -- Fuzz testing -- Injection testing -- Authentication and authorization testing -- Session management testing -- Data validation testing -- Cryptographic testing -- Error handling and logging testing -- Mobile application testing -- Internet of Things application testing -- Code review -- Reverse engineering -- Network penetration testing -- External -- Internal -- Wireless -- Network device -- Zero trust -- Cloud penetration testing -- Red Team assessments -- Physical penetration testing -- Security control bypass -- Surveillance and reconnaissance -- Alarm system testing -- Social engineering -- Security personnel and guard response -- Summary -- 4 Setting up your labs -- Introduction -- Targets in a pentest lab -- Virtual network pentest labs -- What is a virtual machine? -- Virtualization engine lab -- Docker pentest lab -- Cloud-based pentest lab -- Advanced hardware-based pentest lab -- Hardware considerations -- Routers -- Firewalls -- Intrusion detection system/intrusion prevention system -- Physical hardware lab -- Virtual hardware lab -- Subscription-based hacking lab -- Protecting the lab -- Protecting penetration test data -- Data encryption -- Data hashing -- Wireless lab data -- Configuring the lab network -- Summary -- 5 The Cyber Kill Chain -- Introduction -- Definitions -- Methodology -- Framework -- Playbooks -- Cyber Kill Chain methodology -- Reconnaissance -- Weaponization -- Delivery -- Exploitation -- Installation -- Command & -- Control (C2) -- Actions on Objectives -- Security team responses -- Frameworks -- Playbooks -- Management of a pentest -- Project Management Body of Knowledge -- Introduction to Project Management Body of Knowledge -- Initiating Process group -- Planning Process group -- Executing Process group -- Closing Process group.
,
Monitoring and Controlling Process group -- Project team members -- Roles and responsibilities -- Team champion -- Project manager -- Pentest engineers -- Project management -- Initiating stage -- Planning stage -- Executing Stage -- Monitoring and controlling -- Closing stage -- Formal project review -- Effort evaluation -- Identification of new projects -- Future project priority identification -- Solo pentesting -- Initiating stage -- Planning Process stage -- Executing stage -- Closing stage -- Monitoring and controlling -- Archiving data -- Should you keep data? -- Legal issues -- Email -- Findings and reports -- Securing documentation -- Access controls -- Archival methods -- Archival locations -- Destruction policies -- Cleaning up your lab -- Archiving lab data -- Proof of concepts -- Malware analysis -- Creating and using system images -- License issues -- Virtual machines -- "Ghost" images -- Creating a "Clean Shop" -- Sanitization methods -- Using hashes -- Change management controls -- Planning for your next pentest -- Risk management register -- Creating a risk management register -- Prioritization of risks and responses -- Knowledge database -- Creating a knowledge database -- Sanitization of findings -- Project management knowledge database -- After-action review -- Project assessments -- Team assessments -- Training proposals -- Summary -- References -- 6 Reconnaissance -- Introduction -- Mapping framework to methodology -- Intelligence Gathering -- Open Source Intelligence -- Covert Gathering -- Footprinting -- Identify Protection Mechanisms -- Threat Modeling -- Business Asset Analysis -- Business Process Analysis -- Threat Agents/Community Analysis -- Threat Capability Analysis -- Motivation Modeling -- News on Compromises -- Vulnerability Analysis -- Testing -- Validation -- Research -- Intelligence Gathering.
,
Open Source Intelligence -- Corporate -- Individual -- Covert Gathering -- Corporate -- HUMINT -- Footprinting -- External Footprinting -- Passive reconnaissance -- Active footprinting -- Establish external target list -- Internal Footprinting -- Passive reconnaissance -- Identify customer internal ranges -- Vulnerability analysis -- Testing -- Active -- Nmap scripts -- Default login scans -- Vulnerability scanners -- Fuzzing -- Passive -- Validation -- Manual testing/protocol-specific -- Attack avenues -- Research -- Summary -- 7 Weaponization -- Introduction -- Mapping framework to methodology -- Countermeasures -- Antivirus -- Encoding -- Packing -- Encrypting -- Whitelist bypass/process injection/purely memory resident -- Human -- Data Execution Prevention -- Address Space Layout Randomization -- Web Application Firewall -- Approaches to exploitation -- Types of vulnerabilities -- Insecure Coding -- Misconfiguration -- Social -- Environmental -- Metasploit Framework -- Summary -- 8 Delivery -- Introduction -- Mapping framework to methodology -- Insecure coding -- Adjusting speed -- Adjusting packet size -- Misconfiguration -- Social -- Baiting -- Phishing -- Pretexting -- Environmental -- Hotplug attacks -- Implants -- Ingress tools -- Summary -- Reference -- 9 Exploitation -- Introduction -- Mapping framework to methodology -- Precision strike -- Fuzzing -- Traffic analysis -- Vulnerabilities -- Insecure coding -- FTP -- Simple Mail Transfer Protocol -- Server Message Block -- Network File Shares -- MySQL -- PostgreSQL -- SSH -- Virtual Network Computing -- Misconfiguration -- Remote password attacks -- Layer-2 attacks -- Summary -- 10 Installation -- Introduction -- Mapping framework to methodology -- Rule of engagement -- Protect the client -- Securing documentation -- Access controls -- Archival methods -- Protecting yourself.
,
Persistent access -- Meterpreter -- Opening shell access -- Create account/service -- Summary -- 11 Command and Control -- Introduction -- Mapping framework to methodology -- Command line -- Windows -- Linux -- Local privilege attack -- Step 1-Transfer 8572.c file -- Step 2-Compile 8572.c file -- Step 3-Identify UDEV process ID -- Step 4-Create /tmp/run file -- Step 5-Launch the exploit -- Step 6-Connect as root to Metasploitable listener -- Meterpreter -- Windows -- Add user -- Local password attacks -- Dictionary attacks -- Special characters -- Word mangling -- Summary -- 12 Actions on Objectives -- Introduction -- Mapping framework to methodology -- Pillaging -- Installed programs -- Installed services -- Sensitive data -- Keylogging -- Screen capture -- Network traffic capture -- User information -- High value/profile targets -- Data exfiltration -- Mapping -- Testing -- Measuring -- Artificial intelligence -- Summary -- Reference -- 13 Targeting the network -- Introduction -- Wireless network protocols -- Wi-Fi Protected Access attack -- Wired Equivalent Privacy Attack -- Wi-Fi Protected Access Enterprise -- Simple Network Management Protocol -- Networking attacks -- Summary -- 14 Web application attack techniques -- Introduction -- Burp Suite -- OWASP -- Software Assurance Maturity Model -- Web Security Testing Framework -- Mobile Application Security -- OWASP Top 10 -- Broken access control -- Cryptographic failures -- Injection -- Insecure design -- Security misconfiguration -- Vulnerable and outdated components -- Identification and authentication failures -- Software and Data Integrity Failures -- Security logging and monitoring failures -- Server-side request forgery -- Summary -- 15 Cloud testing -- Introduction -- Cloud pentesting labs -- IAM-Vulnerable -- Subscription services -- Cloud security review -- Cloud pentest -- Summary.
,
16 Reporting results.
Weitere Ausg.:
ISBN 9780443264788
Weitere Ausg.:
ISBN 0443264783
Sprache:
Englisch
Bookmarklink
