Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals

(ebook) (audiobook) (audiobook)

Autorzy:: Lee Allen, Shakeel Ali, Tedi Heriyanto

+139 pkt

Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals Lee Allen, Shakeel Ali, Tedi Heriyanto - okładka ebooka

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 454
Dostępne formaty:: PDF

ePub

Mobi

+139 pkt

Ebook

139,00 zł

Dodaj do koszyka lub Kup na prezent
Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Wybrane bestsellery

O autorach ebooka

Lee Allen is the associate director at Ohio State University. He specializes in information security, penetration testing, security research, task automation, risk management, data analysis, and 3D application development.

Shakeel Ali is a senior cybersecurity consultant at a global Fortune 500 organization. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, attack simulations, SOC/CSIRC facilitation, incident response, and forensic projects that he carries out in day-to-day operations. He is an independent researcher who writes various articles and white papers to provide insights into threat intelligence, and also provides constant security support to various businesses globally.

Tedi Heriyanto currently works as an information security analyst at a Fortune 500 company. He has experience of designing secure network architectures, deploying and managing enterprise-wide security systems, developing information security policies and procedures, performing various network, web, and mobile application penetration testing, and giving information security training. In his spare time, he deepens his knowledge and skills in information fields.

Lee Allen, Shakeel Ali, Tedi Heriyanto - pozostałe książki

Ebooka "Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolnych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals" zobaczysz:

Oceny i opinie klientów: Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals Lee Allen, Shakeel Ali, Tedi Heriyanto (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły ebooka

Tytuł oryginału:: Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals.
ISBN Ebooka:: 978-18-495-1949-6, 9781849519496
Data wydania ebooka:: 2014-04-07 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 7.8MB
Rozmiar pliku ePub:: 17.8MB
Rozmiar pliku Mobi:: 27.0MB

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking » Testy penetracyjne

Informatyka » Systemy operacyjne » Linux

Spis treści ebooka

Kali Linux Assuring Security by Penetration Testing
- Table of Contents
- Kali Linux Assuring Security by Penetration Testing
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
  - Support files, eBooks, discount offers and more
    - Why Subscribe?
    - Free Access for Packt account holders
- Disclaimer
- Preface
  - What this book covers
  - What you need for this book
  - Who this book is for
  - Conventions
  - Reader feedback
  - Customer support
    - Errata
    - Piracy
    - Questions
- I. Lab Preparation and Testing Procedures
  - 1. Beginning with Kali Linux
    - A brief history of Kali Linux
    - Kali Linux tool categories
    - Downloading Kali Linux
    - Using Kali Linux
      - Running Kali using Live DVD
      - Installing on a hard disk
        
        Installing Kali on a physical machine
        
        Installing Kali on a virtual machine
        
        Installing Kali on a virtual machine from the ISO image
        
        Installing Kali in a virtual machine using the provided Kali VM image
      - Installing Kali on a USB disk
    - Configuring the virtual machine
      - VirtualBox guest additions
      - Setting up networking
        
        Setting up a wired connection
        
        Setting up a wireless connection
        
        Starting the network service
      - Configuring shared folders
      - Saving the guest machine state
      - Exporting a virtual machine
    - Updating Kali Linux
    - Network services in Kali Linux
      - HTTP
      - MySQL
      - SSH
    - Installing a vulnerable server
    - Installing additional weapons
      - Installing the Nessus vulnerability scanner
      - Installing the Cisco password cracker
    - Summary
  - 2. Penetration Testing Methodology
    - Types of penetration testing
      - Black box testing
      - White box testing
    - Vulnerability assessment versus penetration testing
    - Security testing methodologies
      - Open Source Security Testing Methodology Manual (OSSTMM)
        
        Key features and benefits
      - Information Systems Security Assessment Framework (ISSAF)
        
        Key features and benefits
      - Open Web Application Security Project (OWASP)
        
        Key features and benefits
      - Web Application Security Consortium Threat Classification (WASC-TC)
        
        Key features and benefits
    - Penetration Testing Execution Standard (PTES)
      - Key features and benefits
    - General penetration testing framework
      - Target scoping
      - Information gathering
      - Target discovery
      - Enumerating target
      - Vulnerability mapping
      - Social engineering
      - Target exploitation
      - Privilege escalation
      - Maintaining access
      - Documentation and reporting
    - The ethics
    - Summary
- II. Penetration Testers Armory
  - 3. Target Scoping
    - Gathering client requirements
      - Creating the customer requirements form
      - The deliverables assessment form
    - Preparing the test plan
      - The test plan checklist
    - Profiling test boundaries
    - Defining business objectives
    - Project management and scheduling
    - Summary
  - 4. Information Gathering
    - Using public resources
    - Querying the domain registration information
    - Analyzing the DNS records
      - host
      - dig
      - dnsenum
      - dnsdict6
      - fierce
      - DMitry
      - Maltego
    - Getting network routing information
      - tcptraceroute
      - tctrace
    - Utilizing the search engine
      - theharvester
      - Metagoofil
    - Summary
  - 5. Target Discovery
    - Starting off with target discovery
    - Identifying the target machine
      - ping
      - arping
      - fping
      - hping3
      - nping
      - alive6
      - detect-new-ip6
      - passive_discovery6
      - nbtscan
    - OS fingerprinting
      - p0f
      - Nmap
    - Summary
  - 6. Enumerating Target
    - Introducing port scanning
      - Understanding the TCP/IP protocol
      - Understanding the TCP and UDP message format
    - The network scanner
      - Nmap
        
        Nmap target specification
        
        Nmap TCP scan options
        
        Nmap UDP scan options
        
        Nmap port specification
        
        Nmap output options
        
        Nmap timing options
        
        Nmap useful options
        
        Service version detection
        
        Operating system detection
        
        Disabling host discovery
        
        Aggressive scan
        
        Nmap for scanning the IPv6 target
        
        The Nmap scripting engine
        
        Nmap options for Firewall/IDS evasion
      - Unicornscan
      - Zenmap
      - Amap
    - SMB enumeration
    - SNMP enumeration
      - onesixtyone
      - snmpcheck
    - VPN enumeration
      - ike-scan
    - Summary
  - 7. Vulnerability Mapping
    - Types of vulnerabilities
      - Local vulnerability
      - Remote vulnerability
    - Vulnerability taxonomy
    - Open Vulnerability Assessment System (OpenVAS)
      - Tools used by OpenVAS
    - Cisco analysis
      - Cisco auditing tool
      - Cisco global exploiter
    - Fuzz analysis
      - BED
      - JBroFuzz
    - SMB analysis
      - Impacket Samrdump
    - SNMP analysis
      - SNMP Walk
    - Web application analysis
      - Database assessment tools
        
        DBPwAudit
        
        SQLMap
        
        SQL Ninja
      - Web application assessment
        
        Burp Suite
        
        Nikto2
        
        Paros proxy
        
        W3AF
        
        WafW00f
        
        WebScarab
    - Summary
  - 8. Social Engineering
    - Modeling the human psychology
    - Attack process
    - Attack methods
      - Impersonation
      - Reciprocation
      - Influential authority
    - Scarcity
    - Social relationship
    - Social Engineering Toolkit (SET)
      - Targeted phishing attack
    - Summary
  - 9. Target Exploitation
    - Vulnerability research
    - Vulnerability and exploit repositories
    - Advanced exploitation toolkit
      - MSFConsole
      - MSFCLI
      - Ninja 101 drills
        
        Scenario 1
        
        Scenario 2
        
        SNMP community scanner
        
        VNC blank authentication scanner
        
        IIS6 WebDAV unicode auth bypass
        
        Scenario 3
        
        Bind shell
        
        Reverse shell
        
        Meterpreter
        
        Scenario 4
        
        Generating a binary backdoor
        
        Automated browser exploitation
      - Writing exploit modules
    - Summary
  - 10. Privilege Escalation
    - Privilege escalation using a local exploit
    - Password attack tools
      - Offline attack tools
        
        hash-identifier
        
        Hashcat
        
        RainbowCrack
        
        samdump2
        
        John
        
        Johnny
        
        Ophcrack
        
        Crunch
      - Online attack tools
        
        CeWL
        
        Hydra
        
        Medusa
    - Network spoofing tools
      - DNSChef
        
        Setting up a DNS proxy
        
        Faking a domain
      - arpspoof
      - Ettercap
    - Network sniffers
      - dsniff
      - tcpdump
      - Wireshark
    - Summary
  - 11. Maintaining Access
    - Using operating system backdoors
      - Cymothoa
      - Intersect
      - The meterpreter backdoor
    - Working with tunneling tools
      - dns2tcp
      - iodine
        
        Configuring the DNS server
        
        Running the iodine server
        
        Running the iodine client
      - ncat
      - proxychains
      - ptunnel
      - socat
        
        Getting HTTP header information
        
        Transferring files
      - sslh
      - stunnel4
    - Creating web backdoors
      - WeBaCoo
      - weevely
      - PHP meterpreter
    - Summary
  - 12. Documentation and Reporting
    - Documentation and results verification
    - Types of reports
      - The executive report
      - The management report
      - The technical report
    - Network penetration testing report (sample contents)
    - Preparing your presentation
    - Post-testing procedures
    - Summary
- III. Extra Ammunition
  - A. Supplementary Tools
    - Reconnaissance tool
    - Vulnerability scanner
      - NeXpose Community Edition
        
        Installing NeXpose
        
        Starting the NeXpose community
        
        Logging in to the NeXpose community
        
        Using the NeXpose community
    - Web application tools
      - Golismero
      - Arachni
      - BlindElephant
    - Network tool
      - Netcat
        
        Open connection
        
        Service banner grabbing
        
        Simple chat server
        
        File transfer
        
        Portscanning
        
        Backdoor shell
        
        Reverse shell
    - Summary
  - B. Key Resources
    - Vulnerability disclosure and tracking
      - Paid incentive programs
    - Reverse engineering resources
    - Penetration testing learning resources
    - Exploit development learning resources
    - Penetration testing on a vulnerable environment
      - Online web application challenges
      - Virtual machines and ISO images
    - Network ports
- Index

pokaż cały spis treści