Verfügbarkeit: Penetration testing fundamentals

Penetration testing fundamentals: a hands-on guide to reliable security audits

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Easttom, Chuck 1968- (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Indianapolis, Indiana Pearson [2018]
Schlagworte:	Penetrationstest Computersicherheit
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	xx, 422 Seiten Illustrationen
ISBN:	9780789759375 0789759373

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV044527302
003	DE-604
005	20180828
007	t
008	171009s2018 a\|\|\| \|\|\|\| 00\|\|\| eng d
020			\|a 9780789759375 \|9 978-0-7897-5937-5
020			\|a 0789759373 \|9 0-7897-5937-3
035			\|a (OCoLC)1043736674
035			\|a (DE-599)BVBBV044527302
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
049			\|a DE-91G \|a DE-739 \|a DE-20
084			\|a ST 276 \|0 (DE-625)143642: \|2 rvk
084			\|a DAT 461f \|2 stub
100	1		\|a Easttom, Chuck \|d 1968- \|e Verfasser \|0 (DE-588)1079935274 \|4 aut
245	1	0	\|a Penetration testing fundamentals \|b a hands-on guide to reliable security audits \|c Chuck Easttom
264		1	\|a Indianapolis, Indiana \|b Pearson \|c [2018]
300			\|a xx, 422 Seiten \|b Illustrationen
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650	0	7	\|a Penetrationstest \|0 (DE-588)4825817-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
689	0	0	\|a Penetrationstest \|0 (DE-588)4825817-9 \|D s
689	0	1	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0		\|5 DE-604
856	4	2	\|m Digitalisierung UB Passau - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029926665&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-029926665

Datensatz im Suchindex

_version_	1804177875083984896
adam_text	Contents at a Glance Introduction................................................................. 1 1 Introduction to Penetration Testing..................................... 2 2 Standards ............................................................... 24 3 Cryptography ........................................................... 46 4 Reconnaissance........................................................... 76 5 Malware................................................................. 102 6 Hacking Windows..........................................................126 7 Web Hacking............................................................. 154 8 Vulnerability Scanning.................................................. 178 9 Introduction to Linux....................................................204 10 Linux Hacking...........................................................236 11 Introduction to Kali Linux..............................................258 12 General Hacking Techniques..............................................274 13 Introduction to Metasploit..............................................286 14 More with Metasploit....................................................312 15 Introduction to Scripting with Ruby.....................................328 16 Write Your Own Metasploit Exploits with Ruby............................342 17 General Hacking Knowledge...............................................354 18 Additional Pen Testing Topics...........................................366 19 A Sample Pen Test Project...............................................386 Appendix A: Answers to Chapter Multiple Choice Questions....................394 Index.......................................................................400 Table of Contents Introduction 1 Chapter 1: Introduction to Penetration Testing 2 What Is Penetration Testing?................................................ 3 Audits........................................................... 3 Vulnerability Scans.............................................. 3 Penetration Tests................................................ 4 The Hybrid Test.................................................. 5 Terminology................................................................. 5 Methodologies............................................................... 7 Nature of the Test............................................... 7 Approaches....................................................... 9 Ethical Issues............................................................. 10 Everything Is Confidential...................................... 11 Keep in Your Lane............................................... 12 If You Break It, You Bought It.................................. 12 Legal Issues............................................................... 12 Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030 ........................................... 12 Unlawful Access to Stored Communications: 18 U.S. Code §2701 ............................................ 13 Identity Theft Enforcement and Restitution Act.................. 14 Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029............................. 14 State Laws...................................................... 14 International Laws.............................................. 14 Certifications............................................................. 16 CEH............................................................. 17 GPEN........................................................... 17 OSCP........................................................... 18 Mile2.......................................................... 18 CISSP.......................................................... 18 PPT.............................................................19 This Book and Certifications................................... 19 Careers in Penetration Testing.......................... 19 Security Administrators.........................................20 Commercial Penetration Testing..................................20 Government/National Defense.....................................20 Law Enforcement.................................................21 Building Your Skillset...............................21 Summary....................................................................22 Test Your Skills...........................................................22 Chapter 2: Standards 24 PCI DSS....................................................................25 The Actual Test.................................................26 NIST 800-115.............................................................. 27 Planning........................................................27 Execution.......................................................28 Post-Execution..................................................29 National Security Agency InfoSec Assessment Methodology (NSA-IAM)..........30 PTES.......................................................................31 CREST (UK).................................................................33 A Synthesis (Putting Standards Together into a Single Unified Approach)..33 Pre-Engagement..................................................34 The Actual Test.................................................35 Reporting.......................................................36 Related Standards.................................38 OWASP...........................................................39 Other Standards......................................................... 39 ISO 27002 ................................................. 39 NIST 800-12, Revision 1...................................... 40 NIST 800-14.................................................. 41 Summary..................................................................43 Test Your Skills........................................................ 43 Chapter 3: Cryptography 46 Cryptography Basics..................................................... 46 History of Encryption................................................... 47 The Caesar Cipher............................................ 47 Atbash........................................................48 Multi-Alphabet Substitution...................................49 Rail Fence................................................... 50 Modern Methods.......................................................... 50 Symmetric Encryption......................................... 51 Modification of Symmetric Methods............................ 53 Practical Applications....................................... 54 Public Key (Asymmetric) Encryption...................................... 54 Digital Signatures...................................................... 58 Hashing................................................................. 59 MD5.......................................................... 59 SHA...........................................................59 RIPEMD....................................................... 60 Windows Hashing...............................................60 MAC and HMAC.............................................................60 Rainbow Tables............................................... 61 Pass the Hash................................................ 63 Password Crackers....................................................... 64 Steganography............................................................. 65 Historical Steganography....................................... 65 Methods and Tools.............................................. 66 Cryptanalysis............................................................. 68 Frequency Analysis............................................. 68 Modern Methods................................................. 69 Practical Application.......................................... 70 Learning More............................................................. 71 Summary................................................................... 73 Test Your Skills.......................................................... 73 Chapter 4: Reconnaissance 76 Passive Scanning Techniques............................................... 77 Netcraft....................................................... 77 BuiltWith...................................................... 78 Archive.org.................................................... 79 Shodan......................................................... 80 Social Media.................................................. 82 Google Searching............................................... 82 Active Scanning Techniques................................................ 83 Port Scanning.................................................. 83 Enumeration.................................................... 88 Wireshark................................................................. 91 Maltego................................................................... 94 Other OSINT Tools......................................................... 96 OSINT Website.................................................. 96 Alexa.......................................................... 97 Web Master Tips................................................ 97 Summary................................................................... 98 Test Your Skills 98 Chapter 5: Malware 102 Viruses.................................................................. 102 How a Virus Spreads........................................... 103 Types of Viruses.............................................. 104 Virus Examples................................................ 108 Trojan Horses............................................................ 111 Other Forms of Malware................................................... 113 Rootkit....................................................... 113 Malicious Web-Based Code...................................... 113 Logic Bombs................................................... 114 Creating Malware......................................................... 115 Levels of Malware Writing Skill............................... 115 GUI Tools..................................................... 116 Simple Script Viruses......................................... 117 Creating a Trojan Horse....................................... 120 Altering Existing Viruses..................................... 122 Summary.................................................................. 123 Test Your Skills......................................................... 123 Chapter 6: Hacking Windows 126 Windows Details.......................................................... 126 Windows History .............................................. 127 The Boot Process.............................................. 128 Important Windows Files....................................... 129 Windows Logs ................................................. 130 The Registry ................................................. 131 Volume Shadow Copy............................................ 135 Windows Password Hashing................................................. 135 Windows Hacking Techniques............................................... 136 Pass the Hash................................................. 137 chntpw........................................................ 137 Net User Script................................................ 137 Login as System................................................ 138 Find the Admin................................................. 139 Windows Scripting......................................................... 139 net users...................................................... 140 net view....................................................... 140 net share...................................................... 140 net service.................................................... 141 netshell....................................................... 141 Windows Password Cracking................................................. 142 Offline NT Registry Editor..................................... 142 LCP............................................................ 143 pwdump......................................................... 143 ophcrack....................................................... 144 John the Ripper................................................ 145 Detecting Malware in Windows.............................................. 145 Cain and Abel............................................................. 147 Summary................................................................... 150 Test Your Skills.......................................................... 150 Chapter 7: Web Hacking 154 Web Technology............................................................ 154 Specific Attacks on Websites.............................................. 156 SQL Script Injection........................................... 156 XSS ........................................................... 162 Other Web Attacks.............................................. 164 Tools..................................................................... 165 Burp Suite..................................................... 165 BeEF........................................................... 174 Summary................................................................... 175 Test Your Skills.......................................................... 175 Chapter 8: Vulnerability Scanning 178 Vulnerabilities......................................................... 178 CVE.......................................................... 179 NIST......................................................... 179 OWASP........................................................ 179 Packet Capture.......................................................... 181 tcpdump...................................................... 181 Wi reshark................................................... 182 Network Scanners........................................................ 186 LanHelper.................................................... 186 Wireless Scanners/Crackers.............................................. 187 Aircrack..................................................... 187 General Scanners........................................................ 188 MBS A........................................................ 188 Nessus....................................................... 189 Nexpose...................................................... 192 SAINT........................................................ 192 Web Application Scanners................................................ 192 OWASP ZAP.................................................... 192 Vega......................................................... 194 Cyber Threat Intelligence............................................... 196 Threatcrowd.org.............................................. 197 Phishtank.................................................... 197 Internet Storm Center........................................ 197 OSINT........................................................ 197 Summary................................................................. 199 Test Your Skills........................................................ 199 Chapter 9: Introduction to Linux 204 Linux History....................................................204 Linux Commands...................................................207 Is Command.............................................207 cd Command.............................................208 Pipe Output............................................209 finger Command.........................................209 grep Command...........................................210 ps Command.............................................211 pstree Command.........................................212 top Command............................................214 kill Command...........................................215 Basic File and Directory Commands......................216 chown Command..........................................217 chmod Command..........................................218 bg Command.............................................219 fg Command.............................................219 useradd Command........................................219 userdel Command........................................221 usermod Command........................................222 users Command..........................................223 who Command............................................224 Directories......................................................225 /root..................................................226 /bin...................................................226 /sbin..................................................226 /etc...................................................226 /dev...................................................228 /boot .................................................229 /usr...................................................229 /var...........................................................230 /proc..........................................................230 Graphical User Interface..................................................231 GNOME..........................................................231 KDE............................................................231 Summary...................................................................233 Test Your Skills..........................................................233 Chapter 10: Linux Hacking 236 More on the Linux OS......................................................236 sysfs..........................................................236 Crond..........................................................238 Shell Commands.................................................240 Linux Firewall............................................................243 Iptables.......................................................244 iptables Configuration.........................................245 Syslog.........................................................246 Syslogd...................................................................248 Scripting.................................................................248 Linux Passwords...........................................................252 Linux Hacking Tricks......................................................254 Boot Hack......................................................254 Backspace Hack.................................................255 Summary...................................................................256 Test Your Skills..........................................................256 Chapter 11 : Introduction to Kali Linux 258 Kali Linux History Kali Basics.... .. 258 .. 259 Kali Tools................................................................261 recon-ng.......................................................261 Dmitry.........................................................264 Sparta.........................................................266 John the Ripper................................................268 Hashcat........................................................268 macchanger.....................................................269 Ghost Phisher..................................................270 Summary...................................................................273 Test Your Skills..........................................................273 Chapter 12: General Hacking Techniques 274 Wi-Fi Testing.............................................................274 Create a Hotspot...............................................274 Using Kali as a Hotspot........................................277 Testing the WAP Administration.................................278 Other Wi-Fi Issues.............................................279 Social Engineering........................................................279 DoS.......................................................................280 Well-known DoS Attacks.........................................280 Tools..........................................................282 Summary...................................................................284 Test Your Skills..........................................................284 Chapter 13: Introduction to Metasploit 286 Background on Metasploit..................................................288 Getting Started with Metasploit...........................................288 Basic Usage of msfconsole.................................................291 Basic Commands.................................................291 Searching......................................................292 Scanning with Metasploit.................................................295 SMB Scanner...................................................295 SQL Server Scan...............................................296 SSH Server Scan...............................................297 Anonymous FTP Servers.........................................298 FTP Server....................................................299 How to Use Exploits......................................................299 Exploit Examples.........................................................300 Cascading Style Sheets........................................300 File Format Exploit...........................................303 Remote Desktop Exploit........................................304 More Exploits................................................ 305 Common Error..................................................305 Post Exploits............................................................306 Get Logged-on Users...........................................306 Check VM......................................................306 Enumerate Applications........................................307 Going Deeper into the Target..................................307 Summary..................................................................310 Test Your Skills.........................................................310 Chapter 14: More with Metasploit 312 Meterpreter and Post Exploits............................................312 ARP...........................................................312 NETSTAT.......................................................313 PS............................................................314 Navigation....................................................314 Download and Upload...........................................314 Desktops......................................................315 Cameras.......................................................317 Key Logger........................................................317 Other Information.................................................318 msfvenom......................................................................318 More Metasploit Attacks.......................................................321 Formatting All Drives.............................................321 Attacking Windows Server 2008 R2..................................322 Attacking Windows via Office......................................322 Attacking Linux...................................................322 Attacking via the Web.............................................323 Another Linux Attack..............................................324 Linux Post Exploits...............................................325 Summary.......................................................................326 Test Your Skills..............................................................326 Chapter 15: Introduction to Scripting with Ruby 328 Getting Started...............................................................328 Basic Ruby Scripting..........................................................330 A First Script....................................................330 Syntax............................................................331 Object-Oriented Programming.......................................338 Summary.......................................................................339 Test Your Skills..............................................................339 Chapter 16: Write Your Own Metasploit Exploits with Ruby 342 The API.......................................................................342 Getting Started...............................................................344 Examine an Existing Exploit...................................................346 Extending Existing Exploits...................................................348 Writing Your First Exploit.........................................»........350 Summary.......................................................................352 Test Your Skills 352 Chapter 17: General Hacking Knowledge 354 Conferences..................................................................354 Dark Web.....................................................................355 Certification and Training...................................................359 Cyber Warfare and Terrorism..................................................361 Nation State Actors..........................................................363 Summary......................................................................364 Test Your Skills.............................................................364 Chapter 18: Additional Pen Testing Topics 366 Wireless Pen Testing.........................................................366 802.11 .......................................................... 367 Infrared..........................................................370 Bluetooth.........................................................370 Other Forms of Wireless...........................................372 Wi-Fi Hacking.....................................................372 Mainframe and SCADA..........................................................376 SCADA Basics......................................................376 Mainframes........................................................378 Mobile Pen Testing...........................................................379 Cellular Terminology..............................................379 Bluetooth Attacks ................................................380 Bluetooth/Phone Tools.............................................380 Summary......................................................................384 Test Your Skills........................................................... 384 Chapter 19: A Sample Pen Test Project 386 Pen Test Outline.............................................................386 Pre-Test Activities...............................................387 External..........................................................388 Internal.........................................................389 Optional Items...................................................390 Report Outline..............................................................390 Summary.....................................................................392 Appendix A: Answers to Chapter Multiple Choice Questions 394 Index 400
any_adam_object	1
author	Easttom, Chuck 1968-
author_GND	(DE-588)1079935274
author_facet	Easttom, Chuck 1968-
author_role	aut
author_sort	Easttom, Chuck 1968-
author_variant	c e ce
building	Verbundindex
bvnumber	BV044527302
classification_rvk	ST 276
classification_tum	DAT 461f
ctrlnum	(OCoLC)1043736674 (DE-599)BVBBV044527302
discipline	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01477nam a2200361 c 4500</leader><controlfield tag="001">BV044527302</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20180828 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">171009s2018 a\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780789759375</subfield><subfield code="9">978-0-7897-5937-5</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0789759373</subfield><subfield code="9">0-7897-5937-3</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1043736674</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV044527302</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91G</subfield><subfield code="a">DE-739</subfield><subfield code="a">DE-20</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 461f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Easttom, Chuck</subfield><subfield code="d">1968-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1079935274</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Penetration testing fundamentals</subfield><subfield code="b">a hands-on guide to reliable security audits</subfield><subfield code="c">Chuck Easttom</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Indianapolis, Indiana</subfield><subfield code="b">Pearson</subfield><subfield code="c">[2018]</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xx, 422 Seiten</subfield><subfield code="b">Illustrationen</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Penetrationstest</subfield><subfield code="0">(DE-588)4825817-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Penetrationstest</subfield><subfield code="0">(DE-588)4825817-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029926665&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-029926665</subfield></datafield></record></collection>
id	DE-604.BV044527302
illustrated	Illustrated
indexdate	2024-07-10T07:55:01Z
institution	BVB
isbn	9780789759375 0789759373
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-029926665
oclc_num	1043736674
open_access_boolean
owner	DE-91G DE-BY-TUM DE-739 DE-20
owner_facet	DE-91G DE-BY-TUM DE-739 DE-20
physical	xx, 422 Seiten Illustrationen
publishDate	2018
publishDateSearch	2018
publishDateSort	2018
publisher	Pearson
record_format	marc
spelling	Easttom, Chuck 1968- Verfasser (DE-588)1079935274 aut Penetration testing fundamentals a hands-on guide to reliable security audits Chuck Easttom Indianapolis, Indiana Pearson [2018] xx, 422 Seiten Illustrationen txt rdacontent n rdamedia nc rdacarrier Penetrationstest (DE-588)4825817-9 gnd rswk-swf Computersicherheit (DE-588)4274324-2 gnd rswk-swf Penetrationstest (DE-588)4825817-9 s Computersicherheit (DE-588)4274324-2 s DE-604 Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029926665&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Easttom, Chuck 1968- Penetration testing fundamentals a hands-on guide to reliable security audits Penetrationstest (DE-588)4825817-9 gnd Computersicherheit (DE-588)4274324-2 gnd
subject_GND	(DE-588)4825817-9 (DE-588)4274324-2
title	Penetration testing fundamentals a hands-on guide to reliable security audits
title_auth	Penetration testing fundamentals a hands-on guide to reliable security audits
title_exact_search	Penetration testing fundamentals a hands-on guide to reliable security audits
title_full	Penetration testing fundamentals a hands-on guide to reliable security audits Chuck Easttom
title_fullStr	Penetration testing fundamentals a hands-on guide to reliable security audits Chuck Easttom
title_full_unstemmed	Penetration testing fundamentals a hands-on guide to reliable security audits Chuck Easttom
title_short	Penetration testing fundamentals
title_sort	penetration testing fundamentals a hands on guide to reliable security audits
title_sub	a hands-on guide to reliable security audits
topic	Penetrationstest (DE-588)4825817-9 gnd Computersicherheit (DE-588)4274324-2 gnd
topic_facet	Penetrationstest Computersicherheit
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029926665&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT easttomchuck penetrationtestingfundamentalsahandsonguidetoreliablesecurityaudits

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge