Advanced Infrastructure Penetration Testing :: Defend your systems from methodized and proficient attackers.
This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices, modern operating systems and help you secure high security e...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Birmingham :
Packt Publishing,
2018.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices, modern operating systems and help you secure high security environments. |
| Beschreibung: | Kernel stack vulnerabilities. |
| Beschreibung: | 1 online resource (388 pages) |
| ISBN: | 9781788623414 178862341X |
Internformat
MARC
| LEADER | 00000cam a2200000Mi 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-on1028180324 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 180310s2018 enk o 000 0 eng d | ||
| 040 | |a EBLCP |b eng |e pn |c EBLCP |d IDB |d MERUC |d CHVBK |d VT2 |d TEFOD |d OCLCQ |d LVT |d UKAHL |d OCLCQ |d N$T |d NLW |d UKMGB |d NZAUC |d OCLCQ |d TMA |d OCLCL |d OCLCQ | ||
| 015 | |a GBC200191 |2 bnb | ||
| 016 | 7 | |a 018815415 |2 Uk | |
| 020 | |a 9781788623414 |q (electronic bk.) | ||
| 020 | |a 178862341X |q (electronic bk.) | ||
| 020 | |z 9781788624480 |q print | ||
| 035 | |a (OCoLC)1028180324 | ||
| 037 | |a 471F0BB1-6DAC-4E19-87D7-499721866606 |b OverDrive, Inc. |n http://www.overdrive.com | ||
| 050 | 4 | |a QA76.9.A25 |b .C443 2018eb | |
| 082 | 7 | |a 005.8092 |2 23 | |
| 049 | |a MAIN | ||
| 100 | 1 | |a Chebbi, Chiheb. | |
| 245 | 1 | 0 | |a Advanced Infrastructure Penetration Testing : |b Defend your systems from methodized and proficient attackers. |
| 260 | |a Birmingham : |b Packt Publishing, |c 2018. | ||
| 300 | |a 1 online resource (388 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Print version record. | |
| 505 | 0 | |a Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Advanced Infrastructure Penetration Testing; Information security overview; Confidentiality; Integrity; Availability; Least privilege and need to know; Defense in depth; Risk analysis; Information Assurance; Information security management program; Hacking concepts and phases; Types of hackers; Hacking phases; Reconnaissance; Passive reconnaissance; Active reconnaissance; Scanning; Port scanning; Network scanning; Vulnerability scanning; Gaining access. | |
| 505 | 8 | |a Maintaining accessClearing tracks; Penetration testing overview; Penetration testing types; White box pentesting; Black box pentesting; Gray box pentesting; The penetration testing teams; Red teaming; Blue teaming; Purple teaming; Pentesting standards and guidance; Policies; Standards; Procedures; Guidance; Open Source Security Testing Methodology Manual; Information Systems Security Assessment Framework; Penetration Testing Execution Standard; Payment Card Industry Data Security Standard; Penetration testing steps; Pre-engagement; The objectives and scope; A get out of jail free card. | |
| 505 | 8 | |a Emergency contact informationPayment information; Non-disclosure agreement ; Intelligence gathering; Public intelligence; Social engineering attacks; Physical analysis; Information system and network analysis; Human intelligence ; Signal intelligence; Open source intelligence ; Imagery intelligence ; Geospatial intelligence ; Threat modeling; Business asset analysis; Business process analysis; Threat agents analysis; Threat capability analysis; Motivation modeling; Vulnerability analysis; Vulnerability assessment with Nexpose; Installing Nexpose; Starting Nexpose; Start a scan. | |
| 505 | 8 | |a ExploitationPost-exploitation; Infrastructure analysis; Pillaging; High-profile targets; Data exfiltration; Persistence; Further penetration into infrastructure; Cleanup; Reporting; Executive summary; Technical report; Penetration testing limitations and challenges; Pentesting maturity and scoring model; Realism; Methodology; Reporting; Summary; Chapter 2: Advanced Linux Exploitation; Linux basics; Linux commands; Streams; Redirection; Linux directory structure; Users and groups; Permissions; The chmod command; The chown command; The chroot command ; The power of the find command. | |
| 505 | 8 | |a Jobs, cron, and crontabSecurity models; Security controls; Access control models; Linux attack vectors; Linux enumeration with LinEnum; OS detection with Nmap; Privilege escalation; Linux privilege checker; Linux kernel exploitation; UserLand versus kernel land; System calls; Linux kernel subsystems ; Process ; Threads; Security-Enhanced Linux ; Memory models and the address spaces ; Linux kernel vulnerabilities; NULL pointer dereference; Arbitrary kernel read/write ; Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write; Memory corruption vulnerabilities. | |
| 500 | |a Kernel stack vulnerabilities. | ||
| 520 | |a This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices, modern operating systems and help you secure high security environments. | ||
| 650 | 0 | |a Penetration testing. | |
| 650 | 7 | |a Operating systems. |2 bicssc | |
| 650 | 7 | |a Network security. |2 bicssc | |
| 650 | 7 | |a Computer security. |2 bicssc | |
| 650 | 7 | |a Computers |x Networking |x Security. |2 bisacsh | |
| 650 | 7 | |a Computers |x Operating Systems |x General. |2 bisacsh | |
| 650 | 7 | |a Computers |x Security |x General. |2 bisacsh | |
| 758 | |i has work: |a Advanced Infrastructure Penetration Testing (Work) |1 https://id.oclc.org/worldcat/entity/E39PCYWgFpJdwGBHdmbqvgjV4q |4 https://id.oclc.org/worldcat/ontology/hasWork | ||
| 776 | 0 | 8 | |i Print version: |a Chebbi, Chiheb. |t Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. |d Birmingham : Packt Publishing, ©2018 |
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1728042 |3 Volltext |
| 938 | |a Askews and Holts Library Services |b ASKH |n BDZ0036267817 | ||
| 938 | |a EBL - Ebook Library |b EBLB |n EBL5314621 | ||
| 938 | |a EBSCOhost |b EBSC |n 1728042 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-on1028180324 |
|---|---|
| _version_ | 1816882415315976192 |
| adam_text | |
| any_adam_object | |
| author | Chebbi, Chiheb |
| author_facet | Chebbi, Chiheb |
| author_role | |
| author_sort | Chebbi, Chiheb |
| author_variant | c c cc |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.9.A25 .C443 2018eb |
| callnumber-search | QA76.9.A25 .C443 2018eb |
| callnumber-sort | QA 276.9 A25 C443 42018EB |
| callnumber-subject | QA - Mathematics |
| collection | ZDB-4-EBA |
| contents | Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Advanced Infrastructure Penetration Testing; Information security overview; Confidentiality; Integrity; Availability; Least privilege and need to know; Defense in depth; Risk analysis; Information Assurance; Information security management program; Hacking concepts and phases; Types of hackers; Hacking phases; Reconnaissance; Passive reconnaissance; Active reconnaissance; Scanning; Port scanning; Network scanning; Vulnerability scanning; Gaining access. Maintaining accessClearing tracks; Penetration testing overview; Penetration testing types; White box pentesting; Black box pentesting; Gray box pentesting; The penetration testing teams; Red teaming; Blue teaming; Purple teaming; Pentesting standards and guidance; Policies; Standards; Procedures; Guidance; Open Source Security Testing Methodology Manual; Information Systems Security Assessment Framework; Penetration Testing Execution Standard; Payment Card Industry Data Security Standard; Penetration testing steps; Pre-engagement; The objectives and scope; A get out of jail free card. Emergency contact informationPayment information; Non-disclosure agreement ; Intelligence gathering; Public intelligence; Social engineering attacks; Physical analysis; Information system and network analysis; Human intelligence ; Signal intelligence; Open source intelligence ; Imagery intelligence ; Geospatial intelligence ; Threat modeling; Business asset analysis; Business process analysis; Threat agents analysis; Threat capability analysis; Motivation modeling; Vulnerability analysis; Vulnerability assessment with Nexpose; Installing Nexpose; Starting Nexpose; Start a scan. ExploitationPost-exploitation; Infrastructure analysis; Pillaging; High-profile targets; Data exfiltration; Persistence; Further penetration into infrastructure; Cleanup; Reporting; Executive summary; Technical report; Penetration testing limitations and challenges; Pentesting maturity and scoring model; Realism; Methodology; Reporting; Summary; Chapter 2: Advanced Linux Exploitation; Linux basics; Linux commands; Streams; Redirection; Linux directory structure; Users and groups; Permissions; The chmod command; The chown command; The chroot command ; The power of the find command. Jobs, cron, and crontabSecurity models; Security controls; Access control models; Linux attack vectors; Linux enumeration with LinEnum; OS detection with Nmap; Privilege escalation; Linux privilege checker; Linux kernel exploitation; UserLand versus kernel land; System calls; Linux kernel subsystems ; Process ; Threads; Security-Enhanced Linux ; Memory models and the address spaces ; Linux kernel vulnerabilities; NULL pointer dereference; Arbitrary kernel read/write ; Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write; Memory corruption vulnerabilities. |
| ctrlnum | (OCoLC)1028180324 |
| dewey-full | 005.8092 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8092 |
| dewey-search | 005.8092 |
| dewey-sort | 15.8092 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>05638cam a2200577Mi 4500</leader><controlfield tag="001">ZDB-4-EBA-on1028180324</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu---unuuu</controlfield><controlfield tag="008">180310s2018 enk o 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">EBLCP</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">EBLCP</subfield><subfield code="d">IDB</subfield><subfield code="d">MERUC</subfield><subfield code="d">CHVBK</subfield><subfield code="d">VT2</subfield><subfield code="d">TEFOD</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">LVT</subfield><subfield code="d">UKAHL</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">N$T</subfield><subfield code="d">NLW</subfield><subfield code="d">UKMGB</subfield><subfield code="d">NZAUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">TMA</subfield><subfield code="d">OCLCL</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">GBC200191</subfield><subfield code="2">bnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">018815415</subfield><subfield code="2">Uk</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781788623414</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">178862341X</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781788624480</subfield><subfield code="q">print</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1028180324</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">471F0BB1-6DAC-4E19-87D7-499721866606</subfield><subfield code="b">OverDrive, Inc.</subfield><subfield code="n">http://www.overdrive.com</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield><subfield code="b">.C443 2018eb</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8092</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Chebbi, Chiheb.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Advanced Infrastructure Penetration Testing :</subfield><subfield code="b">Defend your systems from methodized and proficient attackers.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Birmingham :</subfield><subfield code="b">Packt Publishing,</subfield><subfield code="c">2018.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (388 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Advanced Infrastructure Penetration Testing; Information security overview; Confidentiality; Integrity; Availability; Least privilege and need to know; Defense in depth; Risk analysis; Information Assurance; Information security management program; Hacking concepts and phases; Types of hackers; Hacking phases; Reconnaissance; Passive reconnaissance; Active reconnaissance; Scanning; Port scanning; Network scanning; Vulnerability scanning; Gaining access.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Maintaining accessClearing tracks; Penetration testing overview; Penetration testing types; White box pentesting; Black box pentesting; Gray box pentesting; The penetration testing teams; Red teaming; Blue teaming; Purple teaming; Pentesting standards and guidance; Policies; Standards; Procedures; Guidance; Open Source Security Testing Methodology Manual; Information Systems Security Assessment Framework; Penetration Testing Execution Standard; Payment Card Industry Data Security Standard; Penetration testing steps; Pre-engagement; The objectives and scope; A get out of jail free card.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Emergency contact informationPayment information; Non-disclosure agreement ; Intelligence gathering; Public intelligence; Social engineering attacks; Physical analysis; Information system and network analysis; Human intelligence ; Signal intelligence; Open source intelligence ; Imagery intelligence ; Geospatial intelligence ; Threat modeling; Business asset analysis; Business process analysis; Threat agents analysis; Threat capability analysis; Motivation modeling; Vulnerability analysis; Vulnerability assessment with Nexpose; Installing Nexpose; Starting Nexpose; Start a scan.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">ExploitationPost-exploitation; Infrastructure analysis; Pillaging; High-profile targets; Data exfiltration; Persistence; Further penetration into infrastructure; Cleanup; Reporting; Executive summary; Technical report; Penetration testing limitations and challenges; Pentesting maturity and scoring model; Realism; Methodology; Reporting; Summary; Chapter 2: Advanced Linux Exploitation; Linux basics; Linux commands; Streams; Redirection; Linux directory structure; Users and groups; Permissions; The chmod command; The chown command; The chroot command ; The power of the find command.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Jobs, cron, and crontabSecurity models; Security controls; Access control models; Linux attack vectors; Linux enumeration with LinEnum; OS detection with Nmap; Privilege escalation; Linux privilege checker; Linux kernel exploitation; UserLand versus kernel land; System calls; Linux kernel subsystems ; Process ; Threads; Security-Enhanced Linux ; Memory models and the address spaces ; Linux kernel vulnerabilities; NULL pointer dereference; Arbitrary kernel read/write ; Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write; Memory corruption vulnerabilities.</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Kernel stack vulnerabilities.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices, modern operating systems and help you secure high security environments.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Penetration testing.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Operating systems.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Network security.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computers</subfield><subfield code="x">Networking</subfield><subfield code="x">Security.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computers</subfield><subfield code="x">Operating Systems</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computers</subfield><subfield code="x">Security</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Advanced Infrastructure Penetration Testing (Work)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCYWgFpJdwGBHdmbqvgjV4q</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Chebbi, Chiheb.</subfield><subfield code="t">Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers.</subfield><subfield code="d">Birmingham : Packt Publishing, ©2018</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1728042</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">BDZ0036267817</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBL - Ebook Library</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL5314621</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1728042</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-on1028180324 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-27T13:28:15Z |
| institution | BVB |
| isbn | 9781788623414 178862341X |
| language | English |
| oclc_num | 1028180324 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource (388 pages) |
| psigel | ZDB-4-EBA |
| publishDate | 2018 |
| publishDateSearch | 2018 |
| publishDateSort | 2018 |
| publisher | Packt Publishing, |
| record_format | marc |
| spelling | Chebbi, Chiheb. Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. Birmingham : Packt Publishing, 2018. 1 online resource (388 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Print version record. Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Advanced Infrastructure Penetration Testing; Information security overview; Confidentiality; Integrity; Availability; Least privilege and need to know; Defense in depth; Risk analysis; Information Assurance; Information security management program; Hacking concepts and phases; Types of hackers; Hacking phases; Reconnaissance; Passive reconnaissance; Active reconnaissance; Scanning; Port scanning; Network scanning; Vulnerability scanning; Gaining access. Maintaining accessClearing tracks; Penetration testing overview; Penetration testing types; White box pentesting; Black box pentesting; Gray box pentesting; The penetration testing teams; Red teaming; Blue teaming; Purple teaming; Pentesting standards and guidance; Policies; Standards; Procedures; Guidance; Open Source Security Testing Methodology Manual; Information Systems Security Assessment Framework; Penetration Testing Execution Standard; Payment Card Industry Data Security Standard; Penetration testing steps; Pre-engagement; The objectives and scope; A get out of jail free card. Emergency contact informationPayment information; Non-disclosure agreement ; Intelligence gathering; Public intelligence; Social engineering attacks; Physical analysis; Information system and network analysis; Human intelligence ; Signal intelligence; Open source intelligence ; Imagery intelligence ; Geospatial intelligence ; Threat modeling; Business asset analysis; Business process analysis; Threat agents analysis; Threat capability analysis; Motivation modeling; Vulnerability analysis; Vulnerability assessment with Nexpose; Installing Nexpose; Starting Nexpose; Start a scan. ExploitationPost-exploitation; Infrastructure analysis; Pillaging; High-profile targets; Data exfiltration; Persistence; Further penetration into infrastructure; Cleanup; Reporting; Executive summary; Technical report; Penetration testing limitations and challenges; Pentesting maturity and scoring model; Realism; Methodology; Reporting; Summary; Chapter 2: Advanced Linux Exploitation; Linux basics; Linux commands; Streams; Redirection; Linux directory structure; Users and groups; Permissions; The chmod command; The chown command; The chroot command ; The power of the find command. Jobs, cron, and crontabSecurity models; Security controls; Access control models; Linux attack vectors; Linux enumeration with LinEnum; OS detection with Nmap; Privilege escalation; Linux privilege checker; Linux kernel exploitation; UserLand versus kernel land; System calls; Linux kernel subsystems ; Process ; Threads; Security-Enhanced Linux ; Memory models and the address spaces ; Linux kernel vulnerabilities; NULL pointer dereference; Arbitrary kernel read/write ; Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write; Memory corruption vulnerabilities. Kernel stack vulnerabilities. This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices, modern operating systems and help you secure high security environments. Penetration testing. Operating systems. bicssc Network security. bicssc Computer security. bicssc Computers Networking Security. bisacsh Computers Operating Systems General. bisacsh Computers Security General. bisacsh has work: Advanced Infrastructure Penetration Testing (Work) https://id.oclc.org/worldcat/entity/E39PCYWgFpJdwGBHdmbqvgjV4q https://id.oclc.org/worldcat/ontology/hasWork Print version: Chebbi, Chiheb. Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. Birmingham : Packt Publishing, ©2018 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1728042 Volltext |
| spellingShingle | Chebbi, Chiheb Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Advanced Infrastructure Penetration Testing; Information security overview; Confidentiality; Integrity; Availability; Least privilege and need to know; Defense in depth; Risk analysis; Information Assurance; Information security management program; Hacking concepts and phases; Types of hackers; Hacking phases; Reconnaissance; Passive reconnaissance; Active reconnaissance; Scanning; Port scanning; Network scanning; Vulnerability scanning; Gaining access. Maintaining accessClearing tracks; Penetration testing overview; Penetration testing types; White box pentesting; Black box pentesting; Gray box pentesting; The penetration testing teams; Red teaming; Blue teaming; Purple teaming; Pentesting standards and guidance; Policies; Standards; Procedures; Guidance; Open Source Security Testing Methodology Manual; Information Systems Security Assessment Framework; Penetration Testing Execution Standard; Payment Card Industry Data Security Standard; Penetration testing steps; Pre-engagement; The objectives and scope; A get out of jail free card. Emergency contact informationPayment information; Non-disclosure agreement ; Intelligence gathering; Public intelligence; Social engineering attacks; Physical analysis; Information system and network analysis; Human intelligence ; Signal intelligence; Open source intelligence ; Imagery intelligence ; Geospatial intelligence ; Threat modeling; Business asset analysis; Business process analysis; Threat agents analysis; Threat capability analysis; Motivation modeling; Vulnerability analysis; Vulnerability assessment with Nexpose; Installing Nexpose; Starting Nexpose; Start a scan. ExploitationPost-exploitation; Infrastructure analysis; Pillaging; High-profile targets; Data exfiltration; Persistence; Further penetration into infrastructure; Cleanup; Reporting; Executive summary; Technical report; Penetration testing limitations and challenges; Pentesting maturity and scoring model; Realism; Methodology; Reporting; Summary; Chapter 2: Advanced Linux Exploitation; Linux basics; Linux commands; Streams; Redirection; Linux directory structure; Users and groups; Permissions; The chmod command; The chown command; The chroot command ; The power of the find command. Jobs, cron, and crontabSecurity models; Security controls; Access control models; Linux attack vectors; Linux enumeration with LinEnum; OS detection with Nmap; Privilege escalation; Linux privilege checker; Linux kernel exploitation; UserLand versus kernel land; System calls; Linux kernel subsystems ; Process ; Threads; Security-Enhanced Linux ; Memory models and the address spaces ; Linux kernel vulnerabilities; NULL pointer dereference; Arbitrary kernel read/write ; Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write; Memory corruption vulnerabilities. Penetration testing. Operating systems. bicssc Network security. bicssc Computer security. bicssc Computers Networking Security. bisacsh Computers Operating Systems General. bisacsh Computers Security General. bisacsh |
| title | Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. |
| title_auth | Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. |
| title_exact_search | Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. |
| title_full | Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. |
| title_fullStr | Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. |
| title_full_unstemmed | Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers. |
| title_short | Advanced Infrastructure Penetration Testing : |
| title_sort | advanced infrastructure penetration testing defend your systems from methodized and proficient attackers |
| title_sub | Defend your systems from methodized and proficient attackers. |
| topic | Penetration testing. Operating systems. bicssc Network security. bicssc Computer security. bicssc Computers Networking Security. bisacsh Computers Operating Systems General. bisacsh Computers Security General. bisacsh |
| topic_facet | Penetration testing. Operating systems. Network security. Computer security. Computers Networking Security. Computers Operating Systems General. Computers Security General. |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1728042 |
| work_keys_str_mv | AT chebbichiheb advancedinfrastructurepenetrationtestingdefendyoursystemsfrommethodizedandproficientattackers |