Verfügbarkeit: Becoming the hacker :

Becoming the hacker :: the playbook for getting inside the mind of an attacker /

Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies.

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Pruteanu, Adrian (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Birmingham : Packt Publishing Ltd, 2019.
Schriftenreihe:	Expert insight.
Schlagworte:	Penetration testing (Computer security) Computer security. Computers > Access control. Computer networks > Security measures. Hacking. Computer Security Tests d'intrusion. Sécurité informatique. Ordinateurs > Accès > Contrôle. Réseaux d'ordinateurs > Sécurité > Mesures. Piratage informatique. COMPUTERS > Security > Networking. Computer networks > Security measures Computer security Computers > Access control Hacking
Online-Zugang:	Volltext
Zusammenfassung:	Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies.
Beschreibung:	1 online resource (405 pages)
Bibliographie:	Includes bibliographical references and index.
ISBN:	1788623754 9781788623759

Internformat

MARC


LEADER	00000cam a2200000 i 4500
001	ZDB-4-EBA-on1085235984
003	OCoLC
005	20241004212047.0
006	m o d
007	cr cnu---unuuu
008	190209s2019 enka ob 001 0 eng d
040			\|a EBLCP \|b eng \|e rda \|e pn \|c EBLCP \|d TEFOD \|d N$T \|d UKMGB \|d UKAHL \|d OCLCF \|d OCLCQ \|d K6U \|d OCLCO \|d OCLCQ \|d OCLCO \|d NZAUC \|d OCLCQ \|d OCLCO \|d OCLCL
015			\|a GBB965511 \|2 bnb
016	7		\|a 019253736 \|2 Uk
020			\|a 1788623754
020			\|a 9781788623759 \|q (electronic bk.)
035			\|a (OCoLC)1085235984
037			\|a 2FFC0E64-7884-4146-9191-8D2C088FC14D \|b OverDrive, Inc. \|n http://www.overdrive.com
050		4	\|a QA76.9.A25
072		7	\|a COM \|x 043050 \|2 bisacsh
082	7		\|a 005.8 \|2 23
049			\|a MAIN
100	1		\|a Pruteanu, Adrian, \|e author.
245	1	0	\|a Becoming the hacker : \|b the playbook for getting inside the mind of an attacker / \|c Adrian Pruteanu.
264		1	\|a Birmingham : \|b Packt Publishing Ltd, \|c 2019.
300			\|a 1 online resource (405 pages)
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
490	1		\|a Expert insight
504			\|a Includes bibliographical references and index.
588	0		\|a Online resource; title from PDF title page (EBSCO, April 3, 2019).
588	0		\|a Print version record.
505	0		\|a Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing
505	8		\|a Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario
505	8		\|a Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary
505	8		\|a Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication
505	8		\|a API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index
520			\|a Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies.
650		0	\|a Penetration testing (Computer security) \|0 http://id.loc.gov/authorities/subjects/sh2011003137
650		0	\|a Computer security. \|0 http://id.loc.gov/authorities/subjects/sh90001862
650		0	\|a Computers \|x Access control. \|0 http://id.loc.gov/authorities/subjects/sh85029553
650		0	\|a Computer networks \|x Security measures. \|0 http://id.loc.gov/authorities/subjects/sh94001277
650		0	\|a Hacking. \|0 http://id.loc.gov/authorities/subjects/sh2013002597
650		2	\|a Computer Security \|0 https://id.nlm.nih.gov/mesh/D016494
650		6	\|a Tests d'intrusion.
650		6	\|a Sécurité informatique.
650		6	\|a Ordinateurs \|x Accès \|x Contrôle.
650		6	\|a Réseaux d'ordinateurs \|x Sécurité \|x Mesures.
650		6	\|a Piratage informatique.
650		7	\|a COMPUTERS \|x Security \|x Networking. \|2 bisacsh
650		7	\|a Computer networks \|x Security measures \|2 fast
650		7	\|a Computer security \|2 fast
650		7	\|a Computers \|x Access control \|2 fast
650		7	\|a Hacking \|2 fast
650		7	\|a Penetration testing (Computer security) \|2 fast
758			\|i has work: \|a Becoming the Hacker (Text) \|1 https://id.oclc.org/worldcat/entity/E39PD3Dgwcmcg8jfDmq4qhrrMP \|4 https://id.oclc.org/worldcat/ontology/hasWork
776	0	8	\|i Print version: \|a Pruteanu, Adrian. \|t Becoming the Hacker : The Playbook for Getting Inside the Mind of the Attacker. \|d Birmingham : Packt Publishing Ltd, ©2019 \|z 9781788627962
830		0	\|a Expert insight. \|0 http://id.loc.gov/authorities/names/no2019019794
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2016348 \|3 Volltext
938			\|a Askews and Holts Library Services \|b ASKH \|n BDZ0039647794
938			\|a ProQuest Ebook Central \|b EBLB \|n EBL5667619
938			\|a EBSCOhost \|b EBSC \|n 2016348
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-863

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-on1085235984
_version_	1816882484578615296
adam_text
any_adam_object
author	Pruteanu, Adrian
author_facet	Pruteanu, Adrian
author_role	aut
author_sort	Pruteanu, Adrian
author_variant	a p ap
building	Verbundindex
bvnumber	localFWS
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
collection	ZDB-4-EBA
contents	Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index
ctrlnum	(OCoLC)1085235984
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06385cam a2200733 i 4500</leader><controlfield tag="001">ZDB-4-EBA-on1085235984</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu---unuuu</controlfield><controlfield tag="008">190209s2019 enka ob 001 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">EBLCP</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">EBLCP</subfield><subfield code="d">TEFOD</subfield><subfield code="d">N$T</subfield><subfield code="d">UKMGB</subfield><subfield code="d">UKAHL</subfield><subfield code="d">OCLCF</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">K6U</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">NZAUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield></datafield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">GBB965511</subfield><subfield code="2">bnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">019253736</subfield><subfield code="2">Uk</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1788623754</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781788623759</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1085235984</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">2FFC0E64-7884-4146-9191-8D2C088FC14D</subfield><subfield code="b">OverDrive, Inc.</subfield><subfield code="n">http://www.overdrive.com</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">043050</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Pruteanu, Adrian,</subfield><subfield code="e">author.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Becoming the hacker :</subfield><subfield code="b">the playbook for getting inside the mind of an attacker /</subfield><subfield code="c">Adrian Pruteanu.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham :</subfield><subfield code="b">Packt Publishing Ltd,</subfield><subfield code="c">2019.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (405 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Expert insight</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index.</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Online resource; title from PDF title page (EBSCO, April 3, 2019).</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Penetration testing (Computer security)</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh2011003137</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh90001862</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computers</subfield><subfield code="x">Access control.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85029553</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Hacking.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh2013002597</subfield></datafield><datafield tag="650" ind1=" " ind2="2"><subfield code="a">Computer Security</subfield><subfield code="0">https://id.nlm.nih.gov/mesh/D016494</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Tests d'intrusion.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Ordinateurs</subfield><subfield code="x">Accès</subfield><subfield code="x">Contrôle.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Piratage informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Security</subfield><subfield code="x">Networking.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computers</subfield><subfield code="x">Access control</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Hacking</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Penetration testing (Computer security)</subfield><subfield code="2">fast</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Becoming the Hacker (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PD3Dgwcmcg8jfDmq4qhrrMP</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Pruteanu, Adrian.</subfield><subfield code="t">Becoming the Hacker : The Playbook for Getting Inside the Mind of the Attacker.</subfield><subfield code="d">Birmingham : Packt Publishing Ltd, ©2019</subfield><subfield code="z">9781788627962</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Expert insight.</subfield><subfield code="0">http://id.loc.gov/authorities/names/no2019019794</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2016348</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">BDZ0039647794</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL5667619</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">2016348</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
id	ZDB-4-EBA-on1085235984
illustrated	Illustrated
indexdate	2024-11-27T13:29:21Z
institution	BVB
isbn	1788623754 9781788623759
language	English
oclc_num	1085235984
open_access_boolean
owner	MAIN DE-863 DE-BY-FWS
owner_facet	MAIN DE-863 DE-BY-FWS
physical	1 online resource (405 pages)
psigel	ZDB-4-EBA
publishDate	2019
publishDateSearch	2019
publishDateSort	2019
publisher	Packt Publishing Ltd,
record_format	marc
series	Expert insight.
series2	Expert insight
spelling	Pruteanu, Adrian, author. Becoming the hacker : the playbook for getting inside the mind of an attacker / Adrian Pruteanu. Birmingham : Packt Publishing Ltd, 2019. 1 online resource (405 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Expert insight Includes bibliographical references and index. Online resource; title from PDF title page (EBSCO, April 3, 2019). Print version record. Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies. Penetration testing (Computer security) http://id.loc.gov/authorities/subjects/sh2011003137 Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computers Access control. http://id.loc.gov/authorities/subjects/sh85029553 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Hacking. http://id.loc.gov/authorities/subjects/sh2013002597 Computer Security https://id.nlm.nih.gov/mesh/D016494 Tests d'intrusion. Sécurité informatique. Ordinateurs Accès Contrôle. Réseaux d'ordinateurs Sécurité Mesures. Piratage informatique. COMPUTERS Security Networking. bisacsh Computer networks Security measures fast Computer security fast Computers Access control fast Hacking fast Penetration testing (Computer security) fast has work: Becoming the Hacker (Text) https://id.oclc.org/worldcat/entity/E39PD3Dgwcmcg8jfDmq4qhrrMP https://id.oclc.org/worldcat/ontology/hasWork Print version: Pruteanu, Adrian. Becoming the Hacker : The Playbook for Getting Inside the Mind of the Attacker. Birmingham : Packt Publishing Ltd, ©2019 9781788627962 Expert insight. http://id.loc.gov/authorities/names/no2019019794 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2016348 Volltext
spellingShingle	Pruteanu, Adrian Becoming the hacker : the playbook for getting inside the mind of an attacker / Expert insight. Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index Penetration testing (Computer security) http://id.loc.gov/authorities/subjects/sh2011003137 Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computers Access control. http://id.loc.gov/authorities/subjects/sh85029553 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Hacking. http://id.loc.gov/authorities/subjects/sh2013002597 Computer Security https://id.nlm.nih.gov/mesh/D016494 Tests d'intrusion. Sécurité informatique. Ordinateurs Accès Contrôle. Réseaux d'ordinateurs Sécurité Mesures. Piratage informatique. COMPUTERS Security Networking. bisacsh Computer networks Security measures fast Computer security fast Computers Access control fast Hacking fast Penetration testing (Computer security) fast
subject_GND	http://id.loc.gov/authorities/subjects/sh2011003137 http://id.loc.gov/authorities/subjects/sh90001862 http://id.loc.gov/authorities/subjects/sh85029553 http://id.loc.gov/authorities/subjects/sh94001277 http://id.loc.gov/authorities/subjects/sh2013002597 https://id.nlm.nih.gov/mesh/D016494
title	Becoming the hacker : the playbook for getting inside the mind of an attacker /
title_auth	Becoming the hacker : the playbook for getting inside the mind of an attacker /
title_exact_search	Becoming the hacker : the playbook for getting inside the mind of an attacker /
title_full	Becoming the hacker : the playbook for getting inside the mind of an attacker / Adrian Pruteanu.
title_fullStr	Becoming the hacker : the playbook for getting inside the mind of an attacker / Adrian Pruteanu.
title_full_unstemmed	Becoming the hacker : the playbook for getting inside the mind of an attacker / Adrian Pruteanu.
title_short	Becoming the hacker :
title_sort	becoming the hacker the playbook for getting inside the mind of an attacker
title_sub	the playbook for getting inside the mind of an attacker /
topic	Penetration testing (Computer security) http://id.loc.gov/authorities/subjects/sh2011003137 Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computers Access control. http://id.loc.gov/authorities/subjects/sh85029553 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Hacking. http://id.loc.gov/authorities/subjects/sh2013002597 Computer Security https://id.nlm.nih.gov/mesh/D016494 Tests d'intrusion. Sécurité informatique. Ordinateurs Accès Contrôle. Réseaux d'ordinateurs Sécurité Mesures. Piratage informatique. COMPUTERS Security Networking. bisacsh Computer networks Security measures fast Computer security fast Computers Access control fast Hacking fast Penetration testing (Computer security) fast
topic_facet	Penetration testing (Computer security) Computer security. Computers Access control. Computer networks Security measures. Hacking. Computer Security Tests d'intrusion. Sécurité informatique. Ordinateurs Accès Contrôle. Réseaux d'ordinateurs Sécurité Mesures. Piratage informatique. COMPUTERS Security Networking. Computer networks Security measures Computer security Computers Access control Hacking
url	https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2016348
work_keys_str_mv	AT pruteanuadrian becomingthehackertheplaybookforgettinginsidethemindofanattacker

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge