Advanced Infrastructure Penetration Testing : Defend your systems from methodized and proficient attackers.
This book is a hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. It takes you far beyond common techniques to compromising complex network devices, modern operating systems and help you secure high security e...
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham :
Packt Publishing,
2018.
|
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Title Page; Copyright and Credits; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Introduction to Advanced Infrastructure Penetration Testing; Information security overview; Confidentiality; Integrity; Availability; Least privilege and need to know; Defense in depth; Risk analysis; Information Assurance; Information security management program; Hacking concepts and phases; Types of hackers; Hacking phases; Reconnaissance; Passive reconnaissance; Active reconnaissance; Scanning; Port scanning; Network scanning; Vulnerability scanning; Gaining access.
- Maintaining accessClearing tracks; Penetration testing overview; Penetration testing types; White box pentesting; Black box pentesting; Gray box pentesting; The penetration testing teams; Red teaming; Blue teaming; Purple teaming; Pentesting standards and guidance; Policies; Standards; Procedures; Guidance; Open Source Security Testing Methodology Manual; Information Systems Security Assessment Framework; Penetration Testing Execution Standard; Payment Card Industry Data Security Standard; Penetration testing steps; Pre-engagement; The objectives and scope; A get out of jail free card.
- Emergency contact informationPayment information; Non-disclosure agreement ; Intelligence gathering; Public intelligence; Social engineering attacks; Physical analysis; Information system and network analysis; Human intelligence ; Signal intelligence; Open source intelligence ; Imagery intelligence ; Geospatial intelligence ; Threat modeling; Business asset analysis; Business process analysis; Threat agents analysis; Threat capability analysis; Motivation modeling; Vulnerability analysis; Vulnerability assessment with Nexpose; Installing Nexpose; Starting Nexpose; Start a scan.
- ExploitationPost-exploitation; Infrastructure analysis; Pillaging; High-profile targets; Data exfiltration; Persistence; Further penetration into infrastructure; Cleanup; Reporting; Executive summary; Technical report; Penetration testing limitations and challenges; Pentesting maturity and scoring model; Realism; Methodology; Reporting; Summary; Chapter 2: Advanced Linux Exploitation; Linux basics; Linux commands; Streams; Redirection; Linux directory structure; Users and groups; Permissions; The chmod command; The chown command; The chroot command ; The power of the find command.
- Jobs, cron, and crontabSecurity models; Security controls; Access control models; Linux attack vectors; Linux enumeration with LinEnum; OS detection with Nmap; Privilege escalation; Linux privilege checker; Linux kernel exploitation; UserLand versus kernel land; System calls; Linux kernel subsystems ; Process ; Threads; Security-Enhanced Linux ; Memory models and the address spaces ; Linux kernel vulnerabilities; NULL pointer dereference; Arbitrary kernel read/write ; Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write; Memory corruption vulnerabilities.