Bok om penetrationstest

av Publicerad den

PenetrationstestEnbart i dag har O’Reilly mycket bra rea på en bok om penetrationstester. Boken är skriven av Georgia Weidman och ges ut av No Starch, kostar runt 120 kr samt finns som eBok i PDF-format (ingen DRM).

Boken släpptes i Maj 2014 och innehåller nedan kapitel. Riktar sig till nybörjare inom penetrationstester.

  1. The Basics

    1. Chapter 1 Setting Up Your Virtual Lab

      1. Installing VMware
      2. Setting Up Kali Linux
      3. Target Virtual Machines
      4. Creating the Windows XP Target
      5. Setting Up the Ubuntu 8.10 Target
      6. Creating the Windows 7 Target
      7. Summary

    2. Chapter 2 Using Kali Linux

      1. Linux Command Line
      2. The Linux Filesystem
      3. Learning About Commands: The Man Pages
      4. User Privileges
      5. File Permissions
      6. Editing Files
      7. Data Manipulation
      8. Managing Installed Packages
      9. Processes and Services
      10. Managing Networking
      11. Netcat: The Swiss Army Knife of TCP/IP Connections
      12. Automating Tasks with cron Jobs
      13. Summary

    3. Chapter 3 Programming

      1. Bash Scripting
      2. Python Scripting
      3. Writing and Compiling C Programs
      4. Summary

    4. Chapter 4 Using the Metasploit Framework

      1. Starting Metasploit
      2. Finding Metasploit Modules
      3. Setting Module Options
      4. Payloads (or Shellcode)
      5. Types of Shells
      6. Setting a Payload Manually
      7. Msfcli
      8. Creating Standalone Payloads with Msfvenom
      9. Using an Auxiliary Module
      10. Summary

  2. Assessments

    1. Chapter 5 Information Gathering

      1. Open Source Intelligence Gathering
      2. Port Scanning
      3. Summary

    2. Chapter 6 Finding Vulnerabilities

      1. From Nmap Version Scan to Potential Vulnerability
      2. Nessus
      3. The Nmap Scripting Engine
      4. Running a Single NSE Script
      5. Metasploit Scanner Modules
      6. Metasploit Exploit Check Functions
      7. Web Application Scanning
      8. Manual Analysis
      9. Summary

    3. Chapter 7 Capturing Traffic

      1. Networking for Capturing Traffic
      2. Using Wireshark
      3. ARP Cache Poisoning
      4. DNS Cache Poisoning
      5. SSL Attacks
      6. SSL Stripping
      7. Summary

  3. Attacks

    1. Chapter 8 Exploitation

      1. Revisiting MS08-067
      2. Exploiting WebDAV Default Credentials
      3. Exploiting Open phpMyAdmin
      4. Downloading Sensitive Files
      5. Exploiting a Buffer Overflow in Third-Party Software
      6. Exploiting Third-Party Web Applications
      7. Exploiting a Compromised Service
      8. Exploiting Open NFS Shares
      9. Summary

    2. Chapter 9 Password Attacks

      1. Password Management
      2. Online Password Attacks
      3. Offline Password Attacks
      4. Dumping Plaintext Passwords from Memory with Windows Credential Editor
      5. Summary

    3. Chapter 10 Client-Side Exploitation

      1. Bypassing Filters with Metasploit Payloads
      2. Client-Side Attacks
      3. Summary

    4. Chapter 11 Social Engineering

      1. The Social-Engineer Toolkit
      2. Spear-Phishing Attacks
      3. Web Attacks
      4. Mass Email Attacks
      5. Multipronged Attacks
      6. Summary

    5. Chapter 12 Bypassing Antivirus Applications

      1. Trojans
      2. How Antivirus Applications Work
      3. Microsoft Security Essentials
      4. VirusTotal
      5. Getting Past an Antivirus Program
      6. Hiding in Plain Sight
      7. Summary

    6. Chapter 13 Post Exploitation

      1. Meterpreter
      2. Meterpreter Scripts
      3. Metasploit Post-Exploitation Modules
      4. Railgun
      5. Local Privilege Escalation
      6. Local Information Gathering
      7. Lateral Movement
      8. Pivoting
      9. Persistence
      10. Summary

    7. Chapter 14 Web Application Testing

      1. Using Burp Proxy
      2. SQL Injection
      3. XPath Injection
      4. Local File Inclusion
      5. Remote File Inclusion
      6. Command Execution
      7. Cross-Site Scripting
      8. Cross-Site Request Forgery
      9. Web Application Scanning with w3af
      10. Summary

    8. Chapter 15 Wireless Attacks

      1. Setting Up
      2. Monitor Mode
      3. Capturing Packets
      4. Open Wireless
      5. Wired Equivalent Privacy
      6. Wi-Fi Protected Access
      7. WPA2
      8. Wi-Fi Protected Setup
      9. Summary

  4. Exploit Development

    1. Chapter 16 A Stack-Based Buffer Overflow in Linux

      1. Memory Theory
      2. Linux Buffer Overflow
      3. Summary

    2. Chapter 17 A Stack-Based Buffer Overflow in Windows

      1. Searching for a Known Vulnerability in War-FTP
      2. Causing a Crash
      3. Locating EIP
      4. Hijacking Execution
      5. Getting a Shell
      6. Summary

    3. Chapter 18 Structured Exception Handler Overwrites

      1. SEH Overwrite Exploits
      2. Passing Control to SEH
      3. Finding the Attack String in Memory
      4. POP POP RET
      5. SafeSEH
      6. Using a Short Jump
      7. Choosing a Payload
      8. Summary

    4. Chapter 19 Fuzzing, Porting Exploits, and Metasploit Modules

      1. Fuzzing Programs
      2. Porting Public Exploits to Meet Your Needs
      3. Writing Metasploit Modules
      4. Exploitation Mitigation Techniques
      5. Summary

  5. Mobile Hacking

    1. Chapter 20 Using the Smartphone Pentest Framework

      1. Mobile Attack Vectors
      2. The Smartphone Pentest Framework
      3. Remote Attacks
      4. Client-Side Attacks
      5. Malicious Apps
      6. Mobile Post Exploitation
      7. Summary

  1. Appendix Resources

    1. Chapter 0: Penetration Testing Primer

    2. Chapter 2: Using Kali Linux

    3. Chapter 3: Programming

    4. Chapter 4: Using the Metasploit Framework

    5. Chapter 5: Information Gathering

    6. Chapter 6: Finding Vulnerabilities

    7. Chapter 7: Capturing Traffic

    8. Chapter 8: Exploitation

    9. Chapter 9: Password Attacks

    10. Chapter 11: Social Engineering

    11. Chapter 12: Bypassing Antivirus Applications

    12. Chapter 13: Post Exploitation

    13. Chapter 14: Web Application Testing

    14. Chapter 15: Wireless Attacks

    15. Chapters 16–19: Exploit Development

    16. Chapter 20: Using the Smartphone Pentest Framework

    17. Courses

  2. Downloading the Software to Build Your Virtual Lab

Publicerad av Jonas Lejon

Senior granskare av applikationer, system och nätverk. Främst inom penetrationstester, redteaming och tekniska granskningar.

Lämna ett svar

Din e-postadress kommer inte publiceras. Obligatoriska fält är märkta *