Advanced Penetration Testing (häftad)
Fler böcker inom
Format
Häftad (Paperback / softback)
Språk
Engelska
Antal sidor
288
Utgivningsdatum
2017-04-14
Upplaga
1
Förlag
John Wiley & Sons Inc
Dimensioner
234 x 185 x 15 mm
Vikt
499 g
Antal komponenter
1
Komponenter
Contains 1 Digital online
ISBN
9781119367680

Advanced Penetration Testing

Hacking the World's Most Secure Networks

av Wil Allsopp
Häftad,  Engelska, 2017-04-14
395
Köp
Spara som favorit
  • Skickas från oss inom 5-8 vardagar.
  • Fri frakt över 249 kr för privatkunder i Sverige.
Build a better defense against motivated, organized, professional attacks Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating dataeven from organizations without a direct Internet connectionthis guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex leveland this book shows you how to defend your high security network. Use targeted social engineering pretexts to create the initial compromise Leave a command and control structure in place for long-term access Escalate privilege and breach networks, operating systems, and trust structures Infiltrate further using harvested credentials while expanding control Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.
Visa hela texten

Passar bra ihop

  1. Advanced Penetration Testing
  2. +
  3. Python Crash Course, 3rd Edition

De som köpt den här boken har ofta också köpt Python Crash Course, 3rd Edition av Eric Matthes (häftad).

Köp båda 2 för 992 kr

Kundrecensioner

Har du läst boken? Sätt ditt betyg »

Fler böcker av Wil Allsopp

  • Unauthorised Access: Physical Penetration Testing for IT Security Teams

    Unauthorised Access: Physical Penetration Testing for IT Security Teams

    Wil Allsopp

    The first guide to planning and performing a physical penetration test on your computer's security Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? W...

    305
    Köp
    Skickas inom vardagar.
  • Unauthorised Access

    Unauthorised Access

    Wil Allsopp

    The first guide to planning and performing a physical penetration test on your computer's security Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? W...

    373
    Ladda ned
    Laddas ned direkt

Övrig information

Wil Allsopp is an IT security expert with 20 years experience, specializing in red team engagements, penetration testing, vulnerability assessment, security audits, secure source code review, social engineering, and advanced persistent threats. He has performed ethical hacking and penetration testing for numerous Fortune 100 companies.

Innehållsförteckning

Foreword xxiii Introduction xxvii Chapter 1 Medical Records (In)security 1 An Introduction to Simulating Advanced Persistent Threat 2 Background and Mission Briefi ng 2 Payload Delivery Part 1: Learning How to Use the VBA Macro 5 How NOT to Stage a VBA Attack 6 Examining the VBA Code 11 Avoid Using Shellcode 11 Automatic Code Execution 13 Using a VBA/VBS Dual Stager 13 Keep Code Generic Whenever Possible 14 Code Obfuscation 15 Enticing Users 16 Command and Control Part 1: Basics and Essentials 19 The Attack 23 Bypassing Authentication 23 Summary 27 Exercises 28 Chapter 2 Stealing Research 29 Background and Mission Briefi ng 30 Payload Delivery Part 2: Using the Java Applet for Payload Delivery 31 Java Code Signing for Fun and Profit 32 Writing a Java Applet Stager 36 Create a Convincing Pretext 39 Signing the Stager 40 Notes on Payload Persistence 41 Microsoft Windows 41 Linux 42 OSX 45 Command and Control Part 2: Advanced Attack Management 45 Adding Stealth and Multiple System Management 45 Implementing a Command Structure 47 Building a Management Interface 48 The Attack 49 Situational Awareness 50 Using AD to Gather Intelligence 50 Analyzing AD Output 51 Attack Against Vulnerable Secondary System 52 Credential Reuse Against Primary Target System 53 Summary 54 Exercises 55 Chapter 3 Twenty-First Century Heist 57 What Might Work? 57 Nothing Is Secure 58 Organizational Politics 58 APT Modeling versus Traditional Penetration Testing 59 Background and Mission Briefi ng 59 Command and Control Part III: Advanced Channels and Data Exfi ltration 60 Notes on Intrusion Detection and the Security Operations Center 64 The SOC Team 65 How the SOC Works 65 SOC Reaction Time and Disruption 66 IDS Evasion 67 False Positives 67 Payload Delivery Part III: Physical Media 68 A Whole New Kind of Social Engineering 68 Target Location Profi ling 69 Gathering Targets 69 The Attack 72 Summary 75 Exercises 75 Chapter 4 Pharma Karma 77 Background and Mission Briefi ng 78 Payload Delivery Part IV: Client-Side Exploits 1 79 The Curse That Is Flash 79 At Least You Can Live Without It 81 Memory Corruption Bugs: Dos and Donts 81 Reeling in the Target 83 Command and Control Part IV: Metasploit Integration 86 Metasploit Integration Basics 86 Server Confi guration 86 Black Hats/White Hats 87 What Have I Said About AV? 88 Pivoting 89 The Attack 89 The Hard Disk Firewall Fail 90 Metasploit Demonstration 90 Under the Hood 91 The Benefits of Admin 92 Typical Subnet Cloning 96 Recovering Passwords 96 Making a Shopping List 99 Summary 101 Exercises 101 Chapter 5 Guns and Ammo 103 Background and Mission Briefing 104 Payload Delivery Part V: Simulating a Ransomware Attack 106 What Is Ransomware? 106 Why Simulate a Ransomware Attack? 107 A Model for Ransomware Simulation 107 Asymmetric Cryptography 108 Remote Key Generation 109 Targeting Files 110 Requesting the Ransom 111 Maintaining C2 111 Final Thoughts 112 Command and Control Part V: Creating a Covert C2 Solution 112 Introducing the Onion Router 112 The Torrc File 113 Configuring a C2 Agent to Use the Tor Network 115 Bridges 115 New Strategies in Stealth and Deployment 116 VBA Redux: Alternative Command-Line Attack Vectors 116 PowerShell 117 FTP 117 Windows Scripting Host (WSH) 118 BITSadmin 118 Simple Payload Obfuscation 119 Alternative Strategies in Antivirus Evasion 121 The Attack 125 Gun Design Engineer Answers Your Questions 126 Identifying the Players 127 Smart(er) VBA Document Deployment 128 Email and Saved Passwords 131 Keyloggers and Cookies 132 Bringing It All Together 133 Summary 134 Exercises 135 Chapter 6 Criminal Intelligence 137 Payload Delivery Part VI: Deploying with HTA 138 Malware Detection 140 Privilege Escalation in Microsoft Windows 141 Escalating P

Du kanske gillar