更新时间:2021-08-06 19:58:51
coverpage
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files eBooks discount offers and more
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Chapter 1. Planning and Scoping for a Successful Penetration Test
Introduction to advanced penetration testing
Before testing begins
Planning for action
Exploring BackTrack
Installing OpenOffice
Effectively manage your test results
Introduction to the Dradis Framework
Summary
Chapter 2. Advanced Reconnaissance Techniques
Introduction to reconnaissance
DNS recon
Gathering and validating domain and IP information
Using search engines to do your job for you
Chapter 3. Enumeration: Choosing Your Targets Wisely
Adding another virtual machine to our lab
Nmap — getting to know you
SNMP: A goldmine of information just waiting to be discovered
Creating network baselines with scanPBNJ
Enumeration avoidance techniques
Chapter 4. Remote Exploitation
Exploitation — Why bother?
Target practice — Adding a Kioptrix virtual machine
Manual exploitation
Getting files to and from victim machines
Passwords: Something you know…
Metasploit — learn it and love it
Chapter 5. Web Application Exploitation
Practice makes perfect
Detecting load balancers
Detecting Web Application Firewalls (WAF)
Taking on Level 3 — Kioptrix
Web Application Attack and Audit Framework (w3af)
Introduction to Mantra
Chapter 6. Exploits and Client-Side Attacks
Buffer overflows — A refresher
Introduction to fuzzing
Introducing vulnserver
Fuzzing tools included in BackTrack
Fast-Track
Social Engineering Toolkit
Chapter 7. Post-Exploitation
Rules of engagement
Data gathering network analysis and pillaging
Pivoting
Chapter 8. Bypassing Firewalls and Avoiding Detection
Lab preparation
Stealth scanning through the firewall
Now you see me now you don't — Avoiding IDS
Blending in
Looking at traffic patterns
Cleaning up compromised hosts
Miscellaneous evasion techniques
Chapter 9. Data Collection Tools and Reporting
Record now — Sort later
Old school — The text editor method
Dradis framework for collaboration
The report
Challenge to the reader
Chapter 10. Setting Up Virtual Test Lab Environments
Why bother with setting up labs?
Keeping it simple
Adding complexity or emulating target environments
Chapter 11. Take the Challenge — Putting It All Together
The scenario
The setup
The challenge
The walkthrough
Reporting
Index
