دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Mastering Kali Linux for Advanced Penetration Testing
دانلود کتاب تسلط بر لینوکس کالی برای تست نفوذ پیشرفته
مشخصات کتاب
Mastering Kali Linux for Advanced Penetration Testing
ویرایش:
نویسندگان: Robert W. Beggs
سری: Community Experience Distilled
ISBN (شابک) : 1782163123, 9781782163121
ناشر: Packt Pub Limited
سال نشر: 2014
تعداد صفحات: 356
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 9 مگابایت
قیمت کتاب (تومان) : 79,000
در صورت تبدیل فایل کتاب Mastering Kali Linux for Advanced Penetration Testing به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب تسلط بر لینوکس کالی برای تست نفوذ پیشرفته نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب تسلط بر لینوکس کالی برای تست نفوذ پیشرفته
این کتاب مروری بر رویکرد زنجیره کشتار برای تست نفوذ ارائه میکند و سپس بر روی استفاده از لینوکس کالی تمرکز میکند تا نمونههایی از نحوه استفاده از این روش در دنیای واقعی ارائه دهد. پس از تشریح مفاهیم اساسی، نمونههای گام به گام ارائه میشوند که از ابزارهای انتخاب شده برای نشان دادن تکنیکها استفاده میکنند. اگر شما یک متخصص فناوری اطلاعات یا یک مشاور امنیتی هستید که میخواهید با استفاده از برخی از ویژگیهای پیشرفته، موفقیت آزمایش شبکه خود را به حداکثر برسانید. کالی لینوکس، پس این کتاب برای شماست. این کتاب به شما می آموزد که چگونه با ایجاد درک خود از کالی لینوکس و مفاهیم بی سیم، در زمینه پیش از تعامل، مدیریت و مستندسازی تست نفوذ، متخصص شوید.
توضیحاتی درمورد کتاب به خارجی
This book provides an overview of the kill chain approach to penetration testing, and then focuses on using Kali Linux to provide examples of how this methodology is applied in the real world. After describing the underlying concepts, step-by-step examples are provided that use selected tools to demonstrate the techniques.If you are an IT professional or a security consultant who wants to maximize the success of your network testing using some of the advanced features of Kali Linux, then this book is for you. This book will teach you how to become an expert in the pre-engagement, management, and documentation of penetration testing by building on your understanding of Kali Linux and wireless concepts.
فهرست مطالب
Cover Copyright Credits About the Author About the Reviewers www.PacktPub.com Table of Contents Preface Part 1: The Attacker's Kill Chain Chapter 1: Starting with Kali Linux Kali Linux Configuring network services and secure communications Adjusting network proxy settings Securing communications with Secure Shell Updating Kali Linux The Debian package management system Packages and repositories Dpkg Using Advanced Packaging Tools Configuring and customizing Kali Linux Resetting the root password Adding a non-root user Speeding up Kali operations Sharing folders with Microsoft Windows Creating an encrypted folder with TrueCrypt Managing third-party applications Installing third-party applications Running third-party applications with non-root privileges Effective management of penetration tests Summary Chapter 2: Identifying the Target – Passive Reconnaissance Basic principles of reconnaissance Open Source intelligence DNS reconnaissance and route mapping WHOIS DNS reconnaissance IPv4 IPv6 Mapping the route to the target Obtaining user information Gathering names and e-mail addresses Profiling users for password lists Summary Chapter 3: Active Reconnaissance and Vulnerability Scanning Stealth scanning strategies Adjusting source IP stack and tool identification settings Modifying packet parameters Using proxies with anonymity networks (Tor and Privoxy) Identifying the network infrastructure Enumerating hosts Live host discovery Port, operating system, and service discovery Port scanning Fingerprinting the operating system Determining active services Employing comprehensive reconnaissance applications nmap The recon-ng framework Maltego Vulnerability scanning Summary Chapter 4: Exploit Threat modeling Using online and local vulnerability resources The Metasploit Framework Exploiting a vulnerable application Exploiting multiple targets with Armitage Team testing with Armitage Scripting the Armitage attack Bypassing IDs and antivirus detection Summary Chapter 5: Post Exploit – Action on the Objective Bypassing Windows User Account Control Conducting a rapid reconnaissance of a compromised system Using the WMIC scripting language Finding and taking sensitive data – pillaging the target Creating additional accounts Using Metasploit for post-exploit activities Escalating user privileges on a compromised host Replaying authentication tokens using incognito Manipulating access credentials with Windows Credential Editor Escalating from Administrator to SYSTEM Accessing new accounts with horizontal escalation Covering your tracks Summary Chapter 6: Post Exploit – Persistence Compromising the existing system and application files for remote access Remotely enabling the Telnet service Remotely enabling Windows Terminal Services Remotely enabling Virtual Network Computing Using persistent agents Employing Netcat as a persistent agent Maintaining persistence with the Metasploit Framework Using the metsvc script Using the persistence script Creating a standalone persistent agent with Metasploit Redirecting ports to bypass network controls Example 1 – simple port redirection Example 2 – bidirectional port redirection Summary Part 2: The Delivery Phase Chapter 7: Physical Attacks and Social Engineering Social Engineering Toolkit Spear Phishing Attack Using a website attack vector – Java Applet Attack Method Using a website attack vector – Credential Harvester Attack Method Using a website attack vector – Tabnabbing Attack Method Using a website attack vector - Multi-Attack Web Method Using the PowerShell alphanumeric shellcode injection attack Hiding executables and obfuscating the attacker's URL Escalating an attack using DNS redirection Physical access and hostile devices Raspberry Pi attack vectors Summary Chapter 8: Exploiting Wireless Communications Configuring Kali for wireless attacks Wireless reconnaissance Kismet Bypassing a Hidden Service Set Identifier Bypassing the MAC address authentication Compromising a WEP encryption Attacking WPA and WPA2 Brute-force attacks Attacking wireless routers with Reaver Cloning an access point Denial-of-service attacks Summary Chapter 9: Reconnaissance and Exploitation of Web-based Applications Conducting reconnaissance of websites Vulnerability scanners Extending the functionality of traditional vulnerability scanners Extending the functionality of web browsers Web-service-specific vulnerability scanners Testing security with client-side proxies Server exploits Application-specific attacks Brute-forcing access credentials Injection attacks against databases Maintaining access with web backdoors Summary Chapter 10: Exploiting Remote Access Communications Exploiting operating system communication protocols Compromising Remote Desktop Protocol Compromising Secure Shell Exploiting third-party remote access applications Attacking Secure Sockets Layer Configuring Kali for SSLv2 scanning Reconnaissance of SSL connections Using sslstrip to conduct a man-in-the-middle attack Denial-of-service attacks against SSL Attacking an IPSec Virtual Private Network Scanning for VPN gateways Fingerprinting the VPN gateway Capturing pre-shared keys Performing offline PSK cracking Identifying default user accounts Summary Chapter 11: Client-side Exploitation Attacking a system using hostile scripts Conducting attacks using VBScript Attacking systems using Windows PowerShell The Cross-Site Scripting Framework The Brower Exploitation Framework – BeEF Installing and configuring the Browser Exploitation Framework A walkthrough of the BeEF browser Integrating BeEF and Metasploit attacks Using BeEF as a tunneling proxy Summary Appendix: Installing Kali Linux Downloading Kali Linux Basic Installation of Kali Linux Installing Kali Linux to a virtual machine Full disk encryption and nuking the master key Setting up a test environment Vulnerable operating systems and applications Index Uploaded by [StormRG]
