دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
دانلود کتاب جعبه ابزار Metasploit برای آزمایش نفوذ ، توسعه بهره برداری ، و تحقیقات آسیب پذیری
مشخصات کتاب
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
دسته بندی: امنیت ویرایش: نویسندگان: David Maynor سری: ISBN (شابک) : 9781597490740, 1597490741 ناشر: Syngress سال نشر: 2007 تعداد صفحات: 290 زبان: English فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 5 مگابایت
قیمت کتاب (تومان) : 32,000
در صورت تبدیل فایل کتاب Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب جعبه ابزار Metasploit برای آزمایش نفوذ ، توسعه بهره برداری ، و تحقیقات آسیب پذیری نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب جعبه ابزار Metasploit برای آزمایش نفوذ ، توسعه بهره برداری ، و تحقیقات آسیب پذیری
این اولین کتاب موجود برای Metasploit Framework (MSF) است که پلتفرم حمله انتخابی برای یکی از سریعترین مشاغل در حال رشد در امنیت فناوری اطلاعات است: تست نفوذ. این کتاب و وبسایت همراه، مجموعهای از ابزارهای کاملاً یکپارچه را برای کشف، اجرا و آزمایش کدهای اکسپلویت در اختیار آزمایشکنندگان نفوذ حرفهای و محققان امنیتی قرار میدهد. این کتاب با یک بحث مفصل در مورد سه رابط MSF آغاز می شود: msfweb، msfconsole و msfcli. این فصل تمام ویژگی های ارائه شده توسط MSF را به عنوان یک پلت فرم بهره برداری نشان می دهد. با درک کاملی از قابلیتهای MSF، کتاب سپس به جزئیات تکنیکهایی برای کاهش چشمگیر زمان مورد نیاز برای توسعه اکسپلویتهای کاربردی میپردازد. با کار بر روی آسیبپذیریهای دنیای واقعی در برابر برنامههای کاربردی منبع بسته محبوب، خواننده نحوه استفاده از ابزارها و MSF برای ساخت سریع حملات قابل اعتماد به عنوان سوء استفاده های مستقل. این بخش همچنین نحوه ادغام یک اکسپلویت را مستقیماً در چارچوب Metasploit با ارائه تحلیل خط به خط یک ماژول اکسپلویت یکپارچه توضیح خواهد داد. جزئیات در مورد اینکه چگونه موتور Metasploit فرآیند بهره برداری از پشت صحنه را هدایت می کند، پوشش داده خواهد شد و در طول مسیر خواننده به مزایای چارچوب های بهره برداری پی خواهد برد. بخش پایانی کتاب سیستم بارگذاری Meterpreter را بررسی میکند و به خوانندگان میآموزد تا برنامههای افزودنی کاملاً جدیدی را ایجاد کنند که به طور روان با چارچوب Metasploit ادغام میشوند.* نظرسنجی در نوامبر 2004 که توسط "مجله CSO" انجام شد بیان کرد که 42٪ از افسران ارشد امنیتی نفوذ را در نظر گرفتند. تست کردن یک اولویت امنیتی برای سازمانهایشان است* چارچوب Metasploit محبوبترین پلتفرم بهرهبرداری منبع باز است و هیچ کتاب رقیب وجود ندارد* وبسایت همراه کتاب همه کدهای کاری و اکسپلویتهای موجود در کتاب را ارائه میدهد.
توضیحاتی درمورد کتاب به خارجی
This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.* A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officersconsidered penetration testing to be a security priority for their organizations* The Metasploit Framework is the most popular open source exploit platform, and there are no competing books* The book's companion Web site offers all of the working code and exploits contained within the book"
فهرست مطالب
Professional Penetration Testing Copyright Page About the Author Technical Editor Table of Contents Acknowledgments Family Heorot.net On the Side Foreword Part 1: Setting Up Chapter 1: Introduction Introduction About the Book Target Audience How to Use This Book About the DVD Course Material Reference Material LiveCDs Summary Solutions Fast Track About the Book About the DVD Reference Chapter 2: Ethics and Hacking Introduction Why Stay Ethical? Black Hat Hackers White Hat Hackers Gray Hat Hackers Ethical Standards Certifications Contractor Employer Educational and Institutional Organizations Computer Crime Laws Types of Laws Type of Computer Crimes and Attacks U.S. Federal Laws U.S. State Laws International Laws Safe Harbor and Directive 95/46/EC Getting Permission to Hack Confidentiality Agreement Company Obligations Contractor Obligations Auditing and Monitoring Conflict Management Summary Solutions Fast Track Why Stay Ethical? Ethical Standards Computer Crime Laws Getting Permission to Hack Frequently Asked Questions Expand Your Skills References Chapter 3: Hacking as a Career Introduction Career Paths Network Architecture System Administration Applications and Databases Certifications High-Level Certifications Skill- and Vendor-Specific Certifications Associations and Organizations Professional Organizations Conferences Local Communities Mailing Lists Summary Solutions Fast Track Career Paths Certifications Associations and Organizations Frequently Asked Questions Expand Your Skills References Chapter 4: Setting Up Your Lab Introduction Personal Lab Keeping it simple Equipment Software Lab for Book Exercises Corporate Lab Internal Labs External Labs Equipment Software Protecting Penetration Test Data Encryption Schemas Securing PenTest Systems Mobile Security Concerns Wireless Lab Data Additional Network Hardware Routers Firewalls Intrusion Detection System/Intrusion Prevention System Summary Solutions Fast Track Personal Lab Corporate Lab Protecting Penetration Test Data Additional Network Hardware Frequently Asked Questions Expand Your Skills Reference Chapter 5: Creating and Using PenTest Targets in Your Lab Introduction Turn-Key Scenarios versus Real-World Targets Problems with Learning to Hack Real-World Scenarios Turn-Key Scenarios What is a LiveCD? De-ICE Hackerdemia pWnOS Foundstone Open Web Application Security Project Using Exploitable Targets Operating Systems Applications Analyzing Malware - Viruses and Worms Setting up a Lab Other Target Ideas CTF Events Web-Based Challenges Vulnerability Announcements Summary Solutions Fast Track Turn-Key Scenarios versus Real-World Targets Turn-Key Scenarios Using Exploitable Targets Analyzing Malware - Viruses and Worms Other Target Ideas Frequently Asked Questions Expand Your Skills References Chapter 6: Methodologies Introduction Project Management Body of Knowledge Introduction to PMBOK Initiating Process Group Planning Process Group Executing Process Group Closing Process Group Monitoring and Controlling Process Group Information System Security Assessment Framework Planning and Preparation - Phase I Assessment - Phase II Reporting, Clean-up, and Destroy Artifacts - Phase III Open Source Security Testing Methodology Manual Rules of Engagement Channels Modules Summary Solutions Fast Track Project Management Body of Knowledge Information System Security Assessment Framework Open Source Security Testing Methodology Manual Frequently Asked Questions Expand Your Skills References Chapter 7: PenTest Metrics Introduction Quantitative, Qualitative, and Mixed Methods Quantitative Analysis Qualitative Analysis Mixed Method Analysis Current Methodologies Project Management Institute ISSAF OSSTMM Tool-Generated Reports Summary Solutions Fast Track Quantitative, Qualitative, and Mixed Methods Current Methodologies Frequently Asked Questions References Chapter 8: Management of a PenTest Introduction Project Team Members Roles and Responsibilities Organizational Structure Project Management Initiating Stage Planning Stage Executing Stage Monitoring and Controlling Closing Stage Summary Solutions Fast Track Project Team Members Project Management Frequently Asked Questions Expand Your Skills References Part 2: Running a PenTest Chapter 9: Information Gathering Introduction Passive Information Gathering Web Presence Corporate Data WHOIS and DNS Enumeration Additional Internet Resources Active Information Gathering DNS Interrogation E-mail Accounts Perimeter Network Identification Network Surveying Project Management Executing Process Phase Monitoring and Control Process Summary Solutions Fast Track Passive Information Gathering Active Information Gathering Project Management Frequently Asked Questions Expand Your Skills References Chapter 10: Vulnerability Identification Introduction Port Scanning Target Verification UDP Scanning TCP Scanning Perimeter Avoidance Scanning System Identification Active OS Fingerprinting Passive OS Fingerprinting Services Identification Banner Grabbing Enumerating Unknown Services Vulnerability Identification Summary Solutions Fast Track Port Scanning System Identification Services Identification Vulnerability Identification Frequently Asked Questions Expand Your Skills Reference Chapter 11: Vulnerability Verification Introduction Exploit Codes - Finding and Running Internet Sites Automated Tools Exploit Codes - Creating Your Own Fuzzing Code Review Application Reversing Web Hacking SQL Injection Cross-Site Scripting Web Application Vulnerabilities Project Management Executing Process Phase Monitoring and Control Process Summary Solutions Fast Track Exploit Codes - Finding and Running Exploit Codes - Creating Your Own Web Hacking Project Management Frequently Asked Questions Expand Your Skills References Chapter 12: Compromising a System and Privilege Escalation Introduction System Enumeration Internal Vulnerabilities Sensitive Data Network Packet Sniffing Social Engineering Baiting Phishing Pretexting Wireless Attacks Wi-Fi Protected Access Attack WEP Attack Project Management Executing Process Phase Monitoring and Control Process Summary Solutions Fast Track System Enumeration Network Packet Sniffing Social Engineering Wireless Attacks Project Management Frequently Asked Questions Expand Your Skills References Chapter 13: Maintaining Access Introduction Shells and Reverse Shells Netcat Shell Netcat Reverse Shell Encrypted Tunnels Adding a Host Firewall (Optional) Setting Up the SSH Reverse Shell Other Encryption and Tunnel Methods Summary Solutions Fast Track Shells and Reverse Shells Encrypted Tunnels Other Encryption and Tunnel Methods Frequently Asked Questions Expand Your Skills Reference Chapter 14: Covering Your Tracks Introduction Manipulating Log Data User Login Application Logs Hiding Files Hiding Files in Plain Sight Hiding Files Using the File System Hiding Files in Windows Summary Solutions Fast Track Manipulating Log Data Hiding Files Frequently Asked Questions Expand Your Skills Reference Part 3: Wrapping Everything Up Chapter 15: Reporting Results Introduction What Should You Report? Out of Scope Issues Findings Solutions Manuscript Preparation Initial Report Peer Reviews Fact Checking Metrics Final Report Peer Reviews Documentation Summary Solutions Fast Track What Should You Report? Initial Report Final Report Frequently Asked Questions Expand Your Skills References Chapter 16: Archiving Data Introduction Should You Keep Data? Legal Issues E-mail Findings and Reports Securing Documentation Access Controls Archival Methods Archival Locations Destruction Policies Summary Solutions Fast Track Should You Keep Data? Securing Documentation Frequently Asked Questions Reference Chapter 17: Cleaning Up Your Lab Introduction Archiving Lab Data Proof of Concepts Malware Analysis Creating and Using System Images License Issues Virtual Machines \"Ghost\" Images Creating a \"Clean Shop\" Sanitization Methods Using Hashes Change Management Controls Summary Solutions Fast Track Archiving Lab Data Creating and Using System Images Creating a \"Clean Shop\" Frequently Asked Questions Reference Chapter 18: Planning for Your Next PenTest Introduction Risk Management Register Creating a Risk Management Register Prioritization of Risks and Responses Knowledge Database Creating a Knowledge Database Sanitization of Findings Project Management Knowledge Database After-Action Review Project Assessments Team Assessments Training Proposals Summary Solutions Fast Track Risk Management Register Knowledge Database After-Action Review Frequently Asked Questions Expand Your Skills Reference Appendix A: Acronyms Appendix B: Definitions References Index
نظرات کاربران
کتاب های مرتبط
دانلود کتاب The Danger from Within
دانلود کتاب The ASP.NET 2.0 Anthology: 101 Essential Tips, Tricks, & Hacks
دانلود کتاب Security in computing
دانلود کتاب Hackerkultur und Raubkopierer: Eine wissenschaftliche Reise durch zwei Subkulturen
دانلود کتاب Build your own security lab : a field guide for network testing
دانلود کتاب PoC or GTFO, Volume 3
دانلود کتاب Hacking the IT Cube: The Information Technology Department Survival Guide
دانلود کتاب Principles of Computer Security: CompTIA Security+ and Beyond Lab Manual (Exam SY0-601)
دانلود کتاب Digital Business Security Development: Management Technologies
