Robert Shimonski - Penetration Testing For Dummies

Здесь есть возможность читать онлайн «Robert Shimonski - Penetration Testing For Dummies» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Penetration Testing For Dummies: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Penetration Testing For Dummies»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Target, test, analyze, and report on security vulnerabilities with pen testing Pen Testing is necessary for companies looking to target, test, analyze, and patch the security vulnerabilities from hackers attempting to break into and compromise their organizations data. It takes a person with hacking skills to look for the weaknesses that make an organization susceptible to hacking. 
Pen Testing For Dummies The different phases of a pen test from pre-engagement to completion Threat modeling and understanding risk When to apply vulnerability management vs penetration testing Ways to keep your pen testing skills sharp, relevant, and at the top of the game
Get ready to gather intelligence, discover the steps for mapping out tests, and analyze and report results!

Penetration Testing For Dummies — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Penetration Testing For Dummies», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

4 Chapter 4FIGURE 4-1: Accessing the Kali Linux menu to begin a social engineering attack.FIGURE 4-2: From the Toolkit menu, choose Social-Engineering Attacks.FIGURE 4-3: Choose Website Attack Vectors from this list.FIGURE 4-4: Cloning a site re-creates an exact replica of it.FIGURE 4-5: The options I chose to create a clone website.FIGURE 4-6: I set up a clone Google.com — for pen-testing purposes only!FIGURE 4-7: The different areas of attack vectors.FIGURE 4-8: A password crack via Metasploit.FIGURE 4-9: Using Wireshark to capture and expose data protected by SSL.FIGURE 4-10: Metasploit Pro’s Quick PenTest wizard.FIGURE 4-11: Running a quick pen test with Metasploit Pro.

5 Chapter 5FIGURE 5-1: Using Burp Suite for pen testing.FIGURE 5-2: Viewing an N-tier application.FIGURE 5-3: Using Wireshark to pen test.FIGURE 5-4: Using Wireshark to grab packets in a sniffing operation.FIGURE 5-5: A card skimmer on an ATM.

6 Chapter 6FIGURE 6-1: Using Kali for pen testing disruption attacks.FIGURE 6-2: Launching an attack from outside the network.FIGURE 6-3: Using Kali T50 to send a flood attack to a host.FIGURE 6-4: Viewing resources with the Linux top command.FIGURE 6-5: How a distributed denial of service (DDoS) attack works.FIGURE 6-6: How the buffer overflow attack works.FIGURE 6-7: Use Kali’s fragroute and fragmentation6 to determine your level of ...FIGURE 6-8: Sending malformed packets to hosts with Kali’s fragtest.FIGURE 6-9: Using ping to generate a sweep and smurf attack.FIGURE 6-10: Use Wireshark to identify tiny packet attacks.

7 Chapter 7FIGURE 7-1: Nessus offers various scan types for pen testing destroy attacks.FIGURE 7-2: Looking for hosts that are vulnerable to known threats.FIGURE 7-3: A typical external vector attack with the goal of destroying a data...FIGURE 7-4: An example of a ransomware attack.FIGURE 7-5: An example of AV endpoint protection.

8 Chapter 8FIGURE 8-1: Kali’s Information Gathering menu can help you perform subvert and ...FIGURE 8-2: Using Nmap to launch an attack against a router/routing device scan...FIGURE 8-3: Conducting a SYN scan to identify open ports.FIGURE 8-4: Identifying possible hosts and ports.FIGURE 8-5: Learning the MAC address of the scanned device and distance by netw...FIGURE 8-6: Internal and external subvert attacks operate under the same concep...FIGURE 8-7: Host-based AV software indicates there’s an issue requiring attenti...FIGURE 8-8: Updating and fixing your AV.

9 Chapter 9FIGURE 9-1: Use a RACI chart to identify roles and responsibilities.FIGURE 9-2: Consult past results to help with future tests.FIGURE 9-3: Reviewing threats on the risk register.FIGURE 9-4: Reviewing attack vectors to devise a test plan.FIGURE 9-5: Reviewing Nessus scan templates.FIGURE 9-6: Tuning tools with filters for prep.

10 Chapter 10FIGURE 10-1: Doing a WhoIs search to gain intel.FIGURE 10-2: Pinging at a command prompt to get an IP address or range to scan.FIGURE 10-3: Using Kali (Xhydra) to crack a router password.FIGURE 10-4: A network map with IP addressing.FIGURE 10-5: Building a network map with Nessus.FIGURE 10-6: Building a network map with Nmap.

11 Chapter 11FIGURE 11-1: An example executive summary.FIGURE 11-2: Documenting and reporting attack vectors is part of your narrative...FIGURE 11-3: An example of a Tools, Methods, and Vectors section.FIGURE 11-4: Include your main findings in your report.FIGURE 11-5: An example of a report conclusion.

12 Chapter 12FIGURE 12-1: Reviewing Nessus for hardening tips.FIGURE 12-2: A large network map.FIGURE 12-3: Disabling unneeded services, such as telnet services.FIGURE 12-4: Changing a default port to help secure a system.FIGURE 12-5: Using a firewall allows you to monitor access in and out.FIGURE 12-6: Antivirus software is still an effective way to protect devices fr...FIGURE 12-7: Finding SMB issues on the network with Nessus.FIGURE 12-8: Use encryption such as SSL.FIGURE 12-9: Saving copies of logs in case a hacker interferes.

13 Chapter 13FIGURE 13-1: The pen testing and retesting processes are very similar.FIGURE 13-2: Prioritizing retesting tasks with a tier system.FIGURE 13-3: My updated documentation to reference during the retest.FIGURE 13-4: Using Nessus to find ways to reduce risks in web architecture.FIGURE 13-5: Mapping a network and finding new problems.FIGURE 13-6: Using Nmap to exploit NTP.

14 Chapter 14FIGURE 14-1: A sample metric of cyber threats and their growth. FIGURE 14-2: Wireshark’s bug fix list.FIGURE 14-3: A schedule of tests.

15 Chapter 15FIGURE 15-1: Using Kali and VMware virtualization.FIGURE 15-2: Using a plan B alternative.FIGURE 15-3: Creating a viable lab.

16 Chapter 16FIGURE 16-1: SANS.org.FIGURE 16-2: The GIAC GPEN certification.FIGURE 16-3: The top ten application risks on the Open Web Application Security...FIGURE 16-4: Downloading Nessus.FIGURE 16-5: Gain access to Kali.

Guide

1 Cover

2 Table of Contents

3 Begin Reading

Pages

1 iii

2 iv

3 1

4 2

5 3

6 5

7 6

8 7

9 8

10 9

11 10

12 11

13 12

14 13

15 14

16 15

17 16

18 17

19 18

20 19

21 20

22 21

23 22

24 23

25 24

26 25

27 26

28 27

29 28

30 29

31 30

32 31

33 32

34 33

35 34

36 35

37 36

38 37

39 38

40 39

41 40

42 41

43 42

44 43

45 44

46 45

47 46

48 47

49 48

50 49

51 50

52 51

53 52

54 53

55 54

56 55

57 56

58 57

59 58

60 59

61 60

62 61

63 62

64 63

65 64

66 65

67 66

68 67

69 69

70 70

71 71

72 72

73 73

74 74

75 75

76 76

77 77

78 78

79 79

80 80

81 81

82 82

83 83

84 84

85 85

86 86

87 87

88 88

89 89

90 90

91 91

92 92

93 93

94 94

95 95

96 96

97 97

98 98

99 99

100 100

101 101

102 102

103 103

104 104

105 105

106 106

107 107

108 108

109 109

110 110

111 111

112 112

113 113

114 114

115 115

116 116

117 117

118 118

119 119

120 120

121 121

122 122

123 123

124 124

125 125

126 126

127 127

128 128

129 129

130 130

131 131

132 132

133 133

134 134

135 135

136 136

137 137

138 138

139 139

140 140

141 141

142 142

143 143

144 144

145 145

146 147

147 148

148 149

149 150

150 151

151 152

152 153

153 154

154 155

155 156

156 157

157 158

158 159

159 161

160 162

161 163

162 164

163 165

164 166

165 167

166 168

167 169

168 170

169 171

170 172

171 173

172 174

173 175

174 176

175 177

176 178

177 179

178 180

179 181

180 182

181 183

182 184

183 185

184 186

185 187

186 188

187 189

188 190

189 191

190 192

191 193

192 194

193 195

194 196

195 197

196 198

197 199

198 200

199 201

200 202

201 203

202 204

203 205

204 206

205 207

206 208

207 209

208 210

209 211

210 212

211 213

212 214

213 215

214 216

215 217

216 218

217 219

218 220

219 221

220 222

221 223

222 224

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «Penetration Testing For Dummies»

Представляем Вашему вниманию похожие книги на «Penetration Testing For Dummies» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «Penetration Testing For Dummies»

Обсуждение, отзывы о книге «Penetration Testing For Dummies» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x