Ethical Hacking : A Hands-On Introduction to Breaking in (Paperback)

Graham, Daniel

  • 出版商: No Starch Press
  • 出版日期: 2021-11-02
  • 定價: $1,780
  • 售價: 9.0$1,602
  • 語言: 英文
  • 頁數: 376
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1718501870
  • ISBN-13: 9781718501874
  • 相關分類: 駭客 Hack
  • 立即出貨

買這商品的人也買了...

商品描述

A hands-on guide to hacking computer systems from the ground up, from capturing traffic to crafting sneaky, successful trojans.

A crash course in modern hacking techniques, Ethical Hacking is already being used to prepare the next generation of offensive security experts. In its many hands-on labs, you'll explore crucial skills for any aspiring penetration tester, security researcher, or malware analyst.

You'll begin with the basics: capturing a victim's network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you'll deploy reverse shells that let you remotely run commands on a victim's computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you'll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you'll use to traverse a private network.

You'll work with a wide range of professional penetration testing tools--and learn to write your own tools in Python--as you practice tasks like:

- Deploying the Metasploit framework's reverse shells and embedding them in innocent-seeming files
- Capturing passwords in a corporate Windows network using Mimikatz
- Scanning (almost) every device on the internet to find potential victims
- Installing Linux rootkits that modify a victim's operating system
- Performing advanced Cross-Site Scripting (XSS) attacks that execute sophisticated JavaScript payloads

Along the way, you'll gain a foundation in the relevant computing technologies. Discover how advanced fuzzers work behind the scenes, learn how internet traffic gets encrypted, explore the inner mechanisms of nation-state malware like Drovorub, and much more.

Developed with feedback from cybersecurity students, Ethical Hacking addresses contemporary issues in the field not often covered in other books and will prepare you for a career in penetration testing. Most importantly, you'll be able to think like an ethical hacker⁠ someone who can carefully analyze systems and creatively gain access to them.

商品描述(中文翻譯)

一本從頭開始教你如何駭入電腦系統的實戰指南,從捕獲流量到製作狡猾且成功的木馬程式。

《道德駭客》是一門現代駭客技術的速成課程,已經被用來培養下一代攻擊性安全專家。在這本書的許多實作實驗中,你將探索任何有志成為滲透測試人員、安全研究員或惡意軟體分析師所必備的關鍵技能。

你將從基礎開始:使用ARP欺騙攻擊捕獲受害者的網路流量,然後在Wireshark中查看。從那裡,你將部署反向殼程式,讓你可以遠程在受害者的電腦上運行命令,使用Python編寫自己的勒索軟體來加密檔案,並仿冒像釣魚攻擊中使用的電子郵件。在高級章節中,你將學習如何模糊測試尋找新的漏洞,製作木馬程式和rootkit,利用SQL注入攻擊網站,並提升權限以提取憑證,然後使用這些憑證在私有網路中移動。

在實踐任務時,你將使用各種專業滲透測試工具,並學習使用Python編寫自己的工具,例如:

- 部署Metasploit框架的反向殼程式並將其嵌入看似無害的檔案中
- 使用Mimikatz在企業Windows網路中捕獲密碼
- 掃描幾乎所有的互聯網設備,尋找潛在的受害者
- 安裝修改受害者操作系統的Linux rootkit
- 執行高級的跨站腳本(XSS)攻擊,執行複雜的JavaScript有效負載

在這個過程中,你將建立對相關計算技術的基礎。了解高級模糊測試器的背後運作原理,瞭解網路流量如何加密,探索國家級惡意軟體(如Drovorub)的內部機制等等。

《道德駭客》根據資訊安全學生的反饋而開發,涵蓋了該領域中很少在其他書籍中提到的當代問題,並將為你的滲透測試職業生涯做好準備。最重要的是,你將能夠像一個道德駭客一樣思考⁠,仔細分析系統並創造性地獲取對其的訪問權限。

作者簡介

Dr. Daniel Graham is an Assistant professor of Computer Science at The University of Virginia in Charlottesville, Virginia. His research interests include secure embedded systems and networks. Before joining UVA, Dr. Graham was a Program Manager at Microsoft in Seattle, Washington. He publishes in IEEE journals relating to sensors and networks.

作者簡介(中文翻譯)

Dr. Daniel Graham 是弗吉尼亞大學(The University of Virginia)位於維吉尼亞州夏洛茨維爾(Charlottesville)的計算機科學助理教授。他的研究興趣包括安全嵌入式系統和網絡。在加入弗吉尼亞大學之前,Graham博士在華盛頓州西雅圖的微軟(Microsoft)擔任項目經理。他在IEEE期刊上發表與感測器和網絡相關的文章。