Mastering Kali Linux for Advanced Penetration Testing: Secure your network with Kali Linux 2019.1 – the ultimate white hat hackers' toolkit, 3/e

Vijay Kumar Velu, Robert Beggs

買這商品的人也買了...

商品描述

A practical guide to testing your infrastructure security with Kali Linux, the preferred choice of pentesters and hackers

Key Features

  • Employ advanced pentesting techniques with Kali Linux to build highly secured systems
  • Discover various stealth techniques to remain undetected and defeat modern infrastructures
  • Explore red teaming techniques to exploit secured environment

Book Description

This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters.

To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices.

Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices.

What you will learn

  • Configure the most effective Kali Linux tools to test infrastructure security
  • Employ stealth to avoid detection in the infrastructure being tested
  • Recognize when stealth attacks are being used against your infrastructure
  • Exploit networks and data systems using wired and wireless networks as well as web services
  • Identify and download valuable data from target systems
  • Maintain access to compromised systems
  • Use social engineering to compromise the weakest part of the network - the end users

Who this book is for

This third edition of Mastering Kali Linux for Advanced Penetration Testing is for you if you are a security analyst, pentester, ethical hacker, IT professional, or security consultant wanting to maximize the success of your infrastructure testing using some of the advanced features of Kali Linux. Prior exposure of penetration testing and ethical hacking basics will be helpful in making the most out of this book.

Table of Contents

  1. Goal-Based Penetration Testing with Kali Linux
  2. Open Source Intelligence and Passive Reconnaissance
  3. Active Reconnaissance of the External and Internal Networks
  4. Vulnerability Assessment
  5. Physical Security and Social Engineering
  6. Wireless and Bluetooth Attacks
  7. Reconnaissance and Exploitation of Web-Based Applications
  8. Client-Side Exploitation
  9. By-Passing Security Controls
  10. Exploitation
  11. Action on the Objective and Lateral movement
  12. Privilege Escalation
  13. Command and Control
  14. Embedded and peripheral devices hacking

商品描述(中文翻譯)

《Kali Linux 高級滲透測試大師》是一本實用指南,教你如何使用 Kali Linux 測試基礎設施的安全性。Kali Linux 是滲透測試師和駭客的首選工具。

重點特色:

- 使用 Kali Linux 的高級滲透測試技術來建立高度安全的系統
- 探索各種隱蔽技術,保持不被檢測並擊敗現代基礎設施
- 學習紅隊技術,利用安全環境進行攻擊

書籍描述:

本書將帶領測試人員和安全從業者進行偵察、漏洞評估、利用、特權升級和後續利用等滲透測試活動。

首先,你將使用實驗室環境驗證工具和技術,以及支持協作滲透測試的應用程式。然後,你將進行開源情報的被動偵察和外部、內部基礎設施的主動偵察。你還將重點介紹如何選擇、使用、自定義和解讀不同漏洞掃描器的結果,並檢查到達目標的特定路徑,包括繞過物理安全和使用各種技術外泄數據。你將了解社交工程、攻擊無線網絡、Web服務和嵌入式設備等概念。

一旦你對這些主題有信心,你將學習使用無文件技術對用戶客戶端系統進行後門攻擊,並專注於網絡中最脆弱的部分 - 直接攻擊最終用戶。通過閱讀本書,你將探索在高度安全環境中進行高級滲透測試的方法,並了解在嵌入式外設設備上使用的滲透測試和駭客技術。

你將學到:

- 配置最有效的 Kali Linux 工具來測試基礎設施的安全性
- 使用隱蔽技術避免被檢測
- 辨識基礎設施中使用的隱蔽攻擊
- 利用有線和無線網絡以及Web服務來攻擊網絡和數據系統
- 辨識並下載目標系統中有價值的數據
- 維持對受攻擊系統的訪問權限
- 使用社交工程來攻擊網絡中最脆弱的部分 - 用戶

本書適合以下讀者:

- 安全分析師、滲透測試師、道德駭客、IT專業人員或安全顧問,希望在基礎設施測試中充分利用Kali Linux的高級功能
- 具備滲透測試和道德駭客基礎知識的讀者能更好地理解本書的內容

目錄:

1. 基於目標的Kali Linux滲透測試
2. 開源情報和被動偵察
3. 外部和內部網絡的主動偵察
4. 漏洞評估
5. 物理安全和社交工程
6. 無線和藍牙攻擊
7. 基於Web的應用程式的偵察和利用
8. 用戶客戶端的利用
9. 繞過安全控制
10. 利用
11. 目標行動和橫向移動
12. 特權升級
13. 命令和控制
14. 嵌入式和外設設備的駭客攻擊