Mastering Metasploit, Fourth Edition

Nipun Jaswal

  • 出版商: Packt Publishing
  • 出版日期: 2020-06-12
  • 售價: $1,530
  • 貴賓價: 9.5$1,454
  • 語言: 英文
  • 頁數: 502
  • 裝訂: Paperback
  • ISBN: 1838980075
  • ISBN-13: 9781838980078
  • 相關分類: Metasploit
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Discover the next level of network defense and penetration testing with the Metasploit 5.0 framework

Key Features

  • Make your network robust and resilient with this updated edition covering the latest pentesting techniques
  • Explore a variety of entry points to compromise a system while remaining undetected
  • Enhance your ethical hacking skills by performing penetration tests in highly secure environments

Book Description

Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit.

Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you'll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework.

By the end of the book, you'll have developed the skills you need to work confidently with efficient exploitation techniques

What you will learn

  • Develop advanced and sophisticated auxiliary, exploitation, and post-exploitation modules
  • Learn to script automated attacks using CORTANA
  • Test services such as databases, SCADA, VoIP, and mobile devices
  • Attack the client side with highly advanced pentesting techniques
  • Bypass modern protection mechanisms, such as antivirus, IDS, and firewalls
  • Import public exploits to the Metasploit Framework
  • Leverage C and Python programming to effectively evade endpoint protection

Who this book is for

If you are a professional penetration tester, security engineer, or law enforcement analyst with basic knowledge of Metasploit, this book will help you to master the Metasploit framework and guide you in developing your exploit and module development skills. Researchers looking to add their custom functionalities to Metasploit will find this book useful. As Mastering Metasploit covers Ruby programming and attack scripting using Cortana, practical knowledge of Ruby and Cortana is required.

商品描述(中文翻譯)

發現 Metasploit 5.0 框架的下一個網絡防禦和滲透測試的層次

主要特點


  • 通過涵蓋最新的滲透測試技術,使您的網絡更加強大和有彈性

  • 探索各種入侵點以在保持不被檢測的情況下破壞系統

  • 通過在高度安全的環境中進行滲透測試來提升您的道德黑客技能

書籍描述

本書根據最新版本的 Metasploit,將使您能夠通過模擬真實世界情景來應對日常的網絡攻擊。該書提供了對基本概念的逐步解釋和實際示例,幫助您了解編寫 Metasploit 模塊和進行利用的技巧,以及在 Metasploit 中構建和移植各種類型的攻擊。

本書將幫助您掌握在不同服務(包括數據庫、物聯網和移動設備)上進行測試的能力,並幫助您應對真實世界中複雜的情景,其中進行滲透測試是一個挑戰。然後,您將學習各種方法和技術來規避目標端點部署的安全控制。隨著您的進步,您將使用 CORTANA 和 Armitage 腳本自動化攻擊,通過開發虛擬機器人進行滲透測試,並了解如何在 Armitage 中添加自定義功能。通過實際案例研究,本書將帶您深入了解使用 Metasploit 和基於 Metasploit 5.0 框架構建的各種腳本進行客戶端攻擊。

通過閱讀本書,您將掌握使用高效利用技術自信地工作所需的技能。

您將學到什麼


  • 開發高級和複雜的輔助、利用和後利用模塊

  • 學習使用 CORTANA 腳本自動化攻擊

  • 測試數據庫、SCADA、VoIP 和移動設備等服務

  • 使用高級滲透測試技術攻擊客戶端

  • 繞過現代保護機制,如防病毒軟件、入侵檢測系統和防火牆

  • 將公共攻擊利用導入 Metasploit 框架

  • 利用 C 和 Python 編程有效規避端點保護

本書適合對象

如果您是一名專業的滲透測試人員、安全工程師或执法分析师,並具備基本的 Metasploit 知識,本書將幫助您掌握 Metasploit 框架,並指導您發展自己的攻擊和模塊開發技能。希望將自己的自定義功能添加到 Metasploit 中的研究人員也會發現本書很有用。由於《精通 Metasploit》涵蓋了 Ruby 編程和使用 Cortana 的攻擊腳本,因此需要具備實際的 Ruby 和 Cortana 知識。

作者簡介

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db.

作者簡介(中文翻譯)

Nipun Jaswal 是一位國際資訊安全作家,也是一位屢獲殊榮的資訊科技安全研究員,擁有超過十年的滲透測試、紅隊評估、漏洞研究、RF和無線網絡入侵的經驗。他目前擔任印度 BDO 的資訊安全實踐總監。Nipun 曾與多個執法機構合作進行漏洞研究和攻擊開發的培訓和工作。他還在知名的安全資料庫(如PacketStorm和exploit-db)上撰寫了許多文章和攻擊工具。

目錄大綱

  1. Approaching a Penetration Test Using Metasploit
  2. Reinventing Metasploit
  3. The Exploit Formulation Process
  4. Porting Exploits
  5. Testing Services with Metasploit
  6. Virtual Test Grounds and Staging
  7. Client-Side Exploitation
  8. Metasploit Extended
  9. Evasion with Metasploit
  10. Metasploit for Secret Agents
  11. Visualizing Metasploit
  12. Tips and Tricks

目錄大綱(中文翻譯)

以下是翻譯結果:
```


  1. 使用Metasploit進行滲透測試

  2. 重新創造Metasploit

  3. 利用漏洞的製作過程

  4. 移植漏洞利用程式

  5. 使用Metasploit測試服務

  6. 虛擬測試環境和分段

  7. 客戶端漏洞利用

  8. 擴展Metasploit

  9. 使用Metasploit進行逃避

  10. 特務的Metasploit

  11. 視覺化Metasploit

  12. 技巧和訣竅


```