Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Rafay Baloch is the founder/CEO of RHA InfoSec. He runs one of the top security blogs in Pakistan with more than 25,000 subscribers (http://rafayhackingarticles.net). He has participated in various bug bounty programs and has helped several major Internet corporations such as Google, Facebook, Twitter, Yahoo!, eBay, etc., to improve their Internet security. Rafay was successful in finding a remote code execution vulnerability along with several other high-risk vulnerabilities inside PayPal, for which he was awarded a huge sum of money as well as an offer to work for PayPal. His major areas of research interest are in network security, bypassing modern security defenses such as WAFs, DOM-based XSS, and other HTML 5–based attack vectors. Rafay holds CPTE, CPTC, CSWAE, CVA, CSS, OSCP, CCNA R & S, CCNP Route, and eWAPT certifications.
Introduction to Hacking
Important Terminologies
Asset
Vulnerability
Threat
Exploit
Risk
What Is a Penetration Test?
Vulnerability Assessments versus Penetration Test
Pre-Engagement
Rules of Engagement
Milestones
Penetration Testing Methodologies
OSSTMM
NIST
OWASP
Categories of Penetration Test
Black Box
White Box
Gray Box
Types of Penetration Tests
Network Penetration Test
Web Application Penetration Test
Mobile Application Penetration Test
Social Engineering Penetration Test
Physical Penetration Test
Report Writing
Understanding the Audience
Executive Class
Management Class
Technical Class
Writing Reports
Structure of a Penetration Testing Report
Cover Page
Table of Contents
Executive Summary
Remediation Report
Vulnerability Assessment Summary
Tabular Summary
Risk Assessment
Risk Assessment Matrix
Methodology
Detailed Findings
Description
Explanation
Risk
Recommendation
Reports
Conclusion
Linux Basics
Major Linux Operating Systems
File Structure inside of Linux
Permissions in Linux
Special Permissions
Users inside of Linux
Linux Services
Linux Password Storage
Linux Logging
Common Applications of Linux
What Is BackTrack?
How to Get BackTrack 5 Running?
Installing BackTrack on Virtual Box
Installing BackTrack on a Portable USB
Installing BackTrack on Your Hard Drive
BackTrack Basics
Changing the Default Screen Resolution
Some Unforgettable Basics
Changing the Password
Clearing the Screen
Listing the Contents of a Directory
Displaying Contents of a Specific Directory
Displaying the Contents of a File
Creating a Directory
Changing the Directories
Windows
Linux
Creating a Text File
Copying a File
Current Working Directory
Renaming a File
Moving a File
Removing a File
Locating Certain Files inside BackTrack
Text Editors inside BackTrack
Getting to Know Your Network
Dhclient
Services
MySQL
SSHD
Postgresql
Other Online Resources
Information Gathering Techniques
Active Information Gathering
Passive Information Gathering
Sources of Information Gathering
Copying Websites Locally
Information Gathering with Whois
Finding Other Websites Hosted on the Same Server
YouGetSignal.com
Tracing the Location
Traceroute
ICMP Traceroute
TCP Traceroute
Usage
UDP Traceroute
Usage
NeoTrace
Cheops-ng
Enumerating and Fingerprinting the Webservers
Intercepting a Response
Acunetix Vulnerability Scanner
WhatWeb
Netcraft
Google Hacking
Some Basic Parameters
Site
Example
TIP regarding Filetype
Google Hacking Database
Hackersforcharity.org/ghdb
Xcode Exploit Scanner
File Analysis
Foca
Harvesting E-Mail Lists
Gathering Wordlist from a Target Website
Scanning for Subdomains
TheHarvester
Fierce in BackTrack
Scanning for SSL Version
DNS Enumeration
Interacting with DNS Servers
Nslookup
DIG
Forward DNS Lookup
Forward DNS Lookup with Fierce
Reverse DNS
Reverse DNS Lookup with Dig
Reverse DNS Lookup with Fierce
Zone Transfers
Zone Transfer with Host Command
Automating Zone Transfers
DNS Cache Snooping
What Is DNS Cache Snooping?
Nonrecursive Method
Recursive Method
What Is the Likelihood of Name Servers Allowing Recursive/Nonrecursive Queries?
Attack Scenario
Automating DNS Cache Snooping Attacks
Enumerating SNMP
Problem with SNMP
Sniffing SNMP Passwords
OneSixtyOne
Snmpenum
SolarWinds Toolset
SNMP Sweep
SNMP Brute Force and Dictionary
SNMP Brute Force Tool
SNMP Dictionary Attack Tool
SMTP Enumeration
Detecting Load Balancers
Load Balancer Detector
Determining Real IP behind Load Balancers
Bypassing CloudFlare Protection
Method 1: Resolvers
Method 2: Subdomain Trick
Method 3: Mail Servers
Intelligence Gathering Using Shodan
Further Reading
Conclusion
Target Enumeration and Port Scanning Techniques
Host Discovery
Scanning for Open Ports and Services
Types of Port Scanning
Understanding the TCP Three-Way Handshake
TCP Flags
Port Status Types
TCP SYN Scan
TCP Connect Scan
NULL, FIN, and XMAS Scans
NULL Scan
FIN Scan
XMAS Scan
TCP ACK Scan
Responses
UDP Port Scan
Anonymous Scan Types
IDLE Scan
Scanning for a Vulnerable Host
Performing an IDLE Scan with NMAP
TCP FTP Bounce Scan
Service Version Detection
OS Fingerprinting
POF
Output
Normal Format
Grepable Format
XML Format
Advanced Firewall/IDS Evading Techniques
Timing Technique
Wireshark Output
Fragmented Packets
Wireshark Output
Source Port Scan
Specifying an MTU
Sending Bad Checksums
Decoys
ZENMAP
Further Reading
Vulnerability Assessment
What Are Vulnerability Scanners and How Do They Work?
Pros and Cons of a Vulnerability Scanner
Vulnerability Assessment with Nmap
Updating the Database
Scanning MS08 _ 067 _ netapi
Testing SCADA Environments with Nmap
Installation
Usage
Nessus Vulnerability Scanner
Home Feed
Professional Feed
Installing Nessus on BackTrack
Adding a User
Nessus Control Panel
Reports
Mobile
Policies
Users
Configuration
Default Policies
Creating a New Policy
Safe Checks
Silent Dependencies
Avoid Sequential Scans
Port Range
Credentials
Plug-Ins
Preferences
Scanning the Target
Nessus Integration with Metasploit
Importing Nessus to Metasploit
Scanning the Target
Reporting
OpenVas
Resource
Vulnerability Data Resources
Exploit Databases
Using Exploit-db with BackTrack
Searching for Exploits inside BackTrack
Conclusion
Network Sniffing
Introduction
Types of Sniffing
Active Sniffing
Passive Sniffing
Hubs versus Switches
Promiscuous versus Nonpromiscuous Mode
MITM Attacks
ARP Protocol Basics
How ARP Works?
ARP Attacks
MAC Flooding
Macof
ARP Poisoning
Scenario—How It Works?
Denial of Service Attacks
Tools in the Trade
Dsniff
Using ARP Spoof to Perform MITM Attacks
Usage
Sniffing the Traffic with Dsniff
Sniffing Pictures with Drifnet
Urlsnarf and Webspy
Sniffing with Wireshark
Ettercap
ARP Poisoning with Ettercap
Hijacking Session with MITM Attack
Attack Scenario
ARP Poisoning with Cain and Abel
Sniffing Session Cookies with Wireshark
Hijacking the Session
SSL Strip: Stripping HTTPS Traffic
Requirements
Usage
Automating Man in the Middle Attacks
Usage
DNS Spoofing
ARP Spoofing Attack
Manipulating the DNS Records
Using Ettercap to Launch DNS Spoofing Attack
DHCP Spoofing
Conclusion
Remote Exploitation
Understanding Network Protocols
Transmission Control Protocol
User Datagram Protocol
Internet Control Messaging Protocol
Server Protocols
Text-Based Protocols (Important)
Binary Protocols
FTP
SMTP
HTTP
Further Reading
Resources
Attacking Network Remote Services
Overview of Brute Force Attacks
Traditional Brute Force
Dictionary Attacks
Hybrid Attacks
Common Target Protocols
Tools of the Trade
THC Hydra
Basic Syntax for Hydra
Cracking Services with Hydra
Hydra GUI
Medusa
Basic Syntax
OpenSSH Username Discovery Bug
Cracking SSH with Medusa
Ncrack
Basic Syntax
Cracking an RDP with Ncrack
Case Study of a Morto Worm
Combining Nmap and Ncrack for Optimal Results
Attacking SMTP
Important Commands
Real-Life Example
Attacking SQL Servers
MySQL Servers
Fingerprinting MySQL Version
Testing for Weak Authentication
MS SQL Servers
Fingerprinting the Version
Brute Forcing SA Account
Using Null Passwords
Introduction to Metasploit
History of Metasploit
Metasploit Interfaces
MSFconsole
MSFcli
MSFGUI
Armitage
Metasploit Utilities
MSFPayload
MSFencode
MSFVenom
Metasploit Basic Commands
Search Feature in Metasploit
Use Command
Info Command
Show Options
Set/Unset Command
Reconnaissance with Metasploit
Port Scanning with Metasploit
Metasploit Databases
Storing Information from Nmap into Metasploit Database
Useful Scans with Metasploit
Port Scanners
Specific Scanners
Compromising a Windows Host with Metasploit
Metasploit Autopwn
db _ autopwn in Action
Nessus and Autopwn
Armitage
Interface
Launching Armitage
Compromising Your First Target from Armitage
Enumerating and Fingerprinting the Target
MSF Scans
Importing Hosts
Vulnerability Assessment
Exploitation
Check Feature
Hail Mary
Conclusion
References
Client Side Exploitation
Client Side Exploitation Methods
Attack Scenario 1: E-Mails Leading to Malicious Attachments
Attack Scenario 2: E-Mails Leading to Malicious Links
Attack Scenario 3: Compromising Client Side Update
Attack Scenario 4: Malware Loaded on USB Sticks
E-Mails with Malicious Attachments
Creating a Custom Executable
Creating a Backdoor with SET
PDF Hacking
Introduction
&...
Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.
Spese di spedizione:
EUR 2,80
In U.S.A.
Descrizione libro Condizione: new. Codice articolo newMercantile_1482231611
Descrizione libro Paperback. Condizione: new. New. Fast Shipping and good customer service. Codice articolo Holz_New_1482231611
Descrizione libro Paperback. Condizione: new. Buy for Great customer experience. Codice articolo GoldenDragon1482231611
Descrizione libro Condizione: new. Codice articolo FrontCover1482231611
Descrizione libro Paperback. Condizione: new. New. Codice articolo Wizard1482231611
Descrizione libro Paperback. Condizione: new. Prompt service guaranteed. Codice articolo Clean1482231611
Descrizione libro paperback. Condizione: New. Language: ENG. Codice articolo 9781482231618
Descrizione libro Condizione: New. Book is in NEW condition. Codice articolo 1482231611-2-1
Descrizione libro Condizione: New. Codice articolo 21179208-n
Descrizione libro Paperback. Condizione: new. New Copy. Customer Service Guaranteed. Codice articolo think1482231611