Advanced infrastructure penetration testing defend your systems from methodized and proficient attackers
A highly detailed guide to performing powerful attack vectors in many hands-on scenarios and defending significant security flaws in your company's infrastructure About This Book Advanced exploitation techniques to breach modern operating systems and complex network devices Learn about Docker b...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, [England] ; Mumbai, [India] :
Packt
2018.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631592306719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: Introduction to Advanced Infrastructure Penetration Testing
- Information security overview
- Confidentiality
- Integrity
- Availability
- Least privilege and need to know
- Defense in depth
- Risk analysis
- Information Assurance
- Information security management program
- Hacking concepts and phases
- Types of hackers
- Hacking phases
- Reconnaissance
- Passive reconnaissance
- Active reconnaissance
- Scanning
- Port scanning
- Network scanning
- Vulnerability scanning
- Gaining access
- Maintaining access
- Clearing tracks
- Penetration testing overview
- Penetration testing types
- White box pentesting
- Black box pentesting
- Gray box pentesting
- The penetration testing teams
- Red teaming
- Blue teaming
- Purple teaming
- Pentesting standards and guidance
- Policies
- Standards
- Procedures
- Guidance
- Open Source Security Testing Methodology Manual
- Information Systems Security Assessment Framework
- Penetration Testing Execution Standard
- Payment Card Industry Data Security Standard
- Penetration testing steps
- Pre-engagement
- The objectives and scope
- A get out of jail free card
- Emergency contact information
- Payment information
- Non-disclosure agreement
- Intelligence gathering
- Public intelligence
- Social engineering attacks
- Physical analysis
- Information system and network analysis
- Human intelligence
- Signal intelligence
- Open source intelligence
- Imagery intelligence
- Geospatial intelligence
- Threat modeling
- Business asset analysis
- Business process analysis
- Threat agents analysis
- Threat capability analysis
- Motivation modeling
- Vulnerability analysis
- Vulnerability assessment with Nexpose
- Installing Nexpose.
- Starting Nexpose
- Start a scan
- Exploitation
- Post-exploitation
- Infrastructure analysis
- Pillaging
- High-profile targets
- Data exfiltration
- Persistence
- Further penetration into infrastructure
- Cleanup
- Reporting
- Executive summary
- Technical report
- Penetration testing limitations and challenges
- Pentesting maturity and scoring model
- Realism
- Methodology
- Reporting
- Summary
- Chapter 2: Advanced Linux Exploitation
- Linux basics
- Linux commands
- Streams
- Redirection
- Linux directory structure
- Users and groups
- Permissions
- The chmod command
- The chown command
- The chroot command
- The power of the find command
- Jobs, cron, and crontab
- Security models
- Security controls
- Access control models
- Linux attack vectors
- Linux enumeration with LinEnum
- OS detection with Nmap
- Privilege escalation
- Linux privilege checker
- Linux kernel exploitation
- UserLand versus kernel land
- System calls
- Linux kernel subsystems
- Process
- Threads
- Security-Enhanced Linux
- Memory models and the address spaces
- Linux kernel vulnerabilities
- NULL pointer dereference
- Arbitrary kernel read/write
- Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write
- Memory corruption vulnerabilities
- Kernel stack vulnerabilities
- Kernel heap vulnerabilities
- Race conditions
- Logical and hardware-related bugs
- Case study CVE-2016-4484 - Cryptsetup Initrd root Shell
- Linux Exploit Suggester
- Buffer overflow prevention techniques
- Address space layout randomization
- Stack canaries
- Non-executable stack
- Linux return oriented programming
- Linux hardening
- Summary
- Chapter 3: Corporate Network and Database Exploitation
- Networking fundamentals
- Network topologies
- Bus topology
- Star topology
- Ring topology
- Tree topology.
- Mesh topology
- Hybrid topology
- Transmission modes
- Communication networks
- Local area network
- Metropolitan area network
- Wide area network
- Wireless network
- Data center multi-tier model design
- Open Systems Interconnection model
- In-depth network scanning
- TCP communication
- ICMP scanning
- SSDP scanning
- UDP Scanning
- Intrusion detection systems
- Machine learning for intrusion detection
- Supervised learning
- Unsupervised learning
- Semi-supervised learning
- Reinforcement
- Machine learning systems' workflow
- Machine learning model evaluation metrics
- Services enumeration
- Insecure SNMP configuration
- DNS security
- DNS attacks
- Sniffing attacks
- DDoS attacks
- Types of DDoS attacks
- Defending against DDoS attacks
- DDoS scrubbing centers
- Software-Defined Network penetration testing
- SDN attacks
- SDNs penetration testing
- DELTA: SDN security evaluation framework
- SDNPWN
- Attacks on database servers
- Summary
- Chapter 4: Active Directory Exploitation
- Active Directory
- Single Sign-On
- Kerberos authentication
- Lightweight Directory Access Protocol
- PowerShell and Active Directory
- Active Directory attacks
- PowerView
- Kerberos attacks
- Kerberos TGS service ticket offline cracking (Kerberoast)
- SPN scanning
- Passwords in SYSVOL and group policy preferences
- 14-068 Kerberos vulnerability on a domain controller
- Dumping all domain credentials with Mimikatz
- Pass the credential
- Dumping LSASS memory with Task Manager (get domain admin credentials)
- Dumping Active Directory domain credentials from an NTDS.dit file
- Summary
- Chapter 5: Docker Exploitation
- Docker fundamentals
- Virtualization
- Cloud computing
- Cloud computing security challenges
- Docker containers
- Docker exploitation
- Kernel exploits
- DoS and resource abuse.
- Docker breakout
- Poisoned images
- Database passwords and data theft
- Docker bench security
- Docker vulnerability static analysis with Clair
- Building a penetration testing laboratory
- Summary
- Chapter 6: Exploiting Git and Continuous Integration Servers
- Software development methodologies
- Continuous integration
- Types of tests
- Continuous integration versus continuous delivery
- DevOps
- Continuous integration with GitHub and Jenkins
- Installing Jenkins
- Continuous integration attacks
- Continuous integration server penetration testing
- Rotten Apple project for testing continuous integration or continuous delivery system security
- Continuous security with Zed Attack Proxy
- Summary
- Chapter 7: Metasploit and PowerShell for Post-Exploitation
- Dissecting Metasploit Framework
- Metasploit architecture
- Modules
- Exploits
- Payloads
- Auxiliaries
- Encoders
- NOPs
- Posts
- Starting Metasploit
- Bypassing antivirus with the Veil-Framework
- Writing your own Metasploit module
- Metasploit Persistence scripts
- Weaponized PowerShell with Metasploit
- Interactive PowerShell
- PowerSploit
- Nishang - PowerShell for penetration testing
- Defending against PowerShell attacks
- Summary
- Chapter 8: VLAN Exploitation
- Switching in networking
- LAN switching
- MAC attack
- Media Access Control Security
- DHCP attacks
- DHCP starvation
- Rogue DHCP server
- ARP attacks
- VLAN attacks
- Types of VLANs
- VLAN configuration
- VLAN hopping attacks
- Switch spoofing
- VLAN double tagging
- Private VLAN attacks
- Spanning Tree Protocol attacks
- Attacking STP
- Summary
- Chapter 9: VoIP Exploitation
- VoIP fundamentals
- H.323
- Skinny Call Control Protocol
- RTP/RTCP
- Secure Real-time Transport Protocol
- H.248 and Media Gateway Control Protocol
- Session Initiation Protocol.
- VoIP exploitation
- VoIP attacks
- Denial-of-Service
- Eavesdropping
- SIP attacks
- SIP registration hijacking
- Spam over Internet Telephony
- Embedding malware
- Viproy - VoIP penetration testing kit
- VoLTE Exploitation
- VoLTE attacks
- SiGploit - Telecom Signaling Exploitation Framework
- Summary
- Chapter 10: Insecure VPN Exploitation
- Cryptography
- Cryptosystems
- Ciphers
- Classical ciphers
- Modern ciphers
- Kerckhoffs' principle for cryptosystems
- Cryptosystem types
- Symmetric cryptosystem
- Asymmetric cryptosystem
- Hash functions and message integrity
- Digital signatures
- Steganography
- Key management
- Cryptographic attacks
- VPN fundamentals
- Tunneling protocols
- IPSec
- Secure Sockets Layer/Transport Layer Security
- SSL attacks
- DROWN attack (CVE-2016-0800)
- POODLE attack (CVE-2014-3566)
- BEAST attack (CVE-2011-3389)
- CRIME attack (CVE-2012-4929)
- BREACH attack (CVE-2013-3587)
- Heartbleed attack
- Qualys SSL Labs
- Summary
- Chapter 11: Routing and Router Vulnerabilities
- Routing fundamentals
- Exploiting routing protocols
- Routing Information Protocol
- RIPv1 reflection DDoS
- Open Shortest Path First
- OSPF attacks
- Disguised LSA
- MaxAge LSAs
- Remote false adjacency
- Seq++ attack
- Persistent poisoning
- Defenses
- Interior Gateway Routing Protocol
- Enhanced Interior Gateway Routing Protocol
- Border Gateway Protocol
- BGP attacks
- Exploiting routers
- Router components
- Router bootup process
- Router attacks
- The router exploitation framework
- Summary
- Chapter 12: Internet of Things Exploitation
- The IoT ecosystem
- IoT project architecture
- IoT protocols
- The IoT communication stack
- IP Smart Objects protocols suite
- Standards organizations
- IoT attack surfaces
- Devices and appliances
- Firmware
- Web interfaces.
- Network services.
