“…Battle of Dorking. Español…”

Tabla de Contenidos: “…CMS Security Handbook; Contents; Introduction; Chapter 1 Introduction to CMS Security and Operations; Target Acquired; Operational Considerations; Educating Your Employees and End Users; Raising Security Awareness; Training on Information Security Policies; Providing a Standard Protocol for Threat Reporting; Ensuring E-mail Security; Applying Patches and Updates; Being Aware and Staying Safe; Looking at Your Site Through the Eyes of a Hacker; Steps to Gaining Access to Your Site; Researching; Googling Away; Using Google Hacking Tools (Dorks); Footprinting; Using NMAP for Nefarious Means…”

Tabla de Contenidos: “…; Discussion : Using narrative patterns; Storytelling techniques; Presentation medium; Different notions of time; Audience and general intention -- Watches to augmented reality: devices and gadgets for data-driven storytelling / Bongshin Lee, Tim Dwyer, Dominikus Baur, and Xaquín González Veira : Characteristics of different devices ; Examples of practices by devices ; Opportunities and challenges -- From analysis to communication: supporting the lifecycle of a story / Fanny Chevalier, Melanie Tory, Bongshin Lee, Jarke van Wijk, Giuseppe Santucci, Marian Dörk, and Jessica Hullman : Understanding current practices: interviews with data storytellers : Methodology; Storytelling process; Origin of the story; Roles; Storytelling constraints ; Tool landscape ; Directions for research and design -- Organizing the work of data-driven visual storytelling / Christina Elmer, Jonathan Schwabish, and Benjamin Wiederkehr : Design studios : Organizational structure; Skill sets; Tools and technologies; Process and project selection; Reflections and lessons learned ; Media organizations : Structure and organization; Skill sets; Tools and technologies; Process and project selection; Reflections and lessons learned ; NGOs and nonprofits : Structure and organization; Skill sets; Tools and technologies; Process and project selection; Reflections and lessons learned ; Conclusion ; Appendices : Glossary and definitions ; Tools ; Interview questionnaire ; Interviewees -- Communicating with data to an audience / Steven Drucker, Samuel Huron, Robert Kosara, Jonathan Schwabish, and Nicholas Diakopoulos : What does the audience know? …”

Tabla de Contenidos: “…2.6 Datei-Altlasten2.6.1 Temporäre Dateien; 2.6.2 Include- und Backup-Dateien; 2.6.3 Dateien von Entwicklungswerkzeugen; 2.6.4 Vergessene oder »versteckte« PHP-Dateien; 2.6.5 Temporäre CVS-Dateien; 2.7 Pfade; 2.7.1 mod_speling; 2.7.2 robots.txt; 2.7.3 Standardpfade; 2.7.4 Pfade verkürzen; 2.8 Kommentare aus HTML-Dateien; 2.9 Applikationen erkennen; 2.9.1 Das Aussehen/Layout; 2.9.2 Typische Dateien bekannter Applikationen; 2.9.3 Header-Felder; 2.9.4 Bestimmte Pfade; 2.9.5 Kommentare im Quellcode; 2.9.6 HTML-Metatags; 2.10 Default-User; 2.11 Google Dork; 2.12 Fazit; 3 Parametermanipulation…”

Tabla de Contenidos: “…Repudiation -- Information disclosure - confidentiality -- Denial of service - availability -- Elevation of privilege - authorization -- Test strategies -- Summary -- Chapter 8: Source Code Review -- Programming background -- Enterprise secure coding guidelines -- Static code analysis - manual scan versus automatic scan -- Secure coding checklist -- Summary -- Chapter 9: Network Penetration Testing -- Passive information gathering - reconnaissance - OSINT -- Web search engines -- Google Hacking Database - Google dorks -- Online tools -- Kali Linux tools -- WHOIS lookup -- Domain name system - DNS enumeration -- Gathering email addresses -- Active information gathering - services enumeration -- Identifying live hosts -- Identifying open ports/services -- Service probing and enumeration -- Vulnerability assessment -- OpenVas -- Exploitation -- Finding exploits -- Listener setup -- Generating a shell payload using msfvenom -- Custom shells -- Privilege escalation -- File transfers -- Using PowerShell -- Using VBScript -- Administrator or root -- Summary -- Chapter 10: Web Intrusion Tests -- Web Intrusion Test workflow -- Identifying hidden contents -- Common web page checklist -- Special pages checklist -- Reporting -- Common Vulnerability Scoring System - CVSS -- First case - SQLi -- Second case - Reflected XSS -- Report template -- Summary -- Chapter 11: Pentest Automation Using Python -- Python IDE -- Downloading and installing PyCharm -- PyCharm quick overview -- Penetration testing automation -- Automate.py in action -- Utility functions -- Service enumeration -- DTO service class -- The scanner core -- Summary -- Appendix A: Nmap Cheat Sheet -- Target specification -- Host discovery -- Scan types and service versions -- Port specification and scan order -- Script scan -- Timing and performance -- Firewall/IDS evasion and spoofing -- Output…”

Tabla de Contenidos: “…. -- There's more... -- Google Dork automation with ChatGPT and Python -- Getting ready -- How to do it... -- How it works... -- There's more... -- Analyzing job postings OSINT with ChatGPT -- Getting ready -- How to do it... -- How it works... -- There's more... -- GPT-powered Kali Linux terminals -- Getting ready -- How to do it... -- How it works... -- There's more... -- Chapter 7: Threat Monitoring and Detection -- Technical requirements -- Threat Intelligence Analysis -- Getting ready -- How to do it... -- How it works... -- There's more... -- Real-Time Log Analysis -- Getting ready -- How to do it... -- How it works... -- There's more... -- Detecting APTs using ChatGPT for Windows Systems -- Getting ready -- How to do it... -- How it works... -- There's more... -- Building Custom Threat Detection Rules -- Getting ready -- How to do it... -- How it works... -- There's more... -- Network Traffic Analysis and Anomaly Detection with PCAP Analyzer -- Getting ready -- How to do it... -- How it works... -- There's more... -- Chapter 8: Incident Response -- Technical requirements -- ChatGPT-assisted incident analysis and triage -- Getting ready -- How to do it... -- How it works... -- There's more... -- Generating incident response playbooks…”

Tabla de Contenidos: “…Security by cloud models -- Data security in the cloud -- Securing Kubernetes and APIs -- Cloud-native security -- Controlling access to the Kubernetes API -- Controlling access to kubelet -- Preventing containers from loading unwanted kernel modules -- Restricting access to etcd -- Avoiding the use of alpha or beta features in production -- Third-party integrations -- Hardening database services -- Testing your cloud security -- Azure Security Center -- Amazon CloudWatch -- AppDynamics -- Nessus vulnerability scanner -- InsightVM -- Intruder -- Summary -- Further reading -- Chapter 12: Mastering Web App Security -- Technical requirements -- Gathering intelligence about your site/web application -- Importance of public data gathering -- Open Source Intelligence -- Hosting information -- Checking data exposure with Google hacking (dorks) -- Leveraging DVWA -- Installing DVWA on Kali Linux -- Overviewing the most common attacks on web applications -- Exploring XSS attacks -- Using Burp Suite -- Burp Suite versions -- Setting up Burp Suite on Kali -- SQL injection attack on DVWA -- Fixing a common error -- Brute forcing web applications' passwords -- Analyzing the results -- Summary -- Further reading -- Section 3: Deep Dive into Defensive Security -- Chapter 13: Vulnerability Assessment Tools -- Technical requirements -- Dealing with vulnerabilities -- Who should be looking for vulnerabilities? …”

Tabla de Contenidos: “…Web Application Proxies -- Burp Proxy -- Customizing client interception -- Modifying requests on the fly -- Burp Proxy with HTTPS websites -- Zed Attack Proxy -- ProxyStrike -- Web Crawlers and Directory Bruteforce -- DIRB -- DirBuster -- Uniscan -- Web Vulnerability Scanners -- Nikto -- w3af -- Skipfish -- Other tools -- OpenVAS -- Database exploitation -- Web application fuzzers -- Using Tor for penetration testing -- Vulnerable applications and servers to practice on -- OWASP Broken Web Applications -- Hackazon -- Web Security Dojo -- Other resources -- Summary -- Chapter 3: Reconnaissance and Profiling the Web Server -- Reconnaissance -- Passive reconnaissance versus active reconnaissance -- Information gathering -- Domain registration details -- Whois - extracting domain information -- Identifying related hosts using DNS -- Zone transfer using dig -- DNS enumeration -- DNSEnum -- Fierce -- DNSRecon -- Brute force DNS records using Nmap -- Using search engines and public sites to gather information -- Google dorks -- Shodan -- theHarvester -- Maltego -- Recon-ng - a framework for information gathering -- Domain enumeration using Recon-ng -- Sub-level and top-level domain enumeration -- Reporting modules -- Scanning - probing the target -- Port scanning using Nmap -- Different options for port scan -- Evading firewalls and IPS using Nmap -- Identifying the operating system -- Profiling the server -- Identifying virtual hosts -- Locating virtual hosts using search engines -- Identifying load balancers -- Cookie-based load balancer -- Other ways of identifying load balancers -- Application version fingerprinting -- The Nmap version scan -- The Amap version scan -- Fingerprinting the web application framework -- The HTTP header -- The WhatWeb scanner -- Scanning web servers for vulnerabilities and misconfigurations…”

Tabla de Contenidos: “…Scoping and Planning Engagements -- Assessment Types -- Known Environments and Unknown Environments -- The Rules of Engagement -- Scoping Considerations-A Deeper Dive -- Support Resources for Penetration Tests -- Penetration Testing Standards and Methodologies -- Key Legal Concepts for Penetration Tests -- Contracts -- Data Ownership and Retention -- Permission to Attack (Authorization) -- Environmental Differences and Location Restrictions -- Regulatory Compliance Considerations -- Summary -- Exam Essentials -- Lab Exercises -- Review Questions -- Chapter 3 Information Gathering -- Footprinting and Enumeration -- OSINT -- Location and Organizational Data -- Infrastructure and Networks -- Security Search Engines -- Google Dorks and Search Engine Techniques -- Password Dumps and Other Breach Data -- Source Code Repositories -- Passive Enumeration and Cloud Services -- Active Reconnaissance and Enumeration -- Hosts -- Services -- Networks, Topologies, and Network Traffic -- Packet Crafting and Inspection -- Enumeration -- Information Gathering and Code -- Avoiding Detection -- Information Gathering and Defenses -- Defenses Against Active Reconnaissance -- Preventing Passive Information Gathering -- Summary -- Exam Essentials -- Lab Exercises -- Activity 3.1: Manual OSINT Gathering -- Activity 3.2: Exploring Shodan -- Activity 3.3: Running an Nmap Scan -- Review Questions -- Chapter 4 Vulnerability Scanning -- Identifying Vulnerability Management Requirements -- Regulatory Environment -- Corporate Policy -- Support for Penetration Testing -- Identifying Scan Targets -- Determining Scan Frequency -- Active vs. …”