Windows and Linux Penetration Testing from Scratch - Second Edition
暫譯: 從零開始的 Windows 和 Linux 滲透測試 - 第二版

Bramwell, Phil

Windows and Linux Penetration Testing from Scratch - Second Edition

買這商品的人也買了...

商品描述

Master the art of identifying and exploiting vulnerabilities with Metasploit, Empire, PowerShell, and Python, turning Kali Linux into your fighter cockpit

Key Features

- Map your client's attack surface with Kali Linux
- Discover the craft of shellcode injection and managing multiple compromises in the environment
- Understand both the attacker and the defender mindset

Book Description

Let's be honest―security testing can get repetitive. If you're ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients.

This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You'll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you'll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you'll be able to go deeper and keep your access.

By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients' environments and providing the necessary insight for proper remediation.

What you will learn

- Get to know advanced pen testing techniques with Kali Linux
- Gain an understanding of Kali Linux tools and methods from behind the scenes
- Get to grips with the exploitation of Windows and Linux clients and servers
- Understand advanced Windows concepts and protection and bypass them with Kali and living-off-the-land methods
- Get the hang of sophisticated attack frameworks such as Metasploit and Empire
- Become adept in generating and analyzing shellcode
- Build and tweak attack scripts and modules

Who this book is for

This book is for penetration testers, information technology professionals, cybersecurity professionals and students, and individuals breaking into a pentesting role after demonstrating advanced skills in boot camps. Prior experience with Windows, Linux, and networking is necessary.

商品描述(中文翻譯)

掌握使用 Metasploit、Empire、PowerShell 和 Python 識別及利用漏洞的藝術,將 Kali Linux 轉變為您的戰鬥駕駛艙

主要特點

- 使用 Kali Linux 繪製客戶的攻擊面
- 探索 shellcode 注入的技術及在環境中管理多重妥協
- 理解攻擊者和防禦者的心態

書籍描述

老實說,安全測試可能會變得重複。如果您準備打破常規,擁抱滲透測試的藝術,這本書將幫助您在客戶中脫穎而出。

這本滲透測試書籍是您學習從不可或缺的平台 Kali Linux 攻擊 Windows 和 Linux 環境的高級技術的指南。您將深入了解核心網絡駭客概念和利用技術與人為因素來最大化成功的高級利用技術。您還將探索如何利用公共資源來了解目標,發現潛在目標,分析它們,並使用各種利用技術獲得立足點,同時避開防禦措施,如防病毒軟體和防火牆。本書專注於利用目標資源,例如 PowerShell,來執行強大且難以檢測的攻擊。在此過程中,您將享受閱讀這些方法如何運作的內容,以便您能夠掌握必要的知識,向各種背景的客戶解釋您的發現。最後,通過後利用策略,您將能夠深入並保持您的訪問權限。

在本書結束時,您將熟練於識別客戶環境中的漏洞,並提供必要的見解以進行適當的修復。

您將學到的內容

- 熟悉使用 Kali Linux 的高級滲透測試技術
- 從幕後了解 Kali Linux 工具和方法
- 理解 Windows 和 Linux 客戶端及伺服器的利用
- 理解高級 Windows 概念及其保護,並使用 Kali 和生活在土地上的方法繞過它們
- 熟悉複雜的攻擊框架,如 Metasploit 和 Empire
- 精通生成和分析 shellcode
- 建立和調整攻擊腳本和模組

本書適合對象

本書適合滲透測試人員、資訊科技專業人員、網絡安全專業人員及學生,以及在展示高級技能後進入滲透測試角色的個人。需要具備 Windows、Linux 和網絡的先前經驗。

作者簡介

Phil Bramwell, CISSP has been tinkering with gadgets since he was a kid in the 1980s. After obtaining the Certified Ethical Hacker and Certified Expert Penetration Tester certifications in 2004 and a Bachelors of Applied Science in Computer Security from Davenport University in 2007, Phil was a security engineer and consultant who conducted Common Criteria, FIPS, and PCI-DSS assessments, GDPR consulting for a firm in the UK, and social engineering and penetration testing for banks, governments, and universities throughout the USA. After specializing in antimalware analysis and security operations, Phil is now a penetration tester for a Fortune 100 automobile manufacturer. Phil is based in the Metro Detroit area.

作者簡介(中文翻譯)

Phil Bramwell,CISSP,自1980年代起便開始對各種小工具進行研究。2004年獲得Certified Ethical Hacker和Certified Expert Penetration Tester認證,並於2007年從Davenport University獲得應用科學學士學位(Computer Security),Phil曾擔任安全工程師和顧問,進行Common Criteria、FIPS和PCI-DSS評估,為英國的一家公司提供GDPR諮詢,並為美國的銀行、政府和大學進行社會工程和滲透測試。在專注於反惡意軟體分析和安全運營後,Phil目前是某家Fortune 100汽車製造商的滲透測試員。Phil目前居住在底特律大都會區。

目錄大綱

1. Open Source Intelligence
2. Bypassing Network Access Control
3. Sniffing and Spoofing
4. Windows Passwords on the Network
5. Assessing Network Security
6. Cryptography and the Penetration Tester
7. Advanced Exploitation with Metasploit
8. Python Fundamentals
9. PowerShell Fundamentals
10. Shellcoding - The Stack
11. Shellcoding - Bypassing Protections
12. Shellcoding - Evading Antivirus
13. Windows Kernel Security
14. Fuzzing Techniques
15. Going Beyond the Foothold
16. Escalating Privileges
17. Maintaining Access
18. Answers

目錄大綱(中文翻譯)

1. Open Source Intelligence

2. Bypassing Network Access Control

3. Sniffing and Spoofing

4. Windows Passwords on the Network

5. Assessing Network Security

6. Cryptography and the Penetration Tester

7. Advanced Exploitation with Metasploit

8. Python Fundamentals

9. PowerShell Fundamentals

10. Shellcoding - The Stack

11. Shellcoding - Bypassing Protections

12. Shellcoding - Evading Antivirus

13. Windows Kernel Security

14. Fuzzing Techniques

15. Going Beyond the Foothold

16. Escalating Privileges

17. Maintaining Access

18. Answers

類似商品

最後瀏覽商品 (6)