Penetration Testing Azure for Ethical Hackers: Develop practical skills to perform pentesting and risk assessment of Microsoft Azure environments
暫譯: 針對道德駭客的 Azure 滲透測試:培養在 Microsoft Azure 環境中進行滲透測試和風險評估的實用技能
Okeyode, David, Fosaaen, Karl
- 出版商: Packt Publishing
- 出版日期: 2021-11-11
- 售價: $2,010
- 貴賓價: 9.5 折 $1,910
- 語言: 英文
- 頁數: 352
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1839212934
- ISBN-13: 9781839212932
-
相關分類:
Microsoft Azure、Penetration-test、駭客 Hack
海外代購書籍(需單獨結帳)
商品描述
Simulate real-world attacks using tactics, techniques, and procedures that adversaries use during cloud breaches
Key Features:
- Understand the different Azure attack techniques and methodologies used by hackers
- Find out how you can ensure end-to-end cybersecurity in the Azure ecosystem
- Discover various tools and techniques to perform successful penetration tests on your Azure infrastructure
Book Description:
Security professionals working with Azure will be able to put their knowledge to work with this practical guide to penetration testing. The book provides a hands-on approach to exploring Azure penetration testing methodologies that will help you get up and running in no time with the help of a variety of real-world examples, scripts, and ready-to-use source code.
As you learn about the Microsoft Azure platform and understand how hackers can attack resources hosted in the Azure cloud, you'll find out how to protect your environment by identifying vulnerabilities, along with extending your pentesting tools and capabilities. This book starts by taking you through the prerequisites for pentesting Azure and shows you how to set up a pentesting lab. You'll then simulate attacks on Azure assets such as web applications and virtual machines from anonymous and authenticated perspectives. Finally, you'll learn about the opportunities for privilege escalation in Azure tenants and ways in which an attacker can create persistent access to an environment.
By the end of this book, you'll be able to leverage your ethical hacking skills to identify and implement different tools and techniques to perform successful penetration tests on your own Azure infrastructure.
What You Will Learn:
- Identify how administrators misconfigure Azure services, leaving them open to exploitation
- Understand how to detect cloud infrastructure, service, and application misconfigurations
- Explore processes and techniques for exploiting common Azure security issues
- Use on-premises networks to pivot and escalate access within Azure
- Diagnose gaps and weaknesses in Azure security implementations
- Understand how attackers can escalate privileges in Azure AD
Who this book is for:
This book is for new and experienced infosec enthusiasts who want to learn how to simulate real-world Azure attacks using tactics, techniques, and procedures (TTPs) that adversaries use in cloud breaches. Any technology professional working with the Azure platform (including Azure administrators, developers, and DevOps engineers) interested in learning how attackers exploit vulnerabilities in Azure hosted infrastructure, applications, and services will find this book useful.
商品描述(中文翻譯)
模擬現實世界的攻擊,使用對手在雲端違規時所採用的戰術、技術和程序
主要特點:
- 了解駭客使用的不同 Azure 攻擊技術和方法論
- 瞭解如何確保 Azure 生態系統中的端到端網路安全
- 探索各種工具和技術,以在您的 Azure 基礎設施上執行成功的滲透測試
書籍描述:
從事 Azure 的安全專業人員將能夠利用這本實用的滲透測試指南來應用他們的知識。這本書提供了一種實踐的方法來探索 Azure 滲透測試方法論,幫助您迅速上手,並提供各種現實世界的範例、腳本和可直接使用的源代碼。
當您學習 Microsoft Azure 平台並了解駭客如何攻擊在 Azure 雲端中托管的資源時,您將發現如何通過識別漏洞來保護您的環境,並擴展您的滲透測試工具和能力。本書首先帶您了解滲透測試 Azure 的前置條件,並展示如何設置滲透測試實驗室。接著,您將從匿名和已驗證的角度模擬對 Azure 資產(如網頁應用程式和虛擬機)的攻擊。最後,您將了解在 Azure 租戶中提升權限的機會,以及攻擊者如何創建持久訪問環境的方法。
在本書結束時,您將能夠利用您的道德駭客技能,識別並實施不同的工具和技術,以在自己的 Azure 基礎設施上執行成功的滲透測試。
您將學到的內容:
- 識別管理員如何錯誤配置 Azure 服務,使其易受利用
- 了解如何檢測雲基礎設施、服務和應用程式的錯誤配置
- 探索利用常見 Azure 安全問題的過程和技術
- 使用本地網路在 Azure 中進行樞紐和提升訪問權限
- 診斷 Azure 安全實施中的差距和弱點
- 了解攻擊者如何在 Azure AD 中提升權限
本書適合對象:
本書適合希望學習如何模擬現實世界 Azure 攻擊的初學者和經驗豐富的資訊安全愛好者,使用對手在雲端違規中所採用的戰術、技術和程序(TTPs)。任何在 Azure 平台上工作的技術專業人員(包括 Azure 管理員、開發人員和 DevOps 工程師),對學習攻擊者如何利用 Azure 托管基礎設施、應用程式和服務中的漏洞感興趣的人,都會發現這本書非常有用。
