網絡安全滲透測試與防護
王立進,張宗寶,張鎮
- 出版商: 電子工業
- 出版日期: 2024-11-01
- 定價: $263
- 售價: 8.5 折 $223 (限時優惠至 2025-01-05)
- 語言: 簡體中文
- 頁數: 224
- ISBN: 712148384X
- ISBN-13: 9787121483844
-
相關分類:
Penetration-test
下單後立即進貨 (約4週~6週)
買這商品的人也買了...
-
$352深入理解 Android 網絡編程-技術詳解與最佳實踐 -
$454Android 深度探索(捲 2)-系統應用源代碼分析與 ROM 定製(附光盤) -
$454Android 安全攻防權威指南 -
Python 駭客密碼|加密、解密與破解實例應用 Cracking Codes with Python$520$520 -
$281網絡設備配置與調試項目實訓(第4版) -
CQRS 命令查詢職責分離模式 (Command Query Responsibility Segregation)$500$390 -
Oracle 19c 從入門到精通 (視頻教學超值版)$534$507 -
$213計算機組成原理 -
突破困境!企業開源虛擬化管理平台:使用 Proxmox Virtual Environment (iThome鐵人賽系列書)$620$484 -
計算機組成原理:作業系統概論Ⅰ$560$437 -
計算機組成原理:作業系統概論Ⅱ$600$468 -
Certiport ITS Network Security 網路安全管理核心能力國際認證應考攻略$250$197 -
計算機組成原理:基礎知識揭密, 2/e$520$406 -
戰術 + 技術 + 程序 -- ATT&CK 框架無差別學習$880$695 -
Web API 設計原則|API 與微服務傳遞價值之道 (Principles of Web API Design: Delivering Value with APIs and Microservices)$520$410 -
玩真的!Git ✕ GitHub 實戰手冊 - coding 實境、協同開發、雲端同步, 用最具臨場感的開發實例紮實學會! (Git for Programmers)$580$458 -
建構微服務|設計細微化的系統, 2/e (Building Microservices: Designing Fine-Grained Systems, 2/e)$880$695 -
ASP.NET Core 7 MVC 跨平台範例實戰演練$860$679 -
Web 滲透測試與防護 (慕課版)$390$371 -
ASP.NET Core+Vue.js全棧開發訓練營$594$564 -
Linux Shell 命令行及腳本編程實例詳解, 2/e$599$569 -
$505C和指針 -
$509Shell從入門到精通(第2版) -
資安鑑識分析:數位工具、情資安全、犯罪偵防與證據追蹤$560$437 -
Vue.js 3高階程式設計:UI元件庫開發實戰$534$507
相關主題
商品描述
本書根據網絡安全服務工程師的技能要求及網絡安全管理與評估賽項規範,以網絡安全服務工程師的工作情景為主線進行邊寫 ,內容包括搭建網絡攻防環境、信息收集與漏洞掃描、 LINUX系統滲透測試與加固、 WINDOWS系統滲透測試與加固、數據庫系統滲透測試與加固、信息系統應急響應、 Web系統安全性測試、無線網絡安全性測試。本書內容針對性、適用性強,在同類高職院校網絡安全類類教材中是一部具有先進性的"崗課賽證融通”教材。
目錄大綱
項目一 滲透測試環境搭建 ·······································································.1
1.1 項目情境 ······················································································.2
1.2 項目任務 ······················································································.3
任務 1-1 安裝與配置 Kali Linux 操作機 ··············································.3
任務 1-2 安裝與管理 Kali Linux 軟件 ················································.21
任務 1-3 安裝與配置 Linux 靶機 ······················································.26
任務 1-4 安裝與配置 Windows 靶機 ··················································.30
1.3 項目拓展——滲透測試方法論 ··························································.45
1.4 練習題 ························································································.48
項目二 信息收集與漏洞掃描 ···································································.50
2.1 項目情境 ·····················································································.51
2.2 項目任務 ·····················································································.51
任務 2-1 通過公開網站收集信息 ·····················································.51
任務 2-2 使用 Nmap 工具收集信息 ··················································.56
任務 2-3 使用 Nmap 工具掃描漏洞 ··················································.61
任務 2-4 使用 Nessus 工具掃描漏洞 ·················································.65
任務 2-5 檢查主機弱口令 ······························································.74
2.3 項目拓展——深入認識漏洞 ·····························································.78
2.4 練習題 ························································································.79
網絡安全 滲透測試與防護
VI
項目三 Linux 操作系統滲透測試與加固 ·····················································.81
3.1 項目情境 ·····················································································.82
3.2 項目任務 ·····················································································.82
任務 3-1 利用 vsFTPd 後門漏洞進行滲透測試 ····································.82
任務 3-2 利用 Samba MS-RPC Shell 命令註入漏洞進行滲透測試 ·················.87
任務 3-3 利用 Samba Sysmlink 默認配置目錄遍歷漏洞進行滲透測試 ··········.90
任務 3-4 利用臟牛漏洞提升權限 ·····················································.94
任務 3-5 Linux 操作系統安全加固 ····················································.97
3.3 項目拓展——臟牛漏洞利用思路解析 ···············································.101
3.4 練習題 ······················································································.102
項目四 Windows 操作系統滲透測試與加固 ··············································.104
4.1 項目情境 ···················································································.105
4.2 項目任務 ···················································································.105
任務 4-1 利用 MS17_010_externalblue 漏洞進行滲透測試 ····················.105
任務 4-2 利用 CVE-2019-0708 漏洞進行滲透測試 ······························.113
任務 4-3 利用 Trusted Service Paths 漏洞提權 ····································.117
任務 4-4 社會工程學攻擊測試 ······················································.123
任務 4-5 利用 CVE-2020-0796 漏洞進行滲透測試 ······························.126
任務 4-6 Windows 操作系統安全加固 ·············································.133
4.3 項目拓展——社會工程學工具包 ·····················································.144
4.4 練習題 ······················································································.145
項目五 數據庫系統滲透測試與加固 ························································.147
5.1 項目情境 ···················································································.148
5.2 項目任務 ···················································································.148
任務 5-1 暴力破解 MySQL 弱口令 ·················································.148
任務 5-2 利用 UDF 對 MySQL 數據庫提權 ·······································.153
任務 5-3 利用弱口令對 SQL Server 數據庫進行滲透測試 ····················.159
目錄
VII
任務 5-4 利用 SQL Server 數據庫的 xp_cmdshell 組件提權 ···················.163
任務 5-5 數據庫系統安全加固 ······················································.167
5.3 項目拓展——MySQL 數據庫權限深入解析 ········································.172
5.4 練習題 ······················································································.174
項目六 無線網絡滲透測試與加固 ···························································.176
6.1 項目情境 ···················································································.177
6.2 項目任務 ···················································································.177
任務 6-1 無線網絡嗅探 ·······························································.177
任務 6-2 破解 WEP 加密的無線網絡 ··············································.182
任務 6-3 對 WPS 滲透測試 ···························································.186
任務 6-4 偽造釣魚熱點獲取密碼 ···················································.189
任務 6-5 無線網絡安全加固 ·························································.198
6.3 項目拓展——WiFi 加密算法 ··························································.201
6.4 練習題 ······················································································.202
項目七 滲透測試報告撰寫與溝通匯報 ·····················································.205
7.1 項目情境 ···················································································.206
7.2 項目任務 ···················································································.206
任務 7-1 滲透測試報告撰寫 ·························································.206
任務 7-2 項目溝通匯報 ·······························································.211
7.3 項目拓展-問題回答技巧 ·······························································.212
7.4 練習題 ······················································································.213
參考文獻 ····························································································.215
嚴正聲明 ····························································································.216
