E-Book, Englisch, 180 Seiten
Engebretson The Basics of Hacking and Penetration Testing
1. Auflage 2011
ISBN: 978-1-59749-656-8
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Ethical Hacking and Penetration Testing Made Easy
E-Book, Englisch, 180 Seiten
ISBN: 978-1-59749-656-8
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. This book makes ethical hacking and penetration testing easy - no prior hacking experience is required. It shows how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. With a simple and clean explanation of how to effectively utilize these tools - as well as the introduction to a four-step methodology for conducting a penetration test or hack - the book provides students with the know-how required to jump start their careers and gain a better understanding of offensive security. The book is organized into 7 chapters that cover hacking tools such as Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. PowerPoint slides are available for use in class. This book is an ideal reference for security consultants, beginning InfoSec professionals, and students. - Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews - Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases. - Writen by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University. - Utilizes the Backtrack Linus distribution and focuses on the seminal tools required to complete a penetration test.
Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Security from Dakota State University. He currently serves as an Assistant Professor of Information Assurance and also works as a Senior Penetration Tester for security firm in the Midwest. His research interests include penetration testing, hacking, intrusion detection, exploitation, honey pots, and malware. In the past several years he has published many peer reviewed journal and conference papers in these areas. Dr. Engebretson has been invited by the Department of Homeland Security to share his research at the Software Assurance Forum in Washington, DC and has also spoken at Black Hat in Las Vegas. He regularly attends advanced exploitation and penetration testing trainings from industry recognized professionals and holds several certifications. He teaches graduate and undergraduate courses in penetration testing, wireless security, and intrusion detection, and advanced exploitation.
Autoren/Hrsg.
Weitere Infos & Material
1;FRONT COVER;1
2;THE BASICS OF HACKING AND PENETRATION TESTING;4
3;COPYRIGHT PAGE;5
4;CONTENTS;8
5;ACKNOWLEDGMENTS;10
6;ABOUT THE AUTHOR;12
7;ABOUT THE TECHNICAL EDITOR;14
8;INTRODUCTION;16
9;CHAPTER 1 What Is Penetration Testing?;20
9.1;INTRODUCTION;20
9.2;INTRODUCTION TO BACKTRACK LINUX: TOOLS. LOTS OF TOOLS;22
9.3;WORKING WITH BACKTRACK: STARTING THE ENGINE;25
9.4;THE USE AND CREATION OF A HACKING LAB;28
9.5;PHASES OF A PENETRATION TEST;29
9.6;CHAPTER REVIEW;33
9.7;SUMMARY;33
10;CHAPTER 2 Reconnaissance;34
10.1;Introduction;35
10.2;HTTrack: Website Copier;38
10.3;Google directives—practicing your Google-Fu;41
10.4;The Harvester: discovering and leveraging e-mail addresses;45
10.5;Whois;47
10.6;Netcraft;50
10.7;Host;50
10.8;Extracting information from DNS;51
10.9;Extracting information from e-mail servers;55
10.10;MetaGooFil;55
10.11;Social engineering;57
10.12;Sifting through the Intel to find attackable targets;58
10.13;How do I practice this step?;58
10.14;Where do I go from here?;59
10.15;Summary;60
11;CHAPTER 3 Scanning;62
11.1;Introduction;62
11.2;Pings and ping sweeps;65
11.3;Port scanning;67
11.4;Vulnerability scanning;77
11.5;How do I practice this step?;80
11.6;Where do I go from here?;81
11.7;Summary;82
12;CHAPTER 4 Exploitation;84
12.1;Introduction;84
12.2;Gaining access to remote services with Medusa;86
12.3;Metasploit: hacking, Hugh Jackman Style!;89
12.4;John the Ripper: king of the password crackers;100
12.5;Password resetting: kind of like driving a bulldozer through the side of a building;108
12.6;Sniffing network traffic;111
12.7;Macof: making chicken salad out of chicken sh*t;112
12.8;Fast-Track Autopwn: breaking out the M-60;116
12.9;How do I practice this step?;119
12.10;Where do I go from here?;122
12.11;Summary;124
13;CHAPTER 5 Web-Based Exploitation;126
13.1;Introduction;127
13.2;Interrogating web servers: Nikto;127
13.3;Websecurify: automated web vulnerability scanning;129
13.4;Spidering: crawling your target’s website;130
13.5;Intercepting requests with webscarab;134
13.6;Code injection attacks;135
13.7;Cross-site scripting: browsers that trust sites;140
13.8;How do I practice this step?;142
13.9;Where do I go from here?;143
13.10;Summary;144
14;CHAPTER 6 Maintaining Access with Backdoors and Rootkits;146
14.1;Introduction;146
14.2;Netcat: the Swiss army knife;147
14.3;Netcat’s Cryptic Cousin: Cryptcat;152
14.4;Netbus: a classic;153
14.5;Rootkits;154
14.6;Detecting and defending against rootkits;160
14.7;How do I practice this step?;161
14.8;Where do I go from here?;162
14.9;Summary;163
15;CHAPTER 7 Wrapping Up the Penetration Test;164
15.1;Introduction;164
15.2;Writing the penetration testing report;165
15.3;You don’t have to go home but you can’t stay here;171
15.4;Where do I go from here?;172
15.5;Wrap up;174
15.6;The circle of life;175
15.7;Summary;175
16;INDEX;176
