Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Advanced Infrastructure Penetration Testing
Packt Upsell
Why subscribe? PacktPub.com
Contributors
About the author About the reviewer Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this book
Download the example code files Download the color images Conventions used
Get in touch
Reviews
Disclaimer
Introduction to Advanced Infrastructure Penetration Testing
Information security overview
Confidentiality Integrity Availability Least privilege and need to know Defense in depth Risk analysis Information Assurance Information security management program
Hacking concepts and phases
Types of hackers Hacking phases
Reconnaissance
Passive reconnaissance Active reconnaissance
Scanning
Port scanning Network scanning Vulnerability scanning
Gaining access Maintaining access Clearing tracks
Penetration testing overview
Penetration testing types
White box pentesting Black box pentesting Gray box pentesting
The penetration testing teams
Red teaming Blue teaming Purple teaming
Pentesting standards and guidance
Policies Standards Procedures Guidance
Open Source Security Testing Methodology Manual Information Systems Security Assessment Framework Penetration Testing Execution Standard Payment Card Industry Data Security Standard
Penetration testing steps
Pre-engagement
The objectives and scope A get out of jail free card Emergency contact information Payment information Non-disclosure agreement 
Intelligence gathering
Public intelligence Social engineering attacks Physical analysis Information system and network analysis
Human intelligence  Signal intelligence Open source intelligence  Imagery intelligence  Geospatial intelligence 
Threat modeling
Business asset analysis Business process analysis Threat agents analysis Threat capability analysis Motivation modeling
Vulnerability analysis
Vulnerability assessment with Nexpose
Installing Nexpose Starting Nexpose Start a scan
Exploitation Post-exploitation
Infrastructure analysis Pillaging High-profile targets Data exfiltration Persistence
Further penetration into infrastructure
Cleanup
Reporting
Executive summary Technical report
Penetration testing limitations and challenges Pentesting maturity and scoring model
Realism Methodology Reporting
Summary
Advanced Linux Exploitation
Linux basics
Linux commands Streams Redirection Linux directory structure Users and groups Permissions
The chmod command The chown command The chroot command 
The power of the find command Jobs, cron, and crontab
Security models Security controls
Access control models
Linux attack vectors
Linux enumeration with LinEnum OS detection with Nmap Privilege escalation Linux privilege checker
Linux kernel exploitation
UserLand versus kernel land System calls Linux kernel subsystems 
Process  Threads
Security-Enhanced Linux  Memory models and the address spaces  Linux kernel vulnerabilities
NULL pointer dereference Arbitrary kernel read/write 
Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write
Memory corruption vulnerabilities
Kernel stack vulnerabilities Kernel heap vulnerabilities
Race conditions
Logical and hardware-related bugs
Case study CVE-2016-4484 – Cryptsetup Initrd root Shell
Linux Exploit Suggester 
Buffer overflow prevention techniques 
Address space layout randomization Stack canaries Non-executable stack Linux return oriented programming 
Linux hardening Summary
Corporate Network and Database Exploitation
Networking fundamentals
Network topologies
Bus topology  Star topology Ring topology Tree topology Mesh topology Hybrid topology
Transmission modes Communication networks
Local area network Metropolitan area network  Wide area network Personal area network Wireless network Data center multi-tier model design
Open Systems Interconnection model In-depth network scanning
TCP communication ICMP scanning SSDP scanning UDP Scanning Intrusion detection systems
Machine learning for intrusion detection 
Supervised learning Unsupervised learning Semi-supervised learning Reinforcement Machine learning systems' workflow Machine learning model evaluation metrics
Services enumeration
Insecure SNMP configuration DNS security DNS attacks 
Sniffing attacks DDoS attacks
Types of DDoS attacks  Defending against DDoS attacks DDoS scrubbing centers
Software-Defined Network penetration testing
SDN attacks SDNs penetration testing
DELTA: SDN security evaluation framework SDNPWN
Attacks on database servers  Summary
Active Directory Exploitation
Active Directory Single Sign-On  Kerberos authentication Lightweight Directory Access Protocol  PowerShell and Active Directory Active Directory attacks
PowerView Kerberos attacks
Kerberos TGS service ticket offline cracking (Kerberoast) SPN scanning
Passwords in SYSVOL and group policy preferences 14-068 Kerberos vulnerability on a domain controller  Dumping all domain credentials with Mimikatz Pass the credential Dumping LSASS memory with Task Manager (get domain admin credentials) Dumping Active Directory domain credentials from an NTDS.dit file
Summary
Docker Exploitation
Docker fundamentals
Virtualization Cloud computing
Cloud computing security challenges
Docker containers
Docker exploitation 
Kernel exploits DoS and resource abuse Docker breakout Poisoned images Database passwords and data theft
Docker bench security Docker vulnerability static analysis with Clair Building a penetration testing laboratory Summary
Exploiting Git and Continuous Integration Servers
Software development methodologies Continuous integration
Types of tests Continuous integration versus continuous delivery DevOps
Continuous integration with GitHub and Jenkins
Installing Jenkins
Continuous integration attacks Continuous integration server penetration testing
Rotten Apple project for testing continuous integration  or continuous delivery system security Continuous security with Zed Attack Proxy
Summary
Metasploit and PowerShell for Post-Exploitation
Dissecting Metasploit Framework
Metasploit architecture
Modules
Exploits Payloads Auxiliaries Encoders NOPs Posts
Starting Metasploit
Bypassing antivirus with the Veil-Framework Writing your own Metasploit module Metasploit Persistence scripts Weaponized PowerShell with Metasploit
Interactive PowerShell PowerSploit Nishang – PowerShell for penetration testing
Defending against PowerShell attacks Summary
VLAN Exploitation
Switching in networking
LAN switching
MAC attack
Media Access Control Security
DHCP attacks
DHCP starvation Rogue DHCP server
ARP attacks VLAN attacks
Types of VLANs VLAN configuration VLAN hopping attacks
Switch spoofing VLAN double tagging
Private VLAN attacks
Spanning Tree Protocol attacks
Attacking STP
Summary
VoIP Exploitation
VoIP fundamentals
H.323 Skinny Call Control Protocol RTP/RTCP Secure Real-time Transport Protocol H.248 and Media Gateway Control Protocol Session Initiation Protocol
VoIP exploitation
VoIP attacks
Denial-of-Service Eavesdropping
SIP attacks
SIP registration hijacking
Spam over Internet Telephony  Embedding malware Viproy – VoIP penetration testing kit
VoLTE Exploitation
VoLTE  attacks SiGploit – Telecom Signaling Exploitation Framework
Summary
Insecure VPN Exploitation
Cryptography
Cryptosystems
Ciphers
Classical ciphers Modern ciphers
Kerckhoffs' principle for cryptosystems Cryptosystem types
Symmetric cryptosystem Asymmetric cryptosystem
Hash functions and message integrity
Digital signatures
Steganography Key management Cryptographic attacks VPN fundamentals 
Tunneling protocols IPSec Secure Sockets Layer/Transport Layer Security
SSL attacks 
DROWN attack (CVE-2016-0800)   POODLE attack (CVE-2014-3566)  BEAST attack  (CVE-2011-3389) CRIME attack (CVE-2012-4929)  BREACH attack (CVE-2013-3587)  Heartbleed attack 
Qualys SSL Labs
Summary
Routing and Router Vulnerabilities
Routing fundamentals Exploiting routing protocols
Routing Information Protocol
RIPv1 reflection DDoS
Open Shortest Path First
OSPF attacks
Disguised LSA MaxAge LSAs Remote false adjacency Seq++ attack Persistent poisoning
Defenses
Interior Gateway Routing Protocol Enhanced Interior Gateway Routing Protocol Border Gateway Protocol BGP attacks
Exploiting routers
Router components
Router bootup process
Router attacks The router exploitation framework
Summary
Internet of Things Exploitation
The IoT ecosystem
IoT project architecture IoT protocols The IoT communication stack IP Smart Objects protocols suite Standards organizations
IoT attack surfaces
Devices and appliances Firmware Web interfaces Network services Cloud interfaces and third-party API Case study – Mirai Botnet The OWASP IoT Project
Insecure web interface Insufficient authentication/authorization Insecure network services Lack of transport encryption Privacy concerns Insecure cloud interface Insecure mobile interface Insufficient security configurability Insecure software/firmware Poor physical security
Hacking connected cars Threats to connected cars
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion