Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Securing Network Infrastructure
About Packt
Why subscribe? Packt.com
Contributors
About the authors Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this course
Download the color images Conventions used Sections Getting ready How to do it… How it works… There's more… See also Get in touch Reviews
Introduction to Network Vulnerability Scanning
Basic networks and their components Network Vulnerability Scanning
Flow of procedures
Discovery Port scanning Vulnerability scanning
Uses Complexity
Scope of the scan Network architecture Network access
Response Summary
Understanding Network Scanning Tools
Introducing Nessus and Nmap
Useful features of Nessus Policies Plugin Rules
Customized Reports
Scanners Various features of Nmap
Host discovery Scan techniques Port specification and scan order Service or version detection Script scan OS detection Timing and performance Evasion and spoofing Output Target specification
Installing and activating Nessus
Getting ready How to do it … How it works… There's more…
Downloading and installing Nmap
Getting ready How to do it… How it works… There's more…
Updating Nessus
Getting ready How to do it… There's more…
Updating Nmap
Getting ready How to do it…
Removing Nessus
Getting ready How to do it… There's more…
Removing Nmap
How to do it… There's more…
Port Scanning
Introduction How to specify a target
Getting ready How do it… How it works...
How to perform host discovery
How do it… How it works…
How to identify open ports
How do it… How it works…
How to manage specification and scan order
How do it… How it works…
How to perform a script and version scan
How do it… How it works …
How to detect operating system
How do it… How it works…
How to detect and bypass network protection systems
How do it… How it works…
How to use Zenmap
How do it… How it works…
Vulnerability Scanning
Introduction How to manage Nessus policies
Getting ready How to do it… How it works...
How to manage Nessus settings
Getting ready How to do it… How it works...
How to manage Nessus user accounts
Getting ready How to do it… How it works...
How to choose a Nessus scan template and policy
Getting ready How to do it… How it works...
How to perform a vulnerability scan using Nessus
Getting ready How to do it… How it works...
How to manage Nessus scans
Getting ready How to do it… How it works...
Configuration Audits
Introducing compliance scans Selecting a compliance scan policy
Plugins
Synopsis Description Solution Plugin information Risk information Vulnerability information Reference information
Compliance standards Getting ready How do it… How it works...
Introducing configuration audits
Database audit Network device audit Operating system audit Application audit
Performing an operating system audit
Getting ready How do it… How it works...
Performing a database audit
Getting ready How do it… How it works...
Performing a web application scan
Getting ready How do it… How it works...
Report Analysis and Confirmation
Introduction Understanding Nmap outputs
Getting ready How do it… How it works...
Understanding Nessus outputs
Nessus HTML CSV Nessus DB Getting ready How do it… How it works...
How to confirm Nessus vulnerabilities using Nmap and other tools
Getting ready How do it… How it works...
Understanding the Customization and Optimization of Nessus and Nmap
Introduction Understanding Nmap Script Engine and its customization
Syntax Environment variables Script template Getting ready How do it… How it works...
Understanding the Nessus Audit policy and its customization
Getting ready How do it… How it works...
Network Scanning for IoT, SCADA/ICS
Introduction to SCADA/ICS Using Nmap to scan SCADA/ICS
Getting ready How do it… How it works... There's more...
Using Nessus to scan SCADA/ICS systems
Getting ready How do it.. How it works... There's more...
Vulnerability Management Governance
Security basics
The CIA triad
Confidentiality  Integrity Availability
Identification Authentication Authorization Auditing  Accounting  Non–repudiation  Vulnerability  Threats  Exposure  Risk  Safeguards  Attack vectors 
Understanding the need for security assessments
Types of security tests
Security testing Vulnerability assessment versus penetration testing Security assessment Security audit
Business drivers for vulnerability management
Regulatory compliance Satisfying customer demands Response to some fraud/incident Gaining a competitive edge Safeguarding/protecting critical infrastructures
Calculating ROIs Setting up the context
Bottom-up Top-down
Policy versus procedure versus standard versus guideline
Vulnerability assessment policy template
Penetration testing standards
Penetration testing lifecycle
Industry standards
Open Web Application Security Project testing guide
Benefits of the framework
Penetration testing execution standard
Benefits of the framework
Summary Exercises
Setting Up the Assessment Environment
Setting up a Kali virtual machine Basics of Kali Linux Environment configuration and setup
Web server Secure Shell (SSH) File Transfer Protocol (FTP) Software management
List of tools to be used during assessment Summary
Security Assessment Prerequisites
Target scoping and planning Gathering requirements
Preparing a detailed checklist of test requirements Suitable time frame and testing hours Identifying stakeholders
Deciding upon the type of vulnerability assessment
Types of vulnerability assessment
Types of vulnerability assessment based on the location
External vulnerability assessment Internal vulnerability assessment
Based on knowledge about environment/infrastructure
Black-box testing White-box testing Gray-box testing
Announced and unannounced testing Automated testing
Authenticated and unauthenticated scans Agentless and agent-based scans
Manual testing
Estimating the resources and deliverables Preparing a test plan Getting approval and signing NDAs
Confidentiality and nondisclosure agreements
Summary
Information Gathering
What is information gathering?
Importance of information gathering
Passive information gathering
Reverse IP lookup Site report Site archive and way-back Site metadata Looking for vulnerable systems using Shodan Advanced information gathering using Maltego theHarvester
Active information gathering
Active information gathering with SPARTA Recon-ng Dmitry
Summary
Enumeration and Vulnerability Assessment
What is enumeration? Enumerating services
HTTP FTP SMTP SMB DNS SSH VNC
Using Nmap scripts
http-methods smb-os-discovery http-sitemap-generator mysql-info
Vulnerability assessments using OpenVAS Summary
Gaining Network Access
Gaining remote access
Direct access Target behind router
Cracking passwords
Identifying hashes Cracking Windows passwords Password profiling Password cracking with Hydra
Creating backdoors using Backdoor Factory Exploiting remote services using Metasploit
Exploiting vsftpd Exploiting Tomcat
Hacking embedded devices using RouterSploit Social engineering using SET Summary
Assessing Web Application Security
Importance of web application security testing Application profiling Common web application security testing tools Authentication
Credentials over a secure channel Authentication error messages Password policy Method for submitting credentials OWASP mapping
Authorization
OWASP mapping
Session management
Cookie checks Cross-Site Request Forgery OWASP mapping
Input validation
OWASP mapping
Security misconfiguration
OWASP mapping
Business logic flaws
Testing for business logic flaws
Auditing and logging
OWASP mapping
Cryptography
OWASP mapping
Testing tools
OWASP ZAP Burp Suite
Summary
Privilege Escalation
What is privilege escalation? Horizontal versus vertical privilege escalation
Horizontal privilege escalation Vertical privilege escalation
Privilege escalation on Windows Privilege escalation on Linux Summary
Maintaining Access and Clearing Tracks
Maintaining access Clearing tracks and trails Anti-forensics Summary
Vulnerability Scoring
Requirements for vulnerability scoring Vulnerability scoring using CVSS
Base metric group
Exploitability metrics
Attack vector Attack complexity Privileges required User interaction
Scope
Impact metrics
Confidentiality impact Integrity impact Availability impact
Temporal metric group
Exploit code maturity Remediation level Report confidence
CVSS calculator Summary
Threat Modeling
What is threat modeling? Benefits of threat modeling Threat modeling terminology How to model threats? Threat modeling techniques
STRIDE DREAD
Threat modeling tools
Microsoft Threat Modeling Tool SeaSponge
Summary
Patching and Security Hardening
Defining patching? Patch enumeration
Windows patch enumeration Linux patch enumeration
Security hardening and secure configuration reviews
Using CIS benchmarks
Summary
Vulnerability Reporting and Metrics
Importance of reporting Type of reports
Executive reports Detailed technical reports
Reporting tools
Dradis KeepNote
Collaborative vulnerability management with Faraday v2.6 Metrics
Mean time to detect Mean time to resolve Scanner coverage Scan frequency by asset group Number of open critical/high vulnerabilities Average risk by BU, asset group, and so on Number of exceptions granted Vulnerability reopen rate Percentage of systems with no open high/critical vulnerability Vulnerability ageing
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion