Midlands State University Library
Image from Google Jackets

The art of penetration testing : how to take over any company in the world / created by Royce Davis.

By: Material type: TextTextManning Publications Company, 2020Description: xvii, 283 pages: 26 cmContent type:
  • text
Media type:
  • unmediated
Carrier type:
  • volume
ISBN:
  • 9781617296826
Subject(s): LOC classification:
  • TK51051.59 DAV
Contents:
Intro The Art of Network Penetration Testing Copyright contents front matter preface acknowledgments about this book Who should read this book How this book is organized: A roadmap About the code liveBook discussion forum about the author about the cover illustration 1 Network penetration testing 1.1 Corporate data breaches 1.2 How hackers break in 1.2.1 The defender role 1.2.2 The attacker role 1.3 Adversarial attack simulation: Penetration testing 1.3.1 Typical INPT workflow 1.4 When a penetration test is least effective 1.4.1 Low-hanging fruit 1.4.2 When does a company really need a penetration test? 1.5 Executing a network penetration test 1.5.1 Phase 1: Information gathering 1.5.2 Phase 2: Focused penetration 1.5.3 Phase 3: Post-exploitation and privilege escalation 1.5.4 Phase 4: Documentation 1.6 Setting up your lab environment 1.6.1 The Capsulecorp Pentest project 1.7 Building your own virtual pentest platform 1.7.1 Begin with Linux 1.7.2 The Ubuntu project 1.7.3 Why not use a pentest distribution? Summary Phase 1. Information gathering 2 Discovering network hosts 2.1 Understanding your engagement scope 2.1.1 Black-box, white-box, and grey-box scoping 2.1.2 Capsulecorp 2.1.3 Setting up the Capsulecorp Pentest environment 2.2 Internet Control Message Protocol 2.2.1 Using the ping command 2.2.2 Using bash to pingsweep a network range 2.2.3 Limitations of using the ping command 2.3 Discovering hosts with Nmap 2.3.1 Primary output formats 2.3.2 Using remote management interface ports 2.3.3 Increasing Nmap scan performance 2.4 Additional host-discovery methods 2.4.1 DNS brute-forcing 2.4.2 Packet capture and analysis 2.4.3 Hunting for subnets Summary 3 Discovering network services 3.1 Network services from an attacker's perspective 3.1.1 Understanding network service communication 3.1.2 Identifying listening network services 3.1.3 Network service banners 3.2 Port scanning with Nmap 3.2.1 Commonly used ports 3.2.2 Scanning all 65,536 TCP ports 3.2.3 Sorting through NSE script output 3.3 Parsing XML output with Ruby 3.3.1 Creating protocol-specific target lists Summary 4 Discovering network vulnerabilities 4.1 Understanding vulnerability discovery 4.1.1 Following the path of least resistance 4.2 Discovering patching vulnerabilities 4.2.1 Scanning for MS17-010 Eternal Blue 4.3 Discovering authentication vulnerabilities 4.3.1 Creating a client-specific password list 4.3.2 Brute-forcing local Windows account passwords 4.3.3 Brute-forcing MSSQL and MySQL database passwords 4.3.4 Brute-forcing VNC passwords 4.4 Discovering configuration vulnerabilities 4.4.1 Setting up Webshot 4.4.2 Analyzing output from Webshot 4.4.3 Manually guessing web server passwords
Summary: Teaching you how to take over an enterprise network from the inside, this book lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage. -- Edited summary from book
Reviews from LibraryThing.com:
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Call number Copy number Status Date due Barcode
Book Book Main Library Open Shelf TK5105.59 DAV (Browse shelf(Opens below)) 162671 Available BK150751
Book Book Main Library Open Shelf TK5105.59 DAV (Browse shelf(Opens below)) 162672 Available BK150868

Includes bibliography and index

Intro The Art of Network Penetration Testing Copyright contents front matter preface acknowledgments about this book Who should read this book How this book is organized: A roadmap About the code liveBook discussion forum about the author about the cover illustration 1 Network penetration testing 1.1 Corporate data breaches 1.2 How hackers break in 1.2.1 The defender role 1.2.2 The attacker role 1.3 Adversarial attack simulation: Penetration testing 1.3.1 Typical INPT workflow 1.4 When a penetration test is least effective 1.4.1 Low-hanging fruit 1.4.2 When does a company really need a penetration test? 1.5 Executing a network penetration test 1.5.1 Phase 1: Information gathering 1.5.2 Phase 2: Focused penetration 1.5.3 Phase 3: Post-exploitation and privilege escalation 1.5.4 Phase 4: Documentation 1.6 Setting up your lab environment 1.6.1 The Capsulecorp Pentest project 1.7 Building your own virtual pentest platform 1.7.1 Begin with Linux 1.7.2 The Ubuntu project 1.7.3 Why not use a pentest distribution? Summary Phase 1. Information gathering 2 Discovering network hosts 2.1 Understanding your engagement scope 2.1.1 Black-box, white-box, and grey-box scoping 2.1.2 Capsulecorp 2.1.3 Setting up the Capsulecorp Pentest environment 2.2 Internet Control Message Protocol 2.2.1 Using the ping command 2.2.2 Using bash to pingsweep a network range 2.2.3 Limitations of using the ping command 2.3 Discovering hosts with Nmap 2.3.1 Primary output formats 2.3.2 Using remote management interface ports 2.3.3 Increasing Nmap scan performance 2.4 Additional host-discovery methods 2.4.1 DNS brute-forcing 2.4.2 Packet capture and analysis 2.4.3 Hunting for subnets Summary 3 Discovering network services 3.1 Network services from an attacker's perspective 3.1.1 Understanding network service communication 3.1.2 Identifying listening network services 3.1.3 Network service banners 3.2 Port scanning with Nmap 3.2.1 Commonly used ports 3.2.2 Scanning all 65,536 TCP ports 3.2.3 Sorting through NSE script output 3.3 Parsing XML output with Ruby 3.3.1 Creating protocol-specific target lists Summary 4 Discovering network vulnerabilities 4.1 Understanding vulnerability discovery 4.1.1 Following the path of least resistance 4.2 Discovering patching vulnerabilities 4.2.1 Scanning for MS17-010 Eternal Blue 4.3 Discovering authentication vulnerabilities 4.3.1 Creating a client-specific password list 4.3.2 Brute-forcing local Windows account passwords 4.3.3 Brute-forcing MSSQL and MySQL database passwords 4.3.4 Brute-forcing VNC passwords 4.4 Discovering configuration vulnerabilities 4.4.1 Setting up Webshot 4.4.2 Analyzing output from Webshot 4.4.3 Manually guessing web server passwords

Teaching you how to take over an enterprise network from the inside, this book lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage. -- Edited summary from book

There are no comments on this title.

to post a comment.