Hands-On Red Team Tactics: Gather exploitation intelligence, identify risk, and expose vulnerabilities
暫譯: 實戰紅隊戰術:收集利用情報、識別風險與揭露漏洞
Himanshu Sharma, Harpreet Singh
- 出版商: Packt Publishing
- 出版日期: 2018-09-28
- 售價: $1,830
- 貴賓價: 9.5 折 $1,739
- 語言: 英文
- 頁數: 480
- 裝訂: Paperback
- ISBN: 1788995236
- ISBN-13: 9781788995238
海外代購書籍(需單獨結帳)
相關主題
商品描述
Your one stop guide to learn and implement red team tactics effectively.
Key Features
- Learn to identify risks and test how secure your environment is
- Level up your skill set to operate in a complex enterprise environment
- A step-by-step guide to help you mitigate risks and prevent attackers from infiltrating an enterprise
Book Description
Red teaming is used to enhance security by performing security tests to detect network and system vulnerabilities.
This book will start with an overview of pentesting and red teaming and then quickly deep dive into giving an introduction of a few of the old and latest pentesting tools, as well as covering Metasploit, patching up servers and introducing Armitage. Next, you will understand how to set up a team server of Cobalt Strike and how to create a connection over SSH via TOR. The next set of chapters will help you understand pivoting over SSH, and you will learn how to use Cobalt Strike to pivot. The next set of chapters will cover advanced methods of exploitation using Cobalt Strike, and introduce you to Command-and-control servers (C2) and Redirectors. The last set of chapters will deep dive into achieving persistence with Beacons, Data Exfiltration, followed by case studies to understand the process of successful exploitation during a Red Team activity.
By the end of the book, you will have a good understanding of the advanced penetration testing tools and techniques, techniques to get reverse shells over encrypted channel, post-exploitation techniques & frameworks like Empire, which include maintaining persistent access. staying untraceable and getting reverse connections over TOR, SSH etc.
What You Will Learn
- Master the uncommon yet effective methods in a red teaming activity
- Learn intermediate and advanced levels of exploitation techniques
- Get acquainted with all the tools and frameworks beyond the Metasploit framework
- Discover the art of getting stealthy access to system via red teaming
- Understand the concepts of redirectors for further anonymity
- Summarize the lessons learned with the help of case studies
Who This Book Is For
This book aims at IT professionals who want to venture the IT security domain. IT pentesters, security consultants, and ethical hackers will also find this book useful. Basic penetration testing skills and techniques are required to become a red teamer from a pen tester.
商品描述(中文翻譯)
您的單一指南,學習並有效實施紅隊戰術。
主要特點
- 學習識別風險並測試您的環境安全性
- 提升您的技能,以便在複雜的企業環境中運作
- 一步一步的指南,幫助您減輕風險並防止攻擊者滲透企業
書籍描述
紅隊測試用於通過執行安全測試來增強安全性,以檢測網絡和系統的漏洞。
本書將從滲透測試和紅隊測試的概述開始,然後迅速深入介紹一些舊的和最新的滲透測試工具,並涵蓋 Metasploit、伺服器修補以及介紹 Armitage。接下來,您將了解如何設置 Cobalt Strike 的團隊伺服器,以及如何通過 TOR 創建 SSH 連接。接下來的章節將幫助您理解如何通過 SSH 進行樞紐轉移,並學習如何使用 Cobalt Strike 進行樞紐轉移。接下來的章節將涵蓋使用 Cobalt Strike 的高級利用方法,並介紹指揮與控制伺服器(C2)和重定向器。最後一組章節將深入探討如何通過 Beacons 實現持久性、數據外洩,並通過案例研究了解在紅隊活動中成功利用的過程。
到本書結束時,您將對高級滲透測試工具和技術有良好的理解,包括通過加密通道獲取反向 Shell 的技術、後利用技術和框架(如 Empire),這些技術包括維持持久訪問、保持不可追蹤性以及通過 TOR、SSH 等獲取反向連接。
您將學到的內容
- 精通紅隊活動中不常見但有效的方法
- 學習中級和高級的利用技術
- 熟悉超越 Metasploit 框架的所有工具和框架
- 探索通過紅隊獲得隱秘訪問系統的藝術
- 理解重定向器的概念以進一步提高匿名性
- 通過案例研究總結所學的教訓
本書適合誰
本書旨在針對希望進入 IT 安全領域的 IT 專業人員。IT 滲透測試員、安全顧問和道德駭客也會發現本書有用。成為紅隊成員需要具備基本的滲透測試技能和技術。
