Mastering Kali Linux for Advanced Penetration Testing : Apply a proactive approach to secure your cyber infrastructure and enhance you, 4/e (Paperback)

Velu, Vijay Kumar

買這商品的人也買了...

商品描述

Key Features

  • Master advanced pentesting tactics and techniques with Kali Linux to build highly secure systems
  • Leverage Kali Linux to penetrate modern infrastructures and avoid detection
  • Explore red teaming and play the hackers game to proactively defend your infrastructure

Book Description

COVID-19 has changed the way we live and work. Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you will learn an offensive approach to enhance your penetration testing skills by becoming aware of the tactics employed by real attackers. You will be introduced to laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test.

Gathering all possible information on a target is pivotal for a penetration tester. This book covers the principles of passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on reconnaissance, different vulnerability assessments are explored, including threat modeling. You'll also learn about COVID-19 pandemic-specific cyber failures and understand the cyber risks involved with working from home.

By the end of this Kali Linux book, you will have explored approaches for performing advanced pentesting in tightly secured infrastructure, cloud environments, and applications and hacking techniques employed on IoT, embedded peripheral devices, and radio frequencies.

What you will learn

  • Exploit networks using wired/wireless networks, cloud infrastructure, and web services
  • Learn embedded peripheral device, radio frequency, and IoT hacking techniques
  • Master the art of bypassing traditional antivirus and endpoint detection and response (EDR) tools
  • Test for data system exploits using Metasploit, PowerShell Empire, and CrackMapExec
  • Perform cloud security vulnerability assessment and exploitation of security misconfiguration
  • Take your physical security testing to the next level with RFID/Bluetooth hacking and learn how to clone identity cards

Who this book is for

This fourth edition is for security analysts, pentesters, ethical hackers, red team operators, and security consultants wanting to learn and optimize infrastructure/application/cloud security using advanced Kali Linux features. Prior penetration testing experience and basic knowledge of ethical hacking will help you make the most of this book.

商品描述(中文翻譯)

主要特點


  • 使用Kali Linux掌握高級滲透測試策略和技巧,構建高度安全的系統

  • 利用Kali Linux滲透現代基礎設施並避免被檢測

  • 探索紅隊測試並玩轉駭客遊戲,主動保護您的基礎設施

書籍描述

COVID-19改變了我們的生活和工作方式。遠程工作為黑客提供了許多機會,因為比以往更多的機密信息在互聯網上共享。在這本《Kali Linux高級滲透測試大師》的新版本中,您將學習一種攻擊性方法,通過了解真實攻擊者使用的策略來提升您的滲透測試技能。您將介紹實驗室與雲服務的整合,以便在滲透測試期間學習另一個被通常忽視的利用維度。

對目標進行全面的信息收集對於滲透測試人員至關重要。本書涵蓋了被動和主動偵察的原則,從獲取用戶信息到大規模端口掃描。在偵察的基礎上,探討了不同的漏洞評估,包括威脅建模。您還將了解與COVID-19大流行相關的特定網絡安全失敗,並了解在家工作涉及的網絡風險。

通過閱讀本書,您將探索在高度安全的基礎設施、雲環境和應用程序中進行高級滲透測試的方法,以及在物聯網、嵌入式外設設備和無線電頻率上使用的黑客技術。

您將學到什麼


  • 利用有線/無線網絡、雲基礎設施和Web服務來攻擊網絡

  • 學習嵌入式外設設備、無線電頻率和物聯網的黑客技術

  • 掌握繞過傳統防病毒和端點檢測和響應(EDR)工具的技巧

  • 使用Metasploit、PowerShell Empire和CrackMapExec測試數據系統漏洞

  • 進行雲安全漏洞評估和安全配置的利用

  • 通過RFID/藍牙黑客攻擊提升您的物理安全測試水平,並學習如何克隆身份證

適合閱讀對象

本書適合安全分析師、滲透測試人員、道德黑客、紅隊操作員和安全顧問,他們希望使用Kali Linux的高級功能來學習和優化基礎設施/應用程序/雲安全。具有滲透測試經驗和基本的道德黑客知識將有助於您充分利用本書的內容。

目錄大綱

1. Goal-Based Penetration Testing
2. Open-Source Intelligence and Passive Reconnaissance
3. Active Reconnaissance of External and Internal Networks
4. Vulnerability Assessment
5. Advanced Social Engineering and Physical Security
6. Wireless and Bluetooth Attacks
7. Exploiting Web-Based Applications
8. Cloud Security Exploitation
9. Bypassing Security Controls
10. Exploitation
11. Action on the Objective and Lateral Movement
12. Privilege Escalations
13. Command and Control
14. Embedded Devices and RFID Hacking

目錄大綱(中文翻譯)

1. 基於目標的滲透測試
2. 開源情報和被動偵察
3. 外部和內部網絡的主動偵察
4. 漏洞評估
5. 高級社交工程和物理安全
6. 無線和藍牙攻擊
7. 利用基於網絡的應用程式
8. 雲安全利用
9. 繞過安全控制
10. 利用
11. 目標行動和橫向移動
12. 權限提升
13. 指揮和控制
14. 嵌入式設備和RFID入侵