Advanced Infrastructure Penetration Testing电子书

Title Page

Copyright and Credits

Advanced Infrastructure Penetration Testing

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Introduction to Advanced Infrastructure Penetration Testing

Information security overview

Confidentiality

Integrity

Availability

Least privilege and need to know

Defense in depth

Risk analysis

Information Assurance

Information security management program

Hacking concepts and phases

Types of hackers

Hacking phases

Reconnaissance

Passive reconnaissance

Active reconnaissance

Scanning

Port scanning

Network scanning

Vulnerability scanning

Gaining access

Maintaining access

Clearing tracks

Penetration testing overview

Penetration testing types

White box pentesting

Black box pentesting

Gray box pentesting

The penetration testing teams

Red teaming

Blue teaming

Purple teaming

Pentesting standards and guidance

Policies

Standards

Procedures

Guidance

Open Source Security Testing Methodology Manual

Information Systems Security Assessment Framework

Penetration Testing Execution Standard

Payment Card Industry Data Security Standard

Penetration testing steps

Pre-engagement

The objectives and scope

A get out of jail free card

Emergency contact information

Payment information

Non-disclosure agreement

Intelligence gathering

Public intelligence

Social engineering attacks

Physical analysis

Information system and network analysis

Human intelligence

Signal intelligence

Open source intelligence

Imagery intelligence

Geospatial intelligence

Threat modeling

Business asset analysis

Business process analysis

Threat agents analysis

Threat capability analysis

Motivation modeling

Vulnerability analysis

Vulnerability assessment with Nexpose

Installing Nexpose

Starting Nexpose

Start a scan

Exploitation

Post-exploitation

Infrastructure analysis

Pillaging

High-profile targets

Data exfiltration

Persistence

Further penetration into infrastructure

Cleanup

Reporting

Executive summary

Technical report

Penetration testing limitations and challenges

Pentesting maturity and scoring model

Realism

Methodology

Reporting

Summary

Advanced Linux Exploitation

Linux basics

Linux commands

Streams

Redirection

Linux directory structure

Users and groups

Permissions

The chmod command

The chown command

The chroot command

The power of the find command

Jobs, cron, and crontab

Security models

Security controls

Access control models

Linux attack vectors

Linux enumeration with LinEnum

OS detection with Nmap

Privilege escalation

Linux privilege checker

Linux kernel exploitation

UserLand versus kernel land

System calls

Linux kernel subsystems

Process

Threads

Security-Enhanced Linux

Memory models and the address spaces

Linux kernel vulnerabilities

NULL pointer dereference

Arbitrary kernel read/write

Case study CVE-2016-2443 Qualcomm MSM debug fs kernel arbitrary write

Memory corruption vulnerabilities

Kernel stack vulnerabilities

Kernel heap vulnerabilities

Race conditions

Logical and hardware-related bugs

Case study CVE-2016-4484 – Cryptsetup Initrd root Shell

Linux Exploit Suggester

Buffer overflow prevention techniques

Address space layout randomization

Stack canaries

Non-executable stack

Linux return oriented programming

Linux hardening

Summary

Corporate Network and Database Exploitation

Networking fundamentals

Network topologies

Bus topology

Star topology

Ring topology

Tree topology

Mesh topology

Hybrid topology

Transmission modes

Communication networks

Local area network

Metropolitan area network

Wide area network

Personal area network

Wireless network

Data center multi-tier model design

Open Systems Interconnection model

In-depth network scanning

TCP communication

ICMP scanning

SSDP scanning

UDP Scanning

Intrusion detection systems

Machine learning for intrusion detection

Supervised learning

Unsupervised learning

Semi-supervised learning

Reinforcement

Machine learning systems' workflow

Machine learning model evaluation metrics

Services enumeration

Insecure SNMP configuration

DNS security

DNS attacks

Sniffing attacks

DDoS attacks

Types of DDoS attacks

Defending against DDoS attacks

DDoS scrubbing centers

Software-Defined Network penetration testing

SDN attacks

SDNs penetration testing

DELTA: SDN security evaluation framework

SDNPWN

Attacks on database servers

Summary

Active Directory Exploitation

Active Directory

Single Sign-On

Kerberos authentication

Lightweight Directory Access Protocol

PowerShell and Active Directory

Active Directory attacks

PowerView

Kerberos attacks

Kerberos TGS service ticket offline cracking (Kerberoast)

SPN scanning

Passwords in SYSVOL and group policy preferences

14-068 Kerberos vulnerability on a domain controller

Dumping all domain credentials with Mimikatz

Pass the credential

Dumping LSASS memory with Task Manager (get domain admin credentials)

Dumping Active Directory domain credentials from an NTDS.dit file

Summary

Docker Exploitation

Docker fundamentals

Virtualization

Cloud computing

Cloud computing security challenges

Docker containers

Docker exploitation

Kernel exploits

DoS and resource abuse

Docker breakout

Poisoned images

Database passwords and data theft

Docker bench security

Docker vulnerability static analysis with Clair

Building a penetration testing laboratory

Summary

Exploiting Git and Continuous Integration Servers

Software development methodologies

Continuous integration

Types of tests

Continuous integration versus continuous delivery

DevOps

Continuous integration with GitHub and Jenkins

Installing Jenkins

Continuous integration attacks

Continuous integration server penetration testing

Rotten Apple project for testing continuous integration or continuous delivery system security

Continuous security with Zed Attack Proxy

Summary

Metasploit and PowerShell for Post-Exploitation

Dissecting Metasploit Framework

Metasploit architecture

Modules

Exploits

Payloads

Auxiliaries

Encoders

NOPs

Posts

Starting Metasploit

Bypassing antivirus with the Veil-Framework

Writing your own Metasploit module

Metasploit Persistence scripts

Weaponized PowerShell with Metasploit

Interactive PowerShell

PowerSploit

Nishang – PowerShell for penetration testing

Defending against PowerShell attacks

Summary

VLAN Exploitation

Switching in networking

LAN switching

MAC attack

Media Access Control Security

DHCP attacks

DHCP starvation

Rogue DHCP server

ARP attacks

VLAN attacks

Types of VLANs

VLAN configuration

VLAN hopping attacks

Switch spoofing

VLAN double tagging

Private VLAN attacks

Spanning Tree Protocol attacks

Attacking STP

Summary

VoIP Exploitation

VoIP fundamentals

H.323

Skinny Call Control Protocol

RTP/RTCP

Secure Real-time Transport Protocol

H.248 and Media Gateway Control Protocol

Session Initiation Protocol

VoIP exploitation

VoIP attacks

Denial-of-Service

Eavesdropping

SIP attacks

SIP registration hijacking

Spam over Internet Telephony

Embedding malware

Viproy – VoIP penetration testing kit

VoLTE Exploitation

VoLTE attacks

SiGploit – Telecom Signaling Exploitation Framework

Summary

Insecure VPN Exploitation

Cryptography

Cryptosystems

Ciphers

Classical ciphers

Modern ciphers

Kerckhoffs' principle for cryptosystems

Cryptosystem types

Symmetric cryptosystem

Asymmetric cryptosystem

Hash functions and message integrity

Digital signatures

Steganography

Key management

Cryptographic attacks

VPN fundamentals

Tunneling protocols

IPSec

Secure Sockets Layer/Transport Layer Security

SSL attacks

DROWN attack (CVE-2016-0800)

POODLE attack (CVE-2014-3566)

BEAST attack (CVE-2011-3389)

CRIME attack (CVE-2012-4929)

BREACH attack (CVE-2013-3587)

Heartbleed attack

Qualys SSL Labs

Summary

Routing and Router Vulnerabilities

Routing fundamentals

Exploiting routing protocols

Routing Information Protocol

RIPv1 reflection DDoS

Open Shortest Path First

OSPF attacks

Disguised LSA

MaxAge LSAs

Remote false adjacency

Seq++ attack

Persistent poisoning

Defenses

Interior Gateway Routing Protocol

Enhanced Interior Gateway Routing Protocol

Border Gateway Protocol

BGP attacks

Exploiting routers

Router components

Router bootup process

Router attacks

The router exploitation framework

Summary

Internet of Things Exploitation

The IoT ecosystem

IoT project architecture

IoT protocols

The IoT communication stack

IP Smart Objects protocols suite

Standards organizations

IoT attack surfaces

Devices and appliances

Firmware

Web interfaces

Network services

Cloud interfaces and third-party API

Case study – Mirai Botnet

The OWASP IoT Project

Insecure web interface

Insufficient authentication/authorization

Insecure network services

Lack of transport encryption

Privacy concerns

Insecure cloud interface

Insecure mobile interface

Insufficient security configurability

Insecure software/firmware

Poor physical security

Hacking connected cars

Threats to connected cars

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think