- Neu
Buch, Englisch, 726 Seiten, Format (B × H): 167 mm x 238 mm, Gewicht: 1334 g
The Practical Guide for Pentesting and Red Teaming
Buch, Englisch, 726 Seiten, Format (B × H): 167 mm x 238 mm, Gewicht: 1334 g
ISBN: 978-1-4932-2842-3
Verlag: Rheinwerk Verlag GmbH
Is your IT system truly secure? There’s only one way to find out: learn to think like a hacker and test it yourself! You’ll start by understanding how to find vulnerabilities through techniques like footprinting, scanning, enumeration, and fuzzing. Then you’ll discover how to exploit them—and importantly, how to protect against exploits—whether you’re dealing with brute-force attacks, cross-site scripting (XSS), SQL injection, social engineering, or any of the other threats out there. With integrated QR codes that connect you to supplemental video tutorials and hands-on exercises, this comprehensive guide will have you hacking in no time.
Highlights include:
1) Footprinting
2) Scanning
3) Enumeration and fuzzing
4) Cryptography
5) Password cracking
6) Cross-site scripting (XSS)
7) SQL injection
8) Social engineering
9) Reverse shells
10) Malware
11) Metasploit
12) OWASP
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
1 ... Introduction ... 19
1.1 ... What Is Ethical Hacking? ... 19
1.2 ... Protection Goals of Information Security ... 21
1.3 ... Motivations for Hacking Attacks ... 23
1.4 ... Types of Hackers ... 24
1.5 ... The Cyber Kill Chain ... 26
1.6 ... Hacker Ethics ... 28
1.7 ... Advanced Persistent Threats ... 30
1.8 ... Common Vulnerabilities and Exposures ... 32
1.9 ... Common Vulnerability Scoring System ... 35
1.10 ... Classification of Attacks ... 38
1.11 ... The MITRE ATT&CK Framework ... 39
1.12 ... Tactics, Techniques, and Procedures ... 45
1.13 ... Indicators of Compromise ... 46
1.14 ... Security Models ... 47
1.15 ... Information Warfare ... 52
1.16 ... Practice Questions ... 54
2 ... TryHackMe ... 73
2.1 ... TryHackMe Overview ... 73
2.2 ... Hacking Lab ... 76
2.3 ... Starting and Solving Hacking Challenges ... 90
2.4 ... Support from AI: ShellGPT ... 95
3 ... Footprinting and Reconnaissance ... 101
3.1 ... What is Footprinting? ... 101
3.2 ... Active and Passive Footprinting ... 102
3.3 ... Well-Known Files ... 124
3.4 ... Footprinting on the Dark Web ... 126
3.5 ... Tools for Footprinting ... 127
3.6 ... Protection against Footprinting ... 140
3.7 ... OhSINT ... 142
3.8 ... Practice Questions ... 149
4 ... Scanning ... 169
4.1 ... Ports and Services ... 169
4.2 ... The OSI Model ... 171
4.3 ... HTTP ... 173
4.4 ... ICMP, UDP, and TCP ... 177
4.5 ... Hping3 ... 181
4.6 ... Wireshark ... 184
4.7 ... Nmap ... 188
4.8 ... Banner Grabbing ... 201
4.9 ... Practice Questions ... 205
5 ... Enumeration and Fuzzing ... 231
5.1 ... What Is Enumeration? ... 231
5.2 ... Gobuster ... 236
5.3 ... What Is Fuzzing? ... 238
5.4 ... Fuzz Faster U Fool ... 241
5.5 ... WPScan ... 243
5.6 ... Practice Questions ... 244
6 ... Metasploit ... 251
6.1 ... Exploits ... 251
6.2 ... Searching for Exploits ... 252
6.3 ... The Metasploit Framework ... 255
6.4 ... Practice Questions ... 275
7 ... Cryptography ... 283
7.1 ... Introduction to Cryptography ... 283
7.2 ... Ciphers ... 286
7.3 ... The XOR Operation ... 295
7.4 ... The Feistel Network ... 296
7.5 ... Encryption Algorithms ... 301
7.6 ... Hash Algorithms ... 306
7.7 ... One-Time Pad ... 308
7.8 ... Digital Signatures ... 310
7.9 ... Quantum Cryptography ... 311
7.10 ... Public Key Infrastructure ... 312
7.11 ... Email Encryption ... 315
7.12 ... Cryptanalysis ... 315
7.13 ... Practice Questions ... 319
8 ... Covert Communication ... 337
8.1 ... Why Is Covert Communication Used? ... 337
8.2 ... Classic Techniques and Modern Equivalents ... 337
8.3 ... Steganography ... 339
8.4 ... Communication via Side Channels ... 350
8.5 ... The Darknet ... 353
8.6 ... c4ptur3-th3-fl4g ... 366
8.7 ... Practice Questions ... 373
9 ... Cracking Passwords ... 381
9.1 ... Hash Functions and Password Hashes ... 381
9.2 ... Kerberos ... 384
9.3 ... Salt and Pepper ... 386
9.4 ... hashcat ... 387
9.5 ... Attacks on Passwords ... 396
9.6 ... Protection Against Password Attacks ... 405
9.7 ... CrackIT ... 405
9.8 ... Practice Questions ... 413
10 ... OWASP Top 10 ... 425
10.1 ... A01:2021 Broken Access Control ... 425
10.2 ... A02:2021 Cryptographic Failures ... 428
10.3 ... A03:2021 Injection ... 431
10.4 ... A04:2021 Insecure Design ... 435
10.5 ... A05:2021 Security Misconfiguration ... 438
10.6 ... A06:2021 Vulnerable and Outdated Components ... 441
10.7 ... A07:2021 Identification and Authentication Failures ... 443
10.8 ... A08:2021 Software and Data Integrity Failures ... 445
10.9 ... A09:2021 Security Logging and Monitoring Failures ... 450
10.10 ... A10:2021 Server-Side Request Forgery ... 452
10.11 ... Practice Questions ... 453
11 ... The OWASP Juice Shop ... 461
11.1 ... What Is the OWASP Juice Shop? ... 461
11.2 ... Installing the OWASP Juice Shop ... 461
11.3 ... Tasks in the OWASP Juice Shop ... 464
12 ... Cross-Site Scripting ... 483
12.1 ... Types of XSS ... 483
12.2 ... Protection Against XSS ... 489
12.3 ... Google XSS Game ... 490
12.4 ... Practice Questions ... 506
13 ... SQL Injection ... 517
13.1 ... SQL Basics ... 517
13.2 ... Types of SQL Injections ... 520
13.3 ... Protection Against SQL Injections ... 527
13.4 ... SQLMap ... 527
13.5 ... Practice Questions ... 538
14 ... Social Engineering ... 545
14.1 ... What Is Social Engineering? ... 545
14.2 ... Psychology of Social Engineering ... 546
14.3 ... Phases of a Social Engineering Attack ... 547
14.4 ... Social Engineering Techniques ... 548
14.5 ... Insider Threats ... 556
14.6 ... Identity Impersonation and Identity Theft ... 558
14.7 ... Threats Posed by Deepfakes ... 562
14.8 ... Measures Against Social Engineering ... 564
14.9 ... The Social Engineering Lab ... 566
14.10 ... Practice Questions ... 577
15 ... Reverse Shells ... 599
15.1 ... What Is a Bind Shell and How Does It Work? ... 599
15.2 ... What Is a Reverse Shell and How Does It Work? ... 600
15.3 ... Examples of Reverse Shells ... 602
15.4 ... Obfuscation Techniques for Reverse Shells ... 609
15.5 ... Measures to Protect Against Reverse Shells ... 613
15.6 ... All in One: Reverse Shell ... 613
15.7 ... Practice Questions ... 618
16 ... Privilege Escalation ... 625
16.1 ... What Is Privilege Escalation? ... 625
16.2 ... GTFOBins ... 625
16.3 ... Techniques for Privilege Escalation ... 627
16.4 ... RootMe ... 633
16.5 ... Billing: Privilege Escalation ... 637
16.6 ... All in One: Privilege Escalation ... 640
16.7 ... Practice Questions ... 641
17 ... Malware ... 649
17.1 ... What Is Malware? ... 649
17.2 ... Types of Malware ... 657
17.3 ... Malware Analysis ... 670
17.4 ... Protection Against Malware ... 672
17.5 ... Practice Questions ... 672
18 ... Professional Pentesting ... 683
18.1 ... Pentest Procedure ... 683
18.2 ... Pentesting Standards and Frameworks ... 685
18.3 ... Structure of Pentest Reports ... 690
18.4 ... Writing Pentest Reports with Artificial Intelligence Support ... 692
18.5 ... Tips for Writing Pentest Reports ... 696
19 ... Final Challenge ... 699
19.1 ... The Hunt for Agent Dalvikov ... 699
19.2 ... The Secret Password Database ... 702
19.3 ... Admin Cookie ... 705
19.4 ... The Secret ZIP Folder ... 708
19.5 ... Federal Bureau of Investigation–Style Criminal Database ... 709
19.6 ... Gaining Access ... 711
19.7 ... Privilege Escalation ... 714
... The Author ... 715
... Index ... 717
