05457nam 2200721 a 450 991045185090332120211115232416.01-62198-905-41-280-67747-397866136544031-84951-775-4(CKB)2550000000101867(EBL)946941(OCoLC)794903866(SSID)ssj0000676594(PQKBManifestationID)12229141(PQKBTitleCode)TC0000676594(PQKBWorkID)10684110(PQKB)11713335(MiAaPQ)EBC946941(PPN)227993802(Au-PeEL)EBL946941(CaPaEBR)ebr10563887(CaONFJC)MIL365440(EXLCZ)99255000000010186720120605d2012 uy 0engur|n|---|||||txtccrAdvanced penetration testing for highly-secured environments[electronic resource] the ultimate security guide : learn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide /Lee AllenBirmingham, U.K. Packt Pub.20121 online resource (414 p.)Open source : community experience distilledDescription based upon print version of record.1-84951-774-6 Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Planning and Scoping for a Successful Penetration Test; Introduction to advanced penetration testing; Vulnerability assessments; Penetration testing; Advanced penetration testing; Before testing begins; Determining scope; Setting limits - nothing lasts forever; Rules of engagement documentation; Planning for action; Installing VirtualBox; Installing your BackTrack virtual machine; Preparing the virtual guest machine for BackTrackInstalling BackTrack on the virtual disk imageExploring BackTrack; Logging in; Changing the default password; Updating the applications and operating system; Installing OpenOffice; Effectively manage your test results; Introduction to MagicTree; Starting MagicTree; Adding nodes; Data collection; Report generation; Introduction to the Dradis Framework; Exporting a project template; Importing a project template; Preparing sample data for import; Importing your Nmap data; Exporting data into HTML; Dradis Category field; Changing the default HTML template; SummaryChapter 2: Advanced Reconnaissance TechniquesIntroduction to reconnaissance; Reconnaissance workflow; DNS recon; Nslookup - it's there when you need it; Default output; Changing nameservers; Creating an automation script; What did we learn?; Domain Information Groper (Dig); Default output; Zone transfers using Dig; Advanced features of Dig; DNS brute forcing with fierce; Default command usage; Creating a custom wordlist; Gathering and validating domain and IP information; Gathering information with whois; Specifying which registrar to use; Where in the world is this IP?; Defensive measuresUsing search engines to do your job for youSHODAN; Filters; Understanding banners; Finding specific assets; Finding people (and their documents) on the web; Google hacking database; Metagoofil; Searching the Internet for clues; Metadata collection; Extracting metadata from photos using exiftool; Summary; Chapter 3: Enumeration: Choosing Your Targets Wisely; Adding another virtual machine to our lab; Configuring and testing our Vlab_1 clients; BackTrack - Manual ifconfig; Ubuntu - Manual ifconfig; Verifying connectivity; Maintaining IP settings after reboot; Nmap - getting to know youCommonly seen Nmap scan types and optionsBasic scans - warming up; Other Nmap techniques; Remaining stealthy; Shifting blame - the zombies did it!; IDS rules, how to avoid them; Using decoys; Adding custom Nmap scripts to your arsenal; How to decide if a script is right for you; Adding a new script to the database; SNMP: A goldmine of information just waiting to be discovered; SNMPEnum; SNMPCheck; When the SNMP community string is NOT ""public""; Creating network baselines with scanPBNJ; Setting up MySQL for PBNJ; Starting MySQL; Preparing the PBNJ database; First scan; Reviewing the dataEnumeration avoidance techniquesLearn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide with this book and ebook.Community experience distilled.Computer securityTestingHandbooks, manuals, etcPenetration testing (Computer security)Handbooks, manuals, etcComputer networksSecurity measuresHandbooks, manuals, etcComputer networksHandbooks, manuals, etcElectronic books.Computer securityTestingPenetration testing (Computer security)Computer networksSecurity measuresComputer networks005.8Allen Lee(Information security specialist)944552MiAaPQMiAaPQMiAaPQBOOK9910451850903321Advanced penetration testing for highly-secured environments2192264UNINA