Penetration Testing: A Survival Guide. A Survival Guide
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Dostępne formaty:
-
PDFePubMobi
Opis ebooka: Penetration Testing: A Survival Guide. A Survival Guide
The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,you’ll be introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. You’ll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.
The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, you’ll understand the web application vulnerabilities and the ways they can be exploited.
In the last module, you’ll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. You’ll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. You’ll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.
This Learning Path is a blend of content from the following Packt products:
• Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver
• Web Penetration Testing with Kali Linux, Second Edition by Juned Ahmed Ansari
• Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran
Wybrane bestsellery
-
Ta książka jest przewodnikiem dla profesjonalistów do spraw cyberbezpieczeństwa. Przedstawia podstawowe zasady reagowania na incydenty bezpieczeństwa i szczegółowo, na przykładach, omawia proces tworzenia zdolności szybkiej i skutecznej reakcji na takie zdarzenia. Zaprezentowano tu techniki infor...
Informatyka śledcza. Narzędzia i techniki skutecznego reagowania na incydenty bezpieczeństwa. Wydanie III Informatyka śledcza. Narzędzia i techniki skutecznego reagowania na incydenty bezpieczeństwa. Wydanie III
(79.20 zł najniższa cena z 30 dni)69.30 zł
99.00 zł(-30%) -
Książkę szczególnie docenią analitycy bezpieczeństwa, którzy chcą się zapoznać z zestawem poleceń ARM i zdobyć wiedzę umożliwiającą im efektywne korzystanie z technik inżynierii wstecznej. Poza zestawem potrzebnych poleceń znalazło się w niej mnóstwo przydatnych informacji. Znajdziesz tu przegląd...
Niebieski lis. Polecenia procesorów Arm i inżynieria wsteczna Niebieski lis. Polecenia procesorów Arm i inżynieria wsteczna
(57.84 zł najniższa cena z 30 dni)62.30 zł
89.00 zł(-30%) -
Łańcuch bloków ma wyjątkowy potencjał. W najśmielszym scenariuszu może doprowadzić do odebrania władzy politykom i wielkim firmom, aby rozdzielić ją między użytkowników. Chodzi tu o odniesienie nie tylko do kryptowalut, ale także organizacji i społeczności. Dziś sieć Ethereum zapewnia podstawy te...
Dowód stawki. Proof of stake (PoS), powstanie Ethereum i filozofia łańcucha bloków Dowód stawki. Proof of stake (PoS), powstanie Ethereum i filozofia łańcucha bloków
(43.55 zł najniższa cena z 30 dni)46.90 zł
67.00 zł(-30%) -
Jak ważne jest bezpieczeństwo systemów, osób i instytucji w dobie trwających wojen, również tych cybernetycznych, nie trzeba nikogo przekonywać. Jest to bardzo ważna kwestia, dlatego istotne jest również przygotowanie się instytucji i społeczeństw na czyhające już od dawna zagrożenia z tym związa...
Bezpieczeństwo osób i systemów IT z wykorzystaniem białego wywiadu Bezpieczeństwo osób i systemów IT z wykorzystaniem białego wywiadu
(71.20 zł najniższa cena z 30 dni)71.20 zł
89.00 zł(-20%) -
Administratorzy sieci komputerowych korzystają z szeregu narzędzi i programów wspomagających ich pracę. Także tych, które automatyzują czynności i przez to czynią zadania administratora prostszymi i mniej angażującymi czasowo niż jeszcze kilka lat temu. Nie zwalnia to jednak osób na tym stanowisk...
Wireshark. Kurs video. Analiza ruchu sieciowego i wykrywanie włamań Wireshark. Kurs video. Analiza ruchu sieciowego i wykrywanie włamań
(39.90 zł najniższa cena z 30 dni)69.65 zł
199.00 zł(-65%) -
Światowy bestseller, który uczy, jak tworzyć bezpieczne systemy informatyczne. Podręcznik obejmuje nie tylko podstawy techniczne, takie jak kryptografia, kontrola dostępu i odporność na manipulacje, ale także sposób ich wykorzystania w prawdziwym życiu. Realne studia przypadków dotyczące bezpie...(111.20 zł najniższa cena z 30 dni)
111.20 zł
139.00 zł(-20%) -
Dzięki tej książce nauczysz się gromadzić publicznie dostępne informacje, korzystać z wiedzy o cyklu życia wrażliwych danych i przekształcać je w informacje wywiadowcze przydatne dla zespołów zajmujących się bezpieczeństwem. Opanujesz proces gromadzenia i analizy danych, poznasz również strategie...
Prawdziwa głębia OSINT. Odkryj wartość danych Open Source Intelligence Prawdziwa głębia OSINT. Odkryj wartość danych Open Source Intelligence
(59.40 zł najniższa cena z 30 dni)69.30 zł
99.00 zł(-30%) -
Światowy bestseller, który uczy, jak tworzyć bezpieczne systemy informatyczne. Podręcznik obejmuje nie tylko podstawy techniczne, takie jak kryptografia, kontrola dostępu i odporność na manipulacje, ale także sposób ich wykorzystania w prawdziwym życiu. Realne studia przypadków dotyczące bezpie...(111.20 zł najniższa cena z 30 dni)
111.20 zł
139.00 zł(-20%) -
Proponowany przez nas kurs video jest poświęcony grupie produktów typu open source, występujących pod wspólną nazwą Elastic Stack. Składają się na nią Elasticsearch, Kibana, Beats i – dla bardziej zaawansowanych – Logstash. Razem stanowią one zestaw narzędzi służących analizie i wizua...
Elastic Stack. Kurs video. Monitoring aplikacji i systemów IT Elastic Stack. Kurs video. Monitoring aplikacji i systemów IT
(39.59 zł najniższa cena z 30 dni)44.55 zł
99.00 zł(-55%) -
Ta książka pomoże Ci w doskonaleniu umiejętności potrzebnych na każdym etapie dochodzenia cyfrowego, od zbierania dowodów, poprzez ich analizę, po tworzenie raportów. Dzięki wielu wskazówkom i praktycznym ćwiczeniom przyswoisz techniki analizy, ekstrakcji danych i raportowania przy użyciu zaawans...
Informatyka śledcza i Kali Linux. Przeprowadź analizy nośników pamięci, ruchu sieciowego i zawartości RAM-u za pomocą narzędzi systemu Kali Linux 2022.x. Wydanie III Informatyka śledcza i Kali Linux. Przeprowadź analizy nośników pamięci, ruchu sieciowego i zawartości RAM-u za pomocą narzędzi systemu Kali Linux 2022.x. Wydanie III
(59.40 zł najniższa cena z 30 dni)69.30 zł
99.00 zł(-30%)
O autorach ebooka
Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran - pozostałe książki
-
This second edition of Kali Linux 2: Windows Penetration Testing provides approaches and solutions to the issues of modern penetration testing for a Microsoft Windows environment. As a pen tester, you need to be able to understand and use the best available tools - this book addresses these needs...
Kali Linux 2018: Windows Penetration Testing. Conduct network testing, surveillance, and pen testing on MS Windows using Kali Linux 2018 - Second Edition Kali Linux 2018: Windows Penetration Testing. Conduct network testing, surveillance, and pen testing on MS Windows using Kali Linux 2018 - Second Edition
-
With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end...
-
Delve into Kali Linux and get to grips with surveillance, network testing, and more with Kali Linux 2: Windows Penetration Testing. This book will give you hands-on experience and prepare you to apply your skills in the real world with the help of detailed explanations, examples, and expert techn...
Kali Linux 2: Windows Penetration Testing. Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers Kali Linux 2: Windows Penetration Testing. Kali Linux: a complete pentesting toolkit facilitating smooth backtracking for working hackers
-
Web Penetration Testing with Kali Linux. Build your defense against web attacks with Kali Linux 2.0 Web Penetration Testing with Kali Linux. Build your defense against web attacks with Kali Linux 2.0
Ebooka "Penetration Testing: A Survival Guide. A Survival Guide" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Penetration Testing: A Survival Guide. A Survival Guide" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Penetration Testing: A Survival Guide. A Survival Guide" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- Tytuł oryginału:
- Penetration Testing: A Survival Guide. A Survival Guide
- ISBN Ebooka:
- 978-17-872-8783-9, 9781787287839
- Data wydania ebooka:
- 2017-01-18 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku Pdf:
- 52.9MB
- Rozmiar pliku ePub:
- 105.6MB
- Rozmiar pliku Mobi:
- 149.9MB
Spis treści ebooka
- Penetration Testing: A Survival Guide
- Table of Contents
- Penetration Testing: A Survival Guide
- Penetration Testing: A Survival Guide
- Credits
- Preface
- What this learning path covers
- What you need for this learning path
- Who this learning path is for
- Reader feedback
- Customer support
- Downloading the example code
- Errata
- Piracy
- Questions
- I. Module 1
- 1. Sharpening the Saw
- Installing Kali Linux to an encrypted USB drive
- Prerequisites for installation
- Booting Up
- Installing configuration
- Setting up the drive
- Booting your new installation of Kali
- Installing Kali Linux to an encrypted USB drive
- Running Kali from the live CD
- Installing and configuring applications
- Gedit the Gnome text editor
- Terminator the terminal emulator for multitasking
- EtherApe the graphical protocol analysis tool
- 1. Sharpening the Saw
- Setting up and configuring OpenVAS
- Reporting the tests
- KeepNote the standalone document organizer
- Dradis the web-based document organizer
- Running services on Kali Linux
- Exploring the Kali Linux Top 10 and more
- Summary
- 2. Information Gathering and Vulnerability Assessment
- Footprinting the network
- Exploring the network with Nmap
- Zenmap
- The difference verbosity makes
- Scanning a network range
- Footprinting the network
- Where can you find instructions on this thing?
- A return to OpenVAS
- Using Maltego
- Using Unicorn-Scan
- Monitoring resource use with Htop
- Monkeying around the network
- Summary
- 3. Exploitation Tools (Pwnage)
- Choosing the appropriate time and tool
- Choosing the right version of Metasploit
- Starting Metasploit
- Creating workspaces to organize your attack
- Using the hosts and services commands
- Using advanced footprinting
- Interpreting the scan and building on the result
- Exploiting poor patch management
- Finding out whether anyone is home
- Using the pivot
- Mapping the network to pivot
- Creating the attack path
- Grabbing system on the target
- Setting Up the route
- Exploring the inner network
- Abusing the Windows NET USE command
- Adding a Windows user from the command line
- Summary
- 4. Web Application Exploitation
- Surveying the webscape
- Concept of Robots.txt
- Concept of .htaccess
- Quick solutions to cross-site scripting
- Reducing buffer overflows
- Avoiding SQL injection
- Surveying the webscape
- Arm yourself with Armitage
- Working with a single known host
- Discovering new machines with NMap
- Zinging Windows servers with OWASP ZAP
- Using ZAP as an attack proxy
- Reading the ZAP interface
- Search and destroy with Burp Suite
- Targeting the test subject
- Using Burp Suite as a Proxy
- Installing the Burp Suite security certificate
- Spidering a site with Burp Spider
- Summary
- 5. Sniffing and Spoofing
- Sniffing and spoofing network traffic
- Sniffing network traffic
- Basic sniffing with tcpdump
- More basic sniffing with WinDump (Windows tcpdump)
- Packet hunting with Wireshark
- Dissecting the packet
- Swimming with Wireshark
- Spoofing network traffic
- Ettercap
- Using Ettercap on the command line
- Ettercap
- Summary
- 6. Password Attacks
- Password attack planning
- Cracking the NTLM code (Revisited)
- Password lists
- Cleaning a password list
- Password attack planning
- My friend Johnny
- John the Ripper (command line)
- xHydra
- Adding a tool to the main menu in Kali 2.x
- Summary
- 7. Windows Privilege Escalation
- Gaining access with Metasploit
- Replacing the executable
- Local privilege escalation with a standalone tool
- Escalating privileges with physical access
- Robbing the Hives with samdump2
- Owning the registry with chntpw
- Weaseling in with Weevely
- Preparing to use Weevely
- Creating an agent
- Testing Weevely locally
- Testing Weevely on a Windows server
- Getting help in Weevely
- Getting the system info
- Using filesystem commands in Weevely
- Writing into files
- Summary
- 8. Maintaining Remote Access
- Maintaining access
- Covering our tracks
- Maintaining access
- Maintaining access with Ncat
- Phoning Home with Metasploit
- The Dropbox
- Cracking the NAC (Network Access Controller)
- Creating a Spear-Phishing Attack with the Social Engineering Toolkit
- Using Backdoor-Factory to Evade Antivirus
- Summary
- 9. Reverse Engineering and Stress Testing
- Setting up a test environment
- Creating your victim machine(s)
- Testing your testing environment
- Setting up a test environment
- Reverse engineering theory
- One general theory of reverse engineering
- Working with Boolean logic
- Reviewing a while loop structure
- Reviewing the for loop structure
- Understanding the decision points
- Practicing reverse engineering
- Demystifying debuggers
- Using the Valgrind Debugger to discover memory leaks
- Translating your app to assembler with the EDB-Debugger
- EDB-Debugger symbol mapper
- Running OllyDbg
- Demystifying debuggers
- Introduction to disassemblers
- Running JAD
- Create your own disassembling code with Capstone
- Some miscellaneous reverse engineering tools
- Running Radare2
- Additional members of the Radare2 tool suite
- Running rasm2
- Running rahash2
- Running radiff2
- Running rafind2
- Running rax2
- Stresstesting Windows
- Dealing with Denial
- Putting the network under Siege
- Configuring your Siege engine
- Summary
- 10. Forensics
- Getting into Digital Forensics
- Exploring Guymager
- Starting Kali for Forensics
- Acquiring a drive to be legal evidence
- Cloning With Guymager
- Diving into Autopsy
- Mounting image files
- Summary
- II. Module 2
- 1. Introduction to Penetration Testing and Web Applications
- Proactive security testing
- Who is a hacker?
- Different testing methodologies
- Ethical hacking
- Penetration testing
- Vulnerability assessment
- Security audits
- Proactive security testing
- Rules of engagement
- Black box testing or Gray box testing
- Client contact details
- Client IT team notifications
- Sensitive data handling
- Status meeting
- 1. Introduction to Penetration Testing and Web Applications
- The limitations of penetration testing
- The need for testing web applications
- Social engineering attacks
- Training employees to defeat social engineering attacks
- A web application overview for penetration testers
- HTTP protocol
- Request and response header
- The request header
- The response header
- Important HTTP methods for penetration testing
- The GET/POST method
- The HEAD method
- The TRACE method
- The PUT and DELETE methods
- The OPTIONS method
- Session tracking using cookies
- Cookie
- Cookie flow between server and client
- Persistent and non-persistent cookies
- Cookie parameters
- HTML data in HTTP response
- Multi-tier web application
- Summary
- 2. Setting up Your Lab with Kali Linux
- Kali Linux
- Improvements in Kali Linux 2.0
- Installing Kali Linux
- USB mode
- VMware and ARM images of Kali Linux
- Kali Linux on Amazon cloud
- Installing Kali Linux on a hard drive
- Kali Linux-virtualizing versus installing on physical hardware
- Kali Linux
- Important tools in Kali Linux
- Web application proxies
- Burp proxy
- Customizing client interception
- Modifying requests on the fly
- Burp proxy with SSL-based websites
- Burp proxy
- WebScarab and Zed Attack Proxy
- ProxyStrike
- Web application proxies
- Web vulnerability scanner
- Nikto
- Skipfish
- Web Crawler Dirbuster
- OpenVAS
- Database exploitation
- CMS identification tools
- Web application fuzzers
- Using Tor for penetration testing
- Steps to set up Tor and connect anonymously
- Visualization of a web request through Tor
- Final words for Tor
- Summary
- 3. Reconnaissance and Profiling the Web Server
- Reconnaissance
- Passive reconnaissance versus active reconnaissance
- Reconnaissance information gathering
- Domain registration details
- Whois extracting domain information
- Domain registration details
- Identifying hosts using DNS
- Zone transfer using dig
- Brute force DNS records using Nmap
- The Recon-ng tool a framework for information gathering
- Domain enumeration using recon-ng
- Sub-level and top-level domain enumeration
- Domain enumeration using recon-ng
- Reporting modules
- Reconnaissance
- Scanning probing the target
- Port scanning using Nmap
- Different options for port scan
- Evading firewalls and IPS using Nmap
- Spotting a firewall using back checksum option in Nmap
- Port scanning using Nmap
- Identifying the operating system using Nmap
- Profiling the server
- Application version fingerprinting
- The Nmap version scan
- The Amap version scan
- Application version fingerprinting
- Fingerprinting the web application framework
- The HTTP header
- The Whatweb scanner
- Identifying virtual hosts
- Locating virtual hosts using search engines
- The virtual host lookup module in Recon-ng
- Identifying load balancers
- Cookie-based load balancer
- Other ways of identifying load balancers
- Scanning web servers for vulnerabilities and misconfigurations
- Identifying HTTP methods using Nmap
- Testing web servers using auxiliary modules in Metasploit
- Automating scanning using the WMAP web scanner plugin
- Vulnerability scanning and graphical reports the Skipfish web application scanner
- Spidering web applications
- The Burp spider
- Application login
- Summary
- 4. Major Flaws in Web Applications
- Information leakage
- Directory browsing
- Directory browsing using DirBuster
- Comments in HTML code
- Mitigation
- Directory browsing
- Information leakage
- Authentication issues
- Authentication protocols and flaws
- Basic authentication
- Digest authentication
- Integrated authentication
- Form-based authentication
- Authentication protocols and flaws
- Brute forcing credentials
- Hydra a brute force password cracker
- Path traversal
- Attacking path traversal using Burp proxy
- Mitigation
- Attacking path traversal using Burp proxy
- Injection-based flaws
- Command injection
- SQL injection
- Cross-site scripting
- Attack potential of cross-site scripting attacks
- Cross-site request forgery
- Session-based flaws
- Different ways to steal tokens
- Brute forcing tokens
- Sniffing tokens and man-in-the-middle attacks
- Stealing session tokens using XSS attack
- Session token sharing between application and browser
- Different ways to steal tokens
- Tools to analyze tokens
- Session fixation attack
- Mitigation for session fixation
- File inclusion vulnerability
- Remote file include
- Local file include
- Mitigation for file inclusion attacks
- HTTP parameter pollution
- Mitigation
- HTTP response splitting
- Mitigation
- Summary
- 5. Attacking the Server Using Injection-based Flaws
- Command injection
- Identifying parameters to inject data
- Error-based and blind command injection
- Metacharacters for command separator
- Scanning for command injection
- Creating a cookie file for authentication
- Executing Wapiti
- Exploiting command injection using Metasploit
- PHP shell and Metasploit
- Command injection
- Exploiting shellshock
- Overview of shellshock
- Scanning dirb
- Exploitation Metasploit
- SQL injection
- SQL statements
- The UNION operator
- The SQL query example
- SQL statements
- Attack potential of the SQL injection flaw
- Blind SQL injection
- SQL injection testing methodology
- Scanning for SQL injection
- Information gathering
- Sqlmap automating exploitation
- BBQSQL the blind SQL injection framework
- Sqlsus MySQL injection
- Sqlninja MS SQL injection
- Summary
- 6. Exploiting Clients Using XSS and CSRF Flaws
- The origin of cross-site scripting
- Introduction to JavaScript
- The origin of cross-site scripting
- An overview of cross-site scripting
- Types of cross-site scripting
- Persistent XSS
- Reflected XSS
- DOM-based XSS
- Defence against DOM-based XSS
- XSS using the POST Method
- XSS and JavaScript a deadly combination
- Cookie stealing
- Key logger
- Website defacing
- Scanning for XSS flaws
- Zed Attack Proxy
- Scoping and selecting modes
- Modes of operation
- Scan policy and attack
- Zed Attack Proxy
- Xsser
- Features
- W3af
- Plugins
- Graphical interface
- Cross-site request forgery
- Attack dependencies
- Attack methodology
- Testing for CSRF flaws
- CSRF mitigation techniques
- Summary
- 7. Attacking SSL-based Websites
- Secure socket layer
- SSL in web applications
- SSL encryption process
- Asymmetric encryption versus symmetric encryption
- Asymmetric encryption algorithms
- Symmetric encryption algorithm
- Hashing for message integrity
- Identifying weak SSL implementations
- OpenSSL command-line tool
- SSLScan
- SSLyze
- Testing SSL configuration using Nmap
- Secure socket layer
- SSL man-in-the-middle attack
- SSL MITM tools in Kali Linux
- SSLsplit
- SSLstrip
- SSL stripping limitations
- SSL MITM tools in Kali Linux
- Summary
- 8. Exploiting the Client Using Attack Frameworks
- Social engineering attacks
- Social engineering toolkit
- Spear-phishing attack
- Website attack
- Java applet attack
- Credential harvester attack
- Web jacking attack
- Metasploit browser exploit
- Tabnabbing attack
- Browser exploitation framework
- Introducing BeEF
- BeEF hook injection
- Browser reconnaissance
- Exploit modules
- Host information gathering
- Persistence module
- Network recon
- Inter-protocol exploitation and communication
- Exploiting the mutillidae XSS flaw using BeEF
- Injecting the BeEF hook using MITM
- Summary
- 9. AJAX and Web Services Security Issues
- Introduction to AJAX
- Building blocks of AJAX
- The AJAX workflow
- AJAX security issues
- Increase in attack surface
- Exposed programming logic of the application
- Insufficient access control
- Challenges of pentesting AJAX applications
- Crawling AJAX applications
- AJAX crawling tool
- Sprajax
- AJAX spider OWASP ZAP
- Introduction to AJAX
- Analyzing client-side code Firebug
- The Script panel
- The Console panel
- The Network panel
- Web services
- Introducing SOAP and RESTful web services
- Securing web services
- Insecure direct object reference vulnerability
- Summary
- 10. Fuzzing Web Applications
- Fuzzing basics
- Types of fuzzing techniques
- Mutation fuzzing
- Generation fuzzing
- Applications of fuzzing
- Network protocol fuzzing
- File fuzzing
- User interface fuzzing
- Web application fuzzing
- Web browser fuzzing
- Fuzzer frameworks
- Fuzzing steps
- Testing web applications using fuzzing
- Fuzzing input in web applications
- Request URI
- Headers
- Form fields
- Fuzzing input in web applications
- Detecting result of fuzzing
- Web application fuzzers in Kali Linux
- Fuzzing using Burp intruder
- PowerFuzzer tool
- Summary
- III. Module 3
- 1. Setting Up the Lab
- Installing the required tools
- Java
- Installing the required tools
- Android Studio
- Setting up an AVD
- Real device
- Apktool
- Dex2jar/JD-GUI
- Burp Suite
- 1. Setting Up the Lab
- Configuring the AVD
- Drozer
- Prerequisites
- Drozer
- QARK (No support for windows)
- Getting ready
- Advanced REST Client for Chrome
- Droid Explorer
- Cydia Substrate and Introspy
- SQLite browser
- Frida
- Setting up Frida server
- Setting up frida-client
- Testing the setup
- Vulnerable apps
- Kali Linux
- ADB Primer
- Checking for connected devices
- Getting a shell
- Listing the packages
- Pushing files to the device
- Pulling files from the device
- Installing apps using adb
- Troubleshooting adb connections
- Summary
- 2. Android Rooting
- What is rooting?
- Why would we root a device?
- Advantages of rooting
- Unlimited control over the device
- Installing additional apps
- More features and customization
- Disadvantages of rooting
- It compromises the security of your device
- Bricking your device
- Voids warranty
- What is rooting?
- Locked and unlocked boot loaders
- Determining boot loader unlock status on Sony devices
- Unlocking boot loader on Sony through a vendor specified method
- Rooting unlocked boot loaders on a Samsung device
- Stock recovery and Custom recovery
- Prerequisites
- Rooting Process and Custom ROM installation
- Installing recovery softwares
- Using Odin
- Using Heimdall
- Installing recovery softwares
- Rooting a Samsung Note 2
- Flashing the Custom ROM to the phone
- Summary
- 3. Fundamental Building Blocks of Android Apps
- Basics of Android apps
- Android app structure
- How to get an APK file?
- Android app structure
- Storage location of APK files
- /data/app/
- /system/app/
- /data/app-private/
- Example of extracting preinstalled apps
- Example of extracting user installed apps
- Basics of Android apps
- Android app components
- Activities
- Services
- Broadcast receivers
- Content providers
- Android app build process
- Building DEX files from the command line
- What happens when an app is run?
- ART the new Android Runtime
- Understanding app sandboxing
- UID per app
- App sandboxing
- Is there a way to break out of this sandbox?
- Summary
- 4. Overview of Attacking Android Apps
- Introduction to Android apps
- Web Based apps
- Native apps
- Hybrid apps
- Introduction to Android apps
- Understanding the apps attack surface
- Mobile application architecture
- Threats at the client side
- Threats at the backend
- Guidelines for testing and securing mobile apps
- OWASP Top 10 Mobile Risks (2014)
- M1: Weak Server-Side Controls
- M2: Insecure Data Storage
- M3: Insufficient Transport Layer Protection
- M4: Unintended Data Leakage
- M5: Poor Authorization and Authentication
- M6: Broken Cryptography
- M7: Client-Side Injection
- M8: Security Decisions via Untrusted Inputs
- M9: Improper Session Handling
- M10: Lack of Binary Protections
- Automated tools
- Drozer
- Performing Android security assessments with Drozer
- Installing testapp.apk
- Listing out all the modules
- Retrieving package information
- Identifying the attack surface
- Identifying and exploiting Android app vulnerabilities using Drozer
- Attacks on exported activities
- What is the problem here?
- Attacks on exported activities
- Identifying and exploiting Android app vulnerabilities using Drozer
- QARK (Quick Android Review Kit)
- Running QARK in interactive mode
- Reporting
- Running QARK in interactive mode
- Running QARK in seamless mode:
- Summary
- 5. Data Storage and Its Security
- What is data storage?
- Android local data storage techniques
- Shared preferences
- SQLite databases
- Internal storage
- External storage
- Android local data storage techniques
- What is data storage?
- Shared preferences
- Real world application demo
- SQLite databases
- Internal storage
- External storage
- User dictionary cache
- Insecure data storage NoSQL database
- NoSQL demo application functionality
- Backup techniques
- Backup the app data using adb backup command
- Convert .ab format to tar format using Android backup extractor
- Extracting the TAR file using the pax or star utility
- Analyzing the extracted content for security issues
- Being safe
- Summary
- 6. Server-Side Attacks
- Different types of mobile apps and their threat model
- Mobile applications server-side attack surface
- Mobile application architecture
- Strategies for testing mobile backend
- Setting up Burp Suite Proxy for testing
- Proxy setting via APN
- Proxy setting via Wi-Fi
- Bypass certificate warnings and HSTS
- HSTS HTTP Strict Transport Security
- Setting up Burp Suite Proxy for testing
- Bypassing certificate pinning
- Bypass SSL pinning using AndroidSSLTrustKiller
- Setting up a demo application
- Installing OWASP GoatDroid
- Setting up a demo application
- Threats at the backend
- Relating OWASP top 10 mobile risks and web attacks
- Authentication/authorization issues
- Authentication vulnerabilities
- Authorization vulnerabilities
- Session management
- Insufficient Transport Layer Security
- Input validation related issues
- Improper error handling
- Insecure data storage
- Attacks on the database
- Summary
- 7. Client-Side Attacks Static Analysis Techniques
- Attacking application components
- Attacks on activities
- What does exported behavior mean to an activity?
- Intent filters
- Attacks on activities
- Attacks on services
- Extending the Binder class:
- Using a Messenger
- Using AIDL
- Attacking AIDL services
- Attacking application components
- Attacks on broadcast receivers
- Attacks on content providers
- Querying content providers:
- Exploiting SQL Injection in content providers using adb
- Querying the content provider
- Writing a where condition:
- Testing for Injection:
- Finding the column numbers for further extraction
- Running database functions
- Finding out SQLite version:
- Finding out table names
- Static analysis using QARK:
- Summary
- 8. Client-Side Attacks Dynamic Analysis Techniques
- Automated Android app assessments using Drozer
- Listing out all the modules
- Retrieving package information
- Finding out the package name of your target application
- Getting information about a package
- Dumping the AndroidManifes.xml file
- Finding out the attack surface:
- Attacks on activities
- Attacks on services
- Broadcast receivers
- Content provider leakage and SQL Injection using Drozer
- Attacking SQL Injection using Drozer
- Path traversal attacks in content providers
- Reading /etc/hosts
- Reading kernel version
- Exploiting debuggable apps
- Automated Android app assessments using Drozer
- Introduction to Cydia Substrate
- Runtime monitoring and analysis using Introspy
- Hooking using Xposed framework
- Dynamic instrumentation using Frida
- What is Frida?
- Prerequisites
- Steps to perform dynamic hooking with Frida
- What is Frida?
- Logging based vulnerabilities
- WebView attacks
- Accessing sensitive local resources through file scheme
- Other WebView issues
- Summary
- 9. Android Malware
- What do Android malwares do?
- Writing Android malwares
- Writing a simple reverse shell Trojan using socket programming
- Registering permissions
- Writing a simple SMS stealer
- The user interface
- Code for MainActivity.java
- Code for reading SMS
- Code for the uploadData() method
- Complete code for MainActivity.java
- The user interface
- Registering permissions
- Code on the server
- A note on infecting legitimate apps
- Writing a simple SMS stealer
- Malware analysis
- Static analysis
- Disassembling Android apps using Apktool
- Exploring the AndroidManifest.xml file
- Exploring smali files
- Disassembling Android apps using Apktool
- Decompiling Android apps using dex2jar and JD-GUI
- Static analysis
- Dynamic analysis
- Analyzing HTTP/HTTPS traffic using Burp
- Analysing network traffic using tcpdump and Wireshark
- Tools for automated analysis
- How to be safe from Android malwares?
- Summary
- 10. Attacks on Android Devices
- MitM attacks
- Dangers with apps that provide network level access
- Using existing exploits
- Malware
- Bypassing screen locks
- Bypassing pattern lock using adb
- Removing the gesture.key file
- Cracking SHA1 hashes from the gesture.key file
- Bypassing pattern lock using adb
- Bypassing password/PIN using adb
- Bypassing screen locks using CVE-2013-6271
- Pulling data from the sdcard
- Summary
- A. Bibliography
- Index
Packt Publishing - inne książki
-
Mastering Data transformation is essential for enhancing their data models and business intelligence. The Definitive Guide to Power Query equips you with the knowledge and skills to master the tool while leveraging its remarkable capabilities.
The Definitive Guide to Power Query (M). Mastering complex data transformation with Power Query The Definitive Guide to Power Query (M). Mastering complex data transformation with Power Query
Gregory Deckler, Rick de Groot, Melissa de Korte, Brian Julius
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Penetration Testing: A Survival Guide. A Survival Guide Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.