Advanced Penetration Testing
HOW TO ESTABLISH AN IMPENETRABLE LINE OF DEFENSE USING EVERYTHING IN THE PROFESSIONAL HACKER'S BAG OF TRICKS
Typical penetration testing is highly formulaic and involves little more than time-limited network and application security audits. If they are to have any hope of defending their assets against attacks by today's highly motivated professional hackers, high-value targets will have to do a better job of hardening their IT infrastructures. And that can only be achieved by security analysts and engineers fully versed in the professional hacker's manual of dirty tricks and penetration techniques.
Written by a top security expert who has performed hacking and penetration testing for Fortune 100 companies worldwide, Advanced Penetration Testing: Hacking the World's Most Secure Networks schools you in advanced techniques for targeting and compromising high-security environments that aren't taught in any certification prep or covered by common defense scanners. Author Wil Allsopp goes well beyond Kali linux and Metasploit to provide a complex, highly realistic attack simulation. Taking a multidisciplinary approach combining social engineering, programming, and vulnerability exploits, he teaches you how to:
- Discover and create attack vectors
- Move unseen through a target enterprise and reconnoiter networks, operating systems, and test structures
- Employ social engineering strategies to create an initial compromise
- Establish a beachhead and leave a robust command-and-control structure in place
- Use advanced data exfiltration techniqueseven against targets without direct Internet connections
- Utilize advanced methods for escalating privilege
- Infiltrate deep into networks and operating systems using harvested credentials
- Create custom code using VBA, Windows® Scripting Host, C, Java®, JavaScript®, Flash, and more
Build a better defense against motivated, organized, professional attacks
Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.
Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network.
- Use targeted social engineering pretexts to create the initial compromise
- Leave a command and control structure in place for long-term access
- Escalate privilege and breach networks, operating systems, and trust structures
- Infiltrate further using harvested credentials while expanding control
Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.
Auteur | | Wil Allsopp |
Taal | | Engels |
Type | | Paperback |
Categorie | | Computers & Informatica |