This book is designed to give readers of all backgrounds and experience levels a well-researched and engaging introduction to the fascinating realm of network security. With real-world examples that reflect today’s most important and relevant security topics, Penetration Testing will address how and why people attack computers and networks, so that readers can be armed with the knowledge and techniques to successfully combat hackers. Because the world of information security changes so quickly and is often the subject of much hype, this book also aims to provide a clear differentiation between hacking myths and hacking facts. Straightforward in its approach, this valuable resource teaches the skills needed to go from hoping a system is secure to knowing that it is.
The complete guide to today’s hard-to-defend chained attacks: performing them and preventing them
Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.
Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.
Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes:
Constructing convincing new phishing attacks
Discovering which sites other Web users are visiting
Wreaking havoc on IT security via wireless networks
Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.
Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.
The practical guide to simulating, detecting, and responding to network attacks
Create step-by-step testing plans
Learn to perform social engineering and host reconnaissance
Evaluate session hijacking methods
Exploit web server vulnerabilities
Detect attempts to breach database security
Use password crackers to obtain access information
Circumvent Intrusion Prevention Systems (IPS) and firewall protections and disrupt the service of routers and switches
Scan and penetrate wireless networks
Understand the inner workings of Trojan Horses, viruses, and other backdoor applications
Test UNIX, Microsoft, and Novell servers for vulnerabilities
Learn the root cause of buffer overflows and how to prevent them
Perform and prevent Denial of Service attacks
Penetration testing is a growing field but there has yet to be a definitive resource that instructs ethical hackers on how to perform a penetration test with the ethics and responsibilities of testing in mind. Penetration Testing and Network Defense offers detailed steps on how to emulate an outside attacker in order to assess the security of a network.
Unlike other books on hacking, this book is specifically geared towards penetration testing. It includes important information about liability issues and ethics as well as procedures and documentation. Using popular open-source and commercial applications, the book shows you how to perform a penetration test on an organization’s network, from creating a test plan to performing social engineering and host reconnaissance to performing simulated attacks on both wired and wireless networks.
Penetration Testing and Network Defense also goes a step further than other books on hacking, as it demonstrates how to detect an attack on a live network. By detailing the method of an attack and how to spot an attack on your network, this book better prepares you to guard against hackers. You will learn how to configure, record, and thwart these attacks and how to harden a system to protect it against future internal and external attacks.
Full of real-world examples and step-by-step procedures, this book is both an enjoyable read and full of practical advice that will help you assess network security and develop a plan for locking down sensitive data and company resources.
“This book goes to great lengths to explain the various testing approaches that are used today and gives excellent insight into how a responsible penetration testing specialist executes his trade.”
–Bruce Murphy, Vice President, World Wide Security Services, Cisco Systems®
For the first time, Deviant Ollam, one of the security industry’s best-known lockpicking teachers, has assembled an instructional manual geared specifically toward penetration testers. Unlike other texts on the subject (which tend to be either massive volumes detailing every conceivable style of lock or brief “spy manuals” that only skim the surface) this book is for INFOSEC professionals that need essential, core knowledge of lockpicking and seek the ability to open most locks with relative ease.
Deviant’s material is presented with rich, detailed diagrams and is offered in easy-to-follow lessons which allow even beginners to acquire the knowledge very quickly. Everything from straightforward lockpicking to quick-entry techniques like shimming, bumping, and bypassing is explained and shown.Whether you’re being hired to penetrate security or simply trying to harden your own defenses, this book is essential.
The author has taught 1000s of individuals at leading conferences like DEFCON and Shmoocon
Only up-to-date book available for the information security professional
This knowledge completes the penetration tester‘s toolkit for internal and external audits of a company’s security
Originally released in 1996, Netcat is a netowrking program designed to read and write data across both Transmission Control Protocol TCP and User Datagram Protocol (UDP) connections using the TCP/Internet Protocol (IP) protocol suite. Netcat is often referred to as a “Swiss Army knife” utility, and for good reason. Just like the multi-function usefullness of the venerable Swiss Army pocket knife, Netcat’s functionality is helpful as both a standalone program and a backe-end tool in a wide range of applications. Some of the many uses of Netcat include port scanning, transferring files, grabbing banners, port listening and redirection, and more nefariously, a backdoor. This is the only book dedicated to comprehensive coverage of the tool’s many features, and by the end of this book, you’ll discover how Netcat can be one of the most valuable tools in your arsenal.
* Get Up and Running with Netcat Simple yet powerful…Don’t let the trouble-free installation and the easy command line belie the fact that Netcat is indeed a potent and powerful program. * Go PenTesting with Netcat Master Netcat’s port scanning and service identification capabilities as well as obtaining Web server application information. Test and verify outbound firewall rules and avoid detection by using antivirus software and the Window Firewall. Also, create a backdoor using Netcat. * Conduct Enumeration and Scanning with Netcat, Nmap, and More! Netcat’s not the only game in town…Learn the process of network of enumeration and scanning, and see how Netcat along with other tools such as Nmap and Scanrand can be used to thoroughly identify all of the assets on your network. * Banner Grabbing with NetcatBanner grabbing is a simple yet highly effective method of gathering information about a remote target, and can be performed with relative ease with the Netcat utility. * Explore the Dark Side of Netcat See the various ways Netcat has been used to provide malicious, unauthorized access to their targets. By walking through these methods used to set up backdoor access and circumvent protection mechanisms through the use of Netcat, we can understand how malicious hackers obtain and maintain illegal access. Embrace the dark side of Netcat, so that you may do good deeds later. * Transfer Files Using Netcat The flexability and simple operation allows Netcat to fill a niche when it comes to moving a file or files in a quick and easy fashion. Encryption is provided via several different avenues including integrated support on some of the more modern Netcat variants, tunneling via third-party tools, or operating system integrated IPsec policies. * Troubleshoot Your Network with Netcat Examine remote systems using Netat’s scanning ability. Test open ports to see if they really are active and see what protocls are on those ports. Communicate with different applications to determine what problems might exist, and gain insight into how to solve these problems. * Sniff Traffic within a System Use Netcat as a sniffer within a system to collect incoming and outgoing data. Set up Netcat to listen at ports higher than 1023 (the well-known ports), so you can use Netcat even as a normal user.
* Comprehensive introduction to the #4 most popular open source security tool available
* Tips and tricks on the legitimate uses of Netcat
* Detailed information on its nefarious purposes
* Demystifies security issues surrounding Netcat
* Case studies featuring dozens of ways to use Netcat in daily tasks