Penetration Tester’s Open Source Toolkit, Vol. 2

Penetration Tester's Open Source Toolkit, Vol. 2Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.

. Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
. Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
. Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
. Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
. Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
. Examine Vulnerabilities on Network Routers and Switches
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
. Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
. Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
. Build Your Own PenTesting Lab
Everything you need to build your own fully functional attack lab.

Price: $59.95

Click here to buy from Amazon

BackTrack 5 Wireless Penetration Testing Beginner’s Guide

BackTrack 5 Wireless Penetration Testing Beginner's GuideWritten in Packt's Beginner's Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

Price: $49.99

Click here to buy from Amazon

Chained Exploits: Advanced Hacking Attacks from Start to Finish

Chained Exploits: Advanced Hacking Attacks from Start to FinishThe complete guide to today’s hard-to-defend chained attacks: performing them and preventing them

Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.

Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today’s most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering.

Writing for security, network, and other IT professionals, the authors take you through each attack, one step at a time, and then introduce today’s most effective countermeasures— both technical and human. Coverage includes:

  • Constructing convincing new phishing attacks
  • Discovering which sites other Web users are visiting
  • Wreaking havoc on IT security via wireless networks
  • Disrupting competitors’ Web sites
  • Performing–and preventing–corporate espionage
  • Destroying secure files
  • Gaining access to private healthcare records
  • Attacking the viewers of social networking pages
  • Creating entirely new exploits
  • and more

Andrew Whitaker, Director of Enterprise InfoSec and Networking for Training Camp, has been featured in The Wall Street Journal and BusinessWeek. He coauthored Penetration Testing and Network Defense. Andrew was a winner of EC Council’s Instructor of Excellence Award.

Keatron Evans is President and Chief Security Consultant of Blink Digital Security, LLC, a trainer for Training Camp, and winner of EC Council’s Instructor of Excellence Award.

Jack B. Voth specializes in penetration testing, vulnerability assessment, and perimeter security. He co-owns The Client Server, Inc., and teaches for Training Camp throughout the United States and abroad.

informit.com/aw

Cover photograph © Corbis /

Jupiter Images

$49.99 US

$59.99 CANADA

Price: $49.99

Click here to buy from Amazon

The Hacker’s Handbook: The Strategy Behind Breaking into and Defending Networks

The Hacker's Handbook: The Strategy Behind Breaking Into and Defending Networks, moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders.This book is divided into three parts. Part I introduces programming, protocol, and attack concepts. Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration. Each section provides a “path” to hacking/security Web sites and other resources that augment existing content. Referencing these supplemental and constantly-updated resources ensures that this volume remains timely and enduring. By informing IT professionals how to think like hackers, this book serves as a valuable weapon in the fight to protect digital assets.

Price: $99.95

Click here to buy from Amazon

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

Gray Hat Hacking The Ethical Hackers Handbook, 3rd EditionFully updated expanded to cover the latest devious hacking methods

Featuring in-depth, advanced coverage of vulnerability discovery and reverse engineering, Gray Hat Hacking, Third Edition provides eight brand-new chapters on the latest ethical hacking techniques. In addition to the new chapters, the rest of the book is updated to address current issues, threats, tools and techniques.

This one-of-a-kind guide offers a comprehensive overview of the hacking landscape and is organized in a progressive manner, first giving an update on the latest developments in hacking-related law, useful to everyone in the security field. Next, the book describes the security testing process and covers useful tools and exploit frameworks. The second section is expanded by explaining social engineering, physical, and insider attacks and the latest trends in hacking (Voice over IP and SCADA attacks). The book then explains, from both a code and machine-level perspective, how exploits work and guides you through writing simple exploits. Finally, the authors provide a comprehensive description of vulnerability research and reverse engineering.

Gray Hat Hacking, Third Edition features eight new chapters, covering:

  • Social engineering
  • Physical attacks
  • Insider attacks
  • VoIP attacks
  • SCADA attacks
  • Dradis framework and information sharing
  • Client content-based attacks
  • Web server attacks

Detailed, authoritative coverage Introduction to Ethical Disclosure; Ethics of Ethical Hacking; Ethical Hacking and the Legal System; Proper and Ethical Disclosure; Penetration Testing and Tools; Social Engineering Attacks; Physical Attacks; Insider Attacks; Using BackTrack LiveCD Linux Distribution; Using Metasploit; Dradis and Managing a Pen Test; Exploiting; Progamming SProgrammingills; Basic Linux Exploits; Advanced Linux Exploits; Shellcode Strategies; Writing Linux Shell Code; Basic Windows Exploits; Client Content Based Attacks; Web Server Attacks; VoIP Attacks; SCADA Attacks; Vulnerability Analysis; Passive Analysis; Advanced Static Analysis with IDA Pro; Advanced Reverse Engineering; Client-Side Browser Exploits; Exploiting Windows Access Control Model; Intelligent Fuzzing with Sulley; From Vulnerability to Exploit; Closing the Holes: Mitigation Techniques; Malware Analysis; Collecting Malware and Initial Analysis; Hacking Malware

Price: $60.00

Click here to buy from Amazon