 |
Penetration Tester's Open Source Toolkit
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - Nessus, Snort, and Ethereal Power Tools: Customizing Open Source Security Applications; Gilbert Ramirez, et al, $28.50, 29% Off!
- Penetration Testing and Network Defense; Andrew Whitaker, et al, $50.50, 22% Off!
- Intrusion Prevention and Active Response; Michael Rash, et al, $27.50, 45% Off!
- Hacking Exposed: Network Security Secrets & Solutions, 5th Edition; Joel Scambray, et al, $30.50, 39% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
This is the first fully integrated Penetration Testing book and bootable Linux CD containing the “Auditor Security Collection” which includes over 300 of the most effective and commonly used open source attack and penetration testing tools.
This powerful tool kit and authoritative reference is written by the security industry’s foremost penetration testers including HD Moore, Jay Beale, and SensePost.
This unique package provides you with a completely portable and bootable Linux attack distribution and authoritative reference to the toolset included and the required methodology. Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine all possible attack vector into their own network, and also be expert in using the literally hundreds of tools required to execute the plan and meticulously document their results. This book provides both the art and the science.
The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader “inside their heads” to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of hijacking tools; sniffers; scanners; Web application; and vulnerability assessment tools from the bootable-Linux CD including the Metasploit Framework; ettercap, dsniff, Ethereal, Nmap, Paketto, Scanrand, Hydra, Paros, Nessus, and many more.
Table of Contents
Chapter 1. Know Your Target.
- Verify that the IP range or domain belongs to the correct target
- Perform basic reconnaissance
- Identify possible target user accounts.
Chapter 2. Host Detection
Chapter 3. Service Detection
Chapter 4. Use port scan tool to enumerate open ports
Chapter 5. Using "nmap" to perform a portscan
Chapter 6. Using "scanrand" to perform a portscan
Chapter 7. Results: List of open ports
Chapter 8. Application Fingerprinting
Chapter 9. Password Attacks
Chapter 10. Exploiting Identified Vulnerabilities
Chapter 11. Use exploit toolkits
Chapter 12. Using "metasploit framework" to verify and exploit vulnerabilities.
Chapter 13. "CGE" to exploit vulnerabilities in Cisco devices
ABOUT THE AUTHORS:
Johnny Long is a "clean-living" family guy who just so happens to like hacking stuff. Recently, Johnny has enjoyed writing stuff, reading stuff, editing stuff and presenting stuff at conferences, which has served as yet another diversion to a serious (and bill-paying) job as a professional hacker and security researcher for Computer Sciences Corporation. Johnny has written or contributed to several books, including Google Hacking for Penetration Testers, InfoSec Career Hacking, Aggressive Network Self-Defense, Stealing the Network: How to Own an Identity, and OS X for Hackers at Heart.
Aaron W. Bayles is a senior security consultant with Sentigy, Inc. of Houston, TX. He provides service to Sentigy's clients with penetration testing, vulnerability assessment, and risk assessments for enterprise networks. He has over 9 years experience with INFOSEC, with specific experience in wireless security, penetration testing, and incident response. Aaron's background includes work as a senior security engineer with SAIC in Virginia and Texas. He is also the lead author of the Syngress book InfoSec Career Hacking, Sell your Skillz, Not Your Soul.
Aaron has provided INFOSEC support and penetration testing for multiple agencies in the U.S. Department of the Treasury, such as the Financial Management Service and Securities and Exchange Commission, and the Department of Homeland Security, such as U. S. Customs and Border Protection. He holds a Bachelor's of Science degree in Computer Science with post-graduate work in Embedded Linux Programming from Sam Houston State University and is also a CISSP.
James C. Foster, Fellow is the Executive Director of Global Product Development for Computer Sciences Corporation where he is responsible for the vision, strategy, development, for CSC managed security services and solutions. Additionally, Foster is currently a contributing Editor at Information Security Magazine and resides on the Mitre OVAL Board of Directors.
Preceding CSC, Foster was the Director of Research and Development for Foundstone Inc. and played a pivotal role in the McAfee acquisition for eight-six million in 2004. While at Foundstone, Foster was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to Foundstone, Foster worked for Guardent Inc. (acquired by Verisign for 135 Million in 2003) and an adjunct author at Information Security Magazine(acquired by TechTarget Media), subsequent to working for the Department of Defense.
Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, Black Hat USA, Black Hat Windows, MIT Research Forum, SANS, MilCon, TechGov, InfoSec World, and the Thomson Conference. He also is commonly asked to comment on pertinent security issues and has been sited in Time, Forbes, Washington Post, USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster was invited and resided on the executive panel for the 2005 State of Regulatory Compliance Summit at the National Press Club in Washington, D.C.
Foster is also a well published author with multiple commercial and educational papers; and has authored in over fifteen books. A few examples of Foster’s best-sellers include Buffer Overflow Attacks, Snort 2.1 Intrusion Detection, and Sockets, Shellcode, Porting, and Coding.
Chris Hurley (Roamer) is a Senior Penetration Tester working in the Washington, DC area. He is the founder of the WorldWide WarDrive, a four-year effort by INFOSEC professionals and hobbyists to generate awareness of the insecurities associated with wireless networks and is the lead organizer of the DEF CON WarDriving Contest.
Although he primarily focuses on penetration testing these days, Chris also has extensive experience performing vulnerability assessments, forensics, and incident response. Chris has spoken at several security conferences and published numerous whitepapers on a wide range of INFOSEC topics. Chris is the lead author of WarDriving: Drive, Detect, Defend, and a contributor to Aggressive Network Self-Defense, InfoSec Career Hacking, OS X for Hackers at Heart, and Stealing the Network: How to Own an Identity.
|
|
