简介
Save yourself some money! This complete classroom-in-a-book on penetration testing provides material that can cost upwards of $1,000 for a fraction of the price! Thomas Wilhelm has delivered pen testing training to countless security professionals and now through the pages of this book you can benefit from his years of experience as a professional penetration tester and educator. After reading this book you will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios. Penetration testing is the act of testing a network to find security vulnerabilities before they are exploited by phishers, digital piracy groups, and countless other organized or individual malicious hackers. The material presented will be useful to beginners all the way through to advanced practitioners.
Find out how to turn hacking and pen testing skills into a professional career Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester Learn through video - the DVD includes instructional videos that replicate classroom instruction and live, real-world vulnerability simulations of complete servers with known and unknown vulnerabilities to practice hacking skills in a controlled lab environment
目录
Table Of Contents:
Acknowledgments xvii
Foreword xix
PART 1 SETTING UP
Introduction 3(10)
Introduction 3(1)
About the Book 4(3)
Target Audience 4(1)
How to Use This Book 5(2)
About the DVD 7(3)
Course Material 8(1)
Reference Material 8(1)
LiveCDs 8(2)
Summary 10(1)
Solutions Fast Track 10(1)
About the Book 10(1)
About the DVD 11(1)
Reference 11(2)
Ethics and Hacking 13(30)
Introduction 13(2)
Why Stay Ethical? 15(4)
Black Hat Hackers 15(2)
White Hat Hackers 17(1)
Gray Hat Hackers 18(1)
Ethical Standards 19(5)
Certifications 19(1)
Contractor 19(1)
Employer 20(1)
Educational and Institutional Organizations 21(3)
Computer Crime Laws 24(8)
Types of Laws 24(1)
Type of Computer Crimes and Attacks 24(3)
U.S. Federal Laws 27(2)
U.S. State Laws 29(1)
International Laws 30(1)
Safe Harbor and Directive 95/46/EC 31(1)
Getting Permission to Hack 32(4)
Confidentiality Agreement 32(1)
Company Obligations 33(1)
Contractor Obligations 34(1)
Auditing and Monitoring 35(1)
Conflict Management 35(1)
Summary 36(1)
Solutions Fast Track 36(2)
Why Stay Ethical? 36(1)
Ethical Standards 37(1)
Computer Crime Laws 37(1)
Getting Permission to Hack 37(1)
Frequently Asked Questions 38(1)
Expand Your Skills 38(2)
References 40(3)
Hacking as a Career 43(58)
Introduction 43(2)
Career Paths 45(4)
Network Architecture 46(1)
System Administration 47(1)
Applications and Databases 48(1)
Certifications 49(35)
High-Level Certifications 51(14)
Skill- and Vendor-Specific Certifications 65(19)
Associations and Organizations 84(10)
Professional Organizations 85(1)
Conferences 85(7)
Local Communities 92(1)
Mailing Lists 93(1)
Summary 94(1)
Solutions Fast Track 95(1)
Career Paths 95(1)
Certifications 95(1)
Associations and Organizations 96(1)
Frequently Asked Questions 96(1)
Expand Your Skills 97(1)
References 98(3)
Setting Up Your Lab 101(18)
Introduction 101(1)
Personal Lab 102(4)
Keeping it Simple 102(1)
Equipment 102(1)
Software 103(1)
Lab for Book Exercises 103(3)
Corporate Lab 106(2)
Internal Labs 107(1)
External Labs 107(1)
Equipment 107(1)
Software 108(1)
Protecting Penetration Test Data 108(4)
Encryption Schemas 108(2)
Securing PenTest Systems 110(1)
Mobile Security Concerns 111(1)
Wireless Lab Data 112(1)
Additional Network Hardware 112(2)
Routers 113(1)
Firewalls 113(1)
Intrusion Detection System/Intrusion Prevention System 114(1)
Summary 114(1)
Solutions Fast Track 115(1)
Personal Lab 115(1)
Corporate Lab 115(1)
Protecting Penetration Test Data 115(1)
Additional Network Hardware 115(1)
Frequently Asked Questions 116(1)
Expand Your Skills 116(1)
Reference 117(2)
Creating and Using PenTest Targets in Your Lab 119(34)
Introduction 119(1)
Turn-Key Scenarios versus Real-World Targets 120(2)
Problems with Learning to Hack 120(1)
Real-World Scenarios 121(1)
Turn-Key Scenarios 122(14)
What is a LiveCD? 123(1)
De-ICE 123(4)
Hackerdemia 127(1)
pWnOS 128(3)
Foundstone 131(1)
Open Web Application Security Project 132(4)
Using Exploitable Targets 136(1)
Operating Systems 136(1)
Applications 137(1)
Analyzing Malware - Viruses and Worms 137(7)
Setting up a Lab 138(6)
Other Target Ideas 144(3)
CTF Events 145(1)
Web-Based Challenges 145(1)
Vulnerability Announcements 146(1)
Summary 147(1)
Solutions Fast Track 148(1)
Turn-Key Scenarios versus Real-World Targets 148(1)
Turn-Key Scenarios 148(1)
Using Exploitable Targets 148(1)
Analyzing Malware - Viruses and Worms 148(1)
Other Target Ideas 149(1)
Frequently Asked Questions 149(1)
Expand Your Skills 150(1)
References 151(2)
Methodologies 153(28)
Introduction 153(1)
Project Management Body of Knowledge 154(12)
Introduction to PMBOK 155(1)
Initiating Process Group 155(2)
Planning Process Group 157(4)
Executing Process Group 161(2)
Closing Process Group 163(1)
Monitoring and Controlling Process Group 163(3)
Information System Security Assessment Framework 166(5)
Planning and Preparation - Phase I 166(1)
Assessment - Phase II 166(4)
Reporting, Clean-up, and Destroy Artifacts - Phase III 170(1)
Open Source Security Testing Methodology Manual 171(5)
Rules of Engagement 172(1)
Channels 173(2)
Modules 175(1)
Summary 176(1)
Solutions Fast Track 177(1)
Project Management Body of Knowledge 177(1)
Information System Security Assessment Framework 177(1)
Open Source Security Testing Methodology Manual 178(1)
Frequently Asked Questions 178(1)
Expand Your Skills 179(1)
References 179(2)
PenTest Metrics 181(16)
Introduction 181(1)
Quantitative, Qualitative, and Mixed Methods 182(4)
Quantitative Analysis 182(1)
Qualitative Analysis 183(2)
Mixed Method Analysis 185(1)
Current Methodologies 186(8)
Project Management Institute 186(5)
ISSAF 191(1)
OSSTMM 192(1)
Tool-Generated Reports 193(1)
Summary 194(1)
Solutions Fast Track 195(1)
Quantitative, Qualitative, and Mixed Methods 195(1)
Current Methodologies 195(1)
Frequently Asked Questions 196(1)
References 196(1)
Management of a PenTest 197(22)
Introduction 197(1)
Project Team Members 197(9)
Roles and Responsibilities 198(4)
Organizational Structure 202(4)
Project Management 206(8)
Initiating Stage 206(2)
Planning Stage 208(1)
Executing Stage 209(2)
Monitoring and Controlling 211(1)
Closing Stage 211(3)
Summary 214(1)
Solutions Fast Track 214(1)
Project Team Members 214(1)
Project Management 214(1)
Frequently Asked Questions 215(1)
Expand Your Skills 215(1)
References 216(3)
PART 2 RUNNING A PENTEST
Information Gathering 219(40)
Introduction 219(2)
Passive Information Gathering 221(17)
Web Presence 222(9)
Corporate Data 231(2)
WHOIS and DNS Enumeration 233(3)
Additional Internet Resources 236(2)
Active Information Gathering 238(9)
DNS Interrogation 238(2)
E-mail Accounts 240(2)
Perimeter Network Identification 242(4)
Network Surveying 246(1)
Project Management 247(6)
Executing Process Phase 248(2)
Monitoring and Control Process 250(3)
Summary 253(1)
Solutions Fast Track 253(1)
Passive Information Gathering 253(1)
Active Information Gathering 254(1)
Project Management 254(1)
Frequently Asked Questions 254(1)
Expand Your Skills 255(2)
References 257(2)
Vulnerability Identification 259(26)
Introduction 259(1)
Port Scanning 260(12)
Target Verification 261(3)
UDP Scanning 264(1)
TCP Scanning 265(3)
Perimeter Avoidance Scanning 268(4)
System Identification 272(3)
Active OS Fingerprinting 272(1)
Passive OS Fingerprinting 272(3)
Services Identification 275(3)
Banner Grabbing 276(1)
Enumerating Unknown Services 277(1)
Vulnerability Identification 278(3)
Summary 281(1)
Solutions Fast Track 281(1)
Port Scanning 281(1)
System Identification 282(1)
Services Identification 282(1)
Vulnerability Identification 282(1)
Frequently Asked Questions 282(1)
Expand Your Skills 283(1)
Reference 284(1)
Vulnerability Verification 285(54)
Introduction 285(2)
Exploit Codes - Finding and Running 287(33)
Internet Sites 287(3)
Automated Tools 290(30)
Exploit Codes - Creating Your Own 320(5)
Fuzzing 322(2)
Code Review 324(1)
Application Reversing 324(1)
Web Hacking 325(7)
SQL Injection 326(1)
Cross-Site Scripting 327(3)
Web Application Vulnerabilities 330(2)
Project Management 332(2)
Executing Process Phase 332(1)
Monitoring and Control Process 333(1)
Summary 334(1)
Solutions Fast Track 335(1)
Exploit Codes - Finding and Running 335(1)
Exploit Codes - Creating Your Own 335(1)
Web Hacking 335(1)
Project Management 335(1)
Frequently Asked Questions 336(1)
Expand Your Skills 336(2)
References 338(1)
Compromising a System and Privilege Escalation 339(32)
Introduction 339(2)
System Enumeration 341(7)
Internal Vulnerabilities 341(6)
Sensitive Data 347(1)
Network Packet Sniffing 348(6)
Social Engineering 354(2)
Baiting 355(1)
Phishing 355(1)
Pretexting 355(1)
Wireless Attacks 356(8)
Wi-Fi Protected Access Attack 357(5)
WEP Attack 362(2)
Project Management 364(1)
Executing Process Phase 364(1)
Monitoring and Control Process 365(1)
Summary 365(1)
Solutions Fast Track 366(2)
System Enumeration 366(1)
Network Packet Sniffing 367(1)
Social Engineering 367(1)
Wireless Attacks 367(1)
Project Management 367(1)
Frequently Asked Questions 368(1)
Expand Your Skills 368(1)
References 369(2)
Maintaining Access 371(20)
Introduction 371(1)
Shells and Reverse Shells 372(7)
Netcat Shell 372(4)
Netcat Reverse Shell 376(3)
Encrypted Tunnels 379(7)
Adding a Host Firewall (Optional) 380(1)
Setting Up the SSH Reverse Shell 381(5)
Other Encryption and Tunnel Methods 386(1)
Summary 387(1)
Solutions Fast Track 388(1)
Shells and Reverse Shells 388(1)
Encrypted Tunnels 388(1)
Other Encryption and Tunnel Methods 388(1)
Frequently Asked Questions 389(1)
Expand Your Skills 389(1)
Reference 390(1)
Covering Your Tracks 391(18)
Introduction 391(1)
Manipulating Log Data 392(5)
User Login 392(4)
Application Logs 396(1)
Hiding Files 397(7)
Hiding Files in Plain Sight 398(1)
Hiding Files Using the File System 399(3)
Hiding Files in Windows 402(2)
Summary 404(1)
Solutions Fast Track 405(1)
Manipulating Log Data 405(1)
Hiding Files 405(1)
Frequently Asked Questions 405(1)
Expand Your Skills 406(1)
Reference 406(3)
PART 3 WRAPPING EVERYTHING UP
Reporting Results 409(34)
Introduction 409(1)
What Should You Report? 410(4)
Out of Scope Issues 410(1)
Findings 411(1)
Solutions 412(1)
Manuscript Preparation 412(2)
Initial Report 414(11)
Peer Reviews 415(1)
Fact Checking 415(1)
Metrics 416(9)
Final Report 425(12)
Peer Reviews 425(1)
Documentation 426(11)
Summary 437(1)
Solutions Fast Track 438(1)
What Should You Report? 438(1)
Initial Report 438(1)
Final Report 438(1)
Frequently Asked Questions 439(1)
Expand Your Skills 439(2)
References 441(2)
Archiving Data 443(10)
Introduction 443(1)
Should You Keep Data? 443(4)
Legal Issues 444(2)
E-mail 446(1)
Findings and Reports 446(1)
Securing Documentation 447(3)
Access Controls 448(1)
Archival Methods 448(1)
Archival Locations 449(1)
Destruction Policies 450(1)
Summary 450(1)
Solutions Fast Track 451(1)
Should You Keep Data? 451(1)
Securing Documentation 451(1)
Frequently Asked Questions 451(1)
Reference 452(1)
Cleaning Up Your Lab 453(12)
Introduction 453(1)
Archiving Lab Data 454(1)
Proof of Concepts 454(1)
Malware Analysis 455(1)
Creating and Using System Images 455(2)
License Issues 455(1)
Virtual Machines 456(1)
``Ghost'' Images 456(1)
Creating a ``Clean Shop'' 457(5)
Sanitization Methods 458(3)
Using Hashes 461(1)
Change Management Controls 461(1)
Summary 462(1)
Solutions Fast Track 462(1)
Archiving Lab Data 462(1)
Creating and Using System Images 463(1)
Creating a ``Clean Shop'' 463(1)
Frequently Asked Questions 463(1)
Reference 463(2)
Planning for Your Next PenTest 465(12)
Introduction 465(1)
Risk Management Register 466(2)
Creating a Risk Management Register 466(1)
Prioritization of Risks and Responses 467(1)
Knowledge Database 468(2)
Creating a Knowledge Database 468(1)
Sanitization of Findings 469(1)
Project Management Knowledge Database 469(1)
After-Action Review 470(3)
Project Assessments 470(1)
Team Assessments 471(1)
Training Proposals 471(2)
Summary 473(1)
Solutions Fast Track 473(1)
Risk Management Register 473(1)
Knowledge Database 474(1)
After-Action Review 474(1)
Frequently Asked Questions 474(1)
Expand Your Skills 475(1)
Reference 476(1)
Appendix A: Acronyms 477(12)
Appendix B: Definitions 489(6)
Index 495
Acknowledgments xvii
Foreword xix
PART 1 SETTING UP
Introduction 3(10)
Introduction 3(1)
About the Book 4(3)
Target Audience 4(1)
How to Use This Book 5(2)
About the DVD 7(3)
Course Material 8(1)
Reference Material 8(1)
LiveCDs 8(2)
Summary 10(1)
Solutions Fast Track 10(1)
About the Book 10(1)
About the DVD 11(1)
Reference 11(2)
Ethics and Hacking 13(30)
Introduction 13(2)
Why Stay Ethical? 15(4)
Black Hat Hackers 15(2)
White Hat Hackers 17(1)
Gray Hat Hackers 18(1)
Ethical Standards 19(5)
Certifications 19(1)
Contractor 19(1)
Employer 20(1)
Educational and Institutional Organizations 21(3)
Computer Crime Laws 24(8)
Types of Laws 24(1)
Type of Computer Crimes and Attacks 24(3)
U.S. Federal Laws 27(2)
U.S. State Laws 29(1)
International Laws 30(1)
Safe Harbor and Directive 95/46/EC 31(1)
Getting Permission to Hack 32(4)
Confidentiality Agreement 32(1)
Company Obligations 33(1)
Contractor Obligations 34(1)
Auditing and Monitoring 35(1)
Conflict Management 35(1)
Summary 36(1)
Solutions Fast Track 36(2)
Why Stay Ethical? 36(1)
Ethical Standards 37(1)
Computer Crime Laws 37(1)
Getting Permission to Hack 37(1)
Frequently Asked Questions 38(1)
Expand Your Skills 38(2)
References 40(3)
Hacking as a Career 43(58)
Introduction 43(2)
Career Paths 45(4)
Network Architecture 46(1)
System Administration 47(1)
Applications and Databases 48(1)
Certifications 49(35)
High-Level Certifications 51(14)
Skill- and Vendor-Specific Certifications 65(19)
Associations and Organizations 84(10)
Professional Organizations 85(1)
Conferences 85(7)
Local Communities 92(1)
Mailing Lists 93(1)
Summary 94(1)
Solutions Fast Track 95(1)
Career Paths 95(1)
Certifications 95(1)
Associations and Organizations 96(1)
Frequently Asked Questions 96(1)
Expand Your Skills 97(1)
References 98(3)
Setting Up Your Lab 101(18)
Introduction 101(1)
Personal Lab 102(4)
Keeping it Simple 102(1)
Equipment 102(1)
Software 103(1)
Lab for Book Exercises 103(3)
Corporate Lab 106(2)
Internal Labs 107(1)
External Labs 107(1)
Equipment 107(1)
Software 108(1)
Protecting Penetration Test Data 108(4)
Encryption Schemas 108(2)
Securing PenTest Systems 110(1)
Mobile Security Concerns 111(1)
Wireless Lab Data 112(1)
Additional Network Hardware 112(2)
Routers 113(1)
Firewalls 113(1)
Intrusion Detection System/Intrusion Prevention System 114(1)
Summary 114(1)
Solutions Fast Track 115(1)
Personal Lab 115(1)
Corporate Lab 115(1)
Protecting Penetration Test Data 115(1)
Additional Network Hardware 115(1)
Frequently Asked Questions 116(1)
Expand Your Skills 116(1)
Reference 117(2)
Creating and Using PenTest Targets in Your Lab 119(34)
Introduction 119(1)
Turn-Key Scenarios versus Real-World Targets 120(2)
Problems with Learning to Hack 120(1)
Real-World Scenarios 121(1)
Turn-Key Scenarios 122(14)
What is a LiveCD? 123(1)
De-ICE 123(4)
Hackerdemia 127(1)
pWnOS 128(3)
Foundstone 131(1)
Open Web Application Security Project 132(4)
Using Exploitable Targets 136(1)
Operating Systems 136(1)
Applications 137(1)
Analyzing Malware - Viruses and Worms 137(7)
Setting up a Lab 138(6)
Other Target Ideas 144(3)
CTF Events 145(1)
Web-Based Challenges 145(1)
Vulnerability Announcements 146(1)
Summary 147(1)
Solutions Fast Track 148(1)
Turn-Key Scenarios versus Real-World Targets 148(1)
Turn-Key Scenarios 148(1)
Using Exploitable Targets 148(1)
Analyzing Malware - Viruses and Worms 148(1)
Other Target Ideas 149(1)
Frequently Asked Questions 149(1)
Expand Your Skills 150(1)
References 151(2)
Methodologies 153(28)
Introduction 153(1)
Project Management Body of Knowledge 154(12)
Introduction to PMBOK 155(1)
Initiating Process Group 155(2)
Planning Process Group 157(4)
Executing Process Group 161(2)
Closing Process Group 163(1)
Monitoring and Controlling Process Group 163(3)
Information System Security Assessment Framework 166(5)
Planning and Preparation - Phase I 166(1)
Assessment - Phase II 166(4)
Reporting, Clean-up, and Destroy Artifacts - Phase III 170(1)
Open Source Security Testing Methodology Manual 171(5)
Rules of Engagement 172(1)
Channels 173(2)
Modules 175(1)
Summary 176(1)
Solutions Fast Track 177(1)
Project Management Body of Knowledge 177(1)
Information System Security Assessment Framework 177(1)
Open Source Security Testing Methodology Manual 178(1)
Frequently Asked Questions 178(1)
Expand Your Skills 179(1)
References 179(2)
PenTest Metrics 181(16)
Introduction 181(1)
Quantitative, Qualitative, and Mixed Methods 182(4)
Quantitative Analysis 182(1)
Qualitative Analysis 183(2)
Mixed Method Analysis 185(1)
Current Methodologies 186(8)
Project Management Institute 186(5)
ISSAF 191(1)
OSSTMM 192(1)
Tool-Generated Reports 193(1)
Summary 194(1)
Solutions Fast Track 195(1)
Quantitative, Qualitative, and Mixed Methods 195(1)
Current Methodologies 195(1)
Frequently Asked Questions 196(1)
References 196(1)
Management of a PenTest 197(22)
Introduction 197(1)
Project Team Members 197(9)
Roles and Responsibilities 198(4)
Organizational Structure 202(4)
Project Management 206(8)
Initiating Stage 206(2)
Planning Stage 208(1)
Executing Stage 209(2)
Monitoring and Controlling 211(1)
Closing Stage 211(3)
Summary 214(1)
Solutions Fast Track 214(1)
Project Team Members 214(1)
Project Management 214(1)
Frequently Asked Questions 215(1)
Expand Your Skills 215(1)
References 216(3)
PART 2 RUNNING A PENTEST
Information Gathering 219(40)
Introduction 219(2)
Passive Information Gathering 221(17)
Web Presence 222(9)
Corporate Data 231(2)
WHOIS and DNS Enumeration 233(3)
Additional Internet Resources 236(2)
Active Information Gathering 238(9)
DNS Interrogation 238(2)
E-mail Accounts 240(2)
Perimeter Network Identification 242(4)
Network Surveying 246(1)
Project Management 247(6)
Executing Process Phase 248(2)
Monitoring and Control Process 250(3)
Summary 253(1)
Solutions Fast Track 253(1)
Passive Information Gathering 253(1)
Active Information Gathering 254(1)
Project Management 254(1)
Frequently Asked Questions 254(1)
Expand Your Skills 255(2)
References 257(2)
Vulnerability Identification 259(26)
Introduction 259(1)
Port Scanning 260(12)
Target Verification 261(3)
UDP Scanning 264(1)
TCP Scanning 265(3)
Perimeter Avoidance Scanning 268(4)
System Identification 272(3)
Active OS Fingerprinting 272(1)
Passive OS Fingerprinting 272(3)
Services Identification 275(3)
Banner Grabbing 276(1)
Enumerating Unknown Services 277(1)
Vulnerability Identification 278(3)
Summary 281(1)
Solutions Fast Track 281(1)
Port Scanning 281(1)
System Identification 282(1)
Services Identification 282(1)
Vulnerability Identification 282(1)
Frequently Asked Questions 282(1)
Expand Your Skills 283(1)
Reference 284(1)
Vulnerability Verification 285(54)
Introduction 285(2)
Exploit Codes - Finding and Running 287(33)
Internet Sites 287(3)
Automated Tools 290(30)
Exploit Codes - Creating Your Own 320(5)
Fuzzing 322(2)
Code Review 324(1)
Application Reversing 324(1)
Web Hacking 325(7)
SQL Injection 326(1)
Cross-Site Scripting 327(3)
Web Application Vulnerabilities 330(2)
Project Management 332(2)
Executing Process Phase 332(1)
Monitoring and Control Process 333(1)
Summary 334(1)
Solutions Fast Track 335(1)
Exploit Codes - Finding and Running 335(1)
Exploit Codes - Creating Your Own 335(1)
Web Hacking 335(1)
Project Management 335(1)
Frequently Asked Questions 336(1)
Expand Your Skills 336(2)
References 338(1)
Compromising a System and Privilege Escalation 339(32)
Introduction 339(2)
System Enumeration 341(7)
Internal Vulnerabilities 341(6)
Sensitive Data 347(1)
Network Packet Sniffing 348(6)
Social Engineering 354(2)
Baiting 355(1)
Phishing 355(1)
Pretexting 355(1)
Wireless Attacks 356(8)
Wi-Fi Protected Access Attack 357(5)
WEP Attack 362(2)
Project Management 364(1)
Executing Process Phase 364(1)
Monitoring and Control Process 365(1)
Summary 365(1)
Solutions Fast Track 366(2)
System Enumeration 366(1)
Network Packet Sniffing 367(1)
Social Engineering 367(1)
Wireless Attacks 367(1)
Project Management 367(1)
Frequently Asked Questions 368(1)
Expand Your Skills 368(1)
References 369(2)
Maintaining Access 371(20)
Introduction 371(1)
Shells and Reverse Shells 372(7)
Netcat Shell 372(4)
Netcat Reverse Shell 376(3)
Encrypted Tunnels 379(7)
Adding a Host Firewall (Optional) 380(1)
Setting Up the SSH Reverse Shell 381(5)
Other Encryption and Tunnel Methods 386(1)
Summary 387(1)
Solutions Fast Track 388(1)
Shells and Reverse Shells 388(1)
Encrypted Tunnels 388(1)
Other Encryption and Tunnel Methods 388(1)
Frequently Asked Questions 389(1)
Expand Your Skills 389(1)
Reference 390(1)
Covering Your Tracks 391(18)
Introduction 391(1)
Manipulating Log Data 392(5)
User Login 392(4)
Application Logs 396(1)
Hiding Files 397(7)
Hiding Files in Plain Sight 398(1)
Hiding Files Using the File System 399(3)
Hiding Files in Windows 402(2)
Summary 404(1)
Solutions Fast Track 405(1)
Manipulating Log Data 405(1)
Hiding Files 405(1)
Frequently Asked Questions 405(1)
Expand Your Skills 406(1)
Reference 406(3)
PART 3 WRAPPING EVERYTHING UP
Reporting Results 409(34)
Introduction 409(1)
What Should You Report? 410(4)
Out of Scope Issues 410(1)
Findings 411(1)
Solutions 412(1)
Manuscript Preparation 412(2)
Initial Report 414(11)
Peer Reviews 415(1)
Fact Checking 415(1)
Metrics 416(9)
Final Report 425(12)
Peer Reviews 425(1)
Documentation 426(11)
Summary 437(1)
Solutions Fast Track 438(1)
What Should You Report? 438(1)
Initial Report 438(1)
Final Report 438(1)
Frequently Asked Questions 439(1)
Expand Your Skills 439(2)
References 441(2)
Archiving Data 443(10)
Introduction 443(1)
Should You Keep Data? 443(4)
Legal Issues 444(2)
E-mail 446(1)
Findings and Reports 446(1)
Securing Documentation 447(3)
Access Controls 448(1)
Archival Methods 448(1)
Archival Locations 449(1)
Destruction Policies 450(1)
Summary 450(1)
Solutions Fast Track 451(1)
Should You Keep Data? 451(1)
Securing Documentation 451(1)
Frequently Asked Questions 451(1)
Reference 452(1)
Cleaning Up Your Lab 453(12)
Introduction 453(1)
Archiving Lab Data 454(1)
Proof of Concepts 454(1)
Malware Analysis 455(1)
Creating and Using System Images 455(2)
License Issues 455(1)
Virtual Machines 456(1)
``Ghost'' Images 456(1)
Creating a ``Clean Shop'' 457(5)
Sanitization Methods 458(3)
Using Hashes 461(1)
Change Management Controls 461(1)
Summary 462(1)
Solutions Fast Track 462(1)
Archiving Lab Data 462(1)
Creating and Using System Images 463(1)
Creating a ``Clean Shop'' 463(1)
Frequently Asked Questions 463(1)
Reference 463(2)
Planning for Your Next PenTest 465(12)
Introduction 465(1)
Risk Management Register 466(2)
Creating a Risk Management Register 466(1)
Prioritization of Risks and Responses 467(1)
Knowledge Database 468(2)
Creating a Knowledge Database 468(1)
Sanitization of Findings 469(1)
Project Management Knowledge Database 469(1)
After-Action Review 470(3)
Project Assessments 470(1)
Team Assessments 471(1)
Training Proposals 471(2)
Summary 473(1)
Solutions Fast Track 473(1)
Risk Management Register 473(1)
Knowledge Database 474(1)
After-Action Review 474(1)
Frequently Asked Questions 474(1)
Expand Your Skills 475(1)
Reference 476(1)
Appendix A: Acronyms 477(12)
Appendix B: Definitions 489(6)
Index 495
- 名称
- 类型
- 大小
光盘服务联系方式: 020-38250260 客服QQ:4006604884
云图客服:
用户发送的提问,这种方式就需要有位在线客服来回答用户的问题,这种 就属于对话式的,问题是这种提问是否需要用户登录才能提问
Video Player
×
Audio Player
×
pdf Player
×
亲爱的云图用户,
光盘内的文件都可以直接点击浏览哦
无需下载,在线查阅资料!
