lunes, 3 de octubre de 2011

Backtrack 4 Assuring Security by Penetration Testing(EN)

Cargando..

 Les presento este libro llamado Backtrack 4 Assuring Security by Penetration Testing otro ideal para nuestra biblioteca , fue publicado en abril de 2011 así que es relativamente nuevo, nos puede servir para manejar también la ultima distribución de este magnifico sistema operativo Backtrack 5. pido disculpas por el idioma, como pueden ver este tipo de libros solo se encuentran en el idioma ingles al ser tan nuevos.







Tabla de Contenido Completa:

PART I: Lab Preparation and Testing Procedures
Chapter 1: Beginning with BackTrack
History
BackTrack purpose
Getting BackTrack
Using BackTrack
Live DVD
Installing to hard disk
Installation in real machine
Installation in VirtualBox
Portable BackTrack
Configuring network connection
Ethernet setup
Wireless setup
Starting the network service
Updating BackTrack
Updating software applications
Updating the kernel
Installing additional weapons
Nessus vulnerability scanner
WebSecurify
Customizing BackTrack
Summary

Chapter 2: Penetration Testing Methodology
Types of penetration testing
Black-box testing
White-box testing
Vulnerability assessment versus penetration testing
Security testing methodologies
Open Source Security Testing Methodology zanual (OSSTMM)
Key features and benefits
Information Systems Security Assessment Framework (ISSAF)
Key features and benefits
Open Web Application Security Project (OWASP) Top Ten
Key features and benefits
Web Application Security Consortium Threat Classification (WASC-TC)
Key features and benefits
BackTrack testing methodology
Target scoping
Information gathering
Target discovery
Enumerating target
Vulnerability mapping
Social engineering
Target exploitation
Privilege escalation
Maintaining access
Documentation and reporting
The ethics
Summary

PART II: Penetration Testers Armory
Chapter 3: Target Scoping
Gathering client requirements
Customer requirements form
Deliverables assessment form
Preparing the test plan
Test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary

Chapter 4: Information Gathering
Public resources
Document gathering
Metagoofil
DNS information
dnswalk
dnsenum
dnsmap
dnsmap-bulk
dnsrecon
fierce
Route information
0trace
dmitry
itrace
tcpraceroute
tctrace
Utilizing search engines
goorecon
theharvester
All-in-one intelligence gathering
Maltego
Documenting the information
Dradis
Summary
Chapter 5: Target Discovery
Introduction
Identifying the target machine
ping
arping
arping2
fping
genlist
hping2
hping3
lanmap
nbtscan
nping
onesixtyone
OS fingerprinting
p0f
xprobe2
Summary

Chapter 6: Enumerating Target
Port scanning
AutoScan
Netifera
Nmap
Nmap target specification
Nmap TCP scan options
Nmap UDP scan options
Nmap port specification
Nmap output options
Nmap timing options
Nmap scripting engine
Unicornscan
Zenmap
Service enumeration
Amap
Httprint
Httsquash
VPN enumeration
ike-scan
Summary

Chapter 7: Vulnerability Mapping
Types of vulnerabilities
Local vulnerability
Remote vulnerability
Vulnerability taxonomy
Open Vulnerability Assessment System (OpenVAS)
OpenVAS integrated security tools
Cisco analysis
Cisco Auditing Tool
Cisco Global Exploiter
Cisco Passwd Scanner
Fuzzy analysis
BED
Bunny
JBroFuzz
SMB analysis
Impacket Samrzump
Smb4k
SNMP analysis
ADMSnmp
Snmp Enum
SNMP Walk
Web application analysis
Database assessment tools
DBPwAudit
Pblind
SQLbrute
SQLiX
SQLMap
SQL Ninja
Application assessment tools
Burp Suite
Grendel Scan
LBD
Nikto2
Paros Proxy
Ratproxy
W3AF
WAFW00F
WebScarab
Summary

Chapter 8: Social Engineering
Modeling human psychology
Attack process
Attack methods
Impersonation
Reciprocation
Influential authority
Scarcity
Social relationship
Social Engineering Toolkit (SET)
Targeted phishing attack
Gathering user credentials
Common User Passwords Profiler (CUPP)
Summary

Chapter 9: Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Scenario #1
Scenario #2
Scenario #3
Scenario #4
Scenario #5
Writing exploit module
Summary

Chapter 10: Privilege Escalation
Attacking the password
Offline attack tools
Rainbowcrack
Samdump2
John
Ophcrack
Crunch
Wyd
Online attack tools
BruteSSH
Hydra
Network sniffers
Dsniff
Hamster
Tcpdump
Tcpick
Wireshark
Network spoofing tools
Arpspoof
Ettercap
Summary

Chapter 11: Maintaining Access
Protocol tunneling
DNS2tcp
Ptunnel
Stunnel4
Proxy
3proxy
Proxychains
End-to-end connection
CryptCat
Sbd
Socat
Summary

Chapter 12: Documentation and Reporting
Documentation and results verification
Types of reports
Executive report
Management report
Technical report
Network penetration testing report (sample contents)
Table of Contents
Presentation
Post testing procedures
Summary

PART III: Extra Ammunition
Appendix A: Supplementary Tools
Vulnerability scanner
NeXpose community edition
NeXpose installation
Starting NeXpose community
Login to NeXpose community
Using NeXpose community
Web application fingerprinter
WhatWeb
BlindElephant
Network Ballista
Netcat
Open connection
Service banner grabbing
Simple server
File transfer
Portscanning
Backdoor Shell
Reverse shell
Summary

Appendix B: Key Resources
Vulnerability Disclosure and Tracking
Paid Incentive Programs
Reverse Engineering Resources
Network ports
Index


Link: Descargar

6 comentarios:

Listo resubido :D el libro

Saludos :D

muchas gracias, muy bueno el libro :)

gracias excelente articulo sigue subiendo libros así =D

Publicar un comentario en la entrada