FinUniversity Electronic Library

     
?

Details
Card Table RUSMARC

Sabih, Zaid. Learn ethical hacking from scratch: your stepping stone to penetration testing / Zaid Sabih. — 1 online resource (1 volume) : illustrations — <URL:http://elib.fa.ru/ebsco/1862360.pdf>.

Record create date: 8/29/2018

Subject: Penetration testing (Computer security); Hacking.; Computer networks — Security measures.; Computer security.; COMPUTERS / Security / General.

Collections: EBSCO

Allowed Actions:

Action 'Read' will be available if you login or access site from another network Action 'Download' will be available if you login or access site from another network

Group: Anonymous

Network: Internet

Document access rights

Network User group Action
Finuniversity Local Network All Read Print Download
Internet Readers Read Print
-> Internet Anonymous

Table of Contents

  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Packt Upsell
  • Contributors
  • Table of Contents
  • Preface
  • Chapter 1: Introduction
    • What's in this book?
      • Preparation
      • Penetration testing
        • Network penetration testing
        • Gaining access
        • Post exploitation
        • Website penetration testing
      • Protecting your system
    • What is hacking?
    • Why should we learn about hacking?
    • A glimpse of hacking
      • Browser exploitation framework
      • Accessing the target computer's webcam
    • Summary
  • Chapter 2: Setting Up a Lab
    • Lab overview
      • VirtualBox
        • Installation of VirtualBox
    • Installing Kali Linux
    • Installing Metasploitable
    • Installing Windows
    • Creating and using snapshots 
    • Summary
  • Chapter 3: Linux Basics
    • Overview of Kali Linux
      • Status bar icons
      • Connecting the wireless card
    • Linux commands
      • Commands
        • The ls command
        • The man command
        • The help command
        • The Tab button
    • Updating resources
    • Summary
  • Chapter 4: Network Penetration Testing
    • What is a network?
    • Network basics
    • Connecting to a wireless adapter
    • MAC addresses
    • Wireless modes – managed and monitor
    • Enabling monitor mode manually
    • Enabling monitor mode using airmon-ng
    • Summary
  • Chapter 5: Pre-Connection Attacks
    • Packet sniffing basics
    • Targeted packet sniffing 
    • Deauthentication attack
    • What is a fake access point?
    • Creating fake access points with the MANA Toolkit
    • Summary
  • Chapter 6: Network Penetration Testing - Gaining Access
    • WEP theory
    • Basic web cracking
    • Fake authentication attack
    • ARP request replay
    • WPA introduction
    • WPS cracking
    • Handshake theory
    • Capturing the handshake
    • Creating a wordlist
    • Wordlist cracking
    • Securing network from attacks
    • Summary
  • Chapter 7: Post-Connection Attacks
    • Post-connection attacks
      • The netdiscover tool
      • The AutoScan tool
      • Zenmap
    • Summary 
  • Chapter 8: Man-in-the-Middle Attacks
    • Man-in-the–middle attacks
      • ARP spoofing using arpspoof
      • ARP spoofing using MITMf
      • Bypassing HTTPS
      • Session hijacking
      • DNS spoofing
      • MITMf screenshot keylogger
      • MITMf code injection
      • MITMf against a real network
    • Wireshark
      • Wireshark basics 
      • Wireshark filters
    • Summary
  • Chapter 9: Network Penetration Testing, Detection, and Security
    • Detecting ARP poisoning
    • Detecting suspicious behavior
    • Summary
  • Chapter 10: Gaining Access to Computer Devices
    • Introduction to gaining access
      • Server side
      • Client side
      • Post-exploitation
    • Sever-side attacks
    • Server-side attack basics
    • Server-side attacks – Metasploit basics
    • Metasploit remote code execution
    • Summary
  • Chapter 11: Scanning Vulnerabilities Using Tools
    • Installing MSFC
    • MSFC scan
    • MSFC analysis
    • Installing Nexpose
    • Running Nexpose
    • Nexpose analysis
    • Summary
  • Chapter 12: Client-Side Attacks
    • Client-side attacks
    • Installing Veil
    • Payloads overview
    • Generating a Veil backdoor
    • Listening for connections
    • Testing the backdoor
    • Fake bdm1 updates
    • Client-side attacks using the bdm2 BDFProxy
    • Protection against delivery methods
    • Summary
  • Chapter 13: Client-Side Attacks - Social Engineering
    • Client-side attacks using social engineering 
    • Maltego overview
    • Social engineering – linking accounts
    • Social engineering – Twitter
    • Social engineering – emails
    • Social engineering – summary
    • Downloading and executing AutoIt 
    • Changing the icon and compiling the payload
    • Changing extensions
    • Client-side attacks – TDM email spoofing
    • Summary
  • Chapter 14: Attack and Detect Trojans with BeEF
    • The BeEF tool
    • BeEF – hook using a MITMf
    • BeEF – basic commands
    • BeEF – Pretty Theft
    • BeEF – Meterpreter 1
    • Detecting Trojans manually
    • Detecting Trojans using a sandbox
    • Summary
  • Chapter 15: Attacks Outside the Local Network
    • Port forwarding
    • External backdoors
    • IP forwarding
    • External BeEF
    • Summary
  • Chapter 16: Post Exploitation
    • An introduction to post exploitation
    • Meterpreter basics
    • Filesystem commands
    • Maintaining access by using simple methods
    • Maintaining access by using advanced methods
    • Keylogging
    • An introduction to pivoting
    • Pivoting autoroutes
    • Summary 
  • Chapter 17: Website Penetration Testing
    • What is a website?
    • Attacking a website
    • Summary
  • Chapter 18: Website Pentesting - Information Gathering
    • Information gathering using tools
      • The Whois Lookup
      • Netcraft
      • Robtex
    • Websites on the same server
    • Information gathering from target websites
      • Finding subdomains
      • Information gathering using files
      • Analyzing file results 
    • Summary
  • Chapter 19: File Upload, Code Execution, and File Inclusion Vulnerabilities
    • File upload vulnerabilities
      • Getting started with Weevely
    • Code execution vulnerabilities
    • Local file inclusion vulnerabilities
    • Remote file inclusion using Metasploitable
    • Basic mitigation
    • Summary
  • Chapter 20: SQL Injection Vulnerabilities
    • What is SQL?
    • The dangers of SQLi
    • Discovering SQLi
    • SQLi authorization bypass
    • Discovering an SQLi using the GET method
    • Basic SELECT statements
    • Discovering tables
    • Reading columns and their data
    • Reading and writing files on the server
    • The sqlmap tool
    • Preventing SQLi 
    • Summary 
  • Chapter 21: Cross-Site Scripting Vulnerabilities
    • Introduction to XSS
    • Reflected XSS
    • Stored XSS
    • XSS BeEF exploitation
    • XSS protection
    • Summary 
  • Chapter 22: Discovering Vulnerabilities Automatically Using OWASP ZAP
    • OWASP ZAP start
    • OWASP ZAP results
    • Summary
  • Other Books You May Enjoy
  • Index

Usage statistics

stat Access count: 0
Last 30 days: 0
Detailed usage statistics