Becoming the hacker : the playbook for getting inside the mind of an attacker /: the playbook for getting inside the mind of an attacker. (2019)
- Record Type:
- Book
- Title:
- Becoming the hacker : the playbook for getting inside the mind of an attacker /: the playbook for getting inside the mind of an attacker. (2019)
- Main Title:
- Becoming the hacker : the playbook for getting inside the mind of an attacker
- Further Information:
- Note: Adrian Pruteanu.
- Authors:
- Pruteanu, Adrian
- Contents:
- Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; BurpCover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index … (more)
- Publisher Details:
- Birmingham : Packt Publishing Ltd
- Publication Date:
- 2019
- Extent:
- 1 online resource (405 p.)
- Subjects:
- 005.8
Penetration testing (Computer security)
Computer security
Computers -- Access control
Computer networks -- Security measures
Hacking
COMPUTERS / Security / Networking
Electronic books - Languages:
- English
- ISBNs:
- 1788623754
9781788623759 - Notes:
- Note: Includes bibliographical references and index.
Note: Online resource; title from PDF title page (EBSCO, April 3, 2019). - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.386951
- Ingest File:
- 02_376.xml