eBook - ePub
Advanced Infrastructure Penetration Testing
Chiheb Chebbi
This is a test
Partager le livre
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Advanced Infrastructure Penetration Testing
Chiheb Chebbi
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
A highly detailed guide to performing powerful attack vectors in many hands-on scenarios and defending significant security flaws in your company's infrastructure
Key Features
- Advanced exploitation techniques to breach modern operating systems and complex network devices
- Learn about Docker breakouts, Active Directory delegation, and CRON jobs
- Practical use cases to deliver an intelligent endpoint-protected system
Book Description
It has always been difficult to gain hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. This book will be your one-stop solution to compromising complex network devices and modern operating systems. This book provides you with advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN.
With this book, you will explore exploitation abilities such as offensive PowerShell tools and techniques, CI servers, database exploitation, Active Directory delegation, kernel exploits, cron jobs, VLAN hopping, and Docker breakouts. Moving on, this book will not only walk you through managing vulnerabilities, but will also teach you how to ensure endpoint protection. Toward the end of this book, you will also discover post-exploitation tips, tools, and methodologies to help your organization build an intelligent security system.
By the end of this book, you will have mastered the skills and methodologies needed to breach infrastructures and provide complete endpoint protection for your system.
What you will learn
- Exposure to advanced infrastructure penetration testing techniques and methodologies
- Gain hands-on experience of penetration testing in Linux system vulnerabilities and memory exploitation
- Understand what it takes to break into enterprise networks
- Learn to secure the configuration management environment and continuous delivery pipeline
- Gain an understanding of how to exploit networks and IoT devices
- Discover real-world, post-exploitation techniques and countermeasures
Who this book is for
If you are a system administrator, SOC analyst, penetration tester, or a network engineer and want to take your penetration testing skills and security knowledge to the next level, then this book is for you. Some prior experience with penetration testing tools and knowledge of Linux and Windows command-line syntax is beneficial.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Advanced Infrastructure Penetration Testing est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Advanced Infrastructure Penetration Testing par Chiheb Chebbi en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Computer Science et Cyber Security. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Advanced Linux Exploitation
Now that we have a clear understanding of the different penetration testing methodologies, phases, and requirements, the game is just starting. It is time to buckle your seat belt because, in this chapter, you will dive into securing the Linux environment, from a high-level overview of Linux infrastructure penetration testing, to discovering the dark depths of kernel vulnerabilities. This chapter outlines the skills and tools required to bulletproof Linux infrastructures.
Linux basics
Unix is an operating system developed by Bell Labs. Basically, it works on a command-line interface, and is designed for large systems. This operating system is not free, but it is proprietary and portable. Linux is a Unix clone developed by Linus Torvalds in 1991. It is open source, and you can use it in anything that has a processor. Linux is flexible, and you can modify and implement it as it is licensed under a GNU General Public License (GPL).
Linux commands
In this subsection, let's open the command line and execute some basic commands. In every Linux host, there are command-line interfaces named shells that interpret and execute typed commands and scripts. There are many shell environments, such as Bourne Again Shell (Bash, which is the most common shell), C shell (csh), Korn shell (ksh), and so on. To find the shells available for your environment, just open the command-line interface and type cat /etc/shells:
Now, let's get around some vital basic Linux commands from the shell:
- pwd: To know which directory you are in
- ls: To list files in a directory
- cd: To enter a directory
- mkdir: To create a new directory
- rmdir: To remove a directory
- touch: To create a new file
- cat: To read a file
- cp: To copy a file
- mv: To move a file
- man: To be shown how to use a command
Linux is case-sensitive (to give users many command option possibilities -T, - t, -a, - A, and so on), so you need to check how you are writing every command.
As a penetration tester, there are multiple important commands that you need to know in order to test the security posture of a Linux infrastructure:
- hostname: Information about the host
- cat /proc/version: Kernel information
- uname -r: Kernel release
- uname -a: More detailed information about the system
- cat /proc/cpuinfo: Reads information about the processor
- echo $PATH: Display information about the PATH variable
- history: Display command history
Streams
Linux is provided with input/output redirection capabilities to facilitate tasks. It gives you the ability to manipulate the I/O streams using the following three types of streams:
- Standard input (stdin): In this stream, the input is taken from the keyboard
- Standard output (stdout): This stream displays the result directly on the screen
- Standard error (stderr): This is another type of standard output stream, but it carries error information instead of showing the output on the screen
Redirection
Redirection is another Linux capability to enhance productivity. You can redirect the stream using simple symbols. You can redirect the output of a command to a text file using >, or >> if you want to append the file and not overwrite it; for example, ls > Simple_file.txt.
Also, if you want to redirect a stream from one command to another, it is recommended to use the pipes like the following line, which lists the first two files in the current directory, ls | head -2:
Linux directory structure
There is a standard structure for Linux directories. According to Linux, generally, everything is a file, even directories and devices. In order to work properly, Linux manages these files in a specific way under a hierarchical design:
- /root: All the files and directories start from this directory
- /home: Contains personal files of all users
- /bin: Contains all the binaries (executables)
- /sbin: Like /bin, but it contains the system binaries
- /lib: Contains required library files
- /usr: Contains binaries used by a normal user
- /opt: Contains optional add-on applications
- /etc: Contains all the required configuration files for the programs
- /dev: Contains device files
- /media: Contains files of temporary removable devices
- /mnt: Contains mount point for filesystems
- /boot: Contains boot loader files
- /tmp: Contains temporary files
- /var: Contains variable files, such as logs
- /proc: Contains information about the system processes:
There are many types of file in Linux operation systems. Each file is represented by a specific symbolâdirectories, regular files, and sockets, which are communication techniques between applications.
Users and groups
The following subsection will cover the required Linux commands to manage user accounts and groups. To create a new user, use the useradd command; for example, useradd <user>.
Also, you are capable of adding more information about the new user, such as the related shell, the user directory, and expira...