معرفی کتاب «Building a Pentesting Lab for Wireless Networks : Build Your Own Secure Enterprise or Home Penetration Testing Lab to Dig Into the Various Hacking Techniques» نوشتهٔ Fadyushin, Vyacheslav, Popov, Andrey، منتشرشده توسط نشر Packt Publishing در سال 2016. این کتاب در 5 صفحه، فرمت azw3، زبان انگلیسی ارائه شده است.
See your app through a hacker's eyes to find the real sources of vulnerability The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security. Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data. Understand the ways data can be stored, and how cryptography is defeated Set up an environment for identifying insecurities and the data leakages that arise Develop extensions to bypass security controls and perform injection attacks Learn the different attacks that apply specifically to cross-platform apps IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.
Build your own secure enterprise or home penetration testing lab to dig into the various hacking techniques
About This Book
- Design and build an extendable penetration testing lab with wireless access suitable for home and enterprise use
- Fill the lab with various components and customize them according to your own needs and skill level
- Secure your lab from unauthorized access and external attacks
Who This Book Is For
If you are a beginner or a security professional who wishes to learn to build a home or enterprise lab environment where you can safely practice penetration testing techniques and improve your hacking skills, then this book is for you. No prior penetration testing experience is required, as the lab environment is suitable for various skill levels and is used for a wide range of techniques from basic to advance. Whether you are brand new to online learning or you are a seasoned expert, you will be able to set up your own hacking playground depending on your tasks.
What You Will Learn
- Determine your needs and choose the appropriate lab components for them
- Build a virtual or hardware lab network
- Imitate an enterprise network and prepare intentionally vulnerable software and services
- Secure wired and wireless access to your lab
- Choose a penetration testing framework according to your needs
- Arm your own wireless hacking platform
- Get to know the methods to create a strong defense mechanism for your system
In Detail
Starting with the basics of wireless networking and its associated risks, we will guide you through the stages of creating a penetration testing lab with wireless access and preparing your wireless penetration testing machine.
This book will guide you through configuring hardware and virtual network devices, filling the lab network with applications and security solutions, and making it look and work like a real enterprise network. The resulting lab protected with WPA-Enterprise will let you practice most of the attack techniques used in penetration testing projects. Along with a review of penetration testing frameworks, this book is also a detailed manual on preparing a platform for wireless penetration testing. By the end of this book, you will be at the point when you can practice, and research without worrying about your lab environment for every task.
Style and approach
This is an easy-to-follow guide full of hands-on examples and recipes. Each topic is explained thoroughly and supplies you with the necessary configuration settings. You can pick the recipes you want to follow depending on the task you need to perform.
Build your own secure enterprise or home penetration testing lab to dig into the various hacking techniques About This Book • Design and build an extendable penetration testing lab with wireless access suitable for home and enterprise use • Fill the lab with various components and customize them according to your own needs and skill level • Secure your lab from unauthorized access and external attacks Who This Book Is For If you are a beginner or a security professional who wishes to learn to build a home or enterprise lab environment where you can safely practice penetration testing techniques and improve your hacking skills, then this book is for you. No prior penetration testing experience is required, as the lab environment is suitable for various skill levels and is used for a wide range of techniques from basic to advance. Whether you are brand new to online learning or you are a seasoned expert, you will be able to set up your own hacking playground depending on your tasks. What You Will Learn • Determine your needs and choose the appropriate lab components for them • Build a virtual or hardware lab network • Imitate an enterprise network and prepare intentionally vulnerable software and services • Secure wired and wireless access to your lab • Choose a penetration testing framework according to your needs • Arm your own wireless hacking platform • Get to know the methods to create a strong defense mechanism for your system In Detail Starting with the basics of wireless networking and its associated risks, we will guide you through the stages of creating a penetration testing lab with wireless access and preparing your wireless penetration testing machine. This book will guide you through configuring hardware and virtual network devices, filling the lab network with applications and security solutions, and making it look and work like a real enterprise network. The resulting lab protected with WPA-Enterprise will let you practice most of the attack techniques used in penetration testing projects. Along with a review of penetration testing frameworks, this book is also a detailed manual on preparing a platform for wireless penetration testing. By the end of this book, you will be at the point when you can practice, and research without worrying about your lab environment for every task. Style and approach This is an easy-to-follow guide full of hands-on examples and recipes. Each topic is explained thoroughly and supplies you with the necessary configuration settings. You can pick the recipes you want to follow depending on the task you need to perform. Annotation Build your own secure enterprise or home penetration testing lab to dig into the various hacking techniquesAbout This Book Design and build an extendable penetration testing lab with wireless access suitable for home and enterprise use Fill the lab with various components and customize them according to your own needs and skill level Secure your lab from unauthorized access and external attacksWho This Book Is ForIf you are a beginner or a security professional who wishes to learn to build a home or enterprise lab environment where you can safely practice penetration testing techniques and improve your hacking skills, then this book is for you. No prior penetration testing experience is required, as the lab environment is suitable for various skill levels and is used for a wide range of techniques from basic to advance. Whether you are brand new to online learning or you are a seasoned expert, you will be able to set up your own hacking playground depending on your tasks.What You Will Learn Determine your needs and choose the appropriate lab components for them Build a virtual or hardware lab network Imitate an enterprise network and prepare intentionally vulnerable software and services Secure wired and wireless access to your lab Choose a penetration testing framework according to your needs Arm your own wireless hacking platform Get to know the methods to create a strong defense mechanism for your systemIn DetailStarting with the basics of wireless networking and its associated risks, we will guide you through the stages of creating a penetration testing lab with wireless access and preparing your wireless penetration testing machine.This book will guide you through configuring hardware and virtual network devices, filling the lab network with applications and security solutions, and making it look and work like a real enterprise network. The resulting lab protected with WPA-Enterprise will let you practice most of the attack techniques used in penetration testing projects. Along with a review of penetration testing frameworks, this book is also a detailed manual on preparing a platform for wireless penetration testing. By the end of this book, you will be at the point when you can practice, and research without worrying about your lab environment for every task.Style and approachThis is an easy-to-follow guide full of hands-on examples and recipes. Each topic is explained thoroughly and supplies you with the necessary configuration settings. You can pick the recipes you want to follow depending on the task you need to perform Build your own secure enterprise or home penetration testing lab to dig into the various hacking techniquesKey Features[•]Design and build an extendable penetration testing lab with wireless access suitable for home and enterprise use[•]Fill the lab with various components and customize them according to your own needs and skill level[•]Secure your lab from unauthorized access and external attacksBook DescriptionStarting with the basics of wireless networking and its associated risks, we will guide you through the stages of creating a penetration testing lab with wireless access and preparing your wireless penetration testing machine. This book will guide you through configuring hardware and virtual network devices, filling the lab network with applications and security solutions, and making it look and work like a real enterprise network. The resulting lab protected with WPA-Enterprise will let you practice most of the attack techniques used in penetration testing projects. Along with a review of penetration testing frameworks, this book is also a detailed manual on preparing a platform for wireless penetration testing. By the end of this book, you will be at the point when you can practice, and research without worrying about your lab environment for every task. What you will learn[•]Determine your needs and choose the appropriate lab components for them[•]Build a virtual or hardware lab network[•]Imitate an enterprise network and prepare intentionally vulnerable software and services[•]Secure wired and wireless access to your lab[•]Choose a penetration testing framework according to your needs[•]Arm your own wireless hacking platform[•]Get to know the methods to create a strong defense mechanism for your systemWho this book is forIf you are a beginner or a security professional who wishes to learn to build a home or enterprise lab environment where you can safely practice penetration testing techniques and improve your hacking skills, then this book is for you. No prior penetration testing experience is required, as the lab environment is suitable for various skill levels and is used for a wide range of techniques from basic to advance. Whether you are brand new to online learning or you are a seasoned expert, you will be able to set up your own hacking playground depending on your tasks. See your app through a hacker's eyes to find the real sources of vulnerability. The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Mobile platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security. Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data. Understand the ways data can be stored, and how cryptography is defeated; Set up an environment for identifying insecurities and the data leakages that arise; Develop extensions to bypass security controls and perform injection attacks; Learn the different attacks that apply specifically to cross-platform apps. IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide Starting with the basics of wireless networking and its associated risks, we will guide you through the stages of creating a penetration testing lab with wireless access and preparing your wireless penetration testing machine. This book will guide you through configuring hardware and virtual network devices, filling the lab network with applications and security solutions, and making it look and work like a real enterprise network. The resulting lab protected with WPA-Enterprise will let you practice most of the attack techniques used in penetration testing projects. Along with a review of penetration testing frameworks, this book is also a detailed manual on preparing a platform for wireless penetration testing. By the end of this book, you will be at the point when you can practice, and research without worrying about your lab environment for every task. Vyacheslav Fadyushin (CISA, CEH, PCI ASV) is a security consultant and a penetration tester with more than 9 years of professional experience and a diverse background in various aspects of information security. His main points of interest and fields of expertise are ethical hacking and penetration testing, infrastructure and application security, mobile security, and information security management. He is also an author of the book, Penetration Setting Up a Test Lab How-to, published by Packt Publishing in 2013. Andrey Popov is a security consultant and penetration tester with rich professional experience and a diverse background in infrastructure and application security, information security management, and ethical hacking. He has been working for a market-leading company along with another security professional since 2007. Master wireless testing techniques to survey and attack wireless networks with Kali Linux In Detail As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes. Kali Linux Wireless Penetration Testing Beginner's Guide presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. Learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte. What You Will Learn Create a wireless lab for your experiments Sniff out wireless packets and hidden networks Capture and crack WPA-2 keys Discover hidden SSIDs Explore the ins and outs of wireless technologies Sniff probe requests and track users through SSID history Attack radius authentication systems Sniff wireless traffic and collect interesting data Decrypt encrypted traffic with stolen keys Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire.
Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.
Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http://nmap.org/book for more information and sample chapters.
This is the official guide to the nmap tool ("network mapper") written by "Fyodor" or Gordon Lyon. Some chapters are online at www.nmap.org but this volume has the full documentation (other than what's been posted as announcements at that website or at insecure.org). An entire portscanning tutorial chapter is included, even though the usual use of the tool is simply to invoke at the command line prompt: # nmap (Internet Protocol address of target) like so: # nmap 127.0.0.1 ... which will scan your own machine. But there are many specific commands (or sub-commands added after the invocation, like "flags" in Unix/Linux) that help you look for specific things, plus more to learn like tuning nmap's performance, tuning its "invasiveness" so that it scans ports in a less "noisy" manner to avoid detection, using nmap to remotely detect which OS the target runs, and much more. The tool even has its own scripting engine so you can automate repetitive tasks. Lyon even describes the popular GUI (graphical user interface) to nmap, called Zenmap, and there's a chapter on how to defend against nmap, should it be employed in an inelegant manner against you. Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals. The reference guide documents every Nmap feature and option, while the remainder demonstrates how to apply them to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Visit for more information and sample chapters. About This BookLearn wireless penetration testing with Kali Linux; Backtrack's evolutionDetect hidden wireless networks and discover their namesExplore advanced Wi-Fi hacking techniques including rogue access point hosting and probe sniffingDevelop your encryption cracking skills and gain an insight into the methods used by attackers and the underlying technologies that facilitate these attacksWho This Book Is ForIf you are a security professional, pentester, or anyone interested in getting to grips with wireless penetration testing, this is the book for you. Some familiarity with Kali Linux and wireless concepts is beneficial. Security solutions -- Security hints -- Summary -- Chapter 3: Configuring Networking Lab Components -- General lab network communication rules -- Configuring hardware wired devices -- Preparing the console connection on Windows -- Core switch -- Initial configuration -- Configuring interfaces and VLANs -- Hardening the core switch -- Configuring subinterfaces and subnets -- Configuring auxiliary services -- Basic gateway hardening -- Configuring virtual wired network devices -- Network virtualization platform -- Software installation -- Initial configuration -- Network topology implementation The active attacking phase -- WPA-PSK attacks -- Enterprise WLAN attacks -- Summary -- Chapter 2: Planning Your Lab Environment -- Understanding what tasks your lab should fulfill -- Objectives of a lab -- Lab tasks -- Network reconnaissance -- Web application hacking -- Hacking and researching network services -- AD hacking -- DBMS hacking -- Network layer attacks -- Wi-Fi penetration testing -- Planning the network topology -- Choosing appropriate components -- Network devices -- Server and workstation components -- Planning lab security -- Access control -- Integrated security mechanisms Creating a working certificate -- Installing a root certificate -- Installing a remote management service -- Corporative e-mail service -- Configuring a DNS server -- Installing and configuring hMailServer -- Installing vulnerable services -- Installing web applications -- Preparing a web server -- WebGoat -- DVWA -- Liferay Portal -- Metasploitable -- Vulnerable VoIP server -- Summary -- Chapter 5: Implementing Security -- Network-based security solutions -- Configuring network access control -- Isolating external and guest networks -- Isolating internal VLANs -- Securing wireless access Cover -- Copyright -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: Understanding Wireless Network Security and Risks -- Understanding wireless environment and threats -- An overview of wireless technologies -- An overview of wireless threats -- Wi-Fi media specifics -- Common WLAN protection mechanisms and their flaws -- Hiding SSID -- MAC filtering -- WEP -- WPA/WPA2 -- Pre-shared key mode -- Enterprise mode -- WPS -- Getting familiar with the Wi-Fi attack workflow -- General Wi-Fi attack methodology Switch -- Gateway -- Virtual host emulation -- Wireless hardware devices -- Configuring WLANs -- Guest WLAN -- Preparing the hardware access point -- Summary -- Chapter 4: Designing Application Lab Components -- Planning services -- Creating virtual servers and workstations -- VirtualBox overview and installation -- Creating virtual machines -- Configuring network settings of lab components -- Installing and configuring domain services -- Creating a domain -- Creating users -- Adding hosts to the domain -- Certification authority services -- Creating a root certificate