Unconfigured Ad Widget

Collapse

Anúncio

Collapse
No announcement yet.

EBOOK Pentest para ambientes altamente seguros e lançado em 05/12

Collapse
X
 
  • Filter
  • Tempo
  • Show
Clear All
new posts

  • Font Size
    #1

    Ebook EBOOK Pentest para ambientes altamente seguros e lançado em 05/12

    Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

    Livro muito bom estou lendo e compartilhando com vcs, espero que os sanguessugas não ataquem novamente, comentem e agradeçam para quem for útil!!
    Lançado em maio deste ano, é o material mais atual que particulamente me deparei, peguei em um forum gringo, o book é inglês? Mais é claroo meu amigo, vc quer aprender mesmo algo em português?
    Não sabe inglês, se vira \/
    Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar....


    Vi no Amazon O livro esta saindo por 120 reais

    O link em pdf abaixo.
    Donwload do Livro:
    Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

    Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

    Enjoy

    Planning and Scoping for a Successful Penetration Test 7
    Introduction to advanced penetration testing 7
    Vulnerability assessments 8
    Penetration testing 8
    Advanced penetration testing 9
    Before testing begins 10
    Determining scope 10
    Setting limits — nothing lasts forever 12
    Rules of engagement documentation 12
    Planning for action 14
    Installing VirtualBox 14
    Installing your BackTrack virtual machine 16
    Preparing the virtual guest machine for BackTrack 16
    Installing BackTrack on the virtual disk image 20
    Exploring BackTrack 24
    Logging in 24
    Changing the default password 24
    Updating the applications and operating system 24
    Installing OpenOffice 26
    Effectively manage your test results 26
    Introduction to MagicTree 27
    Starting MagicTree 28
    Adding nodes 28
    Data collection 29
    Report generation 31
    Introduction to the Dradis Framework 32
    Exporting a project template 35
    Importing a project template 36
    Preparing sample data for import 36
    Importing your Nmap data 38
    Exporting data into HTML 39
    Dradis Category field 40
    Changing the default HTML template 40
    Summary 42
    Chapter 2: Advanced Reconnaissance Techniques 43
    Introduction to reconnaissance 44
    Reconnaissance workflow 46
    DNS recon 47
    Nslookup — it's there when you need it 47
    Default output 48
    Changing nameservers 48
    Creating an automation script 50
    What did we learn? 52
    Domain Information Groper (Dig) 52
    Default output 52
    Zone transfers using Dig 54
    Advanced features of Dig 55
    DNS brute forcing with fierce 58
    Default command usage 58
    Creating a custom wordlist 60
    Gathering and validating domain and IP information 61
    Gathering information with whois 62
    Specifying which registrar to use 63
    Where in the world is this IP? 63
    Defensive measures 64
    Using search engines to do your job for you 64
    SHODAN 64
    Filters 65
    Understanding banners 66
    Finding specific assets 68
    Finding people (and their documents) on the web 68
    Google hacking database 68
    Metagoofil 70
    Searching the Internet for clues 72
    Metadata collection 74
    Extracting metadata from photos using exiftool 74
    Summary 78
    Chapter 3: Enumeration: Choosing Your Targets Wisely 79
    Adding another virtual machine to our lab 80
    Configuring and testing our Vlab_1 clients 82
    BackTrack – Manual ifconfig 82
    Ubuntu – Manual ifconfig 83
    Verifying connectivity 83
    Maintaining IP settings after reboot 84
    Nmap — getting to know you 84
    Commonly seen Nmap scan types and options 85
    Basic scans — warming up 87
    Other Nmap techniques 88
    Remaining stealthy 88
    Shifting blame — the zombies did it! 92
    IDS rules, how to avoid them 94
    Using decoys 95
    Adding custom Nmap scripts to your arsenal 96
    How to decide if a script is right for you 97
    Adding a new script to the database 99
    SNMP: A goldmine of information just waiting to be discovered 100
    SNMPEnum 100
    SNMPCheck 103
    When the SNMP community string is NOT "public" 104
    Creating network baselines with scanPBNJ 106
    Setting up MySQL for PBNJ 106
    Starting MySQL 106
    Preparing the PBNJ database 106
    First scan 108
    Reviewing the data 108
    Enumeration avoidance techniques 111
    Naming conventions 111
    Port knocking 112
    Intrusion detection and avoidance systems 112
    Trigger points 112
    SNMP lockdown 113
    Summary 113
    Chapter 4: Remote Exploitation 115
    Exploitation – Why bother? 115
    Target practice – Adding a Kioptrix virtual machine 116
    Manual exploitation 118
    Enumerating services 119
    Quick scan with Unicornscan 120
    Full scan with Nmap 121
    Banner grabbing with Netcat and Ncat 123
    Banner grabbing with Netcat 123
    Banner grabbing with Ncat 124
    Banner grabbing with smbclient 124
    Searching Exploit-DB 125
    Exploit-DB at hand 127
    Compiling the code 130
    Compiling the proof of concept code 131
    Troubleshooting the code 131
    Running the exploit 133
    Getting files to and from victim machines 137
    Installing and starting a TFTP server on BackTrack 5 137
    Installing and configuring pure-ftpd 138
    Starting pure-ftpd 139
    Passwords: Something you know… 140
    Cracking the hash 140
    Brute forcing passwords 142
    THC Hydra 143
    Metasploit — learn it and love it 148
    Updating the Metasploit framework 148
    Databases and Metasploit 149
    Installing PostgreSQL on BackTrack 5 149
    Verifying database connectivity 150
    Performing an Nmap scan from within Metasploit 150
    Using auxiliary modules 152
    Using Metasploit to exploit Kioptrix 153
    Summary 158
    Chapter 5: Web Application Exploitation 159
    Practice makes perfect 160
    Installing Kioptrix Level 3 161
    Creating a Kioptrix VM Level 3 clone 163
    Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine 164
    Installing and configuring pfSense 166
    Preparing the virtual machine for pfSense 166
    pfSense virtual machine persistence 168
    Configuring the pfSense DHCP server 171
    Starting the virtual lab 172
    pfSense DHCP – Permanent reservations 173
    Installing HAProxy for load balancing 175
    Adding Kioptrix3.com to the host file 176
    Detecting load balancers 177
    Quick reality check – Load Balance Detector 177
    So, what are we looking for anyhow? 178
    Detecting Web Application Firewalls (WAF) 180
    Taking on Level 3 – Kioptrix 182
    Web Application Attack and Audit Framework (w3af) 182
    Using w3af GUI to save time 184
    Scanning by using the w3af console 185
    Using WebScarab as a HTTP proxy 192
    Introduction to Mantra 197
    Summary 200
    Chapter 6: Exploits and Client-Side Attacks 201
    Buffer overflows—A refresher 202
    "C"ing is believing—Create a vulnerable program 202
    Turning ASLR on and off in BackTrack 204
    Understanding the basics of buffer overflows 205
    Introduction to fuzzing 210
    Introducing vulnserver 213
    Fuzzing tools included in BackTrack 215
    Bruteforce Exploit Detector (BED) 215
    SFUZZ: Simple fuzzer 224
    Fast-Track 227
    Updating Fast-Track 230
    Client-side attacks with Fast-Track 231
    Social Engineering Toolkit 233
    Summary 237
    Chapter 7: Post-Exploitation 239
    Rules of engagement 240
    What is permitted? 240
    Can you modify anything and everything? 241
    Are you allowed to add persistence? 241
    How is the data that is collected and stored
    handled by you and your team? 242
    Employee data and personal information 242
    Data gathering, network analysis, and pillaging 242
    Linux 243
    Important directories and files 243
    Important commands 244
    Putting this information to use 245
    Enumeration 245
    Exploitation 246
    Were connected, now what? 247
    Which tools are available on the remote system 248
    Finding network information 249
    Determine connections 252
    Checking installed packages 253
    Package repositories 254
    Programs and services that run at startup 254
    Searching for information 255
    History files and logs 257
    Configurations, settings, and other files 261
    Users and credentials 262
    Moving the files 266
    Microsoft Windows™ post-exploitation 269
    Important directories and files 270
    Using Armitage for post-exploitation 271
    Enumeration 273
    Exploitation 274
    Were connected, now what? 277
    Networking details 279
    Finding installed software and tools 282
    Pivoting 284
    Summary 286
    Chapter 8: Bypassing Firewalls and Avoiding Detection 287
    Lab preparation 288
    BackTrack guest machine 289
    Ubuntu guest machine 290
    pfSense guest machine configuration 290
    pfSense network setup 291
    WAN IP configuration 292
    LAN IP configuration 293
    Firewall configuration 294
    Stealth scanning through the firewall 297
    Finding the ports 297
    Traceroute to find out if there is a firewall 297
    Finding out if the firewall is blocking certain ports 298
    Now you see me, now you don't — Avoiding IDS 301
    Canonicalization 302
    Timing is everything 304
    Blending in 304
    Looking at traffic patterns 306
    Cleaning up compromised hosts 308
    Using a checklist 308
    When to clean up 308
    Local log files 309
    Miscellaneous evasion techniques 309
    Divide and conquer 309
    Hiding out (on controlled units) 310
    File integrity monitoring 310
    Using common network management tools to do the deed 310
    Summary 311
    Chapter 9: Data Collection Tools and Reporting 313
    Record now — Sort later 314
    Old school — The text editor method 314
    Nano 314
    VIM — The power user's text editor of choice 316
    NoteCase 318
    Dradis framework for collaboration 319
    Binding to an available interface other than 127.0.0.1 320
    The report 322
    Challenge to the reader 330
    Summary 331
    Setting Up Virtual Test Lab Environments 333
    Why bother with setting up labs? 333
    Keeping it simple 334
    No-nonsense test example 335
    Network segmentation and firewalls 335
    Requirements 336
    Setup 336
    Adding complexity or emulating target environments 343
    Configuring firewall1 347
    Installing additional packages in pfSense 349
    Firewall2 setup and configuration 350
    Web1 351
    DB1 352
    App1 352
    Admin1 353
    Summary 354
    Chapter 11: Take the Challenge – Putting It All Together 355
    The scenario 355
    The setup 356
    NewAlts Research Labs' virtual network 357
    Additional system modifications 360
    Web server modifications 360
    The challenge 362
    The walkthrough 363
    Defining the scope 364
    Determining the "why" 364
    So what is the "why" of this particular test? 365
    Developing the Rules of Engagement document 365
    Initial plan of attack 367
    Enumeration and exploitation 368
    Last edited by V3nom; 17-02-2013, 14:57.
    ĿэtђØяn
    Similar Threads

  • Font Size
    #2
    Nice man!!! Very very good ! ;]
    Vlw manoloo! kk
    "Não existe solução para estupidez do internauta."
    Kevin Mitnick

    Comment


    • Font Size
      #3
      Obrigado por compartilhar ! ^^
      "Sou a única certeza que vocês terão em toda a VIDA de vocês, eu tardo mais não falho !!! Tenho a certeza que algum dia irei visitar todos vocês"



      Comment


      • Font Size
        #4
        Obrigado por compartilhar. Valeu mesmo.

        Comment


        • Font Size
          #5
          Obrigado por compartilhar. Aproveito e deixo aqui outra opção daquilo que, acredito eu, é um guia completo com orientações detalhadas com imagens, vídeos e o download das ferramentas no próprio local, do iniciante até o avançado.

          A super conhecida Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar.... Imagine uma wikipedia hacker toda reunida em um só guia? Pronto, é mais ou menos por aí.

          Abraços.

          Comment


          • Font Size
            #6
            Cara muito bom o material. Vou baixar já!!

            Comment


            • Font Size
              #7
              Show de bola

              Comment


              • Font Size
                #8
                Valew cara, ja comecei a ler aki mt obrigado

                Comment


                • Font Size
                  #9
                  Muito boa, vlw, economizei 120 R$ xD

                  Comment


                  • Font Size
                    #10
                    Postado Originalmente por 0bs3rv4d0r Ver Post
                    Obrigado por compartilhar. Aproveito e deixo aqui outra opção daquilo que, acredito eu, é um guia completo com orientações detalhadas com imagens, vídeos e o download das ferramentas no próprio local, do iniciante até o avançado.

                    A super conhecida Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar.... Imagine uma wikipedia hacker toda reunida em um só guia? Pronto, é mais ou menos por aí.

                    Abraços.
                    opcionais são sempre bem vindos!!
                    ĿэtђØяn

                    Comment


                    • Font Size
                      #11
                      Obrigado pelo material, conferindo
                      "If you're good at something, never do it for free".
                      Joker

                      Não, eu não estou aqui para financiar a sua empresa!!!

                      Comment


                      • Font Size
                        #12
                        ja estou na metade e é muito bom mesmo, valew cara

                        Comment


                        • Font Size
                          #13
                          Obg por compartilhar, dando uma olhada aki nessa apostila noob. rs brincadeira.

                          Comment


                          • Font Size
                            #14
                            Obrigado '-' vlw!

                            Comment

                            X
                            Working...
                            X