| Document Type
|
:
|
BL
|
| Record Number
|
:
|
856491
|
| Main Entry
|
:
|
Bramwell, Phil
|
| Title & Author
|
:
|
Hands-on penetration testing on Windows : : unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis /\ Phil Bramwell.
|
| Publication Statement
|
:
|
Unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis
|
|
|
:
|
Birmingham, UK :: Packt Publishing,, 2018.
|
| Page. NO
|
:
|
1 online resource :: illustrations
|
| ISBN
|
:
|
1788295099
|
|
|
:
|
: 1788295668
|
|
|
:
|
: 9781788295093
|
|
|
:
|
: 9781788295666
|
|
|
:
|
9781788295666
|
| Bibliographies/Indexes
|
:
|
Includes bibliographical references.
|
| Contents
|
:
|
Cover; Title Page; Copyright and Credits; Dedication; Packt Upsell; Contributors; Table of Contents; Preface; Chapter 1: Bypassing Network Access Control; Technical requirements; Bypassing MAC filtering -- considerations for the physical assessor; Configuring a Kali wireless access point to bypass MAC filtering; Design weaknesses -- exploiting weak authentication mechanisms; Capturing captive portal authentication conversations in the clear; Layer-2 attacks against the network; Bypassing validation checks; Confirming the Organizationally Unique Identifier; Passive Operating system Fingerprinter
|
|
|
:
|
A real-world pen test scenario -- the chatty printerConfiguring our SMB listener; Authentication capture; Hash capture with LLMNR/NetBIOS NS spoofing; Let it rip -- cracking Windows hashes; The two philosophies of password cracking; John the Ripper cracking with a wordlist; John the Ripper cracking with masking; Reviewing your progress with the show flag; Summary; Questions; Further reading; Chapter 4: Advanced Network Attacks; Technical requirements; Binary injection with BetterCAP proxy modules; The Ruby file injection proxy module -- replace_file.rb
|
|
|
:
|
Creating the payload and connect-back listener with MetasploitHTTP downgrading attacks with sslstrip; Removing the need for a certificate -- HTTP downgrading; Understanding HSTS bypassing with DNS spoofing; HTTP downgrade attacks with BetterCAP ARP/DNS spoofing; The evil upgrade -- attacking software update mechanisms; Exploring ISR Evilgrade; Configuring the payload and upgrade module; Spoofing ARP/DNS and injecting the payload; IPv6 for hackers; IPv6 addressing basics; Local IPv6 reconnaissance and the Neighbor Discovery Protocol; IPv6 man-in-the-middle -- attacking your neighbors
|
|
|
:
|
Ettercap filters -- fine-tuning your analysisKilling connections with Ettercap filters; Getting better -- spoofing with BetterCAP; ICMP redirection with BetterCAP; Summary; Questions; Further reading; Chapter 3: Windows Passwords on the Network; Technical requirements; Understanding Windows passwords; A crash course on hash algorithms; Password hashing methods in Windows; If it ends with 1404EE, then it's easy for me -- understanding LM hash flaws; Authenticating over the network-a different game altogether; Capturing Windows passwords on the network
|
|
|
:
|
Living in an IPv4 world -- creating a local 4-to-6 proxy for your tools
|
|
|
:
|
Spoofing the HTTP User-AgentBreaking out of jail -- masquerading the stack; Following the rules spoils the fun -- suppressing normal TCP replies; Fabricating the handshake with Scapy and Python; Summary; Questions; Further reading; Chapter 2: Sniffing and Spoofing; Technical requirements; Advanced Wireshark -- going beyond simple captures; Passive wireless analysis; Targeting WLANs with the Aircrack-ng suite; WLAN analysis with Wireshark; Active network analysis with Wireshark; Advanced Ettercap -- the man-in-the-middle Swiss Army Knife; Bridged sniffing and the malicious access point
|
| Abstract
|
:
|
Penetration testing is highly competitive, and it's easy to get stuck in the same routine client after client. This book will provide hands-on experience with penetration testing while guiding you through behind-the-scenes action along the way.
|
| Subject
|
:
|
Computer security.
|
| Subject
|
:
|
Computers-- Access control.
|
| Subject
|
:
|
Penetration testing (Computer security)
|
| Subject
|
:
|
Windows PowerShell (Computer program language)
|
| Subject
|
:
|
Computer security.
|
| Subject
|
:
|
Computers-- Access control.
|
| Subject
|
:
|
Penetration testing (Computer security)
|
| Subject
|
:
|
Windows PowerShell (Computer program language)
|
| Subject
|
:
|
Kali Linux.
|
|
|
:
|
Microsoft Windows (Computer file)
|
|
|
:
|
Kali Linux.
|
|
|
:
|
Microsoft Windows (Computer file)
|
| Dewey Classification
|
:
|
005.8
|
| LC Classification
|
:
|
QA76.9.A25
|