Mastering Metasploit Fourth Edition
Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework
Packt(GCO Science)
2020년 06월 12일 출간
(개의 리뷰)
(
0%
의 구매자)
- eBook 상품 정보
- 파일 정보 PDF (35.84MB)
- ISBN 9781838985639
- 지원기기 교보eBook App, PC e서재, 리더기, 웹뷰어
-
교보eBook App
듣기(TTS) 불가능
TTS 란?텍스트를 음성으로 읽어주는 기술입니다.
- 전자책의 편집 상태에 따라 본문의 흐름과 다르게 텍스트를 읽을 수 있습니다.
- 이미지 형태로 제작된 전자책 (예 : ZIP 파일)은 TTS 기능을 지원하지 않습니다.
PDF 필기가능 (Android, iOS)
소득공제
소장
정가 : 27,000원
쿠폰적용가 24,300원
10% 할인 | 5%P 적립이 상품은 배송되지 않는 디지털 상품이며,
교보eBook앱이나 웹뷰어에서 바로 이용가능합니다.
카드&결제 혜택
- 5만원 이상 구매 시 추가 2,000P
- 3만원 이상 구매 시, 등급별 2~4% 추가 최대 416P
- 리뷰 작성 시, e교환권 추가 최대 200원
시리즈 전체 2권
Mastering Metasploit Fourth Edition
27,000
원
Mastering Metasploit Third Edition
22,000
원
작품소개
이 상품이 속한 분야
▶Book Description
Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit.
Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you’ll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework.
By the end of the book, you’ll have developed the skills you need to work confidently with efficient exploitation techniques
▶What You Will Learn
- Develop advanced and sophisticated auxiliary, exploitation, and post-exploitation modules
- Learn to script automated attacks using CORTANA
- Test services such as databases, SCADA, VoIP, and mobile devices
- Attack the client side with highly advanced pentesting techniques
- Bypass modern protection mechanisms, such as antivirus, IDS, and firewalls
- Import public exploits to the Metasploit Framework
- Leverage C and Python programming to effectively evade endpoint protection
▶Key Features
- Make your network robust and resilient with this updated edition covering the latest pentesting techniques
- Explore a variety of entry points to compromise a system while remaining undetected
- Enhance your ethical hacking skills by performing penetration tests in highly secure environments
▶Who This Book Is For
If you are a professional penetration tester, security engineer, or law enforcement analyst with basic knowledge of Metasploit, this book will help you to master the Metasploit framework and guide you in developing your exploit and module development skills. Researchers looking to add their custom functionalities to Metasploit will find this book useful. As Mastering Metasploit covers Ruby programming and attack scripting using Cortana, practical knowledge of Ruby and Cortana is required.
Updated for the latest version of Metasploit, this book will prepare you to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, Mastering Metasploit will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit.
Giving you the ability to perform tests on different services, including databases, IoT, and mobile, this Metasploit book will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you’ll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework.
By the end of the book, you’ll have developed the skills you need to work confidently with efficient exploitation techniques
▶What You Will Learn
- Develop advanced and sophisticated auxiliary, exploitation, and post-exploitation modules
- Learn to script automated attacks using CORTANA
- Test services such as databases, SCADA, VoIP, and mobile devices
- Attack the client side with highly advanced pentesting techniques
- Bypass modern protection mechanisms, such as antivirus, IDS, and firewalls
- Import public exploits to the Metasploit Framework
- Leverage C and Python programming to effectively evade endpoint protection
▶Key Features
- Make your network robust and resilient with this updated edition covering the latest pentesting techniques
- Explore a variety of entry points to compromise a system while remaining undetected
- Enhance your ethical hacking skills by performing penetration tests in highly secure environments
▶Who This Book Is For
If you are a professional penetration tester, security engineer, or law enforcement analyst with basic knowledge of Metasploit, this book will help you to master the Metasploit framework and guide you in developing your exploit and module development skills. Researchers looking to add their custom functionalities to Metasploit will find this book useful. As Mastering Metasploit covers Ruby programming and attack scripting using Cortana, practical knowledge of Ruby and Cortana is required.
▶TABLE of CONTENTS
▷ Section 1 ? Preparation and Development
-Chapter 1: Approaching a Penetration Test Using Metasploit
-Chapter 2: Reinventing Metasploit
-Chapter 3: The Exploit Formulation Process
-Chapter 4: Porting Exploits
▷ Section 2 ? The Attack Phase
-Chapter 5: Testing Services with Metasploit
-Chapter 6: Virtual Test Grounds and Staging
-Chapter 7: Client-Side Exploitation
▷ Section 3 ? Post-Exploitation and Evasion
-Chapter 8: Metasploit Extended
-Chapter 9: Evasion with Metasploit
-Chapter 10: Metasploit for Secret Agents
-Chapter 11: Visualizing Metasploit
-Chapter 12: Tips and Tricks
▷ Section 1 ? Preparation and Development
-Chapter 1: Approaching a Penetration Test Using Metasploit
-Chapter 2: Reinventing Metasploit
-Chapter 3: The Exploit Formulation Process
-Chapter 4: Porting Exploits
▷ Section 2 ? The Attack Phase
-Chapter 5: Testing Services with Metasploit
-Chapter 6: Virtual Test Grounds and Staging
-Chapter 7: Client-Side Exploitation
▷ Section 3 ? Post-Exploitation and Evasion
-Chapter 8: Metasploit Extended
-Chapter 9: Evasion with Metasploit
-Chapter 10: Metasploit for Secret Agents
-Chapter 11: Visualizing Metasploit
-Chapter 12: Tips and Tricks
▶What this book covers
- Chapter 1, Approaching a Penetration Test Using Metasploit, takes us through the absolute basics of conducting a penetration test with Metasploit. It helps in establishing an approach and setting up the environment for testing. Moreover, it takes us through the various stages of a penetration test systematically. It further discusses the advantages of using Metasploit over traditional and manual testing.
- Chapter 2, Reinventing Metasploit, covers the absolute basics of Ruby programming essentials that are required for module building in Metasploit. This chapter further covers how to dig into existing Metasploit modules and write our custom scanner, authentication tester, post-exploitation, and credential harvester modules; finally, it builds on our progress by throwing light on developing custom modules in Railgun.
- Chapter 3, The Exploit Formulation Process, discusses how to build exploits by covering the essentials of exploit writing. This chapter also introduces fuzzing and throws light on debuggers too. It then focuses on gathering essentials for exploitation by analyzing the application's behavior under a debugger. It finally shows the exploit-writing process in Metasploit based on the information collected and discusses bypasses for protection mechanisms such as SEH and DEP.
- Chapter 4, Porting Exploits, helps to convert publicly available exploits into the Metasploit framework. This chapter focuses on gathering essentials from the available exploits written in Perl/Python and PHP, along with server-based exploits, by interpreting the essential information with a Metasploit-compatible module using Metasploit libraries and functions.
- Chapter 5, Testing Services with Metasploit, carries our discussion on performing a penetration test over various services. This chapter covers some crucial modules in Metasploit that help in testing SCADA, database, and VOIP services.
- Chapter 6, Virtual Test Grounds and Staging, is a brief discussion on carrying out a complete penetration test using Metasploit. This chapter focuses on additional tools that can work along with Metasploit to conduct a comprehensive penetration test. The chapter advances by discussing popular tools including Nmap and OpenVAS while explaining the use of these tools within Metasploit itself. It discusses Active Directory testing and generating manual and automated reports.
- Chapter 7, Client-Side Exploitation, shifts our focus to client-side exploits. This chapter focuses on modifying the traditional client-side exploits into a much more sophisticated and precise approach. The chapter starts with browser-based and file-format-based exploits and discusses compromising the users of a web server. It also explains the modification of browser exploits into a lethal weapon using Metasploit. Along with this, it discusses Arduino devices and their combined usage with Metasploit. Toward the end, the chapter focuses on developing strategies to exploit Android and using Kali NetHunter.
- Chapter 8, Metasploit Extended, talks about basic and advanced post-exploitation features of Metasploit, escalating privileges, using transports, and much more. The chapter advances by discussing the necessary post-exploitation features available on the Meterpreter payload and moves to examining the advanced and hardcore post-exploitation modules. Not only does this chapter help provide quick know-how about speeding up the penetration testing process, but it also uncovers many features of Metasploit that save a healthy amount of time while scripting exploits. By the end, the chapter also discusses automating the post-exploitation process.
...
▶ Preface
Penetration testing and security assessments are necessities for businesses today. With the rise of cyber and computer-based crime in the past few years, penetration testing has become one of the core aspects of network security. It helps in keeping a business secure from internal as well as external threats. The reason that penetration testing is a necessity is that it helps in uncovering the potential flaws in a network, a system, or an application.
Moreover, it helps in identifying weaknesses and threats from an attacker's perspective. Various inherent flaws in a system are exploited to find out the impact they can cause to an organization and to assess the risk factors to the assets as well. However, the success rate of a penetration test depends mostly on the knowledge of the tester about the target under test. Therefore, we generally approach a penetration test using two different methods: black-box testing and white-box testing. Black-box testing refers to a scenario where there is no prior knowledge of the target under test. Therefore, a penetration tester kicks off testing by collecting information about the target systematically. By contrast, in the case of a white-box penetration test, the penetration tester has enough knowledge about the target under test, and they start by identifying known and unknown weaknesses of the target. Generally, a penetration test is divided into seven different phases, as follows:
? Pre-engagement interactions: This phase defines all the pre-engagement activities and scope definitions ? basically, everything you need to discuss with the client before the testing starts.
? Intelligence gathering: This phase is all about collecting information about the target under test by connecting to the target directly, and passively, without connecting to the target at all.
? Threat modeling: This phase involves matching the information detected with the assets to find the areas with the highest threat level.
? Vulnerability analysis: This involves finding and identifying known and unknown vulnerabilities and validating them.
? Exploitation: This phase involves taking advantage of the vulnerabilities found in the previous stage and typically means that we are trying to gain access to the target.
? Post exploitation: The actual task to be performed on the target, which might involve downloading a file, shutting down a system, creating a new user account on the target, and so on, are parts of this phase. Generally, this phase describes what you need to do after exploitation.
? Reporting: This phase includes summing up the results of the test in a file and the possible suggestions and recommendations to fix the current weaknesses in the target.
The seven stages just mentioned may look more natural when there is a single target under test. However, the situation completely changes when a vast network that contains hundreds of systems are to be tested. Therefore, in a case like this, manual work is to be replaced with an automated approach. Consider a scenario where the number of systems under test is precisely 100, and all systems are running the same operating system and services. Testing every system manually will consume much time and energy. Situations like these demand the use of a penetration testing framework. Using a penetration testing framework will not only save time but will also offer much more flexibility regarding changing the attack vectors and covering a much more comprehensive range of targets through the test. A penetration testing framework will eliminate additional time consumption and will also help in automating most of the attack vectors, scanning processes, identifying vulnerabilities, and, most importantly, exploiting the vulnerabilities, thus saving time and pacing a penetration test. This is where Metasploit kicks in.
...
작가정보
저자(글) Nipun Jaswal
Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.
이 상품의 총서
Klover리뷰 (0)
Klover리뷰 안내
Klover(Kyobo-lover)는 교보를 애용해 주시는 고객님들이 남겨주신 평점과 감상을 바탕으로, 다양한 정보를 전달하는 교보문고의 리뷰 서비스입니다.
1. 리워드 안내
구매 후 90일 이내에 평점 작성 시 e교환권 100원을 적립해 드립니다.
- - e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- - 리워드는 5,000원 이상 eBook, 오디오북, 동영상에 한해 다운로드 완료 후 리뷰 작성 시 익일 제공됩니다. (2024년 9월 30일부터 적용)
- - 리워드는 한 상품에 최초 1회만 제공됩니다.
- - sam 이용권 구매 상품 / 선물받은 eBook은 리워드 대상에서 제외됩니다.
2. 운영 원칙 안내
Klover리뷰를 통한 리뷰를 작성해 주셔서 감사합니다. 자유로운 의사 표현의 공간인 만큼 타인에 대한 배려를 부탁합니다. 일부 타인의 권리를 침해하거나 불편을 끼치는 것을 방지하기 위해 아래에 해당하는 Klover 리뷰는 별도의 통보 없이 삭제될 수 있습니다.
- 도서나 타인에 대해 근거 없이 비방을 하거나 타인의 명예를 훼손할 수 있는 리뷰
- 도서와 무관한 내용의 리뷰
- 인신공격이나 욕설, 비속어, 혐오 발언이 개재된 리뷰
- 의성어나 의태어 등 내용의 의미가 없는 리뷰
구매 후 리뷰 작성 시, e교환권 100원 적립
문장수집
문장수집 안내
문장수집은 고객님들이 직접 선정한 책의 좋은 문장을 보여 주는 교보문고의 새로운 서비스 입니다. 교보eBook 앱에서 도서 열람 후 문장 하이라이트 하시면 직접 타이핑 하실 필요 없이 보다 편하게 남길 수 있습니다. 마음을 두드린 문장들을 기록하고 좋은 글귀들은 ‘좋아요’ 하여 모아보세요. 도서 문장과 무관한 내용 등록 시 별도 통보없이 삭제될 수 있습니다.
리워드 안내
- 구매 후 90일 이내에 문장 수집 등록 시 e교환권 100원을 적립해 드립니다.
- e교환권은 적립일로부터 180일 동안 사용 가능합니다.
- 리워드는 5,000원 이상 eBook에 한해 다운로드 완료 후 문장수집 등록 시 제공됩니다. (2024년 9월 30일부터 적용)
- 리워드는 한 상품에 최초 1회만 제공됩니다.
- sam 이용권 구매 상품 / 선물받은 eBook / 오디오북·동영상 상품/주문취소/환불 시 리워드 대상에서 제외됩니다.
구매 후 문장수집 작성 시, e교환권 100원 적립
교보eBook 첫 방문을 환영 합니다!
신규가입 혜택 지급이 완료 되었습니다.
바로 사용 가능한 교보e캐시 1,000원 (유효기간 7일)
지금 바로 교보eBook의 다양한 콘텐츠를 이용해 보세요!
신간 알림 안내
Mastering Metasploit
시리즈 신간 알림이 신청되었습니다.
신간 알림 안내
Mastering Metasploit
시리즈 신간 알림이 취소되었습니다.
리뷰작성
- 구매 후 90일 이내 작성 시, e교환권 100원 (최초1회)
- 리워드 제외 상품 : 마이 > 라이브러리 > Klover리뷰 > 리워드 안내 참고
- 콘텐츠 다운로드 또는 바로보기 완료 후 리뷰 작성 시 익일 제공
감성 태그
가장 와 닿는 하나의 키워드를 선택해주세요.
사진 첨부(선택)
0 / 5
총 5MB 이하로 jpg,jpeg,png 파일만 업로드 가능합니다.
신고/차단
신고 사유를 선택해주세요.
신고 내용은 이용약관 및 정책에 의해 처리됩니다.
허위 신고일 경우, 신고자의 서비스 활동이 제한될 수
있으니 유의하시어 신중하게 신고해주세요.
이 글을 작성한 작성자의 모든 글은 블라인드 처리 됩니다.
문장수집 작성
구매 후 90일 이내 작성 시, e교환권 100원 적립
eBook 문장수집은 웹에서 직접 타이핑 가능하나, 모바일 앱에서 도서를 열람하여 문장을 드래그하시면 직접 타이핑 하실 필요 없이 보다 편하게 남길 수 있습니다.
P.
Mastering Metasploit Fourth Edition
Exploit systems, cover your tracks, and bypass security controls with the Metasploit 5.0 framework
저자 모두보기
저자(글)
낭독자 모두보기
sam 이용권 선택
님이 보유하신 이용권입니다.
차감하실 sam이용권을 선택하세요.
차감하실 sam이용권을 선택하세요.
sam 이용권 선택
님이 보유하신 이용권입니다.
차감하실 sam이용권을 선택하세요.
차감하실 sam이용권을 선택하세요.
sam 이용권 선택
님이 보유하신 프리미엄 이용권입니다.
선물하실 sam이용권을 선택하세요.
선물하실 sam이용권을 선택하세요.
결제완료
e캐시 원 결제
계속 하시겠습니까?
교보 e캐시 간편 결제
sam 열람권 선물하기
-
보유 권수 / 선물할 권수0권 / 1권
-
받는사람 이름받는사람 휴대전화
- 구매한 이용권의 대한 잔여권수를 선물할 수 있습니다.
- 열람권은 1인당 1권씩 선물 가능합니다.
- 선물한 열람권이 ‘미등록’ 상태일 경우에만 ‘열람권 선물내역’화면에서 선물취소 가능합니다.
- 선물한 열람권의 등록유효기간은 14일 입니다.
(상대방이 기한내에 등록하지 않을 경우 소멸됩니다.) - 무제한 이용권일 경우 열람권 선물이 불가합니다.
이 상품의 총서 전체보기
네이버 책을 통해서 교보eBook 첫 구매 시
교보e캐시 지급해 드립니다.
교보e캐시 지급해 드립니다.
- 첫 구매 후 3일 이내 다운로드 시 익일 자동 지급
- 한 ID당 최초 1회 지급 / sam 이용권 제외
- 네이버 책을 통해 교보eBook 구매 이력이 없는 회원 대상
- 교보e캐시 1,000원 지급 (유효기간 지급일로부터 7일)
구글바이액션을 통해서 교보eBook
첫 구매 시 교보e캐시 지급해 드립니다.
첫 구매 시 교보e캐시 지급해 드립니다.
- 첫 구매 후 3일 이내 다운로드 시 익일 자동 지급
- 한 ID당 최초 1회 지급 / sam 이용권 제외
- 구글바이액션을 통해 교보eBook 구매 이력이 없는 회원 대상
- 교보e캐시 1,000원 지급 (유효기간 지급일로부터 7일)