Book description
A highly detailed guide to performing powerful attack vectors in many hands-on scenarios and defending significant security flaws in your company's infrastructure
About This Book
- Advanced exploitation techniques to breach modern operating systems and complex network devices
- Learn about Docker breakouts, Active Directory delegation, and CRON jobs
- Practical use cases to deliver an intelligent endpoint-protected system
Who This Book Is For
If you are a system administrator, SOC analyst, penetration tester, or a network engineer and want to take your penetration testing skills and security knowledge to the next level, then this book is for you. Some prior experience with penetration testing tools and knowledge of Linux and Windows command-line syntax is beneficial.
What You Will Learn
- Exposure to advanced infrastructure penetration testing techniques and methodologies
- Gain hands-on experience of penetration testing in Linux system vulnerabilities and memory exploitation
- Understand what it takes to break into enterprise networks
- Learn to secure the configuration management environment and continuous delivery pipeline
- Gain an understanding of how to exploit networks and IoT devices
- Discover real-world, post-exploitation techniques and countermeasures
In Detail
It has always been difficult to gain hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. This book will be your one-stop solution to compromising complex network devices and modern operating systems. This book provides you with advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN.
With this book, you will explore exploitation abilities such as offensive PowerShell tools and techniques, CI servers, database exploitation, Active Directory delegation, kernel exploits, cron jobs, VLAN hopping, and Docker breakouts. Moving on, this book will not only walk you through managing vulnerabilities, but will also teach you how to ensure endpoint protection.
Toward the end of this book, you will also discover post-exploitation tips, tools, and methodologies to help your organization build an intelligent security system.
By the end of this book, you will have mastered the skills and methodologies needed to breach infrastructures and provide complete endpoint protection for your system.
Style and approach
Your one-stop guide to mastering the skills and methodologies of breaching infrastructures and providing complete endpoint protection to your system.
Table of contents
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
-
Introduction to Advanced Infrastructure Penetration Testing
- Information security overview
- Hacking concepts and phases
- Penetration testing overview
- Pentesting standards and guidance
- Penetration testing steps
- Penetration testing limitations and challenges
- Pentesting maturity and scoring model
- Summary
-
Advanced Linux Exploitation
- Linux basics
- Security models
- Security controls
- Linux attack vectors
- Linux kernel exploitation
- Buffer overflow prevention techniques 
- Linux hardening
- Summary
- Corporate Network and Database Exploitation
-
Active Directory Exploitation
- Active Directory
- Single Sign-On 
- Kerberos authentication
- Lightweight Directory Access Protocol 
- PowerShell and Active Directory
-
Active Directory attacks
- PowerView
- Kerberos attacks
- Passwords in SYSVOL and group policy preferences
- 14-068 Kerberos vulnerability on a domain controller 
- Dumping all domain credentials with Mimikatz
- Pass the credential
- Dumping LSASS memory with Task Manager (get domain admin credentials)
- Dumping Active Directory domain credentials from an NTDS.dit file
- Summary
- Docker Exploitation
- Exploiting Git and Continuous Integration Servers
- Metasploit and PowerShell for Post-Exploitation
- VLAN Exploitation
- VoIP Exploitation
- Insecure VPN Exploitation
- Routing and Router Vulnerabilities
- Internet of Things Exploitation
- Other Books You May Enjoy
Product information
- Title: Advanced Infrastructure Penetration Testing
- Author(s):
- Release date: February 2018
- Publisher(s): Packt Publishing
- ISBN: 9781788624480
You might also like
book
The Art of Network Penetration Testing
Penetration testing is about more than just getting through a perimeter firewall. The biggest security threats …
book
Penetration Testing
In Penetration Testing, security researcher and trainer Georgia Weidman provides you with a survey of important …
book
AWS Penetration Testing
Get to grips with security assessment, vulnerability exploitation, workload security, and encryption with this guide to …
book
Kali Linux 2018: Assuring Security by Penetration Testing - Fourth Edition
Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its fourth …