Penetration testing a network requires a balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.
Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
http://rapidshare.com/files/97147579/Pen
Subscribe To
Posts
All Comments
The latest Windows security attack and defense strategies
"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell
Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnaissance of targets and then exploit common misconfigurations and software flaws on both clients and servers. See leading-edge exploitation techniques demonstrated, and learn how the latest countermeasures in Windows XP, Vista, and Server 2003/2008 can mitigate these attacks. Get practical advice based on the authors' and contributors' many years as security professionals hired to break into the world's largest IT infrastructures. Dramatically improve the security of Microsoft technology deployments of all sizes when you learn to:
*
Establish business relevance and context for security by highlighting real-world risks
* Take a tour of the Windows security architecture from the hacker's perspective, exposing old and new vulnerabilities that can easily be avoided
* Understand how hackers use reconnaissance techniques such as footprinting, scanning, banner grabbing, DNS queries, and Google searches to locate vulnerable Windows systems
* Learn how information is extracted anonymously from Windows using simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration techniques
* Prevent the latest remote network exploits such as password grinding via WMI and Terminal Server, passive Kerberos logon sniffing, rogue server/man-in-the-middle attacks, and cracking vulnerable services
* See up close how professional hackers reverse engineer and develop new Windows exploits
* Identify and eliminate rootkits, malware, and stealth software
* Fortify SQL Server against external and insider attacks
http://rapidshare.com/files/95517633/00
Symantec's chief antivirus researcher has written the definitive guide to contemporary virus threats, defense techniques, and analysis tools. Unlike most books on computer viruses, The Art of Computer Virus Research and Defense is a reference written strictly for white hats: IT and security professionals responsible for protecting their organizations against malware. Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more.
Szor presents the state-of-the-art in both malware and protection, providing the full technical detail that professionals need to handle increasingly complex attacks. Along the way, he provides extensive information on code metamorphism and other emerging techniques, so you can anticipate and prepare for future threats.
Szor also offers the most thorough and practical primer on virus analysis ever published—addressing everything from creating your own personal laboratory to automating the analysis process.
http://rapidshare.com/files/88918082/Th
Great Content from a Bestselling Author: The Linux Bible 2008 Edition is the best first Linux book for new or migrating users. By focusing on the building-block nature of Linux, and offering true up-to-date descriptions of Linux technology, the Bible helps the reader learn how to jump headlong into Linux, regardless of the Linux distribution they choose. Descriptions of different Linux distributions helps users choose the Linux distribution that's right for them. Detailed installation instructions, step-by-step descriptions of key desktop and server components, and the actual distributions on CD and DVD, let readers get started using Linux immediately. The Bible will serve a broad range of readers, from those starting with Linux to anyone looking to evaluate different Linux distributions. It also covers broad usage including Linux desktops, servers, and firewall/routers.
New features: Instead of just telling you about how the technology works, new "Bringing Linux In" sections describe how people have implemented Linux in the real world. New sections describe real-life examples, such as how:
A Small office created an inexpensive Web, print, and file server
A do-it-yourselfer combined Linux audio and video features to create a home multimedia center
A school build a computer lab with free educational software
A large corporation deployed thousands of Linux systems
http://rapidshare.com/files/100493473/W
"A fantastic book for anyone looking to learn the tools and techniques needed to break in and stay in." --Bruce Potter, Founder, The Shmoo Group
"Very highly recommended whether you are a seasoned professional or just starting out in the security business." --Simple Nomad, Hacker
Table of contents
Part I: Introduction to Ethical Disclosure
Chapter 1. Ethics of Ethical Hacking
Chapter 2. Ethical Hacking and the Legal System
Chapter 3. Proper and Ethical Disclosure
Part II: Penetration Testing and Tools
Chapter 4. Using Metasploit
Chapter 5. Using the BackTrack LiveCD Linux Distribution
Part III: Exploits 101
Chapter 6. Programming Survival Skills
Chapter 7. Basic Linux Exploits
Chapter 8. Advanced Linux Exploits
Chapter 9. Shellcode Strategies
Chapter 10. Writing Linux Shellcode
Chapter 11. Basic Windows Exploits
Part IV: Vulnerability Analysis
Chapter 12. Passive Analysis
Chapter 13. Advanced Static Analysis with IDA Pro
Chapter 14. Advanced Reverse Engineering
Chapter 15. Client-Side Browser Exploits
Chapter 16. Exploiting Windows Access Control Model for Local Elevation of Privilege
Chapter 17. Intelligent Fuzzing with Sulley
Chapter 18. From Vulnerability to Exploit
Chapter 19. Closing the Holes: Mitigation
Part V: Malware Analysis
Chapter 20. Collecting Malware and Initial Analysis
Chapter 21. Hacking Malware
http://rapidshare.com/files/97662809/Mc
This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.
This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSFs capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.
http://rapidshare.com/files/99592598/Sp
The Hacker Highschool project is the development of license-free, security and privacy awareness teaching materials and back-end support for teachers of elementary, junior high, and high school students.
Today's kids and teens are in a world with major communication and productivity channels open to them and they don't have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them just for using the Internet. This is the reason for Hacker Highschool.
In HHS, you will find lessons on utilizing Internet resources safely such as web privacy, chat protection, viruses and trojans (malware), and the over-all focus on how to recognize security problems on your computer. All lessons work with a free "live linux" CD which will boot off any PC with a CD-rom drive to perform the lessons. HHS is a great supplement to student course work or as part of after-school and club activities.
The HHS program is developed by ISECOM, a non-profit, open-source research group focused on security awareness and professional security development and accreditation.
A Table of contents & Glossary
Lesson 01 - Being a Hacker
Lesson 02 - Windows and Linux
Lesson 03 - Ports and Protocols
Lesson 04 - Services and Connections
Lesson 05 - System Identification
Lesson 06 - Malware (Viruses, Trojans, etc.)
Lesson 07 - Attack Analysis
Lesson 08 - Digital Forensics
Lesson 09 - E-mail Security and Privacy
Lesson 10 - Web Security and Privacy
Lesson 11 - Passwords
Lesson 12 - Internet Legalities and Ethics
http://rapidshare.com/files/68798228/Ha
A description and analysis of the vulnerabilities caused by programming errors in Web applications, this book is written from both from the attacker's and security specialist's perspective. Covered is detecting, investigating, exploiting, and eliminating vulnerabilities in Web applications as well as errors such as PHP source code injection, SQL injection, and XSS. The most common vulnerabilities in PHP and Perl scripts and methods of exploiting these weaknesses are described, information on writing intersite scripts and secure systems for the hosted sites, creating secure authorization systems, and bypassing authorization. Uncovered is how attackers can benefit from the hosted target and why an apparently normal-working application might be vulnerable.
http://rapidshare.com/files/83792993/Hw
Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of, once having found holes in a program, how to go about disassembling it without its source code. Covered are the hacking methods used to analyze programs using a debugger and disassembler. These methods include virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. Also covered are methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack. Advanced disassembler topics such as optimizing compilers and movable code are discussed as well.
Book Info
Text shows how to analyze programs without its source code, using a debugger and a disassembler. Covers hacking methods including virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. For intermediate to advanced level programmers.
http://rapidshare.com/files/88389336/Ha
