Book Image

Advanced Infrastructure Penetration Testing

Book Image

Advanced Infrastructure Penetration Testing

Overview of this book

It has always been difficult to gain hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. This book will be your one-stop solution to compromising complex network devices and modern operating systems. This book provides you with advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN. With this book, you will explore exploitation abilities such as offensive PowerShell tools and techniques, CI servers, database exploitation, Active Directory delegation, kernel exploits, cron jobs, VLAN hopping, and Docker breakouts. Moving on, this book will not only walk you through managing vulnerabilities, but will also teach you how to ensure endpoint protection. Toward the end of this book, you will also discover post-exploitation tips, tools, and methodologies to help your organization build an intelligent security system. By the end of this book, you will have mastered the skills and methodologies needed to breach infrastructures and provide complete endpoint protection for your system.

Related Content you might be interested in

Current Title:

Small book image
Advanced Infrastructure Penetration Testing
Feb, 2018 | 396 pages
Small book image
Hands-On Penetration Testing with Kali NetHunter
Glen D Singh | SeanPhilip Oriyano
Feb, 2019 | 302 pages
Small book image
Network Protocols for Security Professionals
Deepanshu Khanna | Yoram Orzach
Oct, 2022 | 580 pages
Small book image
Mastering Kali Linux for Web Penetration Testing
Michael McPhee
Jun, 2017 | 338 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Introduction to Advanced Infrastructure Penetration Testing
Introduction to Advanced Infrastructure Penetration Testing
Information security overview
Hacking concepts and phases
Penetration testing overview
Pentesting standards and guidance
Penetration testing steps
Penetration testing limitations and challenges
Pentesting maturity and scoring model
Summary
2
Advanced Linux Exploitation
Advanced Linux Exploitation
Linux basics
Security models
Security controls
Linux attack vectors
Linux kernel exploitation
Buffer overflow prevention techniques
Linux hardening
Summary
3
Corporate Network and Database Exploitation
Corporate Network and Database Exploitation
Networking fundamentals
Open Systems Interconnection model
In-depth network scanning
Services enumeration
Sniffing attacks
DDoS attacks
Software-Defined Network penetration testing
Attacks on database servers
Summary
4
Active Directory Exploitation
Active Directory Exploitation
Active Directory
Single Sign-On
Kerberos authentication
Lightweight Directory Access Protocol
PowerShell and Active Directory
Active Directory attacks
Summary
5
Docker Exploitation
Docker Exploitation
Docker fundamentals
Docker exploitation
Docker bench security
Docker vulnerability static analysis with Clair
Building a penetration testing laboratory
Summary
6
Exploiting Git and Continuous Integration Servers
Exploiting Git and Continuous Integration Servers
Software development methodologies
Continuous integration
Continuous integration with GitHub and Jenkins
Continuous integration attacks
Continuous integration server penetration testing
Summary
7
Metasploit and PowerShell for Post-Exploitation
Metasploit and PowerShell for Post-Exploitation
Dissecting Metasploit Framework
Bypassing antivirus with the Veil-Framework
Writing your own Metasploit module
Metasploit Persistence scripts
Weaponized PowerShell with Metasploit
Defending against PowerShell attacks
Summary
8
VLAN Exploitation
VLAN Exploitation
Switching in networking
MAC attack
DHCP attacks
ARP attacks
VLAN attacks
Spanning Tree Protocol attacks
Summary
9
VoIP Exploitation
VoIP Exploitation
VoIP fundamentals
VoIP exploitation
VoLTE Exploitation
Summary
10
Insecure VPN Exploitation
Insecure VPN Exploitation
Cryptography
Hash functions and message integrity
Steganography
Key management
Cryptographic attacks
VPN fundamentals
Summary
11
Routing and Router Vulnerabilities
Routing and Router Vulnerabilities
Routing fundamentals
Exploiting routing protocols
Exploiting routers
Summary
12
Internet of Things Exploitation
Internet of Things Exploitation
The IoT ecosystem
IoT attack surfaces
Summary
13
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Sniffing attacks

Sniffing is the process of intercepting network traffic by turning the network interface card (NIC) to promiscuous mode, in order to be able to sniff the transmitted data. There are two types of network sniffing – active and passive sniffing:

  • Passive sniffing: This occurs at hub devices or switches without injecting any additional packets.
  • Active sniffing: This is done by injecting Address Resolution Protocol (ARP) packets into the network. The following are some active network sniffing attacks:
    • MAC flooding—this is the process of flooding the CAM table with random data until it is full
    • Switch port stealing

These two previous attacks could be avoided by allowing only one MAC address on the switch port and implementing port security.

  • ARP Poisoning: ARP is used to resolve MAC addresses. An attacker could forge the ARP requests to flood a switch...
Previous Section
End of Section 6
Next Section