Book Image

Advanced Infrastructure Penetration Testing

Book Image

Advanced Infrastructure Penetration Testing

Overview of this book

It has always been difficult to gain hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. This book will be your one-stop solution to compromising complex network devices and modern operating systems. This book provides you with advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN. With this book, you will explore exploitation abilities such as offensive PowerShell tools and techniques, CI servers, database exploitation, Active Directory delegation, kernel exploits, cron jobs, VLAN hopping, and Docker breakouts. Moving on, this book will not only walk you through managing vulnerabilities, but will also teach you how to ensure endpoint protection. Toward the end of this book, you will also discover post-exploitation tips, tools, and methodologies to help your organization build an intelligent security system. By the end of this book, you will have mastered the skills and methodologies needed to breach infrastructures and provide complete endpoint protection for your system.

Related Content you might be interested in

Current Title:

Small book image
Advanced Infrastructure Penetration Testing
Feb, 2018 | 396 pages
Small book image
Hands-On Penetration Testing with Kali NetHunter
Glen D Singh | SeanPhilip Oriyano
Feb, 2019 | 302 pages
Small book image
Network Protocols for Security Professionals
Deepanshu Khanna | Yoram Orzach
Oct, 2022 | 580 pages
Small book image
Mastering Kali Linux for Web Penetration Testing
Michael McPhee
Jun, 2017 | 338 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Introduction to Advanced Infrastructure Penetration Testing
Introduction to Advanced Infrastructure Penetration Testing
Information security overview
Hacking concepts and phases
Penetration testing overview
Pentesting standards and guidance
Penetration testing steps
Penetration testing limitations and challenges
Pentesting maturity and scoring model
Summary
2
Advanced Linux Exploitation
Advanced Linux Exploitation
Linux basics
Security models
Security controls
Linux attack vectors
Linux kernel exploitation
Buffer overflow prevention techniques
Linux hardening
Summary
3
Corporate Network and Database Exploitation
Corporate Network and Database Exploitation
Networking fundamentals
Open Systems Interconnection model
In-depth network scanning
Services enumeration
Sniffing attacks
DDoS attacks
Software-Defined Network penetration testing
Attacks on database servers
Summary
4
Active Directory Exploitation
Active Directory Exploitation
Active Directory
Single Sign-On
Kerberos authentication
Lightweight Directory Access Protocol
PowerShell and Active Directory
Active Directory attacks
Summary
5
Docker Exploitation
Docker Exploitation
Docker fundamentals
Docker exploitation
Docker bench security
Docker vulnerability static analysis with Clair
Building a penetration testing laboratory
Summary
6
Exploiting Git and Continuous Integration Servers
Exploiting Git and Continuous Integration Servers
Software development methodologies
Continuous integration
Continuous integration with GitHub and Jenkins
Continuous integration attacks
Continuous integration server penetration testing
Summary
7
Metasploit and PowerShell for Post-Exploitation
Metasploit and PowerShell for Post-Exploitation
Dissecting Metasploit Framework
Bypassing antivirus with the Veil-Framework
Writing your own Metasploit module
Metasploit Persistence scripts
Weaponized PowerShell with Metasploit
Defending against PowerShell attacks
Summary
8
VLAN Exploitation
VLAN Exploitation
Switching in networking
MAC attack
DHCP attacks
ARP attacks
VLAN attacks
Spanning Tree Protocol attacks
Summary
9
VoIP Exploitation
VoIP Exploitation
VoIP fundamentals
VoIP exploitation
VoLTE Exploitation
Summary
10
Insecure VPN Exploitation
Insecure VPN Exploitation
Cryptography
Hash functions and message integrity
Steganography
Key management
Cryptographic attacks
VPN fundamentals
Summary
11
Routing and Router Vulnerabilities
Routing and Router Vulnerabilities
Routing fundamentals
Exploiting routing protocols
Exploiting routers
Summary
12
Internet of Things Exploitation
Internet of Things Exploitation
The IoT ecosystem
IoT attack surfaces
Summary
13
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Docker vulnerability static analysis with Clair

Clair is an open source project for the static analysis of vulnerabilities in Docker containers. It allows penetration testers to identify vulnerabilities in containers. You can find its official repository at https://github.com/coreos/clair.

The Clair project is composed of the following seven components, illustrated in the diagram:

  • Content detectors
  • Datastore
  • Vulnerability updaters
  • RESTful API
  • Notifiers
  • Clients
  • Vulnerabilities databases

To build a Dockernized environment, visit the official QUAY website https://quay.io/:

Complete your profile with the required information:

Create a new repository and choose its visibility:

Select a link to your repository, for example, I used a Dockerfile:

Wait until the building operation is finished:

If you click on the build, you will see the content of the Dockerfile:

Wait for couple...

Previous Section
End of Section 5
Next Section