更新时间:2021-06-24 19:13:50
coverpage
Title Page
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Introduction to Advanced Infrastructure Penetration Testing
Information security overview
Confidentiality
Integrity
Availability
Least privilege and need to know
Defense in depth
Risk analysis
Information Assurance
Information security management program
Hacking concepts and phases
Types of hackers
Hacking phases
Reconnaissance
Passive reconnaissance
Active reconnaissance
Scanning
Port scanning
Network scanning
Vulnerability scanning
Gaining access
Maintaining access
Clearing tracks
Penetration testing overview
Penetration testing types
White box pentesting
Black box pentesting
Gray box pentesting
The penetration testing teams
Red teaming
Blue teaming
Purple teaming
Pentesting standards and guidance
Policies
Standards
Procedures
Guidance
Open Source Security Testing Methodology Manual
Information Systems Security Assessment Framework
Penetration Testing Execution Standard
Payment Card Industry Data Security Standard
Penetration testing steps
Pre-engagement
The objectives and scope
A get out of jail free card
Emergency contact information
Payment information
Non-disclosure agreement
Intelligence gathering
Public intelligence
Social engineering attacks
Physical analysis
Information system and network analysis
Human intelligence
Signal intelligence
Open source intelligence
Imagery intelligence
Geospatial intelligence
Threat modeling
Business asset analysis
Business process analysis
Threat agents analysis
Threat capability analysis
Motivation modeling
Vulnerability analysis
Vulnerability assessment with Nexpose
Installing Nexpose
Starting Nexpose
Start a scan
Exploitation
Post-exploitation
Infrastructure analysis
Pillaging
High-profile targets
Data exfiltration
Persistence
Further penetration into infrastructure
Cleanup
Reporting
Executive summary
Technical report
