Kazan Federal University Digital Repository
Becoming the hacker: the playbook for getting inside the mind of an attacker Expert insight./ Adrian Pruteanu.
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Pruteanu Adrian | |
| dc.date.accessioned | 2024-01-26T21:38:02Z | |
| dc.date.available | 2024-01-26T21:38:02Z | |
| dc.date.issued | 2019 | |
| dc.identifier.citation | Pruteanu. Becoming the hacker: the playbook for getting inside the mind of an attacker Expert insight. - Birmingham: Packt Publishing Ltd, 2019 - 1 online resource (405 p.) - URL: https://libweb.kpfu.ru/ebsco/pdf/2016348.pdf | |
| dc.identifier.isbn | 1788623754 | |
| dc.identifier.isbn | 9781788623759 | |
| dc.identifier.uri | https://dspace.kpfu.ru/xmlui/handle/net/178515 | |
| dc.description | Description based upon print version of record. | |
| dc.description | Includes bibliographical references and index. | |
| dc.description.abstract | Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies. | |
| dc.description.tableofcontents | Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing | |
| dc.description.tableofcontents | Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario | |
| dc.description.tableofcontents | Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary | |
| dc.description.tableofcontents | Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication | |
| dc.description.tableofcontents | API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index | |
| dc.language | English | |
| dc.language.iso | en | |
| dc.publisher | Birmingham Packt Publishing Ltd | |
| dc.relation.ispartofseries | Expert insight | |
| dc.relation.ispartofseries | Expert insight. | |
| dc.subject.other | Penetration testing (Computer security) | |
| dc.subject.other | Computer security. | |
| dc.subject.other | Computers -- Access control. | |
| dc.subject.other | Computer networks -- Security measures. | |
| dc.subject.other | Hacking. | |
| dc.subject.other | COMPUTERS / Security / Networking. | |
| dc.subject.other | Electronic books. | |
| dc.title | Becoming the hacker: the playbook for getting inside the mind of an attacker Expert insight./ Adrian Pruteanu. | |
| dc.type | Book | |
| dc.description.pages | 1 online resource (405 p.) | |
| dc.collection | Электронно-библиотечные системы | |
| dc.source.id | EN05CEBSCO05C1343 |
войти