Fully revised to include all new chapters on attacking cloud applications, industrial control systems, and recent vulnerabilities, you'll learn Metasploit's module system, conventions, and interfaces as you launch simulated attacks. The Metasploit Framework makes discovering, exploiting, and sharing systemic vulnerabilities quick and painless. But, this popular pentesting tool can be hard to grasp for first-time users. Written by some of the world's top hackers and security experts, Metasploit fills the gap by teaching you how to best harness the Framework and interact with its vibrant community of Metasploit open-source contributors. This indispensable guide's updated second edition introduces modules and commands recently added to the Metasploit Framework, along with new chapters on the Cloud Lookup (and Bypass) module and attacking IoT or SCADA (industrial) systems using the Mobius client module. You'll learn: modern pentesting techniques, including network reconnaissance and enumeration, the Metasploit Framework's conventions, interfaces, and module system, client-side attacks, wireless exploits, targeted social-engineering attacks. In a digital ecosystem increasingly driven by cloud-based and industrial attacks, the modern hacking techniques covered in Metasploit, 2nd Edition are essential for today's penetration testers.
Rezensionen / Stimmen
"Metasploit, 2nd Edition is a solid update to a book that's been a staple in the infosec community."
-Help Net Security
"This is an excellent book to help familiarize testers with one of the most popular security tools ever created. It will help guide you through familiar concepts and how they integrate into the broader security framework of Metasploit. An absolutely fantastic addition to any penetration tester's bookshelf."
-Menachem Rothbart, Principal Security Consultant, Hacker, OSCE3
"The Metasploit Framework has enrichments and features that can enhance your offensive security journey, and they're all covered in this book. Many users are acquainted with the pre-built exploitation and initial access use cases covered in the first edition, but this update includes new vulnerabilities, their associated modules, and the new frontier of cloud penetration testing. A practitioner's toolkit and environment may change, but the methodology remains the same."
-Billy Trobbiani, @billycontra, Red Team Engineer at Toast, Inc.
"Not just another Metasploit tutorial. The second edition of this comprehensive book walks you through each stage of a simulated penetration test, and shows you how to use Metasploit to its full potential. Plus, it is logically ordered and easy to follow."
-Andy "ApexPredator" Poole, OSEE, GSE
"[P]rovides invaluable insights for penetration testers seeking to enhance their skills and understanding using Metasploit. However, its benefits extend beyond penetration testers. In contrast, blue teamers can also leverage the same techniques and knowledge in this book to go behind enemy lines and identify gaps in their own security controls before they can be exploited by attackers using the same toolset."
-Josh Tristram, @jdtristram, Healthcare Blue Teamer
"An easy read that is more than a metasploit book. It covers beginner and intermediate concepts anyone interested in the offensive side of security should understand."
-Dave Curtin, security consultant, LRQA
Auflage
Sprache
Verlagsort
Zielgruppe
Produkt-Hinweis
Maße
Höhe: 232 mm
Breite: 177 mm
Dicke: 19 mm
Gewicht
ISBN-13
978-1-7185-0298-7 (9781718502987)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
Dave Kennedy, founder of Binary Defense and TrustedSec, is a cybersecurity leader who advised on the Emmy-winning series Mr. Robot. Mati Aharoni, OffSec founder, is a veteran penetration tester who has uncovered major security flaws. Devon Kearns co-founded the Exploit Database and Kali Linux. Jim O'Gorman heads the Kali Linux project at OffSec. Daniel G. Graham is a professor of computer science at the University of Virginia and a former program manager at Microsoft.
Foreword by HD Moore
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Fundamentals
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Analysis
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Client-Side Attacks
Chapter 9: Auxiliary Modules
Chapter 10: Social Engineering
Chapter 11: Wireless Attacks
Chapter 12: Porting Exploits to the Framework
Chapter 13: Building Your Own Modules
Chapter 14: Creating Your Own Exploits
Chapter 15: Simulated Penetration Test
Chapter 16: Pentesting the Cloud
Appendix A: Configuring Your Lab Environment
Appendix B: Cheat Sheet
