Đừng đi hack các mục tiêu online không có thẩm quyền, hãy tự dựng lab để mà hack.
Bạn nào muốn tự nghiên cứu, cũng dựng lab để mà hack.
Bạn nào muốn tập làm võ sĩ máy tính hay “giang hồ mạng” hãy tự build lab để mà luyện
Đây là sách viết bởi giảng viên môn LPT của EC-Council, Kelvin Cadwell.
Download tại đây (admin down từ internet), ai muốn dùng bản xịn ủng hộ tác giả hãy vào mua tren amazon hay iclass của ECC.
What this book covers
Chapter 1, Introducing Penetration Testing, provides an introduction to
what pentesting is and an explanation that pentesting is a component of
professional security testing, and it is a validation of vulnerabilities. This
means “exploitation”, and in most cases, in a contracted pentest, the
client does not have a clear understanding of this.
Chapter 2, Choosing the Virtual Environment, discusses the different
virtual environment platforms there are to choose from. We also look at
most of the main virtual technology platforms that exist.
Chapter 3, Planning a Range, explains what is required to plan a test
environment. We also discuss the process of searching and finding
vulnerabilities to test and creating a lab environment to test a type of
Chapter 4, Identifying Range Architecture, defines the composition of the
range and the process of creating the network structure. Following this, a
number of different components are introduced and then connected to
Chapter 5, Identifying a Methodology, explores a sample group of a
number of testing methodologies. The format and steps of this sample
set will be presented so that as a tester, you can make a comparison and
adapt a methodology.
Chapter 6, Creating an External Attack Architecture, builds a layered
architecture and performs a systematic process and methodology for
conducting an external test. Additionally, you will learn how to deploy
protection measures and carry out testing to see how effective the
protection measures are.
Chapter 7, Assessment of Devices, presents the challenges of testing
devices. This section includes the techniques for testing weak filtering as
well as the methods of penetrating the various defenses when possible.
Chapter 8, Architecting an IDS/IPS Range, investigates the deployment
of the Snort IDS and a number of host-based security protections. Once
deployed, a number of evasion techniques are explored to evade the
Chapter 9, Assessment of Web Servers and Web Applications, explores
the installation of web servers and applications. You will follow a testing
strategy to evaluate the servers and their applications.
Chapter 10, Testing Flat and Internal Networks, explores the process for
testing flat and internal networks. The use of vulnerability scanners is
explored and scanning with or without credentials is compared.
Chapter 11, Attacking Servers, identifies the methods we use to attack
services and servers. The most common attack vector we will see is the
web applications that are running on a web server.
Chapter 12, Exploring Client-side Attack Vectors, presents the main
vectors of attack against the network, and that is from the client side. You
will explore the methods that can be used to trick a client into accessing a
Chapter 13, Building a Complete Cyber Range, is where you put all of the
concepts together and create a range for testing. Throughout the chapter,
you will deploy decoys and practice against them