Commencez à lire Metasploit: The Penetration Tester's Guide sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.
Metasploit: The Penetration Tester's Guide
 
Agrandissez cette image
 

Metasploit: The Penetration Tester's Guide [Format Kindle]

David Kennedy , Jim O'Gorman , Devon Kearns , Mati Aharoni
5.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)

Prix conseillé : EUR 32,59 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 41,54
Prix Kindle : EUR 22,81 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 18,73 (45%)

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 22,81  
Broché EUR 41,14  
Broché --  

Les clients ayant acheté cet article ont également acheté


Descriptions du produit

Présentation de l'éditeur

"The best guide to the Metasploit Framework."—HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.


Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.


Learn how to:


  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.


Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 2342 KB
  • Nombre de pages de l'édition imprimée : 332 pages
  • Pagination - ISBN de l'édition imprimée de référence : 159327288X
  • Editeur : No Starch Press; Édition : 1 (15 juillet 2011)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B005EI84KQ
  • Synthèse vocale : Activée
  • X-Ray :
  • Moyenne des commentaires client : 5.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)
  • Classement des meilleures ventes d'Amazon: n°91.454 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?


En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Quels sont les autres articles que les clients achètent après avoir regardé cet article?


Commentaires en ligne

4 étoiles
0
3 étoiles
0
2 étoiles
0
1 étoiles
0
5.0 étoiles sur 5
5.0 étoiles sur 5
Commentaires client les plus utiles
1 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Excellent 29 août 2011
Par Tinkerbell TOP 50 COMMENTATEURS
Format:Broché
Excellent livre, très complet. Montre bien toutes les bases et astuces de Meta. Rédigé en anglais, mais simple à suivre. Pas besoin d'acheter d'autre livre sur le sujet, il se suffit à lui-même.
Ouvre plein de possibilités !

Excellent book, very complete, no need to buy another book. Shows all the uses and details of Meta.
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.7 étoiles sur 5  80 commentaires
34 internautes sur 36 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 "Metasploit - The Penetration Tester's Guide" by Mati Aharoni, Devon Kearns, Jim O'Gorman, David Kennedy; No Starch Press 5 décembre 2011
Par Joe Colantonio - Publié sur Amazon.com
Format:Broché
I'm an accomplished test automation/performance engineer, but one area of testing that I'm pretty green at is penetration testing. Luckily, I came across Metasploit: The Penetration Tester's Guide, which is a book about penetration testing using the opensource Metasploit Framework testing and is a great introduction to security testing in general. Since I'm a complete novice when it comes to Metasploit, the book was great for getting me started with the basics of the framework. (A more experience Metasploit user, however, will probably want to read something a bit more advanced.)

The book assumes the reader has zero experience, and begins with a brief history of Metasploit and how to install it. Although you don't need to be a programmer to read it, most of the examples are written in Ruby and Python. You should also be familiar with Linux and how to set up VMs.

Overall, the book is written with a hands-on, tutorial-like style that is great for people like me who prefer to learn by doing. The book is a progression, beginning by establishing the methodologies/phases and terminology of penetration testing and an intro to the utilities and functions within the Metasploit framework. The first few chapters are a great help in getting up to speed on what penetration testing is and provide a nice overview of the different phases of a penetration test. The author then walks you through how to identify different types of vulnerabilities and how to exploit them using the tool. I really liked the sections on how to attack MS SQL, Browser-Based & File exploits and Social Engineering attacks. Many different modules of the framework are covered, as well as how to create a module. The book ends with a realistic simulation of an actual penetration test.

The author states that the book is "designed to teach you everything from the fundamentals of the Framework to advanced techniques in exploitation," and I believe the author excels in fulfilling that goal.

Note: I received a free copy of this book as part of the O'Reilly Blogger Review program.

Joe Colantonio
[...]
18 internautes sur 19 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 A worth reading book for introducing the framework to beginers. 28 janvier 2012
Par Roberto Medina - Publié sur Amazon.com
Format:Broché|Achat vérifié
The book covers the basics of using Metasploit with other related tools (SET and Fast-Track). If the reader is expecting to become a penetration tester expert by reading this book then I will say that the expectations are wrong. The author has managed to put in a single book the methodology used for penetration testing, named as PTES (Penetration Testing Execution Standard) and described as the redefined methodology for penetration testing and a general overview of the Metasploit framework, how it works, how is composed and how you can leverage the power of using this framework to make adaptations in different situations or scenarios. Also the author has recalled the fact that every situation is different and the penetration tester should deal with obstacles that he may find in the way to exploit a system.

The author begins the book by describing the PTES methodology and also referring the user to the penetration standard organization website in order to get more information (for people that are new in penetration testing). Then the author moves on with the metasploit basics, explaining the terminology and how the framework is composed. It also makes a brief explanation about Metasploit Express and Metasploit Pro. In the Chapter 2 the book deals with an important step (information gathering), if not the most important, when conducting a penetration test. People tend to overlook this step because sometimes it will not have the "expected" fun necessary but users should understand that the success of exploiting a system is the time spent on gathering information of the target. The information gathering process, in this book, covers the identification of the target and the discovery of different applications or possible attack vectors. In the very beginning of the book, in chapter 2, the author explain briefly how to import databases from other tools such as vulnerability scanners in order to conduct exploits with some kind of automation. Some people will remember the autopwn option in Metasploit, this option is not longer available anymore in the framework (the framework changes everytime). I really don't know the reason why. But, as to import hosts and related information from Nessus, Nexpose, nmap will be very helpful for the penetration tester.

The complexity will be a little bit higher with every new chapter. I think that more than explaining every single module, structure and syntax of commands of the framework the author has focused on how it works and set us the basics in order to get more experience in the tool by discovering what can we do with it, how we can add our features or modules and how we can use the framework with other tools such as SET and Fast-Track. I found useful the way the user explain how to create our own auxiliary, exploit modules within the framework using Ruby as the programming language(you will need some basics in programming in order to get the most of these chapters). The use of the mixins, the structure of the coding is something you will have to pay attention if you want to develop your own modules and tools within Metasploit. In chapter 8 the author begins with the interesting part. He explains the client-side attacks and introduces us to terms such as the heap and the other chapters will deal a little bit more with the stack. The reader must have some understanding of how you can perform a buffer overflow, how you can insert your code after exploiting a given application and how to introduce some stealth in your code in order to get around of the IPS, IDS and AV solutions. The author also explains the use of encoders in order to bypass security solutions. By the way, I have to mention that the meterpreter payload is detectable in a lot of security solutions so that's why the author encourages the reader to be more creative at the moment of target exploitation.

In conclusion, the book is a good one for beginners and to understand what the Metasploit framework is and how you can use it. Most of the material can be found in the project website but not at the same detail level as the book. The book will show you the basics of the framework, don't expect to become an expert after this. The basis will help you to understand how to leverage the functionality of the tool and how to create your own code, workaround some difficulties in the process and most of all encourage people to contribute to the tool. There are some things that the author assumes that the reader should know and therefore some chapters can become some confusing. But, take the references and give you the opportunity to practice with the tool and surely in the future you will manage to port exploits from other sources and develop your own code.
10 internautes sur 10 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Definitive Metasploit reference 3 janvier 2012
Par Ben Rothke - Publié sur Amazon.com
Format:Broché
People who design networks or build software applications are often oblivious to security faults that their designs may have. Those serious about information security will perform or will have an outside firm perform a penetration test--which is a way to evaluate how effective the security of a network or application is. Those performing a penetration test will imitate what an attacker would do in an adversarial situation to see how the system holds up.

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing. For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester's Guide is a valuable aid. Metasploit itself is an extremely powerful tool, but it is not an intui-tive piece of software.

While there's documentation on Metasploit available at the project Web site, the authors use the book to help the reader become more fluent in how to use the base Metasploit meth­odology to be an effective penetration tester.

The first two chapters provide an introduction to penetration testing and Metasploit. By chapter four, the reader is deep in the waters of penetration testing. The book progressively advances in complexity. And by the time the reader finishes chapter 17, he or she should have a high comfort level on how to use Metasploit.

The book is meant for someone who is technical and needs to be hands-on with Metasploit and really understand it. For firms that are looking to do their own penetration testing, Metasploit is a free open-source tool, also used by firms that charge for the service.

For those looking to jump on the Meta­sploit bandwagon, this book is a great way to do that.
4 internautes sur 4 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 A Must 28 avril 2013
Par Daniel Gligorov - Publié sur Amazon.com
Format:Broché
This is a must book for anybody out there in security filed! You can be beginner in security to understand it, its written so simple, but you have to be advanced in Systems and Networking to understand what you are doing. No need of programing experience at all, except for a single chapter, but if you are not interested in developing exploits but just using available ones you can skip that chapter. I cant say if its better or not with Metasploit Penetration Testing Cookbook book, they are very similar, but I can say these two books are only two book you need to read to understand Metasploit Framework.
4 internautes sur 4 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 A Must Have For Pen Testers As Well As IT/IS Folks 12 avril 2012
Par Alex Kah - Publié sur Amazon.com
Format:Format Kindle
It has obviously been said numerous times already in the comments that this book is a must have for Penetration Testers or anyone in Information Security. What hasn't been touched on as much is how much of a necessity this book is for any Information Technology or Information Services staff members. This book will provide a great footing for those not in Information Security so not only will you be able to communicate to the Security staff but you will have a basic understanding of what hackers and penetration testers will be attempting to exploit.

I can say first hand that all of the authors are top notch and all have given a lot to the Information Security community. Each and every author of this book has literally spent hundreds if not thousands of hours donating time to open source projects and/or technology articles related to InfoSec. You know you are going to get a top notch product when all of the authors would and have generated this type of material for free. They were not in this for the money so the content is 100% legit meaning no filler, no rushed content, and no content where the author doesn't understand what they are talking about.

I can't say enough how this book is really a great resource. It will provide anyone that is interested with a solid foundation of Metasploit which is definitely a tool used by white hats and black hats so understanding the basics goes a long way. Some of the Chapters even cover tools created by David Kennedy who is one of the authors. Also Chapter 1 is something that every Pen Tester on earth should read, re-read, and then re-read again as it lays down the standard of how things should be moving forward. I absolutely recommend this book and would say it is one of the better real world pentest/InfoSec related pieces of work that there is.

Congrats on a great book. I look forward to reading it again.
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique