Becoming the hacker : the playbook for getting inside the mind of an attacker / Adrian Pruteanu.

Includes bibliographical references and index.

Online resource; title from PDF title page (EBSCO, April 3, 2019).

Print version record.

Cover; Copyright; Packt upsell; Contributors; Table of Contents; Preface; Chapter 1 -- Introduction to Attacking Web Applications; Rules of engagement; Communication; Privacy considerations; Cleaning up; The tester's toolkit; Kali Linux; Kali Linux alternatives; The attack proxy; Burp Suite; Zed Attack Proxy; Cloud infrastructure; Resources; Exercises; Summary; Chapter 2 -- Efficient Discovery; Types of assessments; Target mapping; Masscan; WhatWeb; Nikto; CMS scanners; Efficient brute-forcing; Content discovery; Burp Suite; OWASP ZAP; Gobuster; Persistent content discovery; Payload processing

Polyglot payloadsSame payload, different context; Code obfuscation; Resources; Exercises; Summary; Chapter 3 -- Low-Hanging Fruit; Network assessment; Looking for a way in; Credential guessing; A better way to shell; Cleaning up; Resources; Summary; Chapter 4 -- Advanced Brute-forcing; Password spraying; LinkedIn scraping; Metadata; The cluster bomb; Behind seven proxies; Torify; Proxy cannon; Summary; Chapter 5 -- File Inclusion Attacks; RFI; LFI; File inclusion to remote code execution; More file upload issues; Summary; Chapter 6 -- Out-of-Band Exploitation; A common scenario

Command and controlLet's Encrypt Communication; INet simulation; The confirmation; Async data exfiltration; Data inference; Summary; Chapter 7 -- Automated Testing; Extending Burp; Authentication and authorization abuse; The Autorize flow; The Swiss Army knife; sqlmap helper; Web shells; Obfuscating code; Burp Collaborator; Public Collaborator server; Service interaction; Burp Collaborator client; Private Collaborator server; Summary; Chapter 8 -- Bad Serialization; Abusing deserialization; Attacking custom protocols; Protocol analysis; Deserialization exploit; Summary

Chapter 9 -- Practical Client-Side AttacksSOP; Cross-origin resource sharing; XSS; Reflected XSS; Persistent XSS; DOM-based XSS; CSRF; BeEF; Hooking; Social engineering attacks; The keylogger; Persistence; Automatic exploitation; Tunneling traffic; Summary; Chapter 10 -- Practical Server-Side Attacks; Internal and external references; XXE attacks; A billion laughs; Request forgery; The port scanner; Information leak; Blind XXE; Remote code execution; Interactive shells; Summary; Chapter 11 -- Attacking APIs; API communication protocols; SOAP; REST; API authentication; Basic authentication

API keysBearer authentication; JWTs; JWT quirks; Burp JWT support; Postman; Installation; Upstream proxy; The environment; Collections; Collection Runner; Attack considerations; Summary; Chapter 12 -- Attacking CMS; Application assessment; WPScan; sqlmap; Droopescan; Arachni web scanner; Backdooring the code; Persistence; Credential exfiltration; Summary; Chapter 13 -- Breaking Containers; Vulnerable Docker scenario; Foothold; Situational awareness; Container breakout; Summary; Other Books You May Enjoy; Index

Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies.

eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - Worldwide