Аннотация
So who is this book for? This is the book I wish existed when I f i rst started my Information Technology career. It is for penetration testers, red teamers, network defenders (blue teamers), and system administrators.
For penetration testers, understanding how to bend traff i c to explore networks during a pene-tration test allows you to reach the dark corners of an organization. The ability to scan new hosts, through compromised hosts, means you do not have to drop tools to disk and risk getting caught.
Plus, these techniques and concepts will set you apart from the everyday penetration tester.
As blue teamers, understanding how attackers pivot and move laterally within your network aids in breach response and encourages you to think in graphs and not lists (link). It also provides a heads up on how attackers may be utilizing native and signed Windows executables to pivot throughout your network.
For system administrators, knowing how to limit exposure to services and web administration portals is essential to minimizing your attack surface. Why expose that/adminlogin page to the Internet when we can leverage an SSH tunnel and a reverse web proxy to prevent that?
This book is not an all-encompassing tour of every tool and technique, but rather a sample of the most popular ones and how they can be leveraged to aid in your daily tasks. After reading this book, you will be comfortable with the fundamentals, so when a new tool or technique is released, you can easily consume and understand it. This book assumes you have some experience with Secure Shell (SSH), basic networking concepts, and basic command line environments for Windows and Linux. For the red team and penetration testing focused crowd, familiarity with the Metasploit Framework is assumed and will not be covered.
This book starts off by introducing some commands and basic networking concepts. With that baseline established, we dive into SSH local port forwards, SSH remote port forwards, SOCKS proxies, and wrap up by exposing alternative tools for both Linux and Windows and some awesome advanced topics. At the end, you will be a certif i ed Cyber Plumber that can move or detect bits between any boxes!
Комментарии к книге "The Cyber Plumber’s Handbook"