Willkommen, schön sind Sie da!
Logo Ex Libris

Wireshark for Security Professionals
Jessey Bullock , Jeff T. Parker

Master Wireshark to solve real-world security problems If you don't already use Wireshark for a wide range of information security... Weiterlesen
Kartonierter Einband (Kt), 272 Seiten  Weitere Informationen
CHF 75.00
Auslieferung erfolgt in der Regel innert 4 bis 5 Werktagen.

Beschreibung

Master Wireshark to solve real-world security problems If you don't already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment. Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples. Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, and the Metasploit Framework, the open-source framework for security testing. Lab-based virtual systems generate network traffic for analysis, investigation and demonstration. In addition to following along with the labs you will be challenged with end-of-chapter exercises to expand on covered material. Lastly, this book explores Wireshark with Lua, the light-weight programming language. Lua allows you to extend and customize Wireshark's features for your needs as a security professional. Lua source code is available both in the book and online. Lua code and lab source code are available online through GitHub, which the book also introduces. The book's final two chapters greatly draw on Lua and TShark, the command-line interface of Wireshark. By the end of the book you will gain the following: Master the basics of Wireshark Explore the virtual w4sp-lab environment that mimics a real-world network Gain experience using the Debian-based Kali OS among other systems Understand the technical details behind network attacks Execute exploitation and grasp offensive and defensive activities, exploring them through Wireshark Employ Lua to extend Wireshark features and create useful scripts To sum up, the book content, labs and online material, coupled with many referenced sources of PCAP traces, together present a dynamic and robust manual for information security professionals seeking to leverage Wireshark.

Klappentext

Leverage Wireshark, Lua and Metasploit to solve any security challenge
Wireshark is arguably one of the most versatile networking tools available, allowing microscopic examination of almost any kind of network activity. This book is designed to help you quickly navigate and leverage Wireshark effectively, with a primer for exploring the Wireshark Lua API as well as an introduction to the Metasploit Framework.
Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to any Infosec position, providing detailed, advanced content demonstrating the full potential of the Wireshark tool. Coverage includes the Wireshark Lua API, Networking and Metasploit fundamentals, plus important foundational security concepts explained in a practical manner. You are guided through full usage of Wireshark, from installation to everyday use, including how to surreptitiously capture packets using advanced MiTM techniques. Practical demonstrations integrate Metasploit and Wireshark demonstrating how these tools can be used together, with detailed explanations and cases that illustrate the concepts at work. These concepts can be equally useful if you are performing offensive reverse engineering or performing incident response and network forensics. Lua source code is provided, and you can download virtual lab environments as well as PCAPs allowing them to follow along and gain hands on experience. The final chapter includes a practical case study that expands upon the topics presented to provide a cohesive example of how to leverage Wireshark in a real world scenario. * Understand the basics of Wireshark and Metasploit within the security space * Integrate Lua scripting to extend Wireshark and perform packet analysis * Learn the technical details behind common network exploitation * Packet analysis in the context of both offensive and defensive security research
Wireshark is the standard network analysis tool used across many industries due to its powerful feature set and support for numerous protocols. When used effectively, it becomes an invaluable tool for any security professional, however the learning curve can be steep. Climb the curve more quickly with the expert insight and comprehensive coverage in Wireshark for Security Professionals.



Inhalt
Introduction xiii Chapter 1 Introducing Wireshark 1 What Is Wireshark? 2 A Best Time to Use Wireshark? 2 Avoiding Being Overwhelmed 3 The Wireshark User Interface 3 Packet List Pane 5 Packet Details Pane 6 Packet Bytes Pane 8 Filters 9 Capture Filters 9 Display Filters 13 Summary 17 Exercises 18 Chapter 2 Setting Up the Lab 19 Kali Linux 20 Virtualization 22 Basic Terminology and Concepts 23 Benefi ts of Virtualization 23 VirtualBox 24 Installing VirtualBox 24 Installing the VirtualBox Extension Pack 31 Creating a Kali Linux Virtual Machine 33 Installing Kali Linux 40 The W4SP Lab 46 Requirements 46 A Few Words about Docker 47 What Is GitHub? 48 Creating the Lab User 49 Installing the W4SP Lab on the Kali Virtual Machine 50 Setting Up the W4SP Lab 53 The Lab Network 54 Summary 55 Exercises 56 Chapter 3 The Fundamentals 57 Networking 58 OSI Layers 58 Networking between Virtual Machines 61 Security 63 The Security Triad 63 Intrusion Detection and Prevention Systems 63 False Positives and False Negatives 64 Malware 64 Spoofi ng and Poisoning 66 Packet and Protocol Analysis 66 A Protocol Analysis Story 67 Ports and Protocols 71 Summary 73 Exercises 74 Chapter 4 Capturing Packets 75 Sniffi ng 76 Promiscuous Mode 76 Starting the First Capture 78 TShark 82 Dealing with the Network 86 Local Machine 87 Sniffi ng Localhost 88 Sniffi ng on Virtual Machine Interfaces 92 Sniffi ng with Hubs 96 SPAN Ports 98 Network Taps 101 Transparent Linux Bridges 103 Wireless Networks 105 Loading and Saving Capture Files 108 File Formats 108 Ring Buffers and Multiple Files 111 Recent Capture Files 116 Dissectors 118 W4SP Lab: Managing Nonstandard HTTP Traffi c 118 Filtering SMB Filenames 120 Packet Colorization 123 Viewing Someone Else's Captures 126 Summary 127 Exercises 128 Chapter 5 Diagnosing Attacks 129 Attack Type: Man-in-the-Middle 130 Why MitM Attacks Are Effective 130 How MitM Attacks Get Done: ARP 131 W4SP Lab: Performing an ARP MitM Attack 133 W4SP Lab: Performing a DNS MitM Attack 141 How to Prevent MitM Attacks 147 Attack Type: Denial of Service 148 Why DoS Attacks Are Effective 149 How DoS Attacks Get Done 150 How to Prevent DoS Attacks 155 Attack Type: Advanced Persistent Threat 156 Why APT Attacks Are Effective 156 How APT Attacks Get Done 157 Example APT Traffi c in Wireshark 157 How to Prevent APT Attacks 161 Summary 162 Exercises 162 Chapter 6 Off ensive Wireshark 163 Attack Methodology 163 Reconnaissance Using Wireshark 165 Evading IPS/IDS 168 Session Splicing and Fragmentation 168 Playing to the Host, Not the IDS 169 Covering Tracks and Placing Backdoors 169 Exploitation 170 Setting Up the W4SP Lab with Metasploitable 171 Launching Metasploit Console 171 VSFTP Exploit 172 Debugging with Wireshark 173 Shell in Wireshark 175 TCP Stream Showing a Bind Shell 176 TCP Stream Showing a Reverse Shell 183 Starting ELK 188 Remote Capture over SSH 190 Summary 191 Exercises 192 Chapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193 Decrypting SSL/TLS 193 Decrypting SSL/TLS Using Private Keys 195 Decrypting SSL/TLS Using Session Keys 199 USB and Wireshark 202 Capturing USB Traffi c on Linux 203 Capturing USB Traffi c on Windows 206 TShark Keylogger 208 Graphing the Network 212 Lua with Graphviz Library 213 Summary 218 Exercises 219 Chapter 8 Scripting with Lua 221 Why Lua? 222 Scripting Basics 223 Variables 225 Functions and Blocks 226 Loops 228 Conditionals 230 Setup 230 Checking for Lua Support 231 Lua Initialization 232 Windows Setup 233 Linux Setup 233 Tools 234 Hello World with TShark 236 Counting Packets Script 237 ARP Cache Script 241 Creating Dissectors for Wireshark 244 Dissector Types 245 Why a Dissector Is Needed 245 Experiment 253 Extending Wireshark 255 Packet Direction Script 255 Marking Suspicious Script 257 Snooping SMB File Transfers 260 Summary 262 Index 265

Produktinformationen

Titel: Wireshark for Security Professionals
Untertitel: Using Wireshark and the Metasploit Framework
Autor: Jessey Bullock Jeff T. Parker
EAN: 9781118918210
ISBN: 1118918215
Format: Kartonierter Einband (Kt)
Genre: Allgemein & Lexika
Anzahl Seiten: 272
Gewicht: 493g
Größe: H233mm x B187mm x T17mm
Veröffentlichung: 01.05.2017
Jahr: 2017
Auflage: 1. Auflage

Filialverfügbarkeit

PLZ, Ort, Name Es wurde kein Treffer gefunden. Bitte geben Sie eine gültige PLZ oder einen gültigen Ort ein. Bitte geben Sie eine PLZ oder einen Ort ein. Dieses Produkt ist in NUMBER Filialen verfügbar Dieses Produkt ist momentan nur im Online-Shop verfügbar. NUMBER Stk. verfügbar Kein aktueller Lagerbestand verfügbar. Detailkarte Detailkarte in einem neuen Fenster anzeigen Route berechnen Route in einem neuen Fenster berechnen Adresse Telefon Öffnungszeiten NUMBER Stk. verfügbar Nicht an Lager Die nächste Filiale finden Es gibt keine Geschäfte in 20 Kilometer Reichweite
  • Geben Sie die Postleitzahl, den Ortsnamen oder den Namen einer Filiale in das Suchfeld ein
  • Klicken Sie auf den "Pfeil"-Button, rechts neben dem Eingabefeld
  • Wählen Sie eine Filiale in der Trefferliste aus

Die nächste Filiale auch mobil finden Montag Dienstag Mittwoch Donnerstag Freitag Samstag Sonntag
Die nächste Filiale finden
  • Geben Sie die Postleitzahl, den Ortsnamen oder den Namen einer Filiale in das Suchfeld ein
  • Klicken Sie auf den "Pfeil"-Button, rechts neben dem Eingabefeld
  • Wählen Sie eine Filiale in der Trefferliste aus

Die nächste Filiale auch mobil finden
Zuletzt angesehen
Verlauf löschen