SANS SEC556.1 Introduction to IoT Network Traffic and Web Services
فهرست مطالب کتاب SANS SEC556.1 Introduction to IoT Network Traffic and Web Services:
Internet of Things – History and Overview
IoT Testing Methodology
IoT Network Analysis and Exploitation
Exercise: Analyze an IoT Device Packet Capture
Exercise: Scan and Exploit an IoT Router Device
The Web of Things
IoT Web Services Recon
Exercise: Access a Publicly Exposed IoT Webcam
Hacking loT Devices on the Web
Attacking loT Web Service APIs
Exercise: Steal a Car through IoT Web Service APIs
SANS SEC556.2 Exploiting IoT Hardware Interfaces and Analyzing Firmware
فهرست مطالب کتاب SANS SEC556.2 Exploiting IoT Hardware Interfaces and Analyzing Firmware:
Background and Importance
Opening the Device
Examining and Identifying Components
Exercise: Obtaining and Analyzing Specification Sheets
Discovering and Identifying Ports
A Soldering Primer
Sniffing, Interaction, and Exploitation of Hardware Ports
Exercise: Sniffing Serial and SPI
Other Ways of Recovering Firmware
Exercise: Recovering Firmware from PCAP
Firmware Analysis
Exercise: Recovering Filesystems with Binwalk
Pillaging the Firmware
Exercise: Pillaging the Filesystem
SANS SEC556.3 Exploiting Wireless IoT Wi-Fi, BLE, Zigbee, LoRa, and SDR
فهرست مطالب کتاب SANS SEC556.3 Exploiting Wireless IoT: Wi-Fi, BLE, Zigbee, LoRa, and SDR:
Wi-Fi
Exercise: Wi-Fi PSK Cracking
Bluetooth Low Energy
Exercise: BLE Device Interaction
Zigbee
Exercise: Zigbee Traffic Capture
LoRa
SDR
Exercise: Conducting a Replay Attack on loT
SANS SEC642.1 Advanced Attacks
فهرست مطالب کتاب SANS SEC642.1 Advanced Attacks:
Methodology and Context
EXERCISE: Getting Warmed Up
RFI
LFI
PHP File Upload Attack
EXERCISE: LFI to Code Execution
SQL Injection
Data Exfiltration
EXERCISE: SQL Injection
NoSQL Injection
MongoDB
EXERCISE: MongoDB NoSQL Injection
DOM-Based XSS
Exploiting XSRF
Exercise: Combined XSS and XSRF
SANS SEC642.4 Alternative Web Interfaces
فهرست مطالب کتاب Alternative Web Interfaces:
Hash Length Extension Attacks
Exercise: hash_extender
Alternative Web Interfaces
Mobile Applications
Exercise: Mobile Application Wireshark Extraction
Compiled Objects
Flash, Java, Silverlight, and ActiveX
Exercise: Decompiling Flash Objects
Web Services
REST and SOAP
Exercise: SOAP
XML XPath
Exercise: Xpath Injection
XML External Entities
Exercise: Acme XXE
WebSockets
Exercise: SocketToMe
HTTP/2
Exercise: H2O
SANS SEC642.5 Web Application Firewall and Filter Bypass
فهرست مطالب کتاب Web Application Firewall and Filter Bypass:
Web Application Security Defenses
Exercise: WAF Versus Web Framework
Developer Created Defenses
Web Framework Defenses
Inline Security Defenses
Exercise: Understanding ModSecurity Rules
Bypassing Defenses
Fingerprinting Defenses
Exercise: Fingerprinting Defenses
Bypassing XSS Defenses
Exercise: Bypassing XSS Defenses
Bypassing SQL Injection Defenses
Exercise: Bypassing SQL Injection Defenses
Bypassing Application Restrictions
Exercise: RCE Bypass with PHP mail()
SANS SEC642.6 Capture the Flag
فهرست مطالب کتاب SANS SEC642.6 Capture the Flag:
Network Setup
Exercise Goals
Scope of Work
Rules of Engagement
Start CTF
Four Hours of Game Play
CTF Wrap-Up
SANS SEC660.1 Advanced Penetration Testing
فهرست مطالب کتابSANS SEC660.1 Advanced Penetration Testing:
Course Overview
EnsureYour Success
Advanced PenetrationTesting
Lab: Getting Started with Covenant
Accessing the Network
Bypassing NAC
Bypassing Clientless NAC
Lab: Captive Portal Bypass
Evading 802.1x Controls
VLAN Manipulation
Manipulating the Network
Ettercap MitM Attacks
Lab: CredentialTheft with Ettercap
SANS SEC660.2 Crypto and Post-Exploitation
فهرست مطالب کتاب SANS SEC660.2 Crypto and Post-Exploitation:
Crypto for PenTesters
Stream Ciphers
Block Ciphers
Lab: Differentiating Encryption and Obfuscation
CBC Bit-FlippingAttacks
Lab: CBC Bit Flip – Privilege Escalation
Oracle PaddingAttacks
PaddingOracle on Downgraded Legacy Encryption (POODLE)
Stream Cipher IV ReuseAttack
Hash Length ExtensionAttack
Lab: Hash Length ExtensionAttack
Post Exploitation Goals
SANS SEC660.3 Python Scapy and Fuzzing
فهرست مطالب کتاب SANS SEC660.3 Python Scapy and Fuzzing:
Product Security Testing
Python for Non-Python Coders
Lab: Enhancing Python Scripts
Leveraging Scapy
Lab: Scapy DNS Exploit
Fuzzing Introduction and Operation
FuzzingTechniques
What toTest with Fuzzing
Building a FuzzingGrammar with Sulley
Sulley Sessions
SulleyAgents
Running Sulley