Google Hacking for Penetration Testers: 2 und über 1,5 Millionen weitere Bücher verfügbar für Amazon Kindle. Erfahren Sie mehr
Ihren Artikel jetzt
eintauschen und
EUR 5,45 Gutschein erhalten.
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Anhören Wird wiedergegeben... Angehalten   Sie hören eine Probe der Audible-Audioausgabe.
Weitere Informationen
Alle 2 Bilder anzeigen

Google Hacking for Penetration Testers (Englisch) Taschenbuch – 10. August 2007


Alle 2 Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
Kindle Edition
"Bitte wiederholen"
Taschenbuch
"Bitte wiederholen"
EUR 45,84 EUR 28,81
7 neu ab EUR 45,84 2 gebraucht ab EUR 28,81

Hinweise und Aktionen

  • Studienbücher: Ob neu oder gebraucht, alle wichtigen Bücher für Ihr Studium finden Sie im großen Studium Special. Natürlich portofrei.


Kunden, die diesen Artikel angesehen haben, haben auch angesehen

Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.


Produktinformation


Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Produktbeschreibungen

Synopsis

A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because Ive seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true. Creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.

Johnny Long helps you to: learn Google searching basics; explore Google's web-based interface, build Google queries, and work with Google URLs; use Advanced Operators to perform advanced queries; combine advanced operators and learn about colliding operators and bad search-fu; learn the ways of the Google Hacker; see how to use caches for anonymity and review directory listings and traversal techniques; review document grinding and database digging; and, see the ways to use Google to locate documents and then search within the documents to locate information.

He also helps you to: understand Google's part in an information collection framework; learn the principles of automating searches and the applications of data mining; locate exploits and finding targets; locate exploit code and then vulnerable targets; see ten simple security searches; learn a few searches that give good results just about every time and are good for a security assessment; track Down Web Servers Locate and profile web servers, login portals, network hardware and utilities; see how bad guys troll for data; find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information; hack Google services; and, learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.

Über den Autor und weitere Mitwirkende

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills. Bill Gardner is an Assistant Professor at Marshall University, where he teaches information security and foundational technology courses in the Department of Integrated Science and Technology. He is also President and Principal Security Consultant at BlackRock Consulting. In addition, Bill is Vice President and Information Security Chair at the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement officers and information security practitioners in the private sector. Prior to joining the faculty at Marshall, Bill co-founded the Hack3rCon convention, and co-founded 304blogs, and he continues to serve as Vice President of 304Geeks. In addition, Bill is a founding member of the Security Awareness Training Framework, which will be a prime target audience for this book. Justin Brown is an Information Security professional who works at One World Labs where he focuses on reconnaissance and Open Source Intelligence. In particular, Justin spends his time crafting advanced Google searches for identifying the digital footprint of his clients and assisting his company's penetration testers to be successful in their engagements.

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?


In diesem Buch (Mehr dazu)
Ausgewählte Seiten ansehen
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Hier reinlesen und suchen:

Kundenrezensionen

5.0 von 5 Sternen
5 Sterne
1
4 Sterne
0
3 Sterne
0
2 Sterne
0
1 Sterne
0
Siehe die Kundenrezension
Sagen Sie Ihre Meinung zu diesem Artikel

Die hilfreichsten Kundenrezensionen

Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)

Amazon.com: 14 Rezensionen
31 von 33 Kunden fanden die folgende Rezension hilfreich
Time has not been good for this book 27. Februar 2012
Von Anomalophobe - Veröffentlicht auf Amazon.com
Format: Taschenbuch Verifizierter Kauf
In the (four) years since its publication, this book has suffered "technological attrition" - Google's search engine has changed significantly enough to make the material unusable, and most of the referenced links are either no longer valid or have ceased further development shortly after 2008.
9 von 9 Kunden fanden die folgende Rezension hilfreich
New updates and material for the second edition of the Google Hacking masterpiece. Volume 2 is today's reference. 1. November 2008
Von Raul - Veröffentlicht auf Amazon.com
Format: Taschenbuch
This review mainly focuses on evaluating how valuable is to get a copy of "Google Hacking for Penetration Testers - VOLUME 2" if you already own a copy of the first edition, and the scores rates exactly that. If you don't have neither of them, I strongly encourage you to acquire Volume 2 (see details below), no matter what area of the information security field you work in (and specially if you are a penetration tester), as the contents affect to you in multiple ways. On my day-to-day security consulting practice, I'm still very surprised about how many IT people don't know about these techniques. The book is a masterpiece for information disclosure and mining from public sources, such as (but not only) Google. If I had to evaluate the book on itself, not comparing between editions, it would definitely get a score of 5/5.

The first edition was released in 2005 and opened the world of the Google Hacking techniques to the general public, together with the GHDB. The second edition title is (at least) confusing, as Volume 2 seems to denote it is a complementary book to the first edition. It is not, so I do not recommend you to get the first edition today. Volume 2, or the second edition as it should have been called, has been thoroughly updated (including most of the screenshots) to cover the latest changes and Google applications. I did a major update to the SANS "Power Search with Google" course on the first half of 2006, when some of the new Google functionality (not in the first edition) was already available. The second edition reflects those updates I identified and put back together then, even the tiny ones, such as the maximum search terms, that changed from 10 to 32. Additionally, all the statistical references, covering number of results returned by Google, and main contents have been reviewed and updated to reflect the current state of the art.

Some chapters have been kept from the previous edition (chapters 1 to 3, and chapters 6 to 9, and chapter 12), although they have suffered updates. Others have been moved (such as the old chapter 10, now chapter 4) or redesigned (like the new chapter 5). Besides, there are brand new chapters, like 10 and 11.

I specially like the updates on chapter 5, with the new tools and scripts to query Google and, specially, to parse and process the results, including several Perl and User-Agent tricks. The book, obviously, covers the Google API changes and provides solutions to overcome them, such as Aura. Chapters 6 and 8 include relevant updates to the Google code search engine and new capabilities to locate malware and binaries, plus new techniques to track down login portals and network embedded devices and reports, respectively.

The new chapter 10 is a great reference covering the new Google services from a hacking and "malicious" perspective. It is a required update given the pace Google releases new functionality and information sources, such as the AJAX capabilities and API, the source code search engine, calendar, blogger, and alert services.

The new chapter 11, "Google Hacking Showcase", includes the real-world Google Hacking samples and cases Johnny Long has been presenting in several hacking conferences during the last years. A found having a printed copy of it within the book very valuable, as it is an eye-opener, and it is a fun read. Definitely, if you have not seen Johnny's presentations and talks, I encourage you to access the archives from BlackHat and DefCon and enjoy them.

Finally, chapter 12 (the old chapter 11), covers new techniques and tools from a defensive perspective. The new additions increase the defender arsenal in order to mitigate the old and new threats covered throughout the book.

The influence of multiple authors in this edition is evident, something good for the new contents and material, but not so good for the chapter layout, as some do not follow the original format with a final summary, solutions, links and FAQ. Chapter 10 is a good example of both.

The complementary appendixes from the first edition, not directly relevant to the book topic from my perspective, have been removed. Overall, I feel some of the waffle has been left out, a smart decision (but not always easy) in order to keep the book size reasonable, and make room for the new contents.

I would like to see some of the pages that simply provide long listings from the GHDB moved to an appendix and simply referenced from the associated chapter. It might be useful to have these lists full of query samples on the book, but not just in the middle of a chapter. Another improvement would be to have a book webpage consolidating all the code samples, such as the Blogger submission script, as I'm not sure they are all available on a single website.

To sum up, if you don't have a copy of this book, go and buy Volume 2! (not to mention Johnny's involvement with charities). If you are a professional penetration tester, the new material in this second edition is highly recommended, so update your shelves and start applying the new contents on your daily practice. If you are an infosec pro, not directly involved in Google Hacking tasks, and you already own a copy of the first edition, I think you do not need Volume 2, as you already understand the threat, risks, and what is all this about.

At some point I was almost involved in co-authoring this 2nd edition, but finally it didn't happened. A pity, as definitely, this is one of today's reference books that should be on any infosec shelves.
2 von 2 Kunden fanden die folgende Rezension hilfreich
Superb Book, great writing style and plenty of useful examples 8. Februar 2008
Von RP Faber - Veröffentlicht auf Amazon.com
Format: Taschenbuch
While Google is for most of us just a search engine, for hackers it is a great tool to gather information and present the attack vector and first of steps against your organization.

The opposite side of Google as a search engine is that a lot of networks and organizations out there have no idea what kind information (classified and potentially dangerous) is presented out on the internet and how data leakage is accomplished that way. This leakage give a significant amounts of password files, confidential information, and configuration data and so on that can be easily found with ingenius queries.

After you read Google Hacking, volume 2, the real power and potential danger of Google is clearly understood. Author Johnny Long does a superb job by presenting insight information on how -not so fiendly - people out there but also penetration testers can use this knowledge and easily harvest information that has been gathered by the Google engine. He's wirting is great and keeps me interested the whole book and besides that he gives away plenty of interesting examples on how to built your own query.

So really worth buying!

Rob Faber , CISSP, CEH, MCTS, MCSE
Sr. Information Security Consultant
The Netherlands
2 von 2 Kunden fanden die folgende Rezension hilfreich
DAY LATE AND DOLLAR SHORT 22. Oktober 2012
Von Ken R. Pence - Veröffentlicht auf Amazon.com
Format: Kindle Edition Verifizierter Kauf
The book is a good primer on how to twerp Google searches but the folks at Google have examined it also -- then they made changes so the searches described in the book rarely work as stated and a lot of twerping has to go on until they do -- kind-of...worth the price if you know nothing about search strings
1 von 1 Kunden fanden die folgende Rezension hilfreich
Superior Text 6. Februar 2008
Von Garot M. Conklin - Veröffentlicht auf Amazon.com
Format: Taschenbuch Verifizierter Kauf
In reading through this book, I found a wealth of information that was quite useful, most notably the links to all of the other tools, sites and techniques available on the web. I am an internal corporate web application pen tester for a financial institution and will certainly use the techniques described in this text in our next vulnerability assessment. I do have one complaint however in that the corresponding website for the text [...] does not have the code from the book. Overall a great book and a fun read. Highly recommended.
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.