Learn Penetration Testing
上QQ阅读APP看书,第一时间看更新

What this book covers

Chapter 1, Introduction to Penetration Testing, helps you to understand what a penetration test is. Here, we will introduce the stages of a penetration test and what happens at each stage. Having a lab is key for learning, so we will cover how to build your own lab environment using VMware, Hyper-V, or VirtualBox. We will discuss target virtual machines based on Windows and Linux, which you will use to practice your skills.

Chapter 2, Getting Started with Kali Linux, gets you started with a penetration base operating system. Kali Linux is well known and used by both pentesters and attackers. We will cover the installation and setup of Kali Linux, as well as the basic commands and essential tools that are contained within Kali Linux. We will look at installing additional tools, maintaining updates of the tools, and how to leverage scripts within Kali Linux.

 Chapter 3, Performing Information Gathering, gets you familiar with the various types of information gathering. We will cover various online resources and tools that can be used to gather information about your target. Techniques that are covered in this chapter include port scanning, vulnerability scanning, and traffic capturing.

Chapter 4, Mastering Social Engineering, focuses on one of the most common attack methods in the real world. Here, we will cover why social engineering is successful and how you can conduct social engineering attacks using various tools.

Chapter 5, Diving into the Metasploit Framework, focuses on a tool that speaks for itself. The Metasploit Framework is well known and is extremely flexible and robust. Here, you will learn about the various exploits that it contains and where to find additional ones. We will cover various components of the Metasploit Framework and how you can leverage this framework in a penetration test.

Chapter 6, Understanding Password Attacks, dives into the various types of password attacks that exist. We will cover the tools that are used for the various attacks. You will learn how to build wordlists, and where you can obtain additional wordlists that are prebuilt. You will use these skills to perform password cracking and to dump credentials from memory.

Chapter 7, Working with Burp Suite, teaches you how to use Burp Suite like a professional. Here, we will look at how you can obtain the latest version of Burp Suite Professional and the differences between the various editions. We will cover many aspects of the tool, and how to use the tool to perform various attacks.

Chapter 8, Attacking Web Applications, is where we turn our focus to web applications. Web applications have evolved dramatically over the years, and we will cover the various components of web applications and some of the languages that are used for development. You will learn about various attacks and how to perform them using your lab environment, with tools designed for web application attacks.

Chapter 9, Getting Started with Wireless Attacks, focuses on wireless technologies. To perform a penetration test on a wireless network, you need to understand the components of a wireless network, as well as the various wireless frames and tools that are used. We will cover all of these, including the hardware requirements for performing attacks against a wireless network.

Chapter 10, Moving Laterally and Escalating Your Privileges, focuses on post-exploitation. You will learn the various post exploitation techniques that exist and the various tools that can be used. Here, we will focus on performing post-exploitation attacks on an Active Directory domain by taking advantage of the workings of the Kerberos protocol.

Chapter 11, Antivirus Evasion, looks at how antivirus technologies have evolved. Here, we will cover the various techniques that exist for antivirus evasion. We will look at the tools that can be used, and how to use the various tools when building a payload to avoid detection.

Chapter 12, Maintaining Control within the Environment, finalizes the post exploitation phase by looking at how we can maintain a foothold within a compromised network. Here, we will look at various ways in which we can maintain persistence, and what tools can be used to accomplish our goal.

Chapter 13, Reporting and Acting on Your Findings, looks at an integral part of any penetration test. In this chapter, you will learn how to write a penetration testing report that is tailored to executives and technical staff. You will learn about the various recommendations that should be made to remediate some of the common findings that you would come across in a real-world penetration test.

Chapter 14, Where Do I Go from Here?, concludes the book by looking at how you can take your skills to the next level. We will cover some certifications and where you can obtain vulnerable operating systems that you can use to practice and enhance your skills.