更新时间:2021-07-09 20:20:58
封面
版权信息
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Preface
Chapter 1. Penetration Testing Essentials
Methodology defined
Example methodologies
Abstract methodology
Summary
Chapter 2. Preparing a Test Environment
Introducing VMware Workstation
Installing VMware Workstation
Network design
Understanding the default architecture
Creating the switches
Putting it all together
Chapter 3. Assessment Planning
Introducing advanced penetration testing
Before testing begins
Planning for action
Installing LibreOffice
Effectively managing your test results
Introduction to the Dradis framework
Chapter 4. Intelligence Gathering
Introducing reconnaissance
DNS recon
Gathering and validating domain and IP information
Using search engines to do your job for you
Creating network baselines with scanPBNJ
Chapter 5. Network Service Attacks
Configuring and testing our lab clients
Angry IP Scanner
Nmap – getting to know you
SNMP – a goldmine of information just waiting to be discovered
Network baselines with scanPBNJ
Enumeration avoidance techniques
Reader challenge
Chapter 6. Exploitation
Exploitation – why bother?
Manual exploitation
Getting files to and from victim machines
Passwords – something you know…
Metasploit – learn it and love it
Chapter 7. Web Application Attacks
Practice makes perfect
Configuring pfSense
Detecting load balancers
Detecting web application firewalls (WAF)
Taking on Level 3 – Kioptrix
Web Application Attack and Audit framework (w3af)
Introduction to browser plugin HackBar
Chapter 8. Exploitation Concepts
Buffer overflows – a refresher
64-bit exploitation
Introducing vulnserver
Fuzzing tools included in Kali
Social Engineering Toolkit
Fast-Track
Chapter 9. Post-Exploitation
Rules of Engagement
Data gathering network analysis and pillaging
Pivoting
Chapter 10. Stealth Techniques
Lab preparation
Stealth scanning through the firewall
Now you see me now you don't – avoiding IDS
Blending in
PfSense SSH logs
Looking at traffic patterns
Cleaning up compromised hosts
Miscellaneous evasion techniques
Chapter 11. Data Gathering and Reporting
Record now – sort later
Old school – the text editor method
Dradis framework for collaboration
The report
Chapter 12. Penetration Testing Challenge
Firewall lab setup
The scenario
The virtual lab setup
The challenge
