Index
A
- Address Space Layout Randomization (ASLR) / The concept of attack
- Application programming interface (API) calls / API calls and mixins
- architectures, elemental assembly primer
- about / Architectures
- system bus / System organization basics
- Memory / System organization basics
- I/O Devices / System organization basics
- CPU / System organization basics
- Arduino-based attack vector
- about / The attack types
- Armitage / The fundamentals of Metasploit
- fundamentals / The fundamentals of Armitage
- starting / Getting started
- user interface / Touring the user interface
- workspace, managing / Managing the workspace
- networks and host management, scanning / Scanning networks and host management
- exploitation / Exploitation with Armitage
- post-exploitation / Post-exploitation with Armitage
- client-side attacks / Attacking on the client side with Armitage
- scripting, with Cortana scripts / Scripting Armitage
- arrays, Ruby
- about / Arrays in Ruby
- assembly language
- about / The basics
- attacks, SET
- automating / Automating SET attacks
- attack vectors, SET
- Spear-Phishing / The attack types
- Website attack vectors / The attack types
- Infectious Media Generator / The attack types
- Create a Payload and Listener / The attack types
- Mass Mailer Attack / The attack types
- Arduino-based attack vector / The attack types
- SMS Spoofing attack vector / The attack types
- Wireless Access Point Attack Vector / The attack types
- third-party attack vector / The attack types
- evading detection / The attack types
- automated exploitation
- about / Automated exploitation in Metasploit
- db_autopwn, re-enabling / Re-enabling db_autopwn
- target, scanning / Scanning the target
- database, attacking / Attacking the database
- automated tools
- about / Introducing automated tools
- Social Engineering Toolkit (SET) / Introducing automated tools
- Fast Track / Introducing automated tools
- WebSploit / Introducing automated tools
- Armitage / Introducing automated tools
- AV detections
- bypassing / Bypassing AV detections
- bypassing, with msfencode tool / msfencode
- bypassing, with msfvenom tool / msfvenom
- considerations, encoded file / Cautions while using encoders
B
- basics, Metasploit
- exploits / Recalling the basics of Metasploit
- payload / Recalling the basics of Metasploit
- auxiliary / Recalling the basics of Metasploit
- encoders / Recalling the basics of Metasploit
- black box penetration test
- about / Performing a black box penetration test
- performing / Performing a black box penetration test
- FootPrinting / FootPrinting
- FootPrinting, Dmitry used / Using Dmitry for FootPrinting
- conducting, with Metasploit / Conducting a black box test with Metasploit
- black box test, with Metasploit
- performing / Conducting a black box test with Metasploit
- target, pivoting to / Pivoting to the target
- hidden target, scanning using proxychains and db_nmap / Scanning the hidden target using proxychains and db_nmap
- vulnerability scanning, conducting using Nessus / Conducting vulnerability scanning using Nessus
- hidden target, exploiting / Exploiting the hidden target
- privileges, elevating / Elevating privileges
- browser autopwn
- about / The workings of the browser autopwn attack
- working / The technology behind the attack
- performing / Attacking browsers with Metasploit browser autopwn
- browsers exploitation
- performing / Exploiting browsers
- browser autopwn / The workings of the browser autopwn attack
- browser autopwn, working / The technology behind the attack
- browser attacking, with browser autopwn / Attacking browsers with Metasploit browser autopwn
- browser attacking, with Metasploit browser autopwn / Attacking browsers with Metasploit browser autopwn
- brute force attack
- buffer
- about / The basics
- buffer overflow
- about / The basics
C
- Classless inter domain routing (CIDR) / FootPrinting VOIP services
- client-based exploitation
- browsers, exploiting / Exploiting browsers
- file format-based exploitation / File format-based exploitation
- XAMPP servers, compromising / Compromising XAMPP servers
- AV detections, bypassing / Bypassing AV detections
- DNS spoofing attacks / Conjunction with DNS spoofing
- Linux attacks, with with malicious packages / Attacking Linux with malicious packages
- client-side attacks, Armitage
- command-line interface / The fundamentals of Metasploit
- components, SCADA systems
- Remote Terminal Unit (RTU) / The fundamentals of ICS and its components
- Programmable Logic Controller (PLC) / The fundamentals of ICS and its components
- Human Machine Interface (HMI) / The fundamentals of ICS and its components
- Intelligent electronic device (IED) / The fundamentals of ICS and its components
- console interface / The fundamentals of Metasploit
- Control Unit (CU) / System organization basics
- Corelan team
- Cortana
- about / Scripting Armitage
- fundamentals / The fundamentals of Cortana
- Metasploit, controlling / Controlling Metasploit
- post-exploitation / Post-exploitation with Cortana
- custom menu, building / Building a custom menu in Cortana
- interfaces, working with / Working with interfaces
- Cortana scripting / The fundamentals of Metasploit
- CPU, elemental assembly primer
- about / System organization basics
- Control Unit (CU) / System organization basics
- Execution Unit (EU) / System organization basics
- Registers / System organization basics
- Flags / System organization basics
- Create a Payload and Listener vector
- CS
- about / Registers
- custom FTP scanner module
- writing / Writing out a custom FTP scanner module
- custom HTTP server scanner
- writing / Writing out a custom HTTP server scanner
- custom meterpreter scripts
- fabricating / Fabricating custom meterpreter scripts
- custom modules
- developing / Developing custom modules
- custom modules development
- module, building in nutshell / Building a module in a nutshell
- Metasploit architecture / The architecture of the Metasploit framework
- libraries layout / Understanding the libraries' layout
- existing modules, digging / Understanding the existing modules
- custom FTP scanner module, writing / Writing out a custom FTP scanner module
- custom HTTP server scanner, writing / Writing out a custom HTTP server scanner
- post-exploitation modules, writing / Writing out post-exploitation modules
D
- database
- used, for storing results / Using the database to store and fetch results
- used, for fetching results / Using the database to store and fetch results
- Data Execution Prevention (DEP) / The concept of attack
- debugger
- about / The basics
- Immunity Debugger / The basics
- GDB / The basics
- OllyDbg / The basics
- decision-making operators, Ruby
- about / Decision-making operators
- Denial of Service (DoS) attack / Intelligence gathering / reconnaissance phase
- distributed component object model (DCOM) / Intelligence gathering / reconnaissance phase
- Dmitry
- about / Using Dmitry for FootPrinting
- used, for FootPrinting / Using Dmitry for FootPrinting
- WHOIS query, performing / WHOIS details and information
- subdomains, finding / Finding out subdomains
- e-mail harvesting / E-mail harvesting
- DNS enumeration, with Metasploit / DNS enumeration with Metasploit
- DNS spoofing attacks
- about / Conjunction with DNS spoofing
- victim, tricking with DNS hijacking / Tricking victims with DNS hijacking
- Domain Name System (DNS)
- about / WHOIS details and information
- Dradis Framework
- URL / Other reporting services
- DS
- about / Registers
- Dynamic Link Library (DLL) / API calls and mixins
E
- EAX
- about / Registers
- EBP
- about / Registers
- EBX
- about / Registers
- ECX
- about / Registers
- EDX
- about / Registers
- EIP
- about / Registers, Gravity of EIP
- elemental assembly primer
- about / The elemental assembly primer
- basics / The basics
- architecture / Architectures
- system organization basics / System organization basics
- registers / Registers
- NOPs / Relevance of NOPs and JMP
- JMP / Relevance of NOPs and JMP
- variables / Variables and declaration
- declaration / Variables and declaration
- example assembly programs, fabricating / Fabricating example assembly programs
- environment, penetration testing
- setting up / Setting up the environment
- preinteractions / Preinteractions
- gathering intelligence phase / Intelligence gathering / reconnaissance phase
- threat modeling / Modeling threats
- vulnerability analysis / Vulnerability analysis
- exploitation phase / Exploitation and post-exploitation
- post exploitation phase / Exploitation and post-exploitation
- reporting / Reporting
- errors, in Linux-based installation
- troubleshooting / Errors in the Linux-based installation
- errors, in Windows-based installation
- troubleshooting / Errors in the Windows-based installation
- error states
- errors, in Windows-based installation / Errors in the Windows-based installation
- errors, in Linux-based installation / Errors in the Linux-based installation
- ES
- about / Registers
- ESI/EDI
- about / Registers
- ESP
- about / Registers, Gravity of ESP
- evading detection / The attack types
- Execution Unit (EU) / System organization basics
- executive summary, penetration testing report
- scope / The executive summary
- objectives / The executive summary
- assumptions made / The executive summary
- summary of vulnerabilities / The executive summary
- summary of recommendations / The executive summary
- exploit, finalizing
- bad characters, determining / Determining bad characters
- space limitations, determining / Determining space limitations
- example exploit code, creating / Fabricating under Metasploit
- automation functions / Automation functions in Metasploit
- exploitation phase, penetration testing
- exploit base
- building up / Building up the exploit base
- buffer size, calculating / Calculating the buffer size
- JMP address, calculating / Calculating the JMP address
- EIP, examining / Examining the EIP
- pragma script / The script
- applications, stuffing / Stuffing applications for fun and profit
- ESP, examining / Examining ESP
- space, stuffing / Stuffing the space
- exploit formulation
- elemental assembly primer / The elemental assembly primer
- exploit formulation, testing
- application, crashing / Crashing the application
- variable input supplies / Variable input supplies
- junk, generating / Generating junk
- Immunity Debugger / An introduction to Immunity Debugger
- GDB / An introduction to GDB
- exploits
- Perl-based exploit, porting / Porting a Perl-based exploit
- Python-based exploit, porting / Porting a Python-based exploit
- web-based exploits, porting / Porting a web-based exploit
- Extended Instruction Pointer (EIP) / The elemental assembly primer
- Extended instruction pointer (EIP) / The exploitation procedure
- Extended Stack Pointer (ESP) / The elemental assembly primer
F
- fake update
- performing, with DNS-spoofing attack / Fake updates with the DNS-spoofing attack
- false positives / Performing a white box penetration test
- fast-paced penetration testing
- conducting, with automated tools / Introducing automated tools
- Fast Track MS SQL attack vectors / Fast Track MS SQL attack vectors
- automated exploitation / Automated exploitation in Metasploit
- fake update, with DNS-spoofing attack / Fake updates with the DNS-spoofing attack
- Fast Track
- about / Fast Track MS SQL attack vectors, A brief about Fast Track
- MS SQL brute force attack, performing / Carrying out the MS SQL brute force attack
- depreciation / The depreciation of Fast Track
- SET, creating / Renewed Fast Track in SET
- features, Metasploit
- open source / Open source
- ease of use / Support for testing large networks and easy naming conventions
- payloads, generating / Smart payload generation and switching mechanism
- cleaner exits / Cleaner exits
- GUI environment / The GUI environment
- file format-based exploitation
- about / File format-based exploitation
- PDF-based exploits / PDF-based exploits
- Word-based exploits / Word-based exploits
- media-based exploits / Media-based exploits
- flags
- about / System organization basics
- Foot printing / Intelligence gathering / reconnaissance phase
- format string bugs
- about / The basics
- FS
- about / Registers
G
- gathering intelligence phase, penetration testing
- about / Intelligence gathering / reconnaissance phase
- examples / Intelligence gathering / reconnaissance phase
- target selection / Intelligence gathering / reconnaissance phase
- covert gathering / Intelligence gathering / reconnaissance phase
- Foot printing / Intelligence gathering / reconnaissance phase
- protection mechanisms, identifying / Intelligence gathering / reconnaissance phase
- test grounds, presensing / Presensing the test grounds
- GDB / The basics
- about / An introduction to GDB
- functions, performing / An introduction to GDB
- Google dorks / Intelligence gathering / reconnaissance phase
- Greenbone interfaces, OpenVAS
- about / Greenbone interfaces for OpenVAS
- GS
- about / Registers
- GUI interface / The fundamentals of Metasploit
H
- heart beat function / Post-exploitation with Cortana
- hosted services, VOIP
- about / Hosted services
- Human Machine Interface (HMI) / The fundamentals of ICS and its components
I
- ICS systems / The fundamentals of ICS and its components
- iDevices
- testing / Post-exploitation on Apple iDevices
- Immunity Debugger / The basics
- about / An introduction to Immunity Debugger
- process, attaching / An introduction to Immunity Debugger
- using / Generating a skeleton using Immunity Debugger
- Infectious Media Generator attack vector
- about / The attack types, Infectious Media Generator
- advantage / Infectious Media Generator
- using / Infectious Media Generator
- intelligence gathering, white box penetration test
- about / Gathering intelligence
- OpenVAS vulnerability scanner fundamentals / Explaining the fundamentals of the OpenVAS vulnerability scanner
- OpenVAS, setting up / Setting up OpenVAS
- Greenbone interfaces, OpenVAS / Greenbone interfaces for OpenVAS
- Intelligent electronic device (IED) / The fundamentals of ICS and its components
- interactive shell, Ruby
- working with / Interacting with the Ruby shell
- interface panel, Armitage
- about / Touring the user interface
- internal FootPrinting
- about / Gathering intelligence
- conducting / Gathering intelligence
- Internet Information Services (IIS) pawnage tools / Presensing the test grounds
- Internet Service Provider (ISP) / Self-hosted network
- iOS
- exploiting, with Metasploit / Exploiting iOS with Metasploit
J
- Java applet attack
- about / The Java applet attack
- executing / The Java applet attack
- Jump (JMP) / The elemental assembly primer
L
- Last In First Out (LIFO) method / The basics
- lcc-win32 compiler / Crashing the application
- Linux
- attacking, with malicious packages / Attacking Linux with malicious packages
- Local Area Network (LAN) / Interaction with the employees and end users
- loops, Ruby
- about / Loops in Ruby
M
- MagicTree
- about / Introducing MagicTree
- report, creating / Introducing MagicTree
- manual reports, penetration test
- generating / Generating manual reports
- format / The format of the report
- Mass Mailer Attack
- about / The attack types
- media-based exploits
- about / Media-based exploits
- Media Player Classic video player, exploiting / Media-based exploits
- Metasploit
- fundamentals / The fundamentals of Metasploit
- features / The dominance of Metasploit
- Ruby / Ruby – the heart of Metasploit
- custom modules, developing / Developing custom modules
- meterpreter scripting / Breakthrough meterpreter scripting
- RailGun / Working with RailGun
- Metasploit
- configuring, on Windows XP/7 / Configuring Metasploit on Windows XP/7
- configuring, on Ubuntu / Configuring Metasploit on Ubuntu
- Metasploit community / The fundamentals of Metasploit
- Metasploit framework / The fundamentals of Metasploit
- architecture / The architecture of the Metasploit framework
- Metasploit pro / The fundamentals of Metasploit
- meterpreter scripting
- about / Breakthrough meterpreter scripting
- essentials / Essentials of meterpreter scripting
- target network, pivoting / Pivoting the target network
- persistent access, setting up / Setting up persistent access
- API calls / API calls and mixins
- mixins / API calls and mixins
- custom meterpreter scripts, fabircating / Fabricating custom meterpreter scripts
- methodology / network admin level report
- about / Methodology / network admin level report
- test details / Methodology / network admin level report
- list of vulnerabilities / Methodology / network admin level report
- likelihood / Methodology / network admin level report
- recommendations / Methodology / network admin level report
- methods, Ruby
- about / Methods in Ruby
- MS03-020 Internet Explorer Object Type exploit / Attacking browsers with Metasploit browser autopwn
- MSF scan / Scanning networks and host management
- MS SQL brute force attack
- performing / Carrying out the MS SQL brute force attack
N
- networks and host management, Armitage
- scanning / Scanning networks and host management
- Nmap scan / Scanning networks and host management
- MSF scan / Scanning networks and host management
- vulnerabilities, modeling out / Modeling out vulnerabilities
- match, finding / Finding the match
- Network vulnerability tests (NVTs) / Setting up OpenVAS
- Nmap scan / Scanning networks and host management
- No operation (NOP) / The elemental assembly primer
- No tech Hacking / Interaction with the employees and end users
- numbers and conversions, Ruby
- about / Numbers and conversions in Ruby
O
- OllyDbg / The basics
- OpenVAS
- fundamentals / Explaining the fundamentals of the OpenVAS vulnerability scanner
- setting up / Setting up OpenVAS
- Greenbone interfaces / Greenbone interfaces for OpenVAS
- OWASP Report Generator
- URL / Other reporting services
P
- PBX
- about / An introduction to PBX
- PDF-based exploits
- about / PDF-based exploits
- vulnerability, exploiting / PDF-based exploits
- penetration test, conducting with Metasploit
- Metasploit basics, recalling / Recalling the basics of Metasploit
- penetration test environment, mounting
- penetration test lab, setting up / Setting up the penetration test lab
- Metasploit features / The fundamentals of Metasploit
- Metasploit, configuring on Windows XP/7 / Configuring Metasploit on Windows XP/7
- Metasploit, configuring on Ubuntu / Configuring Metasploit on Ubuntu
- error states, dealing with / Dealing with error states
- penetration testing
- environment, setting up / Setting up the environment
- environment, mounting / Mounting the environment
- conducting, Metasploit used / Conducting a penetration test with Metasploit
- results, fetching / Using the database to store and fetch results
- reports, storing / Using the database to store and fetch results
- reports, generating / Generating reports
- penetration testing, of Windows 7
- performing / Penetration testing Windows 7
- gathering intelligence phase / Gathering intelligence
- threats, modelling / Modeling threats
- vulnerability analysis / Vulnerability analysis
- exploitation / The exploitation procedure, Exploitation and post-exploitation
- post exploitation / Exploitation and post-exploitation
- penetration testing, of Windows Server 2003
- performing / Penetration testing Windows Server 2003
- penetration testing, of Windows XP
- assumptions / Assumptions
- gathering intelligence / Gathering intelligence
- information gathering / Gathering intelligence
- threats, modeling / Modeling threats
- vulnerability analysis / Vulnerability analysis
- attack procedure, with respect to NETAPI vulnerability / The attack procedure with respect to the NETAPI vulnerability
- concept of attack / The concept of attack
- vulnerability, exploiting / The procedure of exploiting a vulnerability
- exploitation / Exploitation and post-exploitation
- post exploitation / Exploitation and post-exploitation
- access, maintaining / Maintaining access
- tracks, clearing / Clearing tracks
- penetration testing report format
- about / The format of the report
- page design / The format of the report
- document control / The format of the report
- cover page / The format of the report
- document properties / The format of the report
- list of report content / The format of the report
- table of content / The format of the report
- list of illustrations / The format of the report
- executive summary / The executive summary
- methodology / network admin level report / Methodology / network admin level report
- references, additional sections / Additional sections
- glossary, additional sections / Additional sections
- penetration test lab
- setting up / Setting up the penetration test lab
- Perl-based exploit
- launching / Experimenting with the exploit
- Perl-based exploit, porting
- performing / Porting a Perl-based exploit
- existing exploit, dismantling / Dismantling the existing exploit
- logic / Understanding the logic of exploitation
- essentials, gathering / Gathering the essentials
- skeleton, generating / Generating a skeleton for the exploit
- skeleton, generating using Immunity Debugger / Generating a skeleton using Immunity Debugger
- values, stuffing / Stuffing the values
- ShellCode, precluding / Precluding the ShellCode
- persistent access, meterpreter scripting
- setting up / Setting up persistent access
- PHP meterpreter
- about / The PHP meterpreter
- PHP Stream Scan Directory buffer overflow / Targeting suspected vulnerability prone systems
- PMSoftware Simple Web Server 2.2 / Modeling threats
- post-exploitation modules
- writing / Writing out post-exploitation modules
- post exploitation phase, penetration testing
- preinteractions, penetration testing
- about / Preinteractions
- scoping / Preinteractions
- goals / Preinteractions
- terms and definitions / Preinteractions
- rules of engagement / Preinteractions
- Process Identifies (PID) / Gaining access
- Programmable Logic Controller (PLC) / The fundamentals of ICS and its components
- Public Switched Telephone Network (PSTN) / Self-hosted network
- Python-based exploit
- launching / Experimenting with the exploit
- Python-based exploit, porting
- performing / Porting a Python-based exploit
- existing exploit, dismantling / Dismantling the existing exploit
- essentials, gathering / Gathering the essentials
- skeleton, generating / Generating a skeleton
- values, stuffing / Stuffing the values
R
- RailGun
- working with / Working with RailGun
- irb shell / Interactive Ruby shell basics
- Ruby-interactive shell / Interactive Ruby shell basics
- scripting / Understanding RailGun and its scripting
- Window API calls, manipulating / Manipulating Windows API calls
- sophisticated scripts, fabricating / Fabricating sophisticated RailGun scripts
- ranges, Ruby
- about / Ranges in Ruby
- RATTE module
- about / Third-party attacks with SET
- using / Third-party attacks with SET
- register
- about / The basics
- registers
- regular expressions, Ruby
- about / Regular expressions
- Remote Administration tool (RAT) servers / The attack types
- Remote Procedure Call (RPC) / The procedure of exploiting a vulnerability
- Remote Terminal Unit (RTU) / The fundamentals of ICS and its components
- report, penetration testing
- creating / Reporting
- reports
- generating / Generating reports
- resource scripts / Infectious Media Generator
- results, penetration testing
- fetching, database used / Using the database to store and fetch results
- storing, database used / Using the database to store and fetch results
- Ruby
- about / Ruby – the heart of Metasploit
- download link for Windows/Linux / Ruby – the heart of Metasploit
- program, creating / Creating your first Ruby program
- interactive shell, working on / Interacting with the Ruby shell
- methods, defining in shell / Defining methods in the shell
- variable / Variables and data types in Ruby
- variables' data types / Variables and data types in Ruby
- numbers and conversions / Numbers and conversions in Ruby
- methods / Methods in Ruby
- decision-making operators / Decision-making operators
- loops / Loops in Ruby
- regular expressions / Regular expressions
- basics / Wrapping up with Ruby basics
S
- -sP switch / Gathering intelligence
- SCADA
- about / The fundamentals of SCADA
- fundamentals / The fundamentals of SCADA
- components / The fundamentals of ICS and its components
- criticality / The seriousness of ICS-SCADA
- security, breaching / SCADA torn apart
- exploiting / The fundamentals of testing SCADA
- fundamentals of testing / The fundamentals of testing SCADA
- URL / SCADA-based exploits
- securing / Securing SCADA
- database exploitation / Database exploitation
- SCADA-based exploits
- about / SCADA-based exploits
- SCADA exploitation
- performing / Database exploitation
- SQL server / SQL server
- SQL server, footprinting with Nmap / FootPrinting SQL server with Nmap
- scanning process, with Metasploit modules / Scanning with Metasploit modules
- passwords, brute forcing / Brute forcing passwords
- server passwords, locating/capturing / Locating/capturing server passwords
- SQL server, browsing / Browsing SQL server
- system commands, executing / Post-exploiting/executing system commands
- system commands, post-exploiting / Post-exploiting/executing system commands
- xp_cmdshell functionality, reloading / Reloading the xp_cmdshell functionality
- SQL-based queries, running / Running SQL-based queries
- SCADApro system
- about / SCADA-based exploits
- SCADA security
- about / Securing SCADA
- implementing / Implementing secure SCADA
- networks, restricting / Restricting networks
- Secure Socket Layer (SSL) certificate / Configuring Metasploit on Ubuntu
- segment registers
- SEH
- about / The fundamentals of a structured exception handler
- fundamentals / The fundamentals of a structured exception handler
- controlling / Controlling SEH
- bypassing / Bypassing SEH
- SEH-based exploits
- about / SEH-based exploits
- structure / SEH-based exploits
- self-hosted network, VOIP services
- about / Self-hosted network
- Server Message Block (SMB) / The procedure of exploiting a vulnerability
- Session Initiation Protocol (SIP) / Hosted services
- SET
- about / Explaining the fundamentals of the social engineering toolkit
- fundamentals / Explaining the fundamentals of the social engineering toolkit
- attack types / The attack types
- attack vectors / The attack types
- attack techniques / Attacking with SET
- features / Providing additional features and further readings
- web interface / The SET web interface
- SET attacks
- automating / Automating SET attacks
- ShellCode / The procedure of exploiting a vulnerability
- about / The basics
- Short Messaging Service (SMS) servers
- about / The attack types
- show_message command / Working with interfaces
- SIP endpoint scanner / FootPrinting VOIP services
- SIP service providers, VOIP
- about / SIP service providers
- SMS Spoofing attack vector
- about / The attack types
- social engineering / Interaction with the employees and end users
- sophisticated scripts, RailGun
- fabricating / Fabricating sophisticated RailGun scripts
- Spear-Phishing attack vectors
- about / The attack types
- split function, Ruby
- about / The split function
- squeeze function, Ruby
- about / The squeeze function
- SS
- about / Registers
- stack
- about / The basics
- stealth scan / Gathering intelligence
- strings, Ruby
- working with / Working with strings
- Stuxnet bot / The seriousness of ICS-SCADA
- SYN scan / Scanning the hidden target using proxychains and db_nmap
- system bus / System organization basics
- system calls
- about / The basics
T
- tabnabbing attack
- about / The tabnabbing attack
- used, for harvesting credentials / The tabnabbing attack
- target network, meterpreter scripting
- pivoting / Pivoting the target network
- third-party attack vector
- threat modeling, penetration testing
- about / Modeling threats
- example / Modeling threats
- troubleshooting, WebSploit
- performing / Fixing up WebSploit
- path issues, fixing / Fixing path issues
- payload generation, fixing / Fixing payload generation
- file copy issue, fixing / Fixing the file copy issue
U
- Ultimate Packer for Executables (UPX) / The Java applet attack
V
- variables' data types, Ruby
- about / Variables and data types in Ruby
- strings, working with / Working with strings
- split function / The split function
- squeeze function / The squeeze function
- variables, Ruby
- about / Variables and data types in Ruby
- variables data types, Ruby
- ranges / Ranges in Ruby
- arrays / Arrays in Ruby
- VirtualBox / Setting up the penetration test lab
- downloading / Setting up the penetration test lab
- VMware player / Setting up the penetration test lab
- VOIP
- about / VOIP fundamentals
- fundamentals / VOIP fundamentals
- PBX / An introduction to PBX
- exploiting / Exploiting VOIP, Exploiting the application
- vulnerability / About the vulnerability
- VOIP call
- spoofing / Spoofing a VOIP call
- VOIP services
- types / Types of VOIP services
- self-hosted network / Self-hosted network
- hosted services / Hosted services
- SIP service providers / SIP service providers
- footprinting / FootPrinting VOIP services
- scanning / Scanning VOIP services
- vsprintf() function / The exploitation procedure
- vulnerability, VOIP exploitation / About the vulnerability
- vulnerability analysis, penetration testing
- about / Vulnerability analysis
W
- web-based exploits, porting
- performing / Porting a web-based exploit
- existing exploit, dismantling / Dismantling the existing exploit
- essentials, gathering / Gathering the essentials
- web functions, grasping / Grasping the important web functions
- GET/POST method essentials / The essentials of the GET/POST method
- auxiliary-based exploit, fabricating / Fabricating an auxiliary-based exploit
- auxiliary-based exploit, working / Working and explanation
- launching / Experimenting with the auxiliary exploit
- web interface, SET
- about / The SET web interface
- web jacking attack
- about / The web jacking attack
- performing / The web jacking attack
- Website attack vectors
- about / The attack types, Website Attack Vectors
- Java applet attack, executing / The Java applet attack
- tabnabbing attack / The tabnabbing attack
- web jacking attack, performing / The web jacking attack
- website clients exploitation
- performing / Compromising the clients of a website
- malicious web scripts, injecting / Injecting the malicious web scripts
- users, hacking / Hacking the users of a website
- WebSploit
- about / Introducing WebSploit
- commands / Introducing WebSploit
- troubleshooting / Fixing up WebSploit
- used, for attacking LAN / Attacking a LAN with WebSploit
- white box penetration test
- performing / Performing a white box penetration test
- interaction, with employees / Interaction with the employees and end users
- interaction, with end users / Interaction with the employees and end users
- intelligence gathering / Gathering intelligence
- threat areas, modeling / Modeling the threat areas
- suspected vulnerability prone systems, targeting / Targeting suspected vulnerability prone systems
- access, gaining / Gaining access
- tracks, covering / Covering tracks
- MagicTree / Introducing MagicTree
- reporting services / Other reporting services
- white box testing
- WHOIS
- about / WHOIS details and information
- query, performing / WHOIS details and information
- Window API calls, RailGun
- manipulating / Manipulating Windows API calls
- Wireless Access Point Attack Vector
- about / The attack types
- Word-based exploits
- about / Word-based exploits
- vulnerability, exploiting / Word-based exploits
X
- x86
- about / The basics
- XAMPP servers
- compromising / Compromising XAMPP servers
- PHP meterpreter / The PHP meterpreter
- system-level privileges, escalating / Escalating to system-level privileges