Index

A

• Address Space Layout Randomization (ASLR) / The concept of attack
• Application programming interface (API) calls / API calls and mixins
• architectures, elemental assembly primer
  • about / Architectures
  • system bus / System organization basics
  • Memory / System organization basics
  • I/O Devices / System organization basics
  • CPU / System organization basics
• Arduino-based attack vector
  • about / The attack types
• Armitage / The fundamentals of Metasploit
  • fundamentals / The fundamentals of Armitage
  • starting / Getting started
  • user interface / Touring the user interface
  • workspace, managing / Managing the workspace
  • networks and host management, scanning / Scanning networks and host management
  • exploitation / Exploitation with Armitage
  • post-exploitation / Post-exploitation with Armitage
  • client-side attacks / Attacking on the client side with Armitage
  • scripting, with Cortana scripts / Scripting Armitage
• arrays, Ruby
  • about / Arrays in Ruby
• assembly language
  • about / The basics
• attacks, SET
  • automating / Automating SET attacks
• attack vectors, SET
  • Spear-Phishing / The attack types
  • Website attack vectors / The attack types
  • Infectious Media Generator / The attack types
  • Create a Payload and Listener / The attack types
  • Mass Mailer Attack / The attack types
  • Arduino-based attack vector / The attack types
  • SMS Spoofing attack vector / The attack types
  • Wireless Access Point Attack Vector / The attack types
  • third-party attack vector / The attack types
  • evading detection / The attack types
• automated exploitation
  • about / Automated exploitation in Metasploit
  • db_autopwn, re-enabling / Re-enabling db_autopwn
  • target, scanning / Scanning the target
  • database, attacking / Attacking the database
• automated tools
  • about / Introducing automated tools
  • Social Engineering Toolkit (SET) / Introducing automated tools
  • Fast Track / Introducing automated tools
  • WebSploit / Introducing automated tools
  • Armitage / Introducing automated tools
• AV detections
  • bypassing / Bypassing AV detections
  • bypassing, with msfencode tool / msfencode
  • bypassing, with msfvenom tool / msfvenom
  • considerations, encoded file / Cautions while using encoders

B

• basics, Metasploit
  • exploits / Recalling the basics of Metasploit
  • payload / Recalling the basics of Metasploit
  • auxiliary / Recalling the basics of Metasploit
  • encoders / Recalling the basics of Metasploit
• black box penetration test
  • about / Performing a black box penetration test
  • performing / Performing a black box penetration test
  • FootPrinting / FootPrinting
  • FootPrinting, Dmitry used / Using Dmitry for FootPrinting
  • conducting, with Metasploit / Conducting a black box test with Metasploit
• black box test, with Metasploit
  • performing / Conducting a black box test with Metasploit
  • target, pivoting to / Pivoting to the target
  • hidden target, scanning using proxychains and db_nmap / Scanning the hidden target using proxychains and db_nmap
  • vulnerability scanning, conducting using Nessus / Conducting vulnerability scanning using Nessus
  • hidden target, exploiting / Exploiting the hidden target
  • privileges, elevating / Elevating privileges
• browser autopwn
  • about / The workings of the browser autopwn attack
  • working / The technology behind the attack
  • performing / Attacking browsers with Metasploit browser autopwn
• browsers exploitation
  • performing / Exploiting browsers
  • browser autopwn / The workings of the browser autopwn attack
  • browser autopwn, working / The technology behind the attack
  • browser attacking, with browser autopwn / Attacking browsers with Metasploit browser autopwn
  • browser attacking, with Metasploit browser autopwn / Attacking browsers with Metasploit browser autopwn
• brute force attack
  • about / Carrying out the MS SQL brute force attack
• buffer
  • about / The basics
• buffer overflow
  • about / The basics

C

• Classless inter domain routing (CIDR) / FootPrinting VOIP services
• client-based exploitation
  • browsers, exploiting / Exploiting browsers
  • file format-based exploitation / File format-based exploitation
  • XAMPP servers, compromising / Compromising XAMPP servers
  • AV detections, bypassing / Bypassing AV detections
  • DNS spoofing attacks / Conjunction with DNS spoofing
  • Linux attacks, with with malicious packages / Attacking Linux with malicious packages
• client-side attacks, Armitage
  • about / Attacking on the client side with Armitage
  • launching / Attacking on the client side with Armitage
• command-line interface / The fundamentals of Metasploit
• components, SCADA systems
  • Remote Terminal Unit (RTU) / The fundamentals of ICS and its components
  • Programmable Logic Controller (PLC) / The fundamentals of ICS and its components
  • Human Machine Interface (HMI) / The fundamentals of ICS and its components
  • Intelligent electronic device (IED) / The fundamentals of ICS and its components
• console interface / The fundamentals of Metasploit
• Control Unit (CU) / System organization basics
• Corelan team
  • URL / Generating a skeleton for the exploit
• Cortana
  • about / Scripting Armitage
  • fundamentals / The fundamentals of Cortana
  • Metasploit, controlling / Controlling Metasploit
  • post-exploitation / Post-exploitation with Cortana
  • custom menu, building / Building a custom menu in Cortana
  • interfaces, working with / Working with interfaces
• Cortana scripting / The fundamentals of Metasploit
• CPU, elemental assembly primer
  • about / System organization basics
  • Control Unit (CU) / System organization basics
  • Execution Unit (EU) / System organization basics
  • Registers / System organization basics
  • Flags / System organization basics
• Create a Payload and Listener vector
  • about / The attack types, Creating a Payload and Listener
• CS
  • about / Registers
• custom FTP scanner module
  • writing / Writing out a custom FTP scanner module
• custom HTTP server scanner
  • writing / Writing out a custom HTTP server scanner
• custom meterpreter scripts
  • fabricating / Fabricating custom meterpreter scripts
• custom modules
  • developing / Developing custom modules
• custom modules development
  • module, building in nutshell / Building a module in a nutshell
  • Metasploit architecture / The architecture of the Metasploit framework
  • libraries layout / Understanding the libraries' layout
  • existing modules, digging / Understanding the existing modules
  • custom FTP scanner module, writing / Writing out a custom FTP scanner module
  • custom HTTP server scanner, writing / Writing out a custom HTTP server scanner
  • post-exploitation modules, writing / Writing out post-exploitation modules

D

• database
  • used, for storing results / Using the database to store and fetch results
  • used, for fetching results / Using the database to store and fetch results
• Data Execution Prevention (DEP) / The concept of attack
• debugger
  • about / The basics
  • Immunity Debugger / The basics
  • GDB / The basics
  • OllyDbg / The basics
• decision-making operators, Ruby
  • about / Decision-making operators
• Denial of Service (DoS) attack / Intelligence gathering / reconnaissance phase
• distributed component object model (DCOM) / Intelligence gathering / reconnaissance phase
• Dmitry
  • about / Using Dmitry for FootPrinting
  • used, for FootPrinting / Using Dmitry for FootPrinting
  • WHOIS query, performing / WHOIS details and information
  • subdomains, finding / Finding out subdomains
  • e-mail harvesting / E-mail harvesting
  • DNS enumeration, with Metasploit / DNS enumeration with Metasploit
• DNS spoofing attacks
  • about / Conjunction with DNS spoofing
  • victim, tricking with DNS hijacking / Tricking victims with DNS hijacking
• Domain Name System (DNS)
  • about / WHOIS details and information
• Dradis Framework
  • URL / Other reporting services
• DS
  • about / Registers
• Dynamic Link Library (DLL) / API calls and mixins

E

• EAX
  • about / Registers
• EBP
  • about / Registers
• EBX
  • about / Registers
• ECX
  • about / Registers
• EDX
  • about / Registers
• EIP
  • about / Registers, Gravity of EIP
• elemental assembly primer
  • about / The elemental assembly primer
  • basics / The basics
  • architecture / Architectures
  • system organization basics / System organization basics
  • registers / Registers
  • NOPs / Relevance of NOPs and JMP
  • JMP / Relevance of NOPs and JMP
  • variables / Variables and declaration
  • declaration / Variables and declaration
  • example assembly programs, fabricating / Fabricating example assembly programs
• environment, penetration testing
  • setting up / Setting up the environment
  • preinteractions / Preinteractions
  • gathering intelligence phase / Intelligence gathering / reconnaissance phase
  • threat modeling / Modeling threats
  • vulnerability analysis / Vulnerability analysis
  • exploitation phase / Exploitation and post-exploitation
  • post exploitation phase / Exploitation and post-exploitation
  • reporting / Reporting
• errors, in Linux-based installation
  • troubleshooting / Errors in the Linux-based installation
• errors, in Windows-based installation
  • troubleshooting / Errors in the Windows-based installation
• error states
  • errors, in Windows-based installation / Errors in the Windows-based installation
  • errors, in Linux-based installation / Errors in the Linux-based installation
• ES
  • about / Registers
• ESI/EDI
  • about / Registers
• ESP
  • about / Registers, Gravity of ESP
• evading detection / The attack types
• Execution Unit (EU) / System organization basics
• executive summary, penetration testing report
  • scope / The executive summary
  • objectives / The executive summary
  • assumptions made / The executive summary
  • summary of vulnerabilities / The executive summary
  • summary of recommendations / The executive summary
• exploit, finalizing
  • bad characters, determining / Determining bad characters
  • space limitations, determining / Determining space limitations
  • example exploit code, creating / Fabricating under Metasploit
  • automation functions / Automation functions in Metasploit
• exploitation phase, penetration testing
  • about / Exploitation and post-exploitation
• exploit base
  • building up / Building up the exploit base
  • buffer size, calculating / Calculating the buffer size
  • JMP address, calculating / Calculating the JMP address
  • EIP, examining / Examining the EIP
  • pragma script / The script
  • applications, stuffing / Stuffing applications for fun and profit
  • ESP, examining / Examining ESP
  • space, stuffing / Stuffing the space
• exploit formulation
  • elemental assembly primer / The elemental assembly primer
• exploit formulation, testing
  • application, crashing / Crashing the application
  • variable input supplies / Variable input supplies
  • junk, generating / Generating junk
  • Immunity Debugger / An introduction to Immunity Debugger
  • GDB / An introduction to GDB
• exploits
  • Perl-based exploit, porting / Porting a Perl-based exploit
  • Python-based exploit, porting / Porting a Python-based exploit
  • web-based exploits, porting / Porting a web-based exploit
• Extended Instruction Pointer (EIP) / The elemental assembly primer
• Extended instruction pointer (EIP) / The exploitation procedure
• Extended Stack Pointer (ESP) / The elemental assembly primer

F

• fake update
  • performing, with DNS-spoofing attack / Fake updates with the DNS-spoofing attack
• false positives / Performing a white box penetration test
• fast-paced penetration testing
  • conducting, with automated tools / Introducing automated tools
  • Fast Track MS SQL attack vectors / Fast Track MS SQL attack vectors
  • automated exploitation / Automated exploitation in Metasploit
  • fake update, with DNS-spoofing attack / Fake updates with the DNS-spoofing attack
• Fast Track
  • about / Fast Track MS SQL attack vectors, A brief about Fast Track
  • MS SQL brute force attack, performing / Carrying out the MS SQL brute force attack
  • depreciation / The depreciation of Fast Track
  • SET, creating / Renewed Fast Track in SET
  / Renewed Fast Track in SET
• features, Metasploit
  • open source / Open source
  • ease of use / Support for testing large networks and easy naming conventions
  • payloads, generating / Smart payload generation and switching mechanism
  • cleaner exits / Cleaner exits
  • GUI environment / The GUI environment
• file format-based exploitation
  • about / File format-based exploitation
  • PDF-based exploits / PDF-based exploits
  • Word-based exploits / Word-based exploits
  • media-based exploits / Media-based exploits
• flags
  • about / System organization basics
• Foot printing / Intelligence gathering / reconnaissance phase
• format string bugs
  • about / The basics
• FS
  • about / Registers

G

• gathering intelligence phase, penetration testing
  • about / Intelligence gathering / reconnaissance phase
  • examples / Intelligence gathering / reconnaissance phase
  • target selection / Intelligence gathering / reconnaissance phase
  • covert gathering / Intelligence gathering / reconnaissance phase
  • Foot printing / Intelligence gathering / reconnaissance phase
  • protection mechanisms, identifying / Intelligence gathering / reconnaissance phase
  • test grounds, presensing / Presensing the test grounds
• GDB / The basics
  • about / An introduction to GDB
  • functions, performing / An introduction to GDB
• Google dorks / Intelligence gathering / reconnaissance phase
• Greenbone interfaces, OpenVAS
  • about / Greenbone interfaces for OpenVAS
• GS
  • about / Registers
• GUI interface / The fundamentals of Metasploit

H

• heart beat function / Post-exploitation with Cortana
• hosted services, VOIP
  • about / Hosted services
• Human Machine Interface (HMI) / The fundamentals of ICS and its components

I

• ICS systems / The fundamentals of ICS and its components
• iDevices
  • testing / Post-exploitation on Apple iDevices
• Immunity Debugger / The basics
  • about / An introduction to Immunity Debugger
  • process, attaching / An introduction to Immunity Debugger
  • using / Generating a skeleton using Immunity Debugger
• Infectious Media Generator attack vector
  • about / The attack types, Infectious Media Generator
  • advantage / Infectious Media Generator
  • using / Infectious Media Generator
• intelligence gathering, white box penetration test
  • about / Gathering intelligence
  • OpenVAS vulnerability scanner fundamentals / Explaining the fundamentals of the OpenVAS vulnerability scanner
  • OpenVAS, setting up / Setting up OpenVAS
  • Greenbone interfaces, OpenVAS / Greenbone interfaces for OpenVAS
• Intelligent electronic device (IED) / The fundamentals of ICS and its components
• interactive shell, Ruby
  • working with / Interacting with the Ruby shell
• interface panel, Armitage
  • about / Touring the user interface
• internal FootPrinting
  • about / Gathering intelligence
  • conducting / Gathering intelligence
• Internet Information Services (IIS) pawnage tools / Presensing the test grounds
• Internet Service Provider (ISP) / Self-hosted network
• iOS
  • exploiting, with Metasploit / Exploiting iOS with Metasploit

J

• Java applet attack
  • about / The Java applet attack
  • executing / The Java applet attack
• Jump (JMP) / The elemental assembly primer

L

• Last In First Out (LIFO) method / The basics
• lcc-win32 compiler / Crashing the application
• Linux
  • attacking, with malicious packages / Attacking Linux with malicious packages
• Local Area Network (LAN) / Interaction with the employees and end users
• loops, Ruby
  • about / Loops in Ruby

M

• MagicTree
  • about / Introducing MagicTree
  • report, creating / Introducing MagicTree
• manual reports, penetration test
  • generating / Generating manual reports
  • format / The format of the report
• Mass Mailer Attack
  • about / The attack types
• media-based exploits
  • about / Media-based exploits
  • Media Player Classic video player, exploiting / Media-based exploits
• Metasploit
  • fundamentals / The fundamentals of Metasploit
  • features / The dominance of Metasploit
  • Ruby / Ruby – the heart of Metasploit
  • custom modules, developing / Developing custom modules
  • meterpreter scripting / Breakthrough meterpreter scripting
  • RailGun / Working with RailGun
• Metasploit
  • configuring, on Windows XP/7 / Configuring Metasploit on Windows XP/7
  • configuring, on Ubuntu / Configuring Metasploit on Ubuntu
• Metasploit community / The fundamentals of Metasploit
• Metasploit framework / The fundamentals of Metasploit
  • architecture / The architecture of the Metasploit framework
• Metasploit pro / The fundamentals of Metasploit
• meterpreter scripting
  • about / Breakthrough meterpreter scripting
  • essentials / Essentials of meterpreter scripting
  • target network, pivoting / Pivoting the target network
  • persistent access, setting up / Setting up persistent access
  • API calls / API calls and mixins
  • mixins / API calls and mixins
  • custom meterpreter scripts, fabircating / Fabricating custom meterpreter scripts
• methodology / network admin level report
  • about / Methodology / network admin level report
  • test details / Methodology / network admin level report
  • list of vulnerabilities / Methodology / network admin level report
  • likelihood / Methodology / network admin level report
  • recommendations / Methodology / network admin level report
• methods, Ruby
  • about / Methods in Ruby
• MS03-020 Internet Explorer Object Type exploit / Attacking browsers with Metasploit browser autopwn
• MSF scan / Scanning networks and host management
• MS SQL brute force attack
  • performing / Carrying out the MS SQL brute force attack

N

• networks and host management, Armitage
  • scanning / Scanning networks and host management
  • Nmap scan / Scanning networks and host management
  • MSF scan / Scanning networks and host management
  • vulnerabilities, modeling out / Modeling out vulnerabilities
  • match, finding / Finding the match
• Network vulnerability tests (NVTs) / Setting up OpenVAS
• Nmap scan / Scanning networks and host management
• No operation (NOP) / The elemental assembly primer
• No tech Hacking / Interaction with the employees and end users
• numbers and conversions, Ruby
  • about / Numbers and conversions in Ruby

O

• OllyDbg / The basics
• OpenVAS
  • fundamentals / Explaining the fundamentals of the OpenVAS vulnerability scanner
  • setting up / Setting up OpenVAS
  • Greenbone interfaces / Greenbone interfaces for OpenVAS
• OWASP Report Generator
  • URL / Other reporting services

P

• PBX
  • about / An introduction to PBX
• PDF-based exploits
  • about / PDF-based exploits
  • vulnerability, exploiting / PDF-based exploits
• penetration test, conducting with Metasploit
  • Metasploit basics, recalling / Recalling the basics of Metasploit
• penetration test environment, mounting
  • penetration test lab, setting up / Setting up the penetration test lab
  • Metasploit features / The fundamentals of Metasploit
  • Metasploit, configuring on Windows XP/7 / Configuring Metasploit on Windows XP/7
  • Metasploit, configuring on Ubuntu / Configuring Metasploit on Ubuntu
  • error states, dealing with / Dealing with error states
• penetration testing
  • environment, setting up / Setting up the environment
  • environment, mounting / Mounting the environment
  • conducting, Metasploit used / Conducting a penetration test with Metasploit
  • results, fetching / Using the database to store and fetch results
  • reports, storing / Using the database to store and fetch results
  • reports, generating / Generating reports
• penetration testing, of Windows 7
  • performing / Penetration testing Windows 7
  • gathering intelligence phase / Gathering intelligence
  • threats, modelling / Modeling threats
  • vulnerability analysis / Vulnerability analysis
  • exploitation / The exploitation procedure, Exploitation and post-exploitation
  • post exploitation / Exploitation and post-exploitation
• penetration testing, of Windows Server 2003
  • performing / Penetration testing Windows Server 2003
• penetration testing, of Windows XP
  • assumptions / Assumptions
  • gathering intelligence / Gathering intelligence
  • information gathering / Gathering intelligence
  • threats, modeling / Modeling threats
  • vulnerability analysis / Vulnerability analysis
  • attack procedure, with respect to NETAPI vulnerability / The attack procedure with respect to the NETAPI vulnerability
  • concept of attack / The concept of attack
  • vulnerability, exploiting / The procedure of exploiting a vulnerability
  • exploitation / Exploitation and post-exploitation
  • post exploitation / Exploitation and post-exploitation
  • access, maintaining / Maintaining access
  • tracks, clearing / Clearing tracks
• penetration testing report format
  • about / The format of the report
  • page design / The format of the report
  • document control / The format of the report
  • cover page / The format of the report
  • document properties / The format of the report
  • list of report content / The format of the report
  • table of content / The format of the report
  • list of illustrations / The format of the report
  • executive summary / The executive summary
  • methodology / network admin level report / Methodology / network admin level report
  • references, additional sections / Additional sections
  • glossary, additional sections / Additional sections
• penetration test lab
  • setting up / Setting up the penetration test lab
• Perl-based exploit
  • launching / Experimenting with the exploit
• Perl-based exploit, porting
  • performing / Porting a Perl-based exploit
  • existing exploit, dismantling / Dismantling the existing exploit
  • logic / Understanding the logic of exploitation
  • essentials, gathering / Gathering the essentials
  • skeleton, generating / Generating a skeleton for the exploit
  • skeleton, generating using Immunity Debugger / Generating a skeleton using Immunity Debugger
  • values, stuffing / Stuffing the values
  • ShellCode, precluding / Precluding the ShellCode
• persistent access, meterpreter scripting
  • setting up / Setting up persistent access
• PHP meterpreter
  • about / The PHP meterpreter
• PHP Stream Scan Directory buffer overflow / Targeting suspected vulnerability prone systems
• PMSoftware Simple Web Server 2.2 / Modeling threats
• post-exploitation modules
  • writing / Writing out post-exploitation modules
• post exploitation phase, penetration testing
  • about / Exploitation and post-exploitation
• preinteractions, penetration testing
  • about / Preinteractions
  • scoping / Preinteractions
  • goals / Preinteractions
  • terms and definitions / Preinteractions
  • rules of engagement / Preinteractions
• Process Identifies (PID) / Gaining access
• Programmable Logic Controller (PLC) / The fundamentals of ICS and its components
• Public Switched Telephone Network (PSTN) / Self-hosted network
• Python-based exploit
  • launching / Experimenting with the exploit
• Python-based exploit, porting
  • performing / Porting a Python-based exploit
  • existing exploit, dismantling / Dismantling the existing exploit
  • essentials, gathering / Gathering the essentials
  • skeleton, generating / Generating a skeleton
  • values, stuffing / Stuffing the values

R

• RailGun
  • working with / Working with RailGun
  • irb shell / Interactive Ruby shell basics
  • Ruby-interactive shell / Interactive Ruby shell basics
  • scripting / Understanding RailGun and its scripting
  • Window API calls, manipulating / Manipulating Windows API calls
  • sophisticated scripts, fabricating / Fabricating sophisticated RailGun scripts
• ranges, Ruby
  • about / Ranges in Ruby
• RATTE module
  • about / Third-party attacks with SET
  • using / Third-party attacks with SET
• register
  • about / The basics
• registers
  • about / System organization basics, Registers
  • General Purpose / Registers
  • Segment / Registers
  • EFLAGS / Registers
  • Index registers / Registers
  • EAX / Registers
  • EBX / Registers
  • ECX / Registers
  • EDX / Registers
  • ESI/EDI / Registers
  • ESP / Registers
  • EBP / Registers
  • EIP / Registers
• regular expressions, Ruby
  • about / Regular expressions
• Remote Administration tool (RAT) servers / The attack types
• Remote Procedure Call (RPC) / The procedure of exploiting a vulnerability
• Remote Terminal Unit (RTU) / The fundamentals of ICS and its components
• report, penetration testing
  • creating / Reporting
• reports
  • generating / Generating reports
• resource scripts / Infectious Media Generator
• results, penetration testing
  • fetching, database used / Using the database to store and fetch results
  • storing, database used / Using the database to store and fetch results
• Ruby
  • about / Ruby – the heart of Metasploit
  • download link for Windows/Linux / Ruby – the heart of Metasploit
  • program, creating / Creating your first Ruby program
  • interactive shell, working on / Interacting with the Ruby shell
  • methods, defining in shell / Defining methods in the shell
  • variable / Variables and data types in Ruby
  • variables' data types / Variables and data types in Ruby
  • numbers and conversions / Numbers and conversions in Ruby
  • methods / Methods in Ruby
  • decision-making operators / Decision-making operators
  • loops / Loops in Ruby
  • regular expressions / Regular expressions
  • basics / Wrapping up with Ruby basics

S

• -sP switch / Gathering intelligence
• SCADA
  • about / The fundamentals of SCADA
  • fundamentals / The fundamentals of SCADA
  • components / The fundamentals of ICS and its components
  • criticality / The seriousness of ICS-SCADA
  • security, breaching / SCADA torn apart
  • exploiting / The fundamentals of testing SCADA
  • fundamentals of testing / The fundamentals of testing SCADA
  • URL / SCADA-based exploits
  • securing / Securing SCADA
  • database exploitation / Database exploitation
• SCADA-based exploits
  • about / SCADA-based exploits
• SCADA exploitation
  • performing / Database exploitation
  • SQL server / SQL server
  • SQL server, footprinting with Nmap / FootPrinting SQL server with Nmap
  • scanning process, with Metasploit modules / Scanning with Metasploit modules
  • passwords, brute forcing / Brute forcing passwords
  • server passwords, locating/capturing / Locating/capturing server passwords
  • SQL server, browsing / Browsing SQL server
  • system commands, executing / Post-exploiting/executing system commands
  • system commands, post-exploiting / Post-exploiting/executing system commands
  • xp_cmdshell functionality, reloading / Reloading the xp_cmdshell functionality
  • SQL-based queries, running / Running SQL-based queries
• SCADApro system
  • about / SCADA-based exploits
• SCADA security
  • about / Securing SCADA
  • implementing / Implementing secure SCADA
  • networks, restricting / Restricting networks
• Secure Socket Layer (SSL) certificate / Configuring Metasploit on Ubuntu
• segment registers
  • SS / Registers
  • DS / Registers
  • ES / Registers
  • CS / Registers
  • FS / Registers
  • GS / Registers
• SEH
  • about / The fundamentals of a structured exception handler
  • fundamentals / The fundamentals of a structured exception handler
  • controlling / Controlling SEH
  • bypassing / Bypassing SEH
• SEH-based exploits
  • about / SEH-based exploits
  • structure / SEH-based exploits
• self-hosted network, VOIP services
  • about / Self-hosted network
• Server Message Block (SMB) / The procedure of exploiting a vulnerability
• Session Initiation Protocol (SIP) / Hosted services
• SET
  • about / Explaining the fundamentals of the social engineering toolkit
  • fundamentals / Explaining the fundamentals of the social engineering toolkit
  • attack types / The attack types
  • attack vectors / The attack types
  • attack techniques / Attacking with SET
  • features / Providing additional features and further readings
  • web interface / The SET web interface
• SET attacks
  • automating / Automating SET attacks
• ShellCode / The procedure of exploiting a vulnerability
  • about / The basics
• Short Messaging Service (SMS) servers
  • about / The attack types
• show_message command / Working with interfaces
• SIP endpoint scanner / FootPrinting VOIP services
• SIP service providers, VOIP
  • about / SIP service providers
• SMS Spoofing attack vector
  • about / The attack types
• social engineering / Interaction with the employees and end users
• sophisticated scripts, RailGun
  • fabricating / Fabricating sophisticated RailGun scripts
• Spear-Phishing attack vectors
  • about / The attack types
• split function, Ruby
  • about / The split function
• squeeze function, Ruby
  • about / The squeeze function
• SS
  • about / Registers
• stack
  • about / The basics
• stealth scan / Gathering intelligence
• strings, Ruby
  • working with / Working with strings
• Stuxnet bot / The seriousness of ICS-SCADA
• SYN scan / Scanning the hidden target using proxychains and db_nmap
• system bus / System organization basics
• system calls
  • about / The basics

T

• tabnabbing attack
  • about / The tabnabbing attack
  • used, for harvesting credentials / The tabnabbing attack
• target network, meterpreter scripting
  • pivoting / Pivoting the target network
• third-party attack vector
  • about / The attack types, Third-party attacks with SET
• threat modeling, penetration testing
  • about / Modeling threats
  • example / Modeling threats
• troubleshooting, WebSploit
  • performing / Fixing up WebSploit
  • path issues, fixing / Fixing path issues
  • payload generation, fixing / Fixing payload generation
  • file copy issue, fixing / Fixing the file copy issue

U

• Ultimate Packer for Executables (UPX) / The Java applet attack

V

• variables' data types, Ruby
  • about / Variables and data types in Ruby
  • strings, working with / Working with strings
  • split function / The split function
  • squeeze function / The squeeze function
• variables, Ruby
  • about / Variables and data types in Ruby
• variables data types, Ruby
  • ranges / Ranges in Ruby
  • arrays / Arrays in Ruby
• VirtualBox / Setting up the penetration test lab
  • downloading / Setting up the penetration test lab
• VMware player / Setting up the penetration test lab
• VOIP
  • about / VOIP fundamentals
  • fundamentals / VOIP fundamentals
  • PBX / An introduction to PBX
  • exploiting / Exploiting VOIP, Exploiting the application
  • vulnerability / About the vulnerability
• VOIP call
  • spoofing / Spoofing a VOIP call
• VOIP services
  • types / Types of VOIP services
  • self-hosted network / Self-hosted network
  • hosted services / Hosted services
  • SIP service providers / SIP service providers
  • footprinting / FootPrinting VOIP services
  • scanning / Scanning VOIP services
• vsprintf() function / The exploitation procedure
• vulnerability, VOIP exploitation / About the vulnerability
• vulnerability analysis, penetration testing
  • about / Vulnerability analysis

W

• web-based exploits, porting
  • performing / Porting a web-based exploit
  • existing exploit, dismantling / Dismantling the existing exploit
  • essentials, gathering / Gathering the essentials
  • web functions, grasping / Grasping the important web functions
  • GET/POST method essentials / The essentials of the GET/POST method
  • auxiliary-based exploit, fabricating / Fabricating an auxiliary-based exploit
  • auxiliary-based exploit, working / Working and explanation
  • launching / Experimenting with the auxiliary exploit
• web interface, SET
  • about / The SET web interface
• web jacking attack
  • about / The web jacking attack
  • performing / The web jacking attack
• Website attack vectors
  • about / The attack types, Website Attack Vectors
  • Java applet attack, executing / The Java applet attack
  • tabnabbing attack / The tabnabbing attack
  • web jacking attack, performing / The web jacking attack
• website clients exploitation
  • performing / Compromising the clients of a website
  • malicious web scripts, injecting / Injecting the malicious web scripts
  • users, hacking / Hacking the users of a website
• WebSploit
  • about / Introducing WebSploit
  • commands / Introducing WebSploit
  • troubleshooting / Fixing up WebSploit
  • used, for attacking LAN / Attacking a LAN with WebSploit
• white box penetration test
  • performing / Performing a white box penetration test
  • interaction, with employees / Interaction with the employees and end users
  • interaction, with end users / Interaction with the employees and end users
  • intelligence gathering / Gathering intelligence
  • threat areas, modeling / Modeling the threat areas
  • suspected vulnerability prone systems, targeting / Targeting suspected vulnerability prone systems
  • access, gaining / Gaining access
  • tracks, covering / Covering tracks
  • MagicTree / Introducing MagicTree
  • reporting services / Other reporting services
• white box testing
  • about / Performing a white box penetration test
• WHOIS
  • about / WHOIS details and information
  • query, performing / WHOIS details and information
• Window API calls, RailGun
  • manipulating / Manipulating Windows API calls
• Wireless Access Point Attack Vector
  • about / The attack types
• Word-based exploits
  • about / Word-based exploits
  • vulnerability, exploiting / Word-based exploits

X

• x86
  • about / The basics
• XAMPP servers
  • compromising / Compromising XAMPP servers
  • PHP meterpreter / The PHP meterpreter
  • system-level privileges, escalating / Escalating to system-level privileges