Index
A
- abstract methodology
- about / Abstract methodology
- planning / Final thoughts
- action plan, test environment
- about / Planning for action
- Kali, configuring / Configuring Kali
- Kali applications, updating / Updating the applications and operating system
- operating system, updating / Updating the applications and operating system
- advanced features, Dig
- about / Advanced features of Dig
- output, shortening / Shortening the output
- bind version, listing / Listing the bind version
- reverse DNS lookup / Reverse DNS lookup using Dig
- multiple commands / Multiple commands
- path, tracing / Tracing the path
- batching / Batching with dig
- Advanced Packaging Tool (APT) / Updating the applications and operating system
- advanced penetration testing
- am0n0wall firewall installation
- download link / Firewall lab setup
- Angry IP Scanner
- about / Angry IP Scanner
- reference link / Angry IP Scanner
- Apple Filing Protocol (AFP) / Nmap – getting to know you
- arch command
- about / Important commands
- Armitage
- using, for post-exploitation / Using Armitage for post-exploitation
- ASLR
- turning on / Turning ASLR on and off in Kali
B
- 64-bit exploitation
- about / 64-bit exploitation
- banner grabbing
- with Netcat / Banner grabbing with Netcat and Ncat, Banner grabbing with Netcat
- with Ncat / Banner grabbing with Netcat and Ncat, Banner grabbing with Ncat
- with smbclient / Banner grabbing with smbclient
- banners, Shodan
- about / Understanding banners
- HTTP banners / HTTP banners
- Border Gateway Protocol (BGP)
- about / Reporting
- Bruteforce Exploit Detector (BED)
- buffer overflows
- about / Buffer overflows – a refresher
- memory basics / Memory basics
- basics / Understanding the basics of buffer overflows
- Buffer Overflow Tutorial
- reference link / Understanding the basics of buffer overflows
C
- cat command
- about / Important commands
- CentOS
- reference link / AspenMLC Research Labs' virtual network
- CentralOps.net
- challenges / Reader challenge, Reader challenge, Reader challenge
- Oclhashcat / Reader challenge
- Kipotrix / Reader challenge
- iptables / Reader challenge
- commands, Linux-based operating system
- ls-oaF / Important commands
- locate / Important commands
- updatedb / Important commands
- grep / Important commands
- less / Important commands
- cat / Important commands
- df-H / Important commands
- date / Important commands
- free / Important commands
- arch / Important commands
- echo / Important commands
- last / Important commands
- logname / Important commands
- pwd / Important commands
- uname-a / Important commands
- netstat / Important commands
- Ifconfig / Important commands
- Udevd -version / Important commands
- Find / -type f -perm777 / Important commands
- Common Vulnerability Exposure (CVE)
- about / Vulnerability analysis
- compromised hosts
- cleaning up / Cleaning up compromised hosts
- checklist, using / Using a checklist
- cleaning up, situations / When to clean up
- local log files / Local log files
- configuration time
- saving, w3af GUI used / Using w3af GUI to save configuration time
- Corelan
- reference link / Understanding the basics of buffer overflows
- custom scripts, Nmap
- adding, to arsenal / Adding custom Nmap scripts to your arsenal
- selecting / Deciding if a script is right for you
- new script, adding to database / Adding a new script to the database
- Zenmap / Zenmap – for those who want the GUI
D
- data gathering
- about / Data gathering, network analysis, and pillaging
- enumeration / Enumeration
- exploitation / Exploitation
- remote connection / We are connected, now what?
- tools, available on remote system / Which tools are available on the remote system?
- network information, finding / Finding network information
- connections, determining / Determine connections
- installed packages, checking / Checking installed packages
- package repositories / Package repositories
- programs and services, that run at startup / Programs and services that run at startup
- searching for information / Searching for information
- history files / History files and logs
- history logs / History files and logs
- configurations / Configurations, settings, and other files
- settings / Configurations, settings, and other files
- files / Configurations, settings, and other files
- users / Users and credentials
- credentials / Users and credentials
- files, moving / Moving the files
- date command
- about / Important commands
- Debian 5.0
- reference link / AspenMLC Research Labs' virtual network
- default architecture, VMware Workstation
- about / Understanding the default architecture
- Kali Linux, installing / Installing Kali Linux
- denial-of-service (DoS) attack
- about / What is permitted?
- df-H command
- about / Important commands
- directories and files, Linux-based operating system
- /etc/passwd / Important directories and files
- /etc/ftpusers / Important directories and files
- /etc/pam.d / Important directories and files
- /etc/shadow / Important directories and files
- /etc/hosts.allow / Important directories and files
- /etc/hosts.deny / Important directories and files
- /etc/securetty / Important directories and files
- /etc/shutdown.allow / Important directories and files
- /etc/security / Important directories and files
- /etc/init.dor/etc/rc.d/init.d / Important directories and files
- /etc/ssh / Important directories and files
- /etc/sysctl.conf / Important directories and files
- /etc/sysconfig / Important directories and files
- /etc/dhcpc / Important directories and files
- /var/log / Important directories and files
- /var/log/messages / Important directories and files
- /var/log/wtmp / Important directories and files
- /var/log/lastlog / Important directories and files
- DNS brute forcing, with fierce
- about / DNS brute-forcing with fierce
- default command usage / Default command usage
- custom word list, creating / Creating a custom word list
- DNS recon
- about / DNS recon
- nslookup / nslookup – it's there when you need it
- Domain information groper (Dig) / Domain information groper
- DNS brute forcing, with fierce / DNS brute-forcing with fierce
- domain and IP information
- obtaining / Gathering and validating domain and IP information
- validating / Gathering and validating domain and IP information
- obtaining, with Whois / Gathering information with Whois
- domain and IP information, obtaining with Whois
- about / Gathering information with Whois
- registrar, specifying / Specifying which registrar to use
- IP address, identifying / Where in the world is this IP?
- defensive measures / Defensive measures
- Domain information groper (Dig)
- about / Domain information groper
- URL / Domain information groper
- default output / Default output
- zone transfers (AXFR) / Zone transfers using Dig
- advanced features / Advanced features of Dig
- Domain Name System (DNS)
- about / DNS recon
- Dradis
- about / Dradis framework for collaboration
- setups / Dradis framework for collaboration
- bringing, to available interface / Binding to an available interface other than 127.0.0.1
- Dradis framework
- about / Introduction to the Dradis framework
- project template, exporting / Exporting a project template
- project template, importing / Importing a project template
- sample data, preparing for import / Preparing sample data for import
- Nmap data, importing / Importing your Nmap data
- data, exporting into HTML / Exporting data into HTML
- Category field / Dradis Category field
- default HTML template, changing / Changing the default HTML template
E
- EBP (base pointer)
- about / Memory basics
- echo command
- about / Important commands
- EIP (instruction pointer)
- about / Memory basics
- Endian architectures
- reference link / 64-bit exploitation
- enumeration
- about / Enumeration
- enumeration avoidance techniques
- about / Enumeration avoidance techniques
- naming conventions / Naming conventions
- port knocking / Port knocking
- intrusion detection / Intrusion detection and avoidance systems
- avoidance systems / Intrusion detection and avoidance systems
- trigger points / Trigger points
- SNMP lockdown / SNMP lockdown
- Errors and Omissions (E&O) insurance / Determining scope
- ESP (stack pointer)
- about / Memory basics
- EXIF / Metadata collection
- exiftool / Extracting metadata from photos using exiftool
- Exploit-DB
- URL / Google hacking database
- reference link / Searching Exploit-DB
- searching / Searching Exploit-DB
- about / Exploit-DB at hand
- code, compiling / Compiling the code
- proof of concept code, compiling / Compiling proof-of-concept code
- code, troubleshooting / Troubleshooting the code
- code, ^M characters / What are all of these ^M characters and why won't they go away?
- code, broken strings / Broken strings – the reunion
- exploitation
- about / Exploitation, Exploitation – why bother?, Exploitation
- benefits / Exploitation – why bother?
F
- Fast-Track
- about / Fast-Track
- File integrity monitoring (FIM) / File Integrity Monitoring (FIM)
- files and directories, Windows machine / Important directories and files
- filters, Shodan
- Find / -type f -perm777 command
- about / Important commands
- firewall
- stealth scanning through / Stealth scanning through the firewall
- ports, finding / Finding the ports
- detecting, traceroute used / Traceroute to find out if there is a firewall
- used, for detecting port block / Finding out if the firewall is blocking certain ports
- Firewall Lab
- setup / Firewall lab setup
- am0n0wall firewall installation / Firewall lab setup
- additional packages, installing in pfSense / Installing additional packages in pfSense
- FOCA / Metadata collection
- footprinting / Introducing reconnaissance
- free command
- about / Important commands
- fuzzing
- about / Exploitation
- fuzzing tools, in Kali
- about / Fuzzing tools included in Kali
- Bruteforce Exploit Detector (BED) / Bruteforce Exploit Detector (BED)
- sfuzz / sfuzz – Simple fuzzer
G
- Gallarific
- about / Using WebScarab as an HTTP proxy
- Gnome text editor (Gedit)
- about / Gedit – Gnome text editor
- reference link / Gedit – Gnome text editor
- GNUCITIZEN
- GNU Debugger
- reference link / "C"ing is believing – Create a vulnerable program
- Google Hacking Database (GHDB) / Google hacking database
- grep command
- about / Important commands
H
- HackBar
- about / Introduction to browser plugin HackBar
- reference link / Introduction to browser plugin HackBar
- using / Introduction to browser plugin HackBar
- HAProxy
- installing, for load balancing / Installing HAProxy for load balancing
- host file
- Kioptrix3.com, adding to / Adding Kioptrix3.com to the host file
- HTTP proxy
- WebScarab, using as / Using WebScarab as an HTTP proxy
I
- Iceweasel browser
- idle scan
- reference link / Shifting blame – the zombies did it!
- IDS
- avoiding / Now you see me, now you don't – avoiding IDS
- bypassing / Now you see me, now you don't – avoiding IDS
- canonicalization / Canonicalization
- timing feature / Timing is everything
- Ifconfig command
- about / Important commands
- ihazomgsecurityskillz blog
- reference link / Understanding the basics of buffer overflows
- input and output
- recording / Record now – sort later
- installed software
- finding / Finding installed software and tools
- installed tools
- finding / Finding installed software and tools
- installing
- Mutillidae, on Ubuntu virtual machine / Installing and configuring Mutillidae on the Ubuntu virtual machine
- HAProxy, for load balancing / Installing HAProxy for load balancing
- intelligence gathering
- about / Intelligence gathering
- Internet Archive / Searching the Internet for clues
- Intrusion Detection System (IDS)
- about / Penetration testing framework
- Intrusion Prevention System (IPS)
- about / Penetration testing framework
- iptables
- about / Reader challenge
K
- Kali
- manual ifconfig / Kali – manual ifconfig
- TFTP server, starting / Starting a TFTP server on Kali
- turning off / Turning ASLR on and off in Kali
- Kali guest machine / Kali guest machine
- Kali Linux
- reference link / Installing Kali Linux
- KeepNote tool / Changing the default HTML template
- Kioptrix
- reference link / Installing Kioptrix, Practice makes perfect
- installing / Installing Kioptrix
- exploiting, with Metasploit / Using Metasploit to exploit Kioptrix
- about / Reader challenge, Taking on Level 3 – Kioptrix
- Kioptrix3.com
- adding, to host file / Adding Kioptrix3.com to the host file
- KioptrixVM Level 3 clone
- creating / Creating a KioptrixVM Level 3 clone
L
- lab clients
- configuring / Configuring and testing our lab clients
- testing / Configuring and testing our lab clients
- Kali / Kali – manual ifconfig
- Ubuntu / Ubuntu – manual ifconfig
- connectivity, verifying / Verifying connectivity
- IP settings after reboot, maintaining / Maintaining IP settings after reboot
- lab preparation
- steps / Lab preparation
- Kali guest machine / Kali guest machine
- Ubuntu guest machine / Ubuntu guest machine
- pfSense guest machine configuration / The pfSense guest machine configuration
- pfSense network setup / The pfSense network setup
- Firewall configuration / Firewall configuration
- last command
- about / Important commands
- less command
- about / Important commands
- LibreOffice
- installing / Installing LibreOffice
- Linux
- about / Linux
- Linux-based operating system
- directories / Important directories and files
- files / Important directories and files
- commands / Important commands
- Load Balance Detector
- load balancers
- detecting / Detecting load balancers
- load balancing
- HAProxy, installing for / Installing HAProxy for load balancing
- locate command
- about / Important commands
- logname command
- about / Important commands
- ls-oaF command
- about / Important commands
- Lullar.com / Searching the Internet for clues
M
- MagicTree
- about / Introduction to MagicTree
- starting / Starting MagicTree
- nodes, adding / Adding nodes
- data collection / Data collection
- report generation / Report generation
- manual exploitation
- about / Manual exploitation
- services, enumerating / Enumerating services
- full scanning, Nmap used / Full scanning with Nmap
- banner grabbing, Ncat used / Banner grabbing with Netcat and Ncat, Banner grabbing with Ncat
- banner grabbing, Netcat used / Banner grabbing with Netcat
- banner grabbing, smbclient used / Banner grabbing with smbclient
- Exploit-DB, searching / Searching Exploit-DB
- running / Running the exploit
- metadata collection
- about / Metadata collection
- metadata, extracting from photos using exiftool / Extracting metadata from photos using exiftool
- Metasploit
- about / Metasploit – learn it and love it
- and databases / Databases and Metasploit
- nmap scan, performing / Performing an nmap scan from within Metasploit
- used, for exploiting Kioptrix / Using Metasploit to exploit Kioptrix
- Metasploitable2
- reference link / AspenMLC Research Labs' virtual network
- methodology
- about / Methodology defined, Example methodologies
- reference link / Methodology defined
- penetration testing framework / Penetration testing framework
- Penetration Testing Execution Standard (PTES) / Penetration Testing Execution Standard
- pre-engagement interactions / Pre-engagement interactions
- intelligence gathering / Intelligence gathering
- threat modeling / Threat modeling
- vulnerability analysis / Vulnerability analysis
- exploitation / Exploitation
- post exploitation / Post-exploitation
- reporting / Reporting
- Microsoft Windows™ post-exploitation
- miscellaneous evasion techniques
- about / Miscellaneous evasion techniques
- divide and conquer / Divide and conquer
- hiding out (on controlled units) / Hiding out (on controlled units)
- File integrity monitoring (FIM) / File Integrity Monitoring (FIM)
- common network management tools, using / Using common network management tools to do the deed
- ModSecurity
- Mutillidae
- about / Installing and configuring Mutillidae on the Ubuntu virtual machine
- reference link / Installing and configuring Mutillidae on the Ubuntu virtual machine
- configuring, on Ubuntu virtual machine / Installing and configuring Mutillidae on the Ubuntu virtual machine
- installing, on Ubuntu virtual machine / Installing and configuring Mutillidae on the Ubuntu virtual machine
N
- Nano
- Ncat
- used, for banner grabbing / Banner grabbing with Netcat and Ncat, Banner grabbing with Ncat
- Neohapsis
- Netcat
- used, for banner grabbing / Banner grabbing with Netcat and Ncat, Banner grabbing with Netcat
- netstat command
- about / Important commands
- Network Address Translation (NAT) / VMnet8
- network analysis
- network baselines
- creating, with scanPBNJ / Creating network baselines with scanPBNJ
- metadata collection / Metadata collection
- network design
- about / Network design
- VMnet0 switch / VMnet0
- VMnet1 switch / VMnet1
- VMnet8 / VMnet8
- folders / Folders
- networking information
- gathering / Networking details
- Network Time Protocol (NTP) / Blending in
- Nmap
- exploring / Nmap – getting to know you
- scan types / Commonly seen Nmap scan types and options
- options / Commonly seen Nmap scan types and options
- basic scans / Basic scans – warming up
- techniques / Other Nmap techniques
- reference link / Shifting blame – the zombies did it!
- custom scripts, adding to arsenal / Adding custom Nmap scripts to your arsenal
- used, for full scanning / Full scanning with Nmap
- Nmap firewalk script
- reference link / Nmap firewalk script
- Nmap options
- -T(0-5) / Taking your time
- --max-hostgroup / Taking your time
- --max-retries / Taking your time
- -max-parallelism 10 / Taking your time
- --scan-delay / Taking your time
- nmap scan
- performing, from within Metasploit / Performing an nmap scan from within Metasploit
- auxiliary modules, using / Using auxiliary modules
- Nmap Scripting Engine (NSE)
- reference link / Adding custom Nmap scripts to your arsenal
- Nmap suite
- Zenmap / Nmap – getting to know you
- Netcat / Nmap – getting to know you
- Ncrack / Nmap – getting to know you
- Ndiff / Nmap – getting to know you
- Nping / Nmap – getting to know you
- Nmap techniques
- about / Other Nmap techniques
- remaining stealthy / Remaining stealthy
- scans timings, changing / Taking your time
- shifting blame / Shifting blame – the zombies did it!
- IDS rules / IDS rules and how to avoid them
- IDS rules, avoiding / IDS rules and how to avoid them
- decoys, using / Using decoys
- NSE documentation
- reference link / Deciding if a script is right for you
- nslookup
- about / nslookup – it's there when you need it
- default output / Default output
- nameservers, changing / Changing nameservers
- automation script, creating / Creating an automation script
O
- Oclhashcat
- reference link / Brute-forcing passwords
- about / Reader challenge
- Open-Source Intelligence (OSINT) / Introducing reconnaissance
- Open Source Intelligence (OSINT)
- about / Intelligence gathering
- passive form / Intelligence gathering
- semi-passive form / Intelligence gathering
- active form / Intelligence gathering
- Open Source Vulnerability Database (OSVDB)
- about / Vulnerability analysis
- OSVDB (Open Source Vulnerability Database)
- about / Using WebScarab as an HTTP proxy
- reference link / Using WebScarab as an HTTP proxy
- output types, Nmap
P
- passwords
- about / Passwords – something you know…
- hash, cracking / Cracking the hash
- brute forcing / Brute-forcing passwords
- PeekYou / Searching the Internet for clues
- penetration testing
- about / Introducing advanced penetration testing, Penetration testing, Practice makes perfect
- reference link / Metasploit – learn it and love it, Enumeration and exploitation
- challenge / The challenge
- walkthrough / The walkthrough
- scope, defining / Defining the scope
- goal, determining / Determining the "why"
- goal / So what is the "why" of this particular test?
- Rules of Engagement document, developing / Developing the Rules of Engagement document
- attack, initial plan / Initial plan of attack
- enumeration / Enumeration and exploitation
- exploitation / Enumeration and exploitation
- Penetration Testing Execution Standard (PTES)
- about / Penetration Testing Execution Standard
- reference link / Penetration Testing Execution Standard
- penetration testing framework
- about / Penetration testing framework
- people on web, finding
- about / Finding people (and their documents) on the web
- Google hacking database / Google hacking database
- Google filters / Google filters
- pfSense
- configuring / Configuring pfSense
- virtual lab, starting / Starting the virtual lab
- additional packages, installing / Installing additional packages in pfSense
- pfSense DHCP
- permanent reservations / pfSense DHCP – Permanent reservations
- pfSense DHCP server
- configuring / Configuring the pfSense DHCP server
- pfSense guest machine configuration
- about / The pfSense guest machine configuration
- network setup / The pfSense network setup
- WAN IP configuration / WAN IP configuration
- LAN IP configuration / LAN IP configuration
- PfSense SSH logs / PfSense SSH logs
- pfSense VM
- creating / Creating pfSense VM
- pillaging
- pivoting
- about / Pivoting
- Pluggable Authentication Module (PAM)
- about / Important directories and files
- port block, detecting
- Hping3, using / Hping3
- Nmap firewalk script / Nmap firewalk script
- port knocking / Port knocking
- post-exploitation
- Armitage, using for / Using Armitage for post-exploitation
- post exploitation
- about / Post-exploitation
- PowerShell-AD-Recon
- URL / Post-exploitation
- pre-engagement interactions
- about / Pre-engagement interactions
- Pre-site Inspection Checklist
- introduction / Penetration testing framework
- accreditation status / Penetration testing framework
- scope of test / Penetration testing framework
- private research
- about / Vulnerability analysis
- production test lab environment
- versus controlled test lab environment / Starting pure-ftpd
- pure-ftpd
- installing / Installing and configuring pure-ftpd
- configuring / Installing and configuring pure-ftpd
- download link / Installing and configuring pure-ftpd
- starting / Starting pure-ftpd
- pwd command
- about / Important commands
R
- reconnaissance
- about / Introducing reconnaissance
- workflow / Reconnaissance workflow
- Regional Internet Registries (RIR)
- about / Reporting
- report
- overview / The report
- executive summary / The report
- reporting / Reporting
- requisites, for testing
- about / Before testing begins
- scope, determining / Determining scope
- limitations, setting / Setting limits – nothing lasts forever
- rules of engagement document / Rules of Engagement documentation
- Rules of Engagement
S
- scan options, Nmap
- -g / Commonly seen Nmap scan types and options
- --spoof_mac / Commonly seen Nmap scan types and options
- -S / Commonly seen Nmap scan types and options
- -e / Commonly seen Nmap scan types and options
- -F / Commonly seen Nmap scan types and options
- -p / Commonly seen Nmap scan types and options
- -R / Commonly seen Nmap scan types and options
- -N / Commonly seen Nmap scan types and options
- -n / Commonly seen Nmap scan types and options
- -h / Commonly seen Nmap scan types and options
- -6 / Commonly seen Nmap scan types and options
- -A / Commonly seen Nmap scan types and options
- -T(0-5) / Commonly seen Nmap scan types and options
- --scan_delay / Commonly seen Nmap scan types and options
- -sV / Commonly seen Nmap scan types and options
- scanPBNJ
- ScanPBNJ
- network baselines / Network baselines with scanPBNJ
- MySQL, setting up / Setting up MySQL for PBNJ
- database, preparing / Preparing the PBNJ database
- first scan / First scan
- data, reviewing / Reviewing the data
- scan types
- trying / Trying different scan types
- SYN scan / SYN scan
- Null scan / Null scan
- ACK scan / ACK scan
- conclusion / Conclusion
- scan types, Nmap
- -sA / Commonly seen Nmap scan types and options
- -sP / Commonly seen Nmap scan types and options
- -sR / Commonly seen Nmap scan types and options
- -sS / Commonly seen Nmap scan types and options
- -sT / Commonly seen Nmap scan types and options
- -sU / Commonly seen Nmap scan types and options
- -sX / Commonly seen Nmap scan types and options
- -sL / Commonly seen Nmap scan types and options
- -sO / Commonly seen Nmap scan types and options
- -sM / Commonly seen Nmap scan types and options
- -sI / Commonly seen Nmap scan types and options
- -sW / Commonly seen Nmap scan types and options
- scenario / The scenario
- Search Diggity / Searching the Internet for clues
- search engines
- about / Using search engines to do your job for you
- using / Using search engines to do your job for you
- Shodan / Shodan
- people on web, finding / Finding people (and their documents) on the web
- Internet, searching for clues / Searching the Internet for clues
- services
- enumerating / Enumerating services
- quick scan, with unicornscan / Quick scans with unicornscan
- Session Initiation Protocol
- about / Penetration testing framework
- sfuzz
- about / sfuzz – Simple fuzzer
- Shodan
- about / Shodan
- URL / Shodan
- filters / Filters
- banners / Understanding banners
- specific assets, finding / Finding specific assets
- Simple Network Management Protocol (SNMP)
- about / SNMP – a goldmine of information just waiting to be discovered
- community string, onesixtyone / When the SNMP community string is NOT "public"
- Site Digger 3.0 / Searching the Internet for clues
- Smashing The Stack For Fun And Profit
- reference link / Understanding the basics of buffer overflows
- smbclient
- used, for banner grabbing / Banner grabbing with smbclient
- Social Engineering Toolkit (SET)
- about / Reporting, Social Engineering Toolkit
- reference link / Social Engineering Toolkit
- switches
- creating / Creating the switches
- system
- blending in / Blending in
T
- tarball / Installing and configuring pure-ftpd
- TCP sequence prediction / Shifting blame – the zombies did it!
- test results
- managing / Effectively managing your test results
- test scope, Pre-site Inspection Checklist
- compliance test / Penetration testing framework
- vulnerability assessment / Penetration testing framework
- penetration testing / Penetration testing framework
- text editor method
- about / Old school – the text editor method
- Nano / Nano
- VIM / VIM –the power user's text editor of choice
- Gnome text editor (Gedit) / Gedit – Gnome text editor
- TFTP server
- starting, on Kali / Starting a TFTP server on Kali
- The Harvester / Searching the Internet for clues
- threat modeling
- about / Threat modeling
- TinEye / Searching the Internet for clues
- traffic patterns
- viewing / Looking at traffic patterns
U
- Ubuntu
- manual ifconfig / Ubuntu – manual ifconfig
- Ubuntu-8.1
- reference link / AspenMLC Research Labs' virtual network
- Ubuntu guest machine / Ubuntu guest machine
- Ubuntu LTS
- reference link / Installing Ubuntu LTS
- installing / Installing Ubuntu LTS
- Ubuntu virtual machine
- Mutillidae, installing on / Installing and configuring Mutillidae on the Ubuntu virtual machine
- Mutillidae, configuring on / Installing and configuring Mutillidae on the Ubuntu virtual machine
- Udevd -version command
- about / Important commands
- uname-a command
- about / Important commands
- uncomplicated firewall (ufw)
- about / Maintaining IP settings after reboot
- reference link / Maintaining IP settings after reboot
- updatedb command
- about / Important commands
V
- Vega
- victim machines
- files, obtaining from / Getting files to and from victim machines
- VIM
- virtual lab setup
- about / The virtual lab setup
- AspenMLC Research Lab' virtual network / AspenMLC Research Labs' virtual network
- additional system modifications / Additional system modifications
- Ubuntu 8.10 server modifications / Ubuntu 8.10 server modifications
- VMware Workstation
- about / Introducing VMware Workstation
- need for / Why VMware Workstation?
- reference link / Installing VMware Workstation
- installing / Installing VMware Workstation
- default architecture / Understanding the default architecture
- summarizing / Putting it all together
- Voice Over IP (VOIP)
- about / Penetration testing framework
- VPN Hunter
- URL / Reporting
- vulnerability analysis
- about / Vulnerability analysis
- vulnerability analysis, categories
- active / Vulnerability analysis
- passive / Vulnerability analysis
- validation / Vulnerability analysis
- research / Vulnerability analysis
- vulnerability assessments
- about / Vulnerability assessments
- vulnerable program
- vulnserver
- about / Introducing vulnserver
- download link / Introducing vulnserver
W
- w3af
- about / Web Application Attack and Audit framework (w3af)
- reference link / Web Application Attack and Audit framework (w3af)
- w3af console
- used, for scanning / Scanning using the w3af console
- w3af GUI
- used, for saving configuration time / Using w3af GUI to save configuration time
- web application firewalls (WAF)
- detecting / Detecting web application firewalls (WAF)
- reference link / Detecting web application firewalls (WAF)
- WebScarab
- using, as HTTP proxy / Using WebScarab as an HTTP proxy
- White Pages / Searching the Internet for clues
- Windows machine
- files / Important directories and files
- directories / Important directories and files
- wiseGEEK
- URL / Methodology defined
- WordPress
- reference link / Ubuntu 8.10 server modifications
X
- X-servers / Nmap – getting to know you
Z
- zone transfers
- reference / Zone transfers using Dig