Book Image

Penetration Testing Bootcamp

By : Jason Beltrame
Book Image

Penetration Testing Bootcamp

By: Jason Beltrame

Overview of this book

Penetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing. This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test. In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing.
Table of Contents (17 chapters)
Title Page
About the Author
About the Reviewer
Customer Feedback

Social engineering experiments

Employees or users are often considered the weakest link in security, and are typically the greatest threat to any organization in today's world. They are not likely to be well versed in security best practices, and often won't care about them. They are often more concerned about getting the job done as quickly and easily as possible. Therefore, this can be easily exploited.

As part of our penetration test, I will show you some examples of social engineering attacks designed around passwords. Hashing a password or guessing a password can be tough, and can take a long time, but it can usually be done. But, if I can just get the user to give me the password, it will save me a lot of work in the long run. This is the main reason why social engineering attacks are important, and why I will talk about three different kinds of attack now.


Social engineering attacks merit a book all on their own. I will cover three examples that I have seen work really well in the...