Book Image

Learn Penetration Testing

By : Rishalin Pillay

Book Image

Learn Penetration Testing

By: Rishalin Pillay

Overview of this book

Sending information via the internet is not entirely private, as evidenced by the rise in hacking, malware attacks, and security threats. With the help of this book, you'll learn crucial penetration testing techniques to help you evaluate enterprise defenses. You'll start by understanding each stage of pentesting and deploying target virtual machines, including Linux and Windows. Next, the book will guide you through performing intermediate penetration testing in a controlled environment. With the help of practical use cases, you'll also be able to implement your learning in real-world scenarios. By studying everything from setting up your lab, information gathering and password attacks, through to social engineering and post exploitation, you'll be able to successfully overcome security threats. The book will even help you leverage the best tools, such as Kali Linux, Metasploit, Burp Suite, and other open source pentesting tools to perform these techniques. Toward the later chapters, you'll focus on best practices to quickly resolve security threats. By the end of this book, you'll be well versed with various penetration testing techniques so as to be able to tackle security threats effectively

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Section 1: The Basics

Section 1: The Basics

Introduction to Penetration Testing

Introduction to Penetration Testing

Technical requirements

What is penetration testing?

Stages of a penetration test

Getting started with your lab

Creating virtual machines in VMware, Hyper-V, and VirtualBox

Getting Started with Kali Linux

Getting Started with Kali Linux

Technical requirements

An introduction to Kali Linux

Installing and configuring Kali Linux

Basic commands in Kali Linux

Scripting in Kali Linux

The essential tools of Kali Linux

Section 2: Exploitation

Section 2: Exploitation

Performing Information Gathering

Performing Information Gathering

Technical requirements

Passive information gathering

Active information gathering

Vulnerability scanning

Capturing traffic

Mastering Social Engineering

Mastering Social Engineering

Technical requirements

What is social engineering?

Social engineering tools

Creating a social engineering campaign

Diving into the Metasploit Framework

Diving into the Metasploit Framework

Technical requirements

Introducing Metasploit

Finding modules

Metasploit options, shells, and payloads

Working with MSFvenom

Understanding Password Attacks

Understanding Password Attacks

Technical requirements

Introduction to password attacks

Working with wordlists

Offline password attacks

Online password attacks

Dumping passwords from memory

Working with Burp Suite

Working with Burp Suite

Technical requirements

Understanding Burp Suite

Preparing your environment

Exploring and configuring Burp Suite components

Attacking Web Applications

Attacking Web Applications

Technical requirements

Preparing your environment

Types of web application security testing

The components of a web application

Understanding the HTTP protocol

Common web application attacks

Attacking web applications

Getting Started with Wireless Attacks

Getting Started with Wireless Attacks

Technical requirements

Exploring wireless attacks

Compatible hardware

Wireless attack tools

Cracking WEP, WPA, and WPA2

Section 3: Post Exploitation

Section 3: Post Exploitation

Moving Laterally and Escalating Your Privileges

Moving Laterally and Escalating Your Privileges

Technical requirements

Discovering post-exploitation techniques

Preparing your environment

Performing post-exploitation attacks

Antivirus Evasion

Antivirus Evasion

Technical requirements

The evolution of antivirus technologies

Concepts of antivirus evasion

Getting started with antivirus evasion

Testing evasion techniques

Maintaining Control within the Environment

Maintaining Control within the Environment

Technical requirements

The importance of maintaining access

Techniques used to maintain access

Using tools for persistence

Section 4: Putting It All Together

Section 4: Putting It All Together

Reporting and Acting on Your Findings

Reporting and Acting on Your Findings

Technical requirements

The importance of a penetration testing report

What goes into a penetration test report?

Tools for report writing

Recommending remediation options

Where Do I Go from Here?

Where Do I Go from Here?

Technical requirements

Knowledge maintenance

Toolkit maintenance

Purposefully vulnerable resources

Assessments

Chapter 1: Introduction to Penetration Testing

Chapter 2: Getting Started with Kali Linux

Chapter 3: Performing Information Gathering

Chapter 4: Mastering Social Engineering

Chapter 5: Diving into the Metasploit Framework

Chapter 6: Understanding Password Attacks

Chapter 7: Working with Burp Suite

Chapter 8: Attacking Web Applications

Chapter 9: Getting Started with Wireless Attacks

Chapter 10: Moving Laterally and Escalating your Privileges

Chapter 11: Antivirus Evasion

Chapter 12: Maintaining Control within the Environment

Chapter 13: Reporting and Acting on Your Findings

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 3: Performing Information Gathering

Passive information gathering involves using publicly accessible data, while active information gathering involves interacting with the target system.
Shodan and Maltego.

Nmap allows you to conduct vulnerability scans that leverage the Nmap scripting engine.
OpenVAS and Nessus.
Performing packet capturing allows you to view the raw packets as it traverses a network. Some packets can expose data, such as clear text passwords and other interesting information.