Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Penetration Testing
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learn Penetration Testing

Learn Penetration Testing

By : Rishalin Pillay
4.7 (3)
Buy this Book
close
close
Learn Penetration Testing

Learn Penetration Testing

4.7 (3)
By: Rishalin Pillay

Overview of this book

Sending information via the internet is not entirely private, as evidenced by the rise in hacking, malware attacks, and security threats. With the help of this book, you'll learn crucial penetration testing techniques to help you evaluate enterprise defenses. You'll start by understanding each stage of pentesting and deploying target virtual machines, including Linux and Windows. Next, the book will guide you through performing intermediate penetration testing in a controlled environment. With the help of practical use cases, you'll also be able to implement your learning in real-world scenarios. By studying everything from setting up your lab, information gathering and password attacks, through to social engineering and post exploitation, you'll be able to successfully overcome security threats. The book will even help you leverage the best tools, such as Kali Linux, Metasploit, Burp Suite, and other open source pentesting tools to perform these techniques. Toward the later chapters, you'll focus on best practices to quickly resolve security threats. By the end of this book, you'll be well versed with various penetration testing techniques so as to be able to tackle security threats effectively
Table of Contents (21 chapters)
close
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Section 1: The Basics
Section 1: The Basics
2
Introduction to Penetration Testing
Introduction to Penetration Testing
Technical requirements
What is penetration testing?
Stages of a penetration test
Getting started with your lab
Creating virtual machines in VMware, Hyper-V, and VirtualBox
Summary
Questions
3
Getting Started with Kali Linux
Getting Started with Kali Linux
Technical requirements
An introduction to Kali Linux
Installing and configuring Kali Linux
Basic commands in Kali Linux
Scripting in Kali Linux
The essential tools of Kali Linux
Summary
Questions
4
Section 2: Exploitation
Section 2: Exploitation
5
Performing Information Gathering
Performing Information Gathering
Technical requirements
Passive information gathering
Active information gathering
Vulnerability scanning
Capturing traffic
Summary
Questions
6
Mastering Social Engineering
Mastering Social Engineering
Technical requirements
What is social engineering?
Social engineering tools
Creating a social engineering campaign
Summary
Questions
7
Diving into the Metasploit Framework
Diving into the Metasploit Framework
Technical requirements
Introducing Metasploit
Finding modules
Adding modules
Metasploit options, shells, and payloads
Working with MSFvenom
Summary
Questions
8
Understanding Password Attacks
Understanding Password Attacks
Technical requirements
Introduction to password attacks
Working with wordlists
Offline password attacks
Online password attacks
Dumping passwords from memory
Summary
Questions
9
Working with Burp Suite
Working with Burp Suite
Technical requirements
Understanding Burp Suite
Preparing your environment
Exploring and configuring Burp Suite components
Summary
Questions
10
Attacking Web Applications
Attacking Web Applications
Technical requirements
Preparing your environment
Types of web application security testing
The components of a web application
Understanding the HTTP protocol
Common web application attacks
Attacking web applications
Summary
Questions
11
Getting Started with Wireless Attacks
Getting Started with Wireless Attacks
Technical requirements
Exploring wireless attacks
Compatible hardware
Wireless attack tools
Cracking WEP, WPA, and WPA2
Summary
Questions
12
Section 3: Post Exploitation
Section 3: Post Exploitation
13
Moving Laterally and Escalating Your Privileges
Moving Laterally and Escalating Your Privileges
Technical requirements
Discovering post-exploitation techniques
Preparing your environment
Performing post-exploitation attacks
Summary
Questions
14
Antivirus Evasion
Antivirus Evasion
Technical requirements
The evolution of antivirus technologies
Concepts of antivirus evasion
Getting started with antivirus evasion
Testing evasion techniques
Summary
Questions
15
Maintaining Control within the Environment
Maintaining Control within the Environment
Technical requirements
The importance of maintaining access
Techniques used to maintain access
Using tools for persistence
Summary
Questions
16
Section 4: Putting It All Together
Section 4: Putting It All Together
17
Reporting and Acting on Your Findings
Reporting and Acting on Your Findings
Technical requirements
The importance of a penetration testing report
What goes into a penetration test report?
Tools for report writing
Recommending remediation options
Summary
Questions
18
Where Do I Go from Here?
Where Do I Go from Here?
Technical requirements
Knowledge maintenance
Toolkit maintenance
Purposefully vulnerable resources
Summary
19
Assessments
Assessments
Chapter 1: Introduction to Penetration Testing
Chapter 2: Getting Started with Kali Linux
Chapter 3: Performing Information Gathering
Chapter 4: Mastering Social Engineering
Chapter 5: Diving into the Metasploit Framework
Chapter 6: Understanding Password Attacks
Chapter 7: Working with Burp Suite
Chapter 8: Attacking Web Applications
Chapter 9: Getting Started with Wireless Attacks
Chapter 10: Moving Laterally and Escalating your Privileges
Chapter 11: Antivirus Evasion
Chapter 12: Maintaining Control within the Environment
Chapter 13: Reporting and Acting on Your Findings
20
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

To get the most out of this book

In order to gain the most benefit from the practical aspects of this book, you will need to have a virtualization environment set up. This can be set up using VMware or VirtualBox. Hyper-V will work, but there is a restriction that does not allow you to link a wireless card directly to the virtual machine. This prevents you from performing wireless attacks if you have a compatible wireless card.

The penetration testing operating system of choice is Kali Linux. Having some basic Linux knowledge is not mandatory, but would be beneficial. Kali Linux contains hundreds of tools. We do not focus on all of them, but only on the tools that would get the job done. Occasionally, we will look at tools that are available on the internet, but the installation and setup steps are clearly defined within the book.

The target systems used in this book are predominantly freely available, such as Metasploitable and OWASP BWA. We will work with Windows Server and Windows 10 as a target operating system in some chapters; the evaluation editions of these operating systems will suffice. Having knowledge of how to set up Active Directory would be beneficial.

Finally, this book does not focus on a specific target operating system, instead focusing on teaching you how to use various techniques, methodologies, and tools to obtain the results you need. Your knowledge will increase over time as you continue to apply what you have learned and gain experience by practicing your skills with various other vulnerable machines found on the internet.

Download the color images

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We will leverage the pip command to install the required shodan files."

A block of code is set as follows:

#!/bin/bash 
cat shodan-iis.txt | while read line
do
nmap -sS -sV $line
done

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

#include<stdio.h>
#include<string.h>

unsigned char buf[] = 
"\xbd\xa1\xe2\xe6\x8b\xd9\xeb\xd9\x74\x24\xf4\x5f\x2b\xc9\x66"

Any command-line input or output is written as follows:

sudo apt-get update && sudo apt-get install python2.7

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "You will notice that the interval is 0.102400 [Seconds]."

Warnings or important notes appear like this.
Tips and tricks appear like this.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY