Books & Videos

Table of Contents

  1. Chapter 1 The Absolute Basics of Penetration Testing

    1. The Phases of the PTES

    2. Types of Penetration Tests

    3. Vulnerability Scanners

    4. Pulling It All Together

  2. Chapter 2 Metasploit Basics

    1. Terminology

    2. Metasploit Interfaces

    3. Metasploit Utilities

    4. Metasploit Express and Metasploit Pro

    5. Wrapping Up

  3. Chapter 3 Intelligence Gathering

    1. Passive Information Gathering

    2. Active Information Gathering

    3. Targeted Scanning

    4. Writing a Custom Scanner

    5. Looking Ahead

  4. Chapter 4 Vulnerability Scanning

    1. The Basic Vulnerability Scan

    2. Scanning with NeXpose

    3. Scanning with Nessus

    4. Specialty Vulnerability Scanners

    5. Using Scan Results for Autopwning

  5. Chapter 5 The Joy of Exploitation

    1. Basic Exploitation

    2. Exploiting Your First Machine

    3. Exploiting an Ubuntu Machine

    4. All-Ports Payloads: Brute Forcing Ports

    5. Resource Files

    6. Wrapping Up

  6. Chapter 6 Meterpreter

    1. Compromising a Windows XP Virtual Machine

    2. Dumping Usernames and Passwords

    3. Pass the Hash

    4. Privilege Escalation

    5. Token Impersonation

    6. Using ps

    7. Pivoting onto Other Systems

    8. Using Meterpreter Scripts

    9. Leveraging Post Exploitation Modules

    10. Upgrading Your Command Shell to Meterpreter

    11. Manipulating Windows APIs with the Railgun Add-On

    12. Wrapping Up

  7. Chapter 7 Avoiding Detection

    1. Creating Stand-Alone Binaries with MSFpayload

    2. Evading Antivirus Detection

    3. Custom Executable Templates

    4. Launching a Payload Stealthily

    5. Packers

    6. A Final Note on Antivirus Software Evasion

  8. Chapter 8 Exploitation Using Client-Side Attacks

    1. Browser-Based Exploits

    2. Using Immunity Debugger to Decipher NOP Shellcode

    3. Exploring the Internet Explorer Aurora Exploit

    4. File Format Exploits

    5. Sending the Payload

    6. Wrapping Up

  9. Chapter 9 Metasploit Auxiliary Modules

    1. Auxiliary Modules in Use

    2. Anatomy of an Auxiliary Module

    3. Going Forward

  10. Chapter 10 The Social-Engineer Toolkit

    1. Configuring the Social-Engineer Toolkit

    2. Spear-Phishing Attack Vector

    3. Web Attack Vectors

    4. Infectious Media Generator

    5. Teensy USB HID Attack Vector

    6. Additional SET Features

    7. Looking Ahead

  11. Chapter 11 Fast-Track

    1. Microsoft SQL Injection

    2. Binary-to-Hex Generator

    3. Mass Client-Side Attack

    4. A Few Words About Automation

  12. Chapter 12 Karmetasploit

    1. Configuration

    2. Launching the Attack

    3. Credential Harvesting

    4. Getting a Shell

    5. Wrapping Up

  13. Chapter 13 Building Your Own Module

    1. Getting Command Execution on Microsoft SQL

    2. Exploring an Existing Metasploit Module

    3. Creating a New Module

    4. The Power of Code Reuse

  14. Chapter 14 Creating Your Own Exploits

    1. The Art of Fuzzing

    2. Controlling the Structured Exception Handler

    3. Hopping Around SEH Restrictions

    4. Getting a Return Address

    5. Bad Characters and Remote Code Execution

    6. Wrapping Up

  15. Chapter 15 Porting Exploits to the Metasploit Framework

    1. Assembly Language Basics

    2. Porting a Buffer Overflow

    3. SEH Overwrite Exploit

    4. Wrapping Up

  16. Chapter 16 Meterpreter Scripting

    1. Meterpreter Scripting Basics

    2. Meterpreter API

    3. Rules for Writing Meterpreter Scripts

    4. Creating Your Own Meterpreter Script

    5. Wrapping Up

  17. Chapter 17 Simulated Penetration Test

    1. Pre-engagement Interactions

    2. Intelligence Gathering

    3. Threat Modeling

    4. Exploitation

    5. Customizing MSFconsole

    6. Post Exploitation

    7. Attacking Apache Tomcat

    8. Attacking Obscure Services

    9. Covering Your Tracks

    10. Wrapping Up

  1. Appendix Configuring Your Target Machines

    1. Installing and Setting Up the System

    2. Booting Up the Linux Virtual Machines

    3. Setting Up a Vulnerable Windows XP Installation

  2. Appendix Cheat Sheet

    1. MSFconsole Commands

    2. Meterpreter Commands

    3. MSFpayload Commands

    4. MSFencode Commands

    5. MSFcli Commands

    6. MSF, Ninja, Fu

    7. MSFvenom

    8. Meterpreter Post Exploitation Commands

  3. Colophon

  4. Appendix Updates