Defenses continue to improve and become more and more common, but this book will provide you with a number of proven techniques to defeat the latest defenses on networks. The methods and techniques contained will provide you with a powerful arsenal of best practices to increase your penetration testing success. Many of the chapters end with a challenge to the reader that is designed to enhance and perfect their penetration testing skills.
Chapter 1, Penetration Testing Essentials, discusses why an essential element of penetration testing is planning, and a key component of this is having a methodology that emulates and matches the threat that we are portraying.
Chapter 2, Preparing a Test Environment, deals with the test environment, compares a number of different platforms, and prepares the reader for the foundation of building an advanced range for testing.
Chapter 3, Assessment Planning, talks about the test environment and how to evaluate the different platforms for your environment. The process of documenting and recording your testing results is covered, as well as methods to automate the process.
Chapter 4, Intelligence Gathering, reviews some of the tools and focuses on how to use the information to ensure your penetration tests are efficient, focused, and effective.
Chapter 5, Network Service Attacks, discusses how to successfully penetrate a secured environment and how to analyze what you are facing. The enumeration data gathered will assist in determining target prioritization and how to choose which targets are ideal candidates for your initial attacks.
Chapter 6, Exploitation, reviews the basics of exploitation and then moves on to the more interesting techniques and methods that will let us understand the true security posture of the network environment we are testing. Additionally, you will see the challenges of writing exploits today in 64-bit architectures.
Chapter 7, Web Application Attacks, explores various methods of testing web applications using freely available tools such as your web browser, w3af, WebScarab, and others. Methods of bypassing web application firewalls and IDSs are discussed as well how to determine if your targets are being load balanced or filtered.
Chapter 8, Exploitation Concepts, investigates methods that assist us in testing the effectiveness of a corporation's security awareness training and client-side protection mechanisms. The research performed during the information gathering stages of your testing will finally be used to the fullest extent. Furthermore, we look at some of the techniques and tools used by security researchers and crafty attackers to bypass even those system controls that at first glance seem theoretically sound.
Chapter 9, Post-Exploitation, covers the methods of conducting post-exploitation once you have compromised a machine and established a foothold in the environment. The process of extracting credentials, gathering data, and scraping the environment once access is gained is covered in detail.
Chapter 10, Stealth Techniques, reviews the challenges of penetrating firewalled environments, and methods of evading detection and blocks from the different endpoint protection mechanisms that may encounter during your testing.
Chapter 11, Data Gathering and Reporting, introduces the usage of tools and techniques that can make documenting the testing progress less painful and report writing easier, which is an essential but often overlooked component of penetration testing.
Chapter 12, Penetration Testing Challenge, allows you to put some of the information that has been covered throughout the book to work and bring it into perspective. The chapter provides preparation specifications for the practice environment and presents a challenge to the reader to perform a penetration test of this fictional company.