Penetration Testing: A Hands-On Introduction to Hacking

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.Learn how to:-Crack passwords and wireless network keys with brute-forcing and wordlists-Test web applications for vulnerabilities-Use the Metasploit Framework to launch exploits and write your own Metasploit modules-Automate social-engineering attacks-Bypass antivirus software-Turn access to one machine into total control of the enterprise in the post exploitation phaseYou'll even explore writing your own exploits. Then it's on to mobile hacking—Weidman's particular area of research—with her tool, the Smartphone Pentest Framework.With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

A practical overview of penetration testing, including key software tools,social engineering, vulnerability analysis, and exploitation.- Visible author; presents at prominent conferences like BlackHat- Covers popular security tools like Kali Linux and Metasploit- Computer security skills are in high demand and are highly compensated

Foreword by Peter Van EeckhoutteAcknowledgementsIntroductionPenetration Testing PrimerPart 1: The BasicsChapter 1: Setting Up Your Virtual LabChapter 2: Using Kali LinuxChapter 3: ProgrammingChapter 4: Using the Metasploit FrameworkPart 2: AssessmentsChapter 5: Information GatheringChapter 6: Finding VulnerabilitiesChapter 7: Capturing TrafficPart 3: AttacksChapter 8: ExploitationChapter 9: Password AttacksChapter 10: Client-Side ExploitationChapter 11: Social EngineeringChapter 12: Bypassing Antivirus ApplicationsChapter 13: Post ExploitationChapter 14: Web Application TestingChapter 15: Wireless AttacksPart 4: Exploit DevelopmentChapter 16: A Stack-Based Buffer Overflow in LinuxChapter 17: A Stack-Based Buffer Overflow in WindowsChapter 18: Structured Exception Handler OverwritesChapter 19: Fuzzing, Porting Exploits, and Metasploit ModulesPart 5: Mobile HackingChapter 20: Using the Smartphone Pentest FrameworkResourcesIndex