Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Preface
What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support
Downloading the example code Downloading the color images of this book Errata Piracy Questions
Goal-Based Penetration Testing
Conceptual overview of security testing Failure of classical vulnerability scanning, penetration testing, and Red Team Exercises The testing methodology Introduction to Kali Linux – history and purpose Installing and updating Kali Linux Using Kali Linux from a portable device Installing Kali into a virtual machine
VMware Workstation Player
VirtualBox Installing to a Docker appliance Installing Kali to the cloud – creating an AWS instance Organizing Kali Linux Configuring and customizing Kali Linux
Resetting the root password Adding a non-root user Speeding up Kali operations Sharing folders with the host operating system Using BASH scripts to customize Kali Building a verification lab Setting up a virtual network with Active Directory Installing defined targets Metasploitable3 Mutillidae Managing collaborative penetration testing using Faraday
Summary
Open Source Intelligence and Passive Reconnaissance
Basic principles of reconnaissance
OSINT Offensive OSINT Maltego CaseFile Google caches Scraping Gathering usernames and email addresses Obtaining user information Shodan and censys.io
Google Hacking Database
Using dork script to query Google DataDump sites Using scripts to automatically gather OSINT data Defensive OSINT
Dark Web Security breaches Threat Intelligence
Profiling users for password lists
Creating custom word lists for cracking passwords
Using CeWL to map a website Extracting words from Twitter using Twofi
Summary
Active Reconnaissance of External and Internal Networks
Stealth scanning strategies
Adjusting source IP stack and tool identification settings Modifying packet parameters Using proxies with anonymity networks
DNS reconnaissance and route mapping
The whois command
Employing comprehensive reconnaissance applications
The recon-ng framework
IPv4 IPv6
Using IPv6 - specific tools Mapping the route to the target
Identifying the external network infrastructure Mapping beyond the firewall IDS/IPS identification Enumerating hosts
Live host discovery
Port, operating system, and service discovery
Port scanning
Writing your own port scanner using netcat
Fingerprinting the operating system Determining active services
Large scale scanning
DHCP information Identification and enumeration of internal network hosts Native MS Windows commands ARP broadcasting Ping sweep Using scripts to combine Masscan and nmap scans Taking advantage of SNMP Windows account information via Server Message Block (SMB) sessions Locating network shares Reconnaissance of active directory domain servers Using comprehensive tools (SPARTA) An example to configure SPARTA
Summary
Vulnerability Assessment
Vulnerability nomenclature Local and online vulnerability databases Vulnerability scanning with nmap
Introduction to LUA scripting Customizing NSE scripts
Web application vulnerability scanners
Introduction to Nikto and Vega Customizing Nikto and Vega
Vulnerability scanners for mobile applications The OpenVAS network vulnerability scanner
Customizing OpenVAS
Specialized scanners Threat modelling Summary
Physical Security and Social Engineering
Methodology and attack methods
Computer-based Voice-based Physical attacks
Physical attacks at the console
Samdump2 and chntpw Sticky keys Attacking system memory with Inception
Creating a rogue physical device
Microcomputer-based attack agents
The Social Engineering Toolkit (SET)
Using a website attack vector - the credential harvester attack method Using a website attack vector - the tabnabbing attack method Using the PowerShell alphanumeric shellcode injection attack HTA attack
Hiding executables and obfuscating the attacker's URL Escalating an attack using DNS redirection
Spear phishing attack Setting up a phishing campaign with Phishing Frenzy
Launching a phishing attack Summary
Wireless Attacks
Configuring Kali for wireless attacks Wireless reconnaissance
Kismet
Bypassing a hidden service set identifier (SSID) Bypassing the MAC address authentication and open authentication Attacking WPA and WPA2
Brute force attacks Attacking wireless routers with Reaver
Denial-of-service (DoS) attacks against wireless communications Compromising enterprise implementations of WPA/WPA2 Working with Ghost Phisher Summary
Reconnaissance and Exploitation of Web-Based Applications
Methodology Hackers mindmap Conducting reconnaissance of websites
Detection of web application firewall and load balancers Fingerprinting a web application and CMS Mirroring a website from the command line
Client-side proxies
Burp Proxy Extending the functionality of web browsers Web crawling and directory brute force attacks Web-service-specific vulnerability scanners
Application-specific attacks
Brute-forcing access credentials OS command injection using commix Injection attacks against databases
Maintaining access with web shells Summary
Attacking Remote Access
Exploiting vulnerabilities in communication protocols
Compromising Remote Desktop Protocol (RDP) Compromising secure shell Compromising remote access protocols (VNC)
Attacking Secure Sockets Layer (SSL)
Weaknesses and vulnerabilities in the SSL protocol
Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) Compression Ratio Info-leak Made Easy (CRIME) Factoring Attack on RSA-EXPORT Keys (FREAK) Heartbleed Insecure TLS renegotiation Logjam attack Padding Oracle On Demanded Legacy Encryption (POODLE)
Introduction to Testssl Reconnaissance of SSL connections Using sslstrip to conduct a man-in-the-middle attack Denial-of-service attacks against SSL
Attacking an IPSec virtual private network
Scanning for VPN gateways Fingerprinting the VPN gateway Capturing pre-shared keys Performing offline PSK cracking Identifying default user accounts
Summary
Client-Side Exploitation
Backdooring executable files Attacking a system using hostile scripts
Conducting attacks using VBScript Attacking systems using Windows PowerShell
The Cross-Site Scripting framework The Browser Exploitation Framework (BeEF)
Configuring the BeEF
Understanding BeEF browser
Integrating BeEF and Metasploit attacks Using BeEF as a tunneling proxy
Summary
Bypassing Security Controls
Bypassing Network Access Control (NAC)
Pre-admission NAC
Adding new elements Identifying the rules
Exceptions Quarantine rules
Disabling endpoint security
Preventing remediation Adding exceptions
Post-admission NAC
Bypassing isolation Detecting HoneyPot
Bypassing antivirus using different frameworks
Using the Veil framework Using Shellter
Bypassing application-level controls
Tunneling past client-side firewalls using SSH
Inbound to outbound Bypassing URL filtering mechanisms Outbound to inbound
Defeating application whitelisting
Bypassing Windows-specific operating system controls
Enhanced Migration Experience Toolkit (EMET) User Account Control (UAC) Other Windows-specific operating system controls
Access and authorization Encryption System security Communications security Auditing and logging
Summary
Exploitation
The Metasploit framework
Libraries
REX Framework - core Framework - base
Interfaces Modules Database setup and configuration
Exploiting targets using MSF
Single targets using a simple reverse shell Single targets using a reverse shell with a PowerShell attack vector
Exploiting multiple targets using MSF resource files Exploiting multiple targets with Armitage Using public exploits
Locating and verifying publicly available exploits Compiling and using exploits
Compiling C files Adding the exploits that are written using Metasploit framework as a base
Developing a Windows exploit
Identifying a vulnerability using fuzzing Crafting a Windows-specific exploit
Summary
Action on the Objective
Activities on the compromised local system
Conducting a rapid reconnaissance of a compromised system Finding and taking sensitive data - pillaging the target
Creating additional accounts
Post-exploitation tools (MSF, the Veil-Pillage framework, scripts) Veil-Pillage
Horizontal escalation and lateral movement
Compromising domain trusts and shares PsExec, WMIC, and other tools
WMIC
Lateral movement using services Pivoting and port forwarding
Using Proxychains
Summary
Privilege Escalation
Overview of common escalation methodology Local system escalation
Escalating from administrator to system DLL injection PowerShell's Empire tool
Credential harvesting and escalation attacks
Password sniffers Responder SMB relay attacks
Escalating access rights in Active Directory Compromising Kerberos - the golden ticket attack Summary
Command and Control
Using persistent agents
Employing Netcat as a persistent agent Using schtasks to configure a persistent task Maintaining persistence with the Metasploit framework Using the persistence script Creating a standalone persistent agent with Metasploit Persistence using social media and Gmail
Exfiltration of data
Using existing system services (Telnet, RDP, and VNC) Exfiltration of data using DNS protocol Exfiltration of data using ICMP Using the Data Exfiltration Toolkit (DET) Exfiltration from PowerShell Hiding evidence of the attack
Summary
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion