BackTrack 4: Assuring Security by Penetration Testing

Network ports

Reverse Engineering Resources

Vulnerability Disclosure and Tracking

Appendix B. Key Resources

Summary

Network Ballista

Web application fingerprinter

Vulnerability scanner

Appendix A. Supplementary Tools

Summary

Post testing procedures

Presentation

Types of reports

Documentation and results verification

Chapter 12. Documentation and Reporting

Summary

End-to-end connection

Proxy

Protocol tunneling

Chapter 11. Maintaining Access

Summary

Network spoofing tools

Network sniffers

Attacking the password

Chapter 10. Privilege Escalation

Summary

Advanced exploitation toolkit

Vulnerability and exploit repositories

Vulnerability research

Chapter 9. Target Exploitation

Summary

Common User Passwords Profiler (CUPP)

Social Engineering Toolkit (SET)

Attack methods

Attack process

Modeling human psychology

Chapter 8. Social Engineering

Summary

Web application analysis

SNMP analysis

SMB analysis

Fuzzy analysis

Cisco analysis

Open Vulnerability Assessment System (OpenVAS)

Vulnerability taxonomy

Types of vulnerabilities

Chapter 7. Vulnerability Mapping

Summary

VPN enumeration

Service enumeration

Port scanning

Chapter 6. Enumerating Target

Summary

OS fingerprinting

Identifying the target machine

Introduction

Chapter 5. Target Discovery

Summary

Documenting the information

All-in-one intelligence gathering

Utilizing search engines

Route information

DNS information

Document gathering

Public resources

Chapter 4. Information Gathering

Summary

Project management and scheduling

Defining business objectives

Profiling test boundaries

Preparing the test plan

Gathering client requirements

Chapter 3. Target Scoping

Part II. Penetration Testers Armory

Summary

The ethics

BackTrack testing methodology

Security testing methodologies

Vulnerability assessment versus penetration testing

Types of penetration testing

Chapter 2. Penetration Testing Methodology

Summary

Customizing BackTrack

Installing additional weapons

Updating BackTrack

Configuring network connection

Using BackTrack

Getting BackTrack

BackTrack purpose

History

Chapter 1. Beginning with BackTrack

Part I. Lab Preparation and Testing Procedures

Customer support

Reader feedback

Conventions

Who this book is for

What you need for this book

What this book covers

Preface

Support files eBooks discount offers and more

www.PacktPub.com

About the Reviewers

About the Authors

Credits

版权信息

封面

封面

版权信息

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files eBooks discount offers and more

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Part I. Lab Preparation and Testing Procedures

Chapter 1. Beginning with BackTrack

History

BackTrack purpose

Getting BackTrack

Using BackTrack

Configuring network connection

Updating BackTrack

Installing additional weapons

Customizing BackTrack

Summary

Chapter 2. Penetration Testing Methodology

Types of penetration testing

Vulnerability assessment versus penetration testing

Security testing methodologies

BackTrack testing methodology

The ethics

Summary

Part II. Penetration Testers Armory

Chapter 3. Target Scoping

Gathering client requirements

Preparing the test plan

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

Chapter 4. Information Gathering

Public resources

Document gathering

DNS information

Route information

Utilizing search engines

All-in-one intelligence gathering

Documenting the information

Summary

Chapter 5. Target Discovery

Introduction

Identifying the target machine

OS fingerprinting

Summary

Chapter 6. Enumerating Target

Port scanning

Service enumeration

VPN enumeration

Summary

Chapter 7. Vulnerability Mapping

Types of vulnerabilities

Vulnerability taxonomy

Open Vulnerability Assessment System (OpenVAS)

Cisco analysis

Fuzzy analysis

SMB analysis

SNMP analysis

Web application analysis

Summary

Chapter 8. Social Engineering

Modeling human psychology

Attack process

Attack methods

Social Engineering Toolkit (SET)

Common User Passwords Profiler (CUPP)

Summary

Chapter 9. Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

Summary

Chapter 10. Privilege Escalation

Attacking the password

Network sniffers

Network spoofing tools

Summary

Chapter 11. Maintaining Access

Protocol tunneling

Proxy

End-to-end connection

Summary

Chapter 12. Documentation and Reporting

Documentation and results verification

Types of reports

Presentation

Post testing procedures

Summary

Appendix A. Supplementary Tools

Vulnerability scanner

Web application fingerprinter

Network Ballista

Summary

Appendix B. Key Resources

Vulnerability Disclosure and Tracking

Reverse Engineering Resources

Network ports