PacktLib: BackTrack 4: Assuring Security by Penetration Testing

BackTrack 4: Assuring Security by Penetration Testing

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Preface

Beginning with BackTrack

History

BackTrack purpose

Getting BackTrack

Using BackTrack

Configuring network connection

Updating BackTrack

Installing additional weapons

Customizing BackTrack

Summary

Penetration Testing Methodology

Types of penetration testing

Vulnerability assessment versus penetration testing

Security testing methodologies

BackTrack testing methodology

The ethics

Summary

Target Scoping

Gathering client requirements

Preparing the test plan

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

Information Gathering

Public resources

Document gathering

DNS information

Route information

Utilizing search engines

All-in-one intelligence gathering

Documenting the information

Summary

Target Discovery

Introduction

Identifying the target machine

OS fingerprinting

Summary

Enumerating Target

Port scanning

Service enumeration

VPN enumeration

Summary

Vulnerability Mapping

Types of vulnerabilities

Vulnerability taxonomy

Open Vulnerability Assessment System (OpenVAS)

Cisco analysis

Fuzzy analysis

SMB analysis

SNMP analysis

Web application analysis

Summary

Social Engineering

Modeling human psychology

Attack process

Attack methods

Social Engineering Toolkit (SET)

Common User Passwords Profiler (CUPP)

Summary

Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

Summary

Privilege Escalation

Attacking the password

Network sniffers

Network spoofing tools

Summary

Maintaining Access

Protocol tunneling

Proxy

End-to-end connection

Summary

Documentation and Reporting

Documentation and results verification

Types of reports

Presentation

Post testing procedures

Summary

Supplementary Tools

Supplementary Tools

Supplementary Tools

Supplementary Tools

Supplementary Tools

Key Resources

Key Resources

Key Resources

Key Resources