Mastering Metasploit, 3rd Edition
- Pre-engagement interactions: This phase defines all the pre-engagement activities and scope definitions, basically, everything you need to discuss with the client before the testing starts.
- Intelligence gathering: This phase is all about collecting information about the target under test, by connecting to the target directly and passively, and without connecting to the target at all.
- Threat modeling: This phase involves matching the information detected to the assets to find the areas with the highest threat level.
- Vulnerability analysis: This involves finding and identifying known and unknown vulnerabilities and validating them.
- Exploitation: This phase works on taking advantage of the vulnerabilities found in the previous stage and typically means that we are trying to gain access to the target.
- Post-exploitation: The actual actions to perform on the target, such as downloading a file, shutting a system down, creating a new user account on the target, are parts of this phase. In general, this phase describes what you need to do after exploitation.
- Reporting: This phase includes summing up the results of the test in a file and the possible suggestions and recommendations to fix the current weaknesses in the target.
These seven stages may look easy when there is a single target under test. However, the situation completely changes when a vast network that contains hundreds of systems is to be tested. Therefore, in a case like this, manual work is to be replaced with an automated approach. Consider a scenario where the number of systems under test is precisely 100, and they are running the same operating system and services. Testing every system manually will consume much time and energy. Situations such as these demand the use of a penetration testing framework. Using a penetration testing framework will not only save time but will also offer much more flexibility regarding changing the attack vectors and covering a much wider range of targets under test. A penetration testing framework will eliminate additional time consumption and also help to automate most of the attack vectors, scanning processes, identifying vulnerabilities, and most importantly, exploiting the vulnerabilities, thus saving time and pacing a penetration test, and this is where Metasploit kicks in.
Metasploit is considered one of the best and is the most widely used penetration testing framework. With a lot of reputation in the IT security community, Metasploit is not only an excellent penetration test framework, but also delivers innovative features that make the life of a penetration tester easy.
Mastering Metasploit, Third Edition aims to provide readers with insights into the legendary Metasploit framework. This book focuses explicitly on mastering Metasploit with respect to exploitation, writing custom exploits, porting exploits, testing services, and conducting sophisticated client-side testing. Moreover, this book helps to convert your customized attack vectors into Metasploit modules, covering Ruby and attack scripting, such as Cortana. This book will not only cater to your penetration testing knowledge but will also help you build programming skills as well.
|July 24, 2019
How to Read and Open File Type for PC ?