Publication Date: 9 Aug. 2021 - 387 pages
This book is a comprehensive guide to performing network penetration testing (a.k.a., ethical hacking) according to international standards such as, the Penetration Testing Execution Standard (PTES). The book is highly technical with practical demonstration and tutorials on using different open-source tools.The first module gives an introduction to penetration testing and explains the different standards available in the industry. Then, there is a small module on pre-engagement preparation - a necessary step in any ethical hacking engagement where you interact with your client and agree upon a scope.
Module three talks about intelligence gathering - a.k.a., reconnaissance and footprinting. We explain different important search engines: Google, Shodan, Pipl, Robtex, Builtwith, and Netcraft. Additionally, there is a great tutorial on Maltego, a multi-purpose intelligence gathering tool.
Module four explains techniques for network traffic manipulation. Those techniques are Sniffing, ARP Poisoning, SSL Stripping, and bind/reverse shell using Netcat. This module is followed by a module on Network and System Scanning containing a detailed tutorial on Nmap.
Module six talks about vulnerability analysis. There is a great explanation of the types and categories of vulnerabilities, in addition to a great tutorial on Nessus vulnerability scanner. The next two modules talk about Exploitation and Post-Exploitation tactics using Metasploit, the most popular exploitation framework, and Meterpreter, which is the most sophisticated payload.
The last two modules in the book are dedicated to Password Attacks and Wireless Attacks.