Professional Pentesting
Professional Pentesting
Ethics & Hacking
Getting Permission to Hack
Code of Ethics Canons [(ISC)2]
Why Stay Ethical?
Ethical Standards
Computer Crime Laws
Getting Permission to Hack
Setting up Your Lab
Targets in a Pentest Lab
Virtual Network Pentest Labs
Protecting Penetration Test Data
Advanced Pentest Labs
Methodologies & Frameworks
Information System Security Assessment Framework
Open Source Security Testing Methodology Manual
Pentest Project Management
Quantitative, Qualitative, and Mixed Methods
Management of a Pentest
Project Team Members
Project Management
Solo Pentesting
Archiving Data
Cleaning up Your Lab
Planning for Your Next Pentest
Information Gathering
Passive Information Gathering
Active Information Gathering
Vulnerability Identification
Port Scanning
System Identification
Services Identification
Vulnerability Identification
Vulnerability Exploitation
Introduction
Automated Tools
Exploit Code
Local System Attacks
System Exploitation
Encrypted Tunnels
Shells and Reverse Shells
Adding a Host Firewall (Optional)
Other Encryption and Tunnel Methods
Privilege Escalation
Password Attacks
Network Packet Sniffing
Social Engineering
Manipulating Log Data
Hiding Files
Targeting Support Systes
Database Attacks
Network Shares
Targeting The Network
Wireless Network Protocols
Simple Network Management Protocol
Web Apps Attack Techniques
SQL Injection
Cross-Site Scripting
Web Application Vulnerabilities
Automated Tools
Reporting Results
What Should You Report?
Initial Report
Final Report
Hacking as a career
Career Paths
Certifications
Associations and Organizations
Putting It All Together
Powered by
GitBook
Database Attacks
Database Attacks
first step : Nmap scan, using the “-A” flag
take a look at the available exploits and modules available on Metasploit
First thing to check: weak passwords
We can use our own dictionaries to conduct a brute-force attack
results matching "
"
No results matching "
"