The Art of Network Penetration Testing is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network.

Summary

Penetration testing is about more than just getting through a perimeter firewall. The biggest security threats are inside the network, where attackers can rampage through sensitive data by exploiting weak access controls and poorly patched software. Designed for up-and-coming security professionals, The Art of Network Penetration Testing teaches you how to take over an enterprise network from the inside. It lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage.

About the technology

Penetration testers uncover security gaps by attacking networks exactly like malicious intruders do. To become a world-class pentester, you need to master offensive security concepts, leverage a proven methodology, and practice, practice, practice. Th is book delivers insights from security expert Royce Davis, along with a virtual testing environment you can use to hone your skills.

About the book

The Art of Network Penetration Testing is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network. As you brute force passwords, exploit unpatched services, and elevate network level privileges, you’ll learn where the weaknesses are—and how to take advantage of them.

What's inside

   Set up a virtual pentest lab

   Exploit Windows and Linux network vulnerabilities

   Establish persistent re-entry to compromised targets

   Detail your findings in an engagement report

About the reader

For tech professionals. No security experience required.

About the author

Royce Davis has orchestrated hundreds of penetration tests, helping to secure many of the largest companies in the world.

Table of Contents

1 Network Penetration Testing

PHASE 1 - INFORMATION GATHERING

2 Discovering network hosts

3 Discovering network services

4 Discovering network vulnerabilities

PHASE 2 - FOCUSED PENETRATION

5 Attacking vulnerable web services

6 Attacking vulnerable database services

7 Attacking unpatched services

PHASE 3 - POST-EXPLOITATION AND PRIVILEGE ESCALATION

8 Windows post-exploitation

9 Linux or UNIX post-exploitation

10 Controlling the entire network

PHASE 4 - DOCUMENTATION

11 Post-engagement cleanup

12 Writing a solid pentest deliverable

Review

"An excellent reference for all stages of the penetration process."

--Sven Stumpf, BASF

"A practical approach that covers everything a beginner needs to get

into the field."

--Imanol Valiente Martín, Full On Net

"Leads you through a practical and well-structured process. Highly

recommended!"

--Sithum Nissanka, Worldline

"The best Penetration Testing Fundamentals book written so far!"

--Víctor Durán, developer, HiQ Stockholm

"Excellent book! It teaches you how to defend yourself against

attacks, but also how to execute penetration tests yourself."

--Marcel van den Brink, TBAuctions

About the Author

Royce Davis is a principal red team engineer and accomplished information security consultant who has attacked and successfully penetrated hundreds of complex enterprise networks belonging to some of the largest companies in the world.

He is the co-founder of Pentestgeek[.]com where he has created numerous educational resources helping students learn about ethical hacking and penetration testing.