Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Free Learning

You're reading from Improving your Penetration Testing Skills Strengthen your defense against web attacks with Kali Linux and Metasploit

Product type Course

Published in Jul 2019

Publisher Packt

ISBN-13 9781838646073

Length 712 pages

Edition 1st Edition

Languages

Ruby

Tools

Kali Linux

Concepts

Penetration Testing

Authors (4):

Daniel Teixeira

Juned Ahmed Ansari

Abhinav Singh

Gilberto Najera-Gutierrez

View More author details

Table of Contents (24) Chapters

Title Page

Improving your Penetration Testing Skills

About Packt

Contributors

Preface

1. Introduction to Penetration Testing and Web Applications FREE CHAPTER

2. Setting Up Your Lab with Kali Linux

3. Reconnaissance and Profiling the Web Server

4. Authentication and Session Management Flaws

5. Detecting and Exploiting Injection-Based Flaws

6. Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities

7. Cross-Site Request Forgery, Identification, and Exploitation

8. Attacking Flaws in Cryptographic Implementations

9. Using Automated Scanners on Web Applications

10. Metasploit Quick Tips for Security Professionals

11. Information Gathering and Scanning

12. Server-Side Exploitation

13. Meterpreter

14. Post-Exploitation

15. Using MSFvenom

16. Client-Side Exploitation and Antivirus Bypass

17. Social-Engineer Toolkit

18. Working with Modules for Penetration Testing

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Meterpreter API and mixins

In the previous two chapters, we learned extensively about using Meterpreter as a potential. You might have realized the important role of Meterpreter to make our penetration task easier and faster. Now, from this recipe, we will move ahead and discuss some advanced concepts related to Meterpreter. We will dive deeper into the core of Metasploit to understand how Meterpreter scripts function and how we can build our own scripts.

From a penetration tester's point of view, it is essential to know how to implement our own scripting techniques so as to fulfill the needs of the scenario. There can be situations when you have to perform tasks where Meterpreter may not be enough to solve your task, so you can't sit back. This is where developing our own scripts and modules come in handy. So, let's start with the recipe. In this recipe, we will...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (4)

Gilberto Najera-Gutierrez

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

See other products by Gilberto Najera-Gutierrez

Abhinav Singh

Abhinav Singh is a well-known information security researcher. He is the author of Metasploit Penetration Testing Cookbook (first and second editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community—paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences—Black Hat and RSA. His areas of expertise include malware research, reverse engineering, and cloud security.

See other products by Abhinav Singh

Daniel Teixeira

Daniel Teixeira is an IT security expert, author, and trainer, specializing in red team engagements, penetration testing, and vulnerability assessments. His main areas of focus are adversary simulation, emulation of modern adversarial tactics, techniques and procedures; vulnerability research, and exploit development.

See other products by Daniel Teixeira

Juned Ahmed Ansari

Juned Ahmed Ansari is a cyber security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team in a prodigious MNC. Juned has worked as a consultant for large private sector enterprises, guiding them on their cyber security program. He has also worked with start-ups, helping them make their final product secure. Juned has conducted several training sessions on advanced penetration testing, which were focused on teaching students stealth and evasion techniques in highly secure environments. His primary focus areas are penetration testing, threat intelligence, and application security research.

See other products by Juned Ahmed Ansari