Publisher's Synopsis
For system administrators, network professionals, beginning pentesters, and security consultants.
The Art of Network Penetration Testing is a hands-on guide to running your own penetration test on an enterprise network. After setting up a virtual environment to use as your lab, you'll work step-by-step through every stage of a professional pentest, from information gathering to seizing control of a vulnerable system. You'll learn a repeatable process you can use to identify valuable targets within a typical enterprise environment, perform controlled exploitation of critical security weaknesses, elevate network level privileges, and pivot laterally through the network. Finally, you'll learn how to write up your findings in a clear and actionable report, to ensure a system can be protected against the weaknesses you've identified.
- Set up a virtual pentest lab using Ubuntu Linux
- Identify internal weaknesses on compromised systems
- Exploit network vulnerabilities to compromise Windows and Linux
- Establish persistent re-entry back into compromised targets
- Elevate your privileges to become a domain administrator
Penetration testing, also called pentesting, is about more than just getting through a perimeter firewall. The biggest security threats are inside the network, where attackers can rampage through sensitive data by exploiting weak access controls and poorly patched software. Designed for up-and-coming security professionals, The Art of Network Penetration Testing teaches you how to take over an enterprise network from the inside. It lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage.
Packed with valuable personal and financial data, business computer systems are attractive targets to cyber criminals. As a penetration tester, your job is to attack an organization's IT applications and infrastructure to find the vulnerabilities a real intruder would exploit. Master pentesters need the skill to identify internal security flaws that would allow a bad actor to compromise file systems, email, databases, and other core components of a modern connected enterprise.
