The Art of Network Penetration Testing

is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network.

Summary

Penetration testing is about more than just getting through a perimeter firewall. The biggest security threats are inside the network, where attackers can rampage through sensitive data by exploiting weak access controls and poorly patched software. Designed for up-and-coming security professionals,

The Art of Network Penetration Testing

teaches you how to take over an enterprise network from the inside. It lays out every stage of an internal security assessment step-by-step, showing you how to identify weaknesses before a malicious invader can do real damage.

About the technology

Penetration testers uncover security gaps by attacking networks exactly like malicious intruders do. To become a world-class pentester, you need to master offensive security concepts, leverage a proven methodology, and practice, practice, practice. Th is book delivers insights from security expert Royce Davis, along with a virtual testing environment you can use to hone your skills.

About the book

The Art of Network Penetration Testing

is a guide to simulating an internal security breach. You’ll take on the role of the attacker and work through every stage of a professional pentest, from information gathering to seizing control of a system and owning the network. As you brute force passwords, exploit unpatched services, and elevate network level privileges, you’ll learn where the weaknesses are—and how to take advantage of them.

What's inside

Set up a virtual pentest lab

Exploit Windows and Linux network vulnerabilities

Establish persistent re-entry to compromised targets

Detail your findings in an engagement report

About the reader

For tech professionals. No security experience required.

About the author

Royce Davis

has orchestrated hundreds of penetration tests, helping to secure many of the largest companies in the world.

Table of Contents

1 Network Penetration Testing

PHASE 1 - INFORMATION GATHERING

2 Discovering network hosts

3 Discovering network services

4 Discovering network vulnerabilities

PHASE 2 - FOCUSED PENETRATION

5 Attacking vulnerable web services

6 Attacking vulnerable database services

7 Attacking unpatched services

PHASE 3 - POST-EXPLOITATION AND PRIVILEGE ESCALATION

8 Windows post-exploitation

9 Linux or UNIX post-exploitation

10 Controlling the entire network

PHASE 4 - DOCUMENTATION

11 Post-engagement cleanup

12 Writing a solid pentest deliverable