Metasploit Penetration Testing Cookbook, Second Edition - Softcover

Know how hackers behave to stop them! This cookbook provides many recipes for penetration testing using Metasploit and virtual machines. From basics to advanced techniques, it's ideal for Metaspoilt veterans and newcomers alike.

• Special focus on the latest operating systems, exploits, and penetration testing techniques for wireless, VOIP, and cloud
• This book covers a detailed analysis of third party tools based on the Metasploit framework to enhance the penetration testing experience
• Detailed penetration testing techniques for different specializations like wireless networks, VOIP systems with a brief introduction to penetration testing in the cloud

In Detail

Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.

Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.

The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.

This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.

What you will learn from this book

• Set up a complete penetration testing environment using Metasploit and virtual machines
• Discover how to penetration test popular operating systems such as Windows 8
• Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
• Build and analyze meterpreter scripts in Ruby
• Learn penetration testing in VOIP, WLAN, and the cloud from start to finish including information gathering, vulnerability assessment, exploitation, and privilege escalation
• Make the most of the exclusive coverage of antivirus bypassing techniques using Metasploit
• Work with BBQSQL to analyze the stored results of the database

Approach

This book follows a Cookbook style with recipes explaining the steps for penetration testing with WLAN, VOIP, and even cloud computing. There is plenty of code and commands used to make your learning curve easy and quick.

Monika Agarwal is a young information security researcher from India. She has presented many research papers at both national and international conferences. She is a member of IAENG (International Association of Engineers). Her main areas of interest are ethical hacking and ad-hoc networking. Abhinav Singh is a young Information Security Specialist from India. He has a keen interest in the fi eld of Hacking and Network Security. He actively works as a freelancer with several security companies, and provides them consultancy. Currently, he is employed as a Systems Engineer at Tata Consultancy Services, India. He is an active contributor of the SecurityXploded community. He is well recognized for his blog (http://hackingalert. blogspot.com), where he shares his encounters with hacking and network security. Abhinav's works have been quoted in several technology magazines and portals.