Index

A

• abstract methodology
  • about / Abstract methodology
  • planning / Final thoughts
• action plan, test environment
  • about / Planning for action
  • Kali, configuring / Configuring Kali
  • Kali applications, updating / Updating the applications and operating system
  • operating system, updating / Updating the applications and operating system
• advanced features, Dig
  • about / Advanced features of Dig
  • output, shortening / Shortening the output
  • bind version, listing / Listing the bind version
  • reverse DNS lookup / Reverse DNS lookup using Dig
  • multiple commands / Multiple commands
  • path, tracing / Tracing the path
  • batching / Batching with dig
• Advanced Packaging Tool (APT) / Updating the applications and operating system
• advanced penetration testing
  • about / Introducing advanced penetration testing, Advanced penetration testing
• am0n0wall firewall installation
  • download link / Firewall lab setup
• Angry IP Scanner
  • about / Angry IP Scanner
  • reference link / Angry IP Scanner
• Apple Filing Protocol (AFP) / Nmap – getting to know you
• arch command
  • about / Important commands
• Armitage
  • using, for post-exploitation / Using Armitage for post-exploitation
• ASLR
  • turning on / Turning ASLR on and off in Kali

B

• 64-bit exploitation
  • about / 64-bit exploitation
• banner grabbing
  • with Netcat / Banner grabbing with Netcat and Ncat, Banner grabbing with Netcat
  • with Ncat / Banner grabbing with Netcat and Ncat, Banner grabbing with Ncat
  • with smbclient / Banner grabbing with smbclient
• banners, Shodan
  • about / Understanding banners
  • HTTP banners / HTTP banners
• Border Gateway Protocol (BGP)
  • about / Reporting
• Bruteforce Exploit Detector (BED)
  • about / Bruteforce Exploit Detector (BED)
• buffer overflows
  • about / Buffer overflows – a refresher
  • memory basics / Memory basics
  • basics / Understanding the basics of buffer overflows
• Buffer Overflow Tutorial
  • reference link / Understanding the basics of buffer overflows

C

• cat command
  • about / Important commands
• CentOS
  • reference link / AspenMLC Research Labs' virtual network
• CentralOps.net
  • URL / Penetration testing framework
• challenges / Reader challenge, Reader challenge, Reader challenge
  • Oclhashcat / Reader challenge
  • Kipotrix / Reader challenge
  • iptables / Reader challenge
• commands, Linux-based operating system
  • ls-oaF / Important commands
  • locate / Important commands
  • updatedb / Important commands
  • grep / Important commands
  • less / Important commands
  • cat / Important commands
  • df-H / Important commands
  • date / Important commands
  • free / Important commands
  • arch / Important commands
  • echo / Important commands
  • last / Important commands
  • logname / Important commands
  • pwd / Important commands
  • uname-a / Important commands
  • netstat / Important commands
  • Ifconfig / Important commands
  • Udevd -version / Important commands
  • Find / -type f -perm777 / Important commands
• Common Vulnerability Exposure (CVE)
  • about / Vulnerability analysis
• compromised hosts
  • cleaning up / Cleaning up compromised hosts
  • checklist, using / Using a checklist
  • cleaning up, situations / When to clean up
  • local log files / Local log files
• configuration time
  • saving, w3af GUI used / Using w3af GUI to save configuration time
• Corelan
  • reference link / Understanding the basics of buffer overflows
• custom scripts, Nmap
  • adding, to arsenal / Adding custom Nmap scripts to your arsenal
  • selecting / Deciding if a script is right for you
  • new script, adding to database / Adding a new script to the database
  • Zenmap / Zenmap – for those who want the GUI

D

• data gathering
  • about / Data gathering, network analysis, and pillaging
  • enumeration / Enumeration
  • exploitation / Exploitation
  • remote connection / We are connected, now what?
  • tools, available on remote system / Which tools are available on the remote system?
  • network information, finding / Finding network information
  • connections, determining / Determine connections
  • installed packages, checking / Checking installed packages
  • package repositories / Package repositories
  • programs and services, that run at startup / Programs and services that run at startup
  • searching for information / Searching for information
  • history files / History files and logs
  • history logs / History files and logs
  • configurations / Configurations, settings, and other files
  • settings / Configurations, settings, and other files
  • files / Configurations, settings, and other files
  • users / Users and credentials
  • credentials / Users and credentials
  • files, moving / Moving the files
• date command
  • about / Important commands
• Debian 5.0
  • reference link / AspenMLC Research Labs' virtual network
• default architecture, VMware Workstation
  • about / Understanding the default architecture
  • Kali Linux, installing / Installing Kali Linux
• denial-of-service (DoS) attack
  • about / What is permitted?
• df-H command
  • about / Important commands
• directories and files, Linux-based operating system
  • /etc/passwd / Important directories and files
  • /etc/ftpusers / Important directories and files
  • /etc/pam.d / Important directories and files
  • /etc/shadow / Important directories and files
  • /etc/hosts.allow / Important directories and files
  • /etc/hosts.deny / Important directories and files
  • /etc/securetty / Important directories and files
  • /etc/shutdown.allow / Important directories and files
  • /etc/security / Important directories and files
  • /etc/init.dor/etc/rc.d/init.d / Important directories and files
  • /etc/ssh / Important directories and files
  • /etc/sysctl.conf / Important directories and files
  • /etc/sysconfig / Important directories and files
  • /etc/dhcpc / Important directories and files
  • /var/log / Important directories and files
  • /var/log/messages / Important directories and files
  • /var/log/wtmp / Important directories and files
  • /var/log/lastlog / Important directories and files
• DNS brute forcing, with fierce
  • about / DNS brute-forcing with fierce
  • default command usage / Default command usage
  • custom word list, creating / Creating a custom word list
• DNS recon
  • about / DNS recon
  • nslookup / nslookup – it's there when you need it
  • Domain information groper (Dig) / Domain information groper
  • DNS brute forcing, with fierce / DNS brute-forcing with fierce
• domain and IP information
  • obtaining / Gathering and validating domain and IP information
  • validating / Gathering and validating domain and IP information
  • obtaining, with Whois / Gathering information with Whois
• domain and IP information, obtaining with Whois
  • about / Gathering information with Whois
  • registrar, specifying / Specifying which registrar to use
  • IP address, identifying / Where in the world is this IP?
  • defensive measures / Defensive measures
• Domain information groper (Dig)
  • about / Domain information groper
  • URL / Domain information groper
  • default output / Default output
  • zone transfers (AXFR) / Zone transfers using Dig
  • advanced features / Advanced features of Dig
• Domain Name System (DNS)
  • about / DNS recon
• Dradis
  • about / Dradis framework for collaboration
  • setups / Dradis framework for collaboration
  • bringing, to available interface / Binding to an available interface other than 127.0.0.1
• Dradis framework
  • about / Introduction to the Dradis framework
  • project template, exporting / Exporting a project template
  • project template, importing / Importing a project template
  • sample data, preparing for import / Preparing sample data for import
  • Nmap data, importing / Importing your Nmap data
  • data, exporting into HTML / Exporting data into HTML
  • Category field / Dradis Category field
  • default HTML template, changing / Changing the default HTML template

E

• EBP (base pointer)
  • about / Memory basics
• echo command
  • about / Important commands
• EIP (instruction pointer)
  • about / Memory basics
• Endian architectures
  • reference link / 64-bit exploitation
• enumeration
  • about / Enumeration
• enumeration avoidance techniques
  • about / Enumeration avoidance techniques
  • naming conventions / Naming conventions
  • port knocking / Port knocking
  • intrusion detection / Intrusion detection and avoidance systems
  • avoidance systems / Intrusion detection and avoidance systems
  • trigger points / Trigger points
  • SNMP lockdown / SNMP lockdown
• Errors and Omissions (E&O) insurance / Determining scope
• ESP (stack pointer)
  • about / Memory basics
• EXIF / Metadata collection
• exiftool / Extracting metadata from photos using exiftool
• Exploit-DB
  • URL / Google hacking database
  • reference link / Searching Exploit-DB
  • searching / Searching Exploit-DB
  • about / Exploit-DB at hand
  • code, compiling / Compiling the code
  • proof of concept code, compiling / Compiling proof-of-concept code
  • code, troubleshooting / Troubleshooting the code
  • code, ^M characters / What are all of these ^M characters and why won't they go away?
  • code, broken strings / Broken strings – the reunion
• exploitation
  • about / Exploitation, Exploitation – why bother?, Exploitation
  • benefits / Exploitation – why bother?

F

• Fast-Track
  • about / Fast-Track
• File integrity monitoring (FIM) / File Integrity Monitoring (FIM)
• files and directories, Windows machine / Important directories and files
• filters, Shodan
  • about / Filters
  • net / Filters
  • city / Filters
  • country / Filters
  • port / Filters
  • before / Filters
  • after / Filters
  • os / Filters
• Find / -type f -perm777 command
  • about / Important commands
• firewall
  • stealth scanning through / Stealth scanning through the firewall
  • ports, finding / Finding the ports
  • detecting, traceroute used / Traceroute to find out if there is a firewall
  • used, for detecting port block / Finding out if the firewall is blocking certain ports
• Firewall Lab
  • setup / Firewall lab setup
  • am0n0wall firewall installation / Firewall lab setup
  • additional packages, installing in pfSense / Installing additional packages in pfSense
• FOCA / Metadata collection
• footprinting / Introducing reconnaissance
• free command
  • about / Important commands
• fuzzing
  • about / Exploitation
• fuzzing tools, in Kali
  • about / Fuzzing tools included in Kali
  • Bruteforce Exploit Detector (BED) / Bruteforce Exploit Detector (BED)
  • sfuzz / sfuzz – Simple fuzzer

G

• Gallarific
  • about / Using WebScarab as an HTTP proxy
• Gnome text editor (Gedit)
  • about / Gedit – Gnome text editor
  • reference link / Gedit – Gnome text editor
• GNUCITIZEN
  • URL / Penetration testing framework
• GNU Debugger
  • reference link / "C"ing is believing – Create a vulnerable program
• Google Hacking Database (GHDB) / Google hacking database
• grep command
  • about / Important commands

H

• HackBar
  • about / Introduction to browser plugin HackBar
  • reference link / Introduction to browser plugin HackBar
  • using / Introduction to browser plugin HackBar
• HAProxy
  • installing, for load balancing / Installing HAProxy for load balancing
• host file
  • Kioptrix3.com, adding to / Adding Kioptrix3.com to the host file
• HTTP proxy
  • WebScarab, using as / Using WebScarab as an HTTP proxy

I

• Iceweasel browser
  • about / Introduction to browser plugin HackBar
• idle scan
  • reference link / Shifting blame – the zombies did it!
• IDS
  • avoiding / Now you see me, now you don't – avoiding IDS
  • bypassing / Now you see me, now you don't – avoiding IDS
  • canonicalization / Canonicalization
  • timing feature / Timing is everything
• Ifconfig command
  • about / Important commands
• ihazomgsecurityskillz blog
  • reference link / Understanding the basics of buffer overflows
• input and output
  • recording / Record now – sort later
• installed software
  • finding / Finding installed software and tools
• installed tools
  • finding / Finding installed software and tools
• installing
  • Mutillidae, on Ubuntu virtual machine / Installing and configuring Mutillidae on the Ubuntu virtual machine
  • HAProxy, for load balancing / Installing HAProxy for load balancing
• intelligence gathering
  • about / Intelligence gathering
• Internet Archive / Searching the Internet for clues
• Intrusion Detection System (IDS)
  • about / Penetration testing framework
• Intrusion Prevention System (IPS)
  • about / Penetration testing framework
• iptables
  • about / Reader challenge

K

• Kali
  • manual ifconfig / Kali – manual ifconfig
  • TFTP server, starting / Starting a TFTP server on Kali
  • turning off / Turning ASLR on and off in Kali
• Kali guest machine / Kali guest machine
• Kali Linux
  • reference link / Installing Kali Linux
• KeepNote tool / Changing the default HTML template
• Kioptrix
  • reference link / Installing Kioptrix, Practice makes perfect
  • installing / Installing Kioptrix
  • exploiting, with Metasploit / Using Metasploit to exploit Kioptrix
  • about / Reader challenge, Taking on Level 3 – Kioptrix
• Kioptrix3.com
  • adding, to host file / Adding Kioptrix3.com to the host file
• KioptrixVM Level 3 clone
  • creating / Creating a KioptrixVM Level 3 clone

L

• lab clients
  • configuring / Configuring and testing our lab clients
  • testing / Configuring and testing our lab clients
  • Kali / Kali – manual ifconfig
  • Ubuntu / Ubuntu – manual ifconfig
  • connectivity, verifying / Verifying connectivity
  • IP settings after reboot, maintaining / Maintaining IP settings after reboot
• lab preparation
  • steps / Lab preparation
  • Kali guest machine / Kali guest machine
  • Ubuntu guest machine / Ubuntu guest machine
  • pfSense guest machine configuration / The pfSense guest machine configuration
  • pfSense network setup / The pfSense network setup
  • Firewall configuration / Firewall configuration
• last command
  • about / Important commands
• less command
  • about / Important commands
• LibreOffice
  • installing / Installing LibreOffice
• Linux
  • about / Linux
• Linux-based operating system
  • directories / Important directories and files
  • files / Important directories and files
  • commands / Important commands
• Load Balance Detector
  • about / Quick reality check – Load Balance Detector
  • example / So, what are we looking for anyhow?
• load balancers
  • detecting / Detecting load balancers
• load balancing
  • HAProxy, installing for / Installing HAProxy for load balancing
• locate command
  • about / Important commands
• logname command
  • about / Important commands
• ls-oaF command
  • about / Important commands
• Lullar.com / Searching the Internet for clues

M

• MagicTree
  • about / Introduction to MagicTree
  • starting / Starting MagicTree
  • nodes, adding / Adding nodes
  • data collection / Data collection
  • report generation / Report generation
• manual exploitation
  • about / Manual exploitation
  • services, enumerating / Enumerating services
  • full scanning, Nmap used / Full scanning with Nmap
  • banner grabbing, Ncat used / Banner grabbing with Netcat and Ncat, Banner grabbing with Ncat
  • banner grabbing, Netcat used / Banner grabbing with Netcat
  • banner grabbing, smbclient used / Banner grabbing with smbclient
  • Exploit-DB, searching / Searching Exploit-DB
  • running / Running the exploit
• metadata collection
  • about / Metadata collection
  • metadata, extracting from photos using exiftool / Extracting metadata from photos using exiftool
• Metasploit
  • about / Metasploit – learn it and love it
  • and databases / Databases and Metasploit
  • nmap scan, performing / Performing an nmap scan from within Metasploit
  • used, for exploiting Kioptrix / Using Metasploit to exploit Kioptrix
• Metasploitable2
  • reference link / AspenMLC Research Labs' virtual network
• methodology
  • about / Methodology defined, Example methodologies
  • reference link / Methodology defined
  • penetration testing framework / Penetration testing framework
  • Penetration Testing Execution Standard (PTES) / Penetration Testing Execution Standard
  • pre-engagement interactions / Pre-engagement interactions
  • intelligence gathering / Intelligence gathering
  • threat modeling / Threat modeling
  • vulnerability analysis / Vulnerability analysis
  • exploitation / Exploitation
  • post exploitation / Post-exploitation
  • reporting / Reporting
• Microsoft Windows™ post-exploitation
  • about / Microsoft Windows™ post-exploitation
• miscellaneous evasion techniques
  • about / Miscellaneous evasion techniques
  • divide and conquer / Divide and conquer
  • hiding out (on controlled units) / Hiding out (on controlled units)
  • File integrity monitoring (FIM) / File Integrity Monitoring (FIM)
  • common network management tools, using / Using common network management tools to do the deed
• ModSecurity
  • about / Detecting web application firewalls (WAF)
• Mutillidae
  • about / Installing and configuring Mutillidae on the Ubuntu virtual machine
  • reference link / Installing and configuring Mutillidae on the Ubuntu virtual machine
  • configuring, on Ubuntu virtual machine / Installing and configuring Mutillidae on the Ubuntu virtual machine
  • installing, on Ubuntu virtual machine / Installing and configuring Mutillidae on the Ubuntu virtual machine

N

• Nano
  • about / Nano
  • reference link / Nano
• Ncat
  • used, for banner grabbing / Banner grabbing with Netcat and Ncat, Banner grabbing with Ncat
• Neohapsis
  • URL / Penetration testing framework
• Netcat
  • used, for banner grabbing / Banner grabbing with Netcat and Ncat, Banner grabbing with Netcat
• netstat command
  • about / Important commands
• Network Address Translation (NAT) / VMnet8
• network analysis
  • about / Data gathering, network analysis, and pillaging
• network baselines
  • creating, with scanPBNJ / Creating network baselines with scanPBNJ
  • metadata collection / Metadata collection
• network design
  • about / Network design
  • VMnet0 switch / VMnet0
  • VMnet1 switch / VMnet1
  • VMnet8 / VMnet8
  • folders / Folders
• networking information
  • gathering / Networking details
• Network Time Protocol (NTP) / Blending in
• Nmap
  • exploring / Nmap – getting to know you
  • scan types / Commonly seen Nmap scan types and options
  • options / Commonly seen Nmap scan types and options
  • basic scans / Basic scans – warming up
  • techniques / Other Nmap techniques
  • reference link / Shifting blame – the zombies did it!
  • custom scripts, adding to arsenal / Adding custom Nmap scripts to your arsenal
  • used, for full scanning / Full scanning with Nmap
• Nmap firewalk script
  • reference link / Nmap firewalk script
• Nmap options
  • -T(0-5) / Taking your time
  • --max-hostgroup / Taking your time
  • --max-retries / Taking your time
  • -max-parallelism 10 / Taking your time
  • --scan-delay / Taking your time
• nmap scan
  • performing, from within Metasploit / Performing an nmap scan from within Metasploit
  • auxiliary modules, using / Using auxiliary modules
• Nmap Scripting Engine (NSE)
  • reference link / Adding custom Nmap scripts to your arsenal
• Nmap suite
  • Zenmap / Nmap – getting to know you
  • Netcat / Nmap – getting to know you
  • Ncrack / Nmap – getting to know you
  • Ndiff / Nmap – getting to know you
  • Nping / Nmap – getting to know you
• Nmap techniques
  • about / Other Nmap techniques
  • remaining stealthy / Remaining stealthy
  • scans timings, changing / Taking your time
  • shifting blame / Shifting blame – the zombies did it!
  • IDS rules / IDS rules and how to avoid them
  • IDS rules, avoiding / IDS rules and how to avoid them
  • decoys, using / Using decoys
• NSE documentation
  • reference link / Deciding if a script is right for you
• nslookup
  • about / nslookup – it's there when you need it
  • default output / Default output
  • nameservers, changing / Changing nameservers
  • automation script, creating / Creating an automation script

O

• Oclhashcat
  • reference link / Brute-forcing passwords
  • about / Reader challenge
• Open-Source Intelligence (OSINT) / Introducing reconnaissance
• Open Source Intelligence (OSINT)
  • about / Intelligence gathering
  • passive form / Intelligence gathering
  • semi-passive form / Intelligence gathering
  • active form / Intelligence gathering
• Open Source Vulnerability Database (OSVDB)
  • about / Vulnerability analysis
• OSVDB (Open Source Vulnerability Database)
  • about / Using WebScarab as an HTTP proxy
  • reference link / Using WebScarab as an HTTP proxy
• output types, Nmap
  • -oA / Commonly seen Nmap scan types and options
  • -oG / Commonly seen Nmap scan types and options
  • -oX / Commonly seen Nmap scan types and options
  • -oN / Commonly seen Nmap scan types and options
  • --open / Commonly seen Nmap scan types and options

P

• passwords
  • about / Passwords – something you know…
  • hash, cracking / Cracking the hash
  • brute forcing / Brute-forcing passwords
• PeekYou / Searching the Internet for clues
• penetration testing
  • about / Introducing advanced penetration testing, Penetration testing, Practice makes perfect
  • reference link / Metasploit – learn it and love it, Enumeration and exploitation
  • challenge / The challenge
  • walkthrough / The walkthrough
  • scope, defining / Defining the scope
  • goal, determining / Determining the "why"
  • goal / So what is the "why" of this particular test?
  • Rules of Engagement document, developing / Developing the Rules of Engagement document
  • attack, initial plan / Initial plan of attack
  • enumeration / Enumeration and exploitation
  • exploitation / Enumeration and exploitation
• Penetration Testing Execution Standard (PTES)
  • about / Penetration Testing Execution Standard
  • reference link / Penetration Testing Execution Standard
• penetration testing framework
  • about / Penetration testing framework
• people on web, finding
  • about / Finding people (and their documents) on the web
  • Google hacking database / Google hacking database
  • Google filters / Google filters
• pfSense
  • configuring / Configuring pfSense
  • virtual lab, starting / Starting the virtual lab
  • additional packages, installing / Installing additional packages in pfSense
• pfSense DHCP
  • permanent reservations / pfSense DHCP – Permanent reservations
• pfSense DHCP server
  • configuring / Configuring the pfSense DHCP server
• pfSense guest machine configuration
  • about / The pfSense guest machine configuration
  • network setup / The pfSense network setup
  • WAN IP configuration / WAN IP configuration
  • LAN IP configuration / LAN IP configuration
• PfSense SSH logs / PfSense SSH logs
• pfSense VM
  • creating / Creating pfSense VM
• pillaging
  • about / Data gathering, network analysis, and pillaging
• pivoting
  • about / Pivoting
• Pluggable Authentication Module (PAM)
  • about / Important directories and files
• port block, detecting
  • Hping3, using / Hping3
  • Nmap firewalk script / Nmap firewalk script
• port knocking / Port knocking
• post-exploitation
  • Armitage, using for / Using Armitage for post-exploitation
• post exploitation
  • about / Post-exploitation
• PowerShell-AD-Recon
  • URL / Post-exploitation
• pre-engagement interactions
  • about / Pre-engagement interactions
• Pre-site Inspection Checklist
  • introduction / Penetration testing framework
  • accreditation status / Penetration testing framework
  • scope of test / Penetration testing framework
• private research
  • about / Vulnerability analysis
• production test lab environment
  • versus controlled test lab environment / Starting pure-ftpd
• pure-ftpd
  • installing / Installing and configuring pure-ftpd
  • configuring / Installing and configuring pure-ftpd
  • download link / Installing and configuring pure-ftpd
  • starting / Starting pure-ftpd
• pwd command
  • about / Important commands

R

• reconnaissance
  • about / Introducing reconnaissance
  • workflow / Reconnaissance workflow
• Regional Internet Registries (RIR)
  • about / Reporting
• report
  • overview / The report
  • executive summary / The report
• reporting
  • about / Reporting
  • executive summary / Reporting
  • technical report / Reporting
  • conclusion / Reporting
  / Reporting
• requisites, for testing
  • about / Before testing begins
  • scope, determining / Determining scope
  • limitations, setting / Setting limits – nothing lasts forever
  • rules of engagement document / Rules of Engagement documentation
• Rules of Engagement
  • about / Rules of Engagement, Are you allowed to add persistence?, Employee data and personal information

S

• scan options, Nmap
  • -g / Commonly seen Nmap scan types and options
  • --spoof_mac / Commonly seen Nmap scan types and options
  • -S / Commonly seen Nmap scan types and options
  • -e / Commonly seen Nmap scan types and options
  • -F / Commonly seen Nmap scan types and options
  • -p / Commonly seen Nmap scan types and options
  • -R / Commonly seen Nmap scan types and options
  • -N / Commonly seen Nmap scan types and options
  • -n / Commonly seen Nmap scan types and options
  • -h / Commonly seen Nmap scan types and options
  • -6 / Commonly seen Nmap scan types and options
  • -A / Commonly seen Nmap scan types and options
  • -T(0-5) / Commonly seen Nmap scan types and options
  • --scan_delay / Commonly seen Nmap scan types and options
  • -sV / Commonly seen Nmap scan types and options
• scanPBNJ
  • URL / Creating network baselines with scanPBNJ
• ScanPBNJ
  • network baselines / Network baselines with scanPBNJ
  • MySQL, setting up / Setting up MySQL for PBNJ
  • database, preparing / Preparing the PBNJ database
  • first scan / First scan
  • data, reviewing / Reviewing the data
• scan types
  • trying / Trying different scan types
  • SYN scan / SYN scan
  • Null scan / Null scan
  • ACK scan / ACK scan
  • conclusion / Conclusion
• scan types, Nmap
  • -sA / Commonly seen Nmap scan types and options
  • -sP / Commonly seen Nmap scan types and options
  • -sR / Commonly seen Nmap scan types and options
  • -sS / Commonly seen Nmap scan types and options
  • -sT / Commonly seen Nmap scan types and options
  • -sU / Commonly seen Nmap scan types and options
  • -sX / Commonly seen Nmap scan types and options
  • -sL / Commonly seen Nmap scan types and options
  • -sO / Commonly seen Nmap scan types and options
  • -sM / Commonly seen Nmap scan types and options
  • -sI / Commonly seen Nmap scan types and options
  • -sW / Commonly seen Nmap scan types and options
• scenario / The scenario
• Search Diggity / Searching the Internet for clues
• search engines
  • about / Using search engines to do your job for you
  • using / Using search engines to do your job for you
  • Shodan / Shodan
  • people on web, finding / Finding people (and their documents) on the web
  • Internet, searching for clues / Searching the Internet for clues
• services
  • enumerating / Enumerating services
  • quick scan, with unicornscan / Quick scans with unicornscan
• Session Initiation Protocol
  • about / Penetration testing framework
• sfuzz
  • about / sfuzz – Simple fuzzer
• Shodan
  • about / Shodan
  • URL / Shodan
  • filters / Filters
  • banners / Understanding banners
  • specific assets, finding / Finding specific assets
• Simple Network Management Protocol (SNMP)
  • about / SNMP – a goldmine of information just waiting to be discovered
  • community string, onesixtyone / When the SNMP community string is NOT "public"
• Site Digger 3.0 / Searching the Internet for clues
• Smashing The Stack For Fun And Profit
  • reference link / Understanding the basics of buffer overflows
• smbclient
  • used, for banner grabbing / Banner grabbing with smbclient
• Social Engineering Toolkit (SET)
  • about / Reporting, Social Engineering Toolkit
  • reference link / Social Engineering Toolkit
• switches
  • creating / Creating the switches
• system
  • blending in / Blending in

T

• tarball / Installing and configuring pure-ftpd
• TCP sequence prediction / Shifting blame – the zombies did it!
• test results
  • managing / Effectively managing your test results
• test scope, Pre-site Inspection Checklist
  • compliance test / Penetration testing framework
  • vulnerability assessment / Penetration testing framework
  • penetration testing / Penetration testing framework
• text editor method
  • about / Old school – the text editor method
  • Nano / Nano
  • VIM / VIM –the power user's text editor of choice
  • Gnome text editor (Gedit) / Gedit – Gnome text editor
• TFTP server
  • starting, on Kali / Starting a TFTP server on Kali
• The Harvester / Searching the Internet for clues
• threat modeling
  • about / Threat modeling
• TinEye / Searching the Internet for clues
• traffic patterns
  • viewing / Looking at traffic patterns

U

• Ubuntu
  • manual ifconfig / Ubuntu – manual ifconfig
• Ubuntu-8.1
  • reference link / AspenMLC Research Labs' virtual network
• Ubuntu guest machine / Ubuntu guest machine
• Ubuntu LTS
  • reference link / Installing Ubuntu LTS
  • installing / Installing Ubuntu LTS
• Ubuntu virtual machine
  • Mutillidae, installing on / Installing and configuring Mutillidae on the Ubuntu virtual machine
  • Mutillidae, configuring on / Installing and configuring Mutillidae on the Ubuntu virtual machine
• Udevd -version command
  • about / Important commands
• uname-a command
  • about / Important commands
• uncomplicated firewall (ufw)
  • about / Maintaining IP settings after reboot
  • reference link / Maintaining IP settings after reboot
• updatedb command
  • about / Important commands

V

• Vega
  • about / Using a second tool for comparisons
• victim machines
  • files, obtaining from / Getting files to and from victim machines
• VIM
  • about / Old school – the text editor method, VIM –the power user's text editor of choice
  • using / VIM –the power user's text editor of choice
  • features / VIM –the power user's text editor of choice
• virtual lab setup
  • about / The virtual lab setup
  • AspenMLC Research Lab' virtual network / AspenMLC Research Labs' virtual network
  • additional system modifications / Additional system modifications
  • Ubuntu 8.10 server modifications / Ubuntu 8.10 server modifications
• VMware Workstation
  • about / Introducing VMware Workstation
  • need for / Why VMware Workstation?
  • reference link / Installing VMware Workstation
  • installing / Installing VMware Workstation
  • default architecture / Understanding the default architecture
  • summarizing / Putting it all together
• Voice Over IP (VOIP)
  • about / Penetration testing framework
• VPN Hunter
  • URL / Reporting
• vulnerability analysis
  • about / Vulnerability analysis
• vulnerability analysis, categories
  • active / Vulnerability analysis
  • passive / Vulnerability analysis
  • validation / Vulnerability analysis
  • research / Vulnerability analysis
• vulnerability assessments
  • about / Vulnerability assessments
• vulnerable program
  • creating / "C"ing is believing – Create a vulnerable program
• vulnserver
  • about / Introducing vulnserver
  • download link / Introducing vulnserver

W

• w3af
  • about / Web Application Attack and Audit framework (w3af)
  • reference link / Web Application Attack and Audit framework (w3af)
• w3af console
  • used, for scanning / Scanning using the w3af console
• w3af GUI
  • used, for saving configuration time / Using w3af GUI to save configuration time
• web application firewalls (WAF)
  • detecting / Detecting web application firewalls (WAF)
  • reference link / Detecting web application firewalls (WAF)
• WebScarab
  • using, as HTTP proxy / Using WebScarab as an HTTP proxy
• White Pages / Searching the Internet for clues
• Windows machine
  • files / Important directories and files
  • directories / Important directories and files
• wiseGEEK
  • URL / Methodology defined
• WordPress
  • reference link / Ubuntu 8.10 server modifications

X

• X-servers / Nmap – getting to know you

Z

• zone transfers
  • reference / Zone transfers using Dig