Chapter 5

Assumption (Man in the Middle)

IN THIS CHAPTER

Bullet Conducting web vulnerability scans with Burp Suite

Bullet Using Wireshark to get in the middle of network conversations

Bullet Collecting data via devious means: spoofing, eavesdropping, key logging, and more

In Chapter 4, I show you how to use a toolkit and get started as a pen tester specifically in penetration and exploitation. That’s a fundamental of pen testing and when you scan for weakness and vulnerabilities, how to view them as a risk to remediate.

Here I cover different attack types based on vector. Knowing the different attack types is essential so that you can be more familiar with the pathways and how to conduct these tests yourself. The goal of any hacker is to gain access to systems and servers. Your goal as a pen tester is to thwart all hackers — or at least deter them as much as possible — so they walk away with minimal or unusable information. The way to do that is to think like a hacker. If you wear the white hat (or grey) you can ethically hack and exploit systems — with permission of course!

It all starts with foothold into an environment and can expand all the way to a very in-depth series of attacks, such as an APT. ...

Get Penetration Testing For Dummies now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.