Chapter 1, Planning and Preparation, gets you started with the penetration testing process by using real world examples of what is required to prepare. This allows you to build the foundation of the penetration test by discussing what the goals are as well as getting buy-in from management.
Chapter 2, Information Gathering, shows the reader how to start gathering information about the environment as well as the type of information to obtain. Reconnaissance is a very important step and can make or break the penetration test.
Chapter 3, Setting up and maintaining the Command and Control Server, works with getting set up with connectivity to a C&C server that can help you with intelligence gathering and offsite processing.
Chapter 4, Vulnerability Scanning and Metasploit, focuses on scanning the environment for vulnerabilities and then using this information to try and exploit the targets that are found.
Chapter 5, Traffic Sniffing and Spoofing, gets you started on how to sniff the network and then utilize this information to run various attacks like Man-in-the-Middle attacks and spoofing attacks to gain even more insight and intelligence of what is happening on the network.
Chapter 6, Password-based Attacks, shows you the process of running various password-based attacks, obtaining credentials, and utilizing this information for future penetration testing attacks.
Chapter 7, Attacks on the Network Infrastructure, looks at the infrastructure as part of the penetration test. We will explore tools to find various holes within the infrastructure before the bad guys do.
Chapter 8, Web Application Attacks, explores how to probe and exploit web applications as part of our penetration test.
Chapter 9, Cleaning Up and Getting Out, focuses on the importance of cleaning up your tracks left behind after the penetration test is complete.
Chapter 10, Writing Up the Penetration Testing Report, the final culmination of the book, shows not only the importance of the penetration testing report but also how to format it and fill with data that was obtained during our tests.
