Summary
In this chapter, we went on a journey through the network of our client in terms of discovery and vulnerability analysis. We explored the power of Nmap in today’s day and age and demonstrated that it’s still the go-to for network mapping. We explored the underlying mechanisms of the different scan types and learned how to have Nmap interact directly with Metasploit for ease of targeting. Then, we learned how BetterCAP can compromise data streams in real time by swapping out a download with a malicious binary and got comfortable with the updated user interface. After playing with BetterCAP, we learned how we can encapsulate an arbitrary protocol inside an HTTP tunnel to bypass filters. We wrapped up this chapter with a review of IPv6 and some basic tooling with IPv6, including how to get by with IPv4 tools in an IPv6 environment.
In the next chapter, things are going to get goofy-exciting as we jump into some cryptography concepts and some lesser-known attacks...
