O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Expert Metasploit Penetration Testing

Video Description

Enhance your knowledge of penetration testing using Metasploit

About This Video

  • Step-by-step demonstration of the Metasploit framework using real-time examples, diagrams, and presentations for theoretical topics

  • Includes a detailed understanding of the framework internals and how they work

  • Covers all three phases of penetration testing in detail including additional tools, such as Armitage, Nmap, and Nessus

  • In Detail

    If penetration testing is a battle then Metasploit is the deadliest and stealthiest weapon to use. Metasploit is a free, open source penetration testing framework started by H. D. Moore in 2003, which was later acquired by Rapid7. It is based on a modular architecture and all its modules and scripts are integrated with the framework in the form of modules. This makes it fairly easy to integrate any new custom module with the framework and leverage its functionalities. Metasploit is a feature-rich tool that can be integrated with third party tools easily. It is fast, robust, and extensible, and has the ability to manage multiple targets at a time.

    "Expert Metasploit Penetration Testing" is a complete guide for beginners as well as security professionals who are willing to master the most popular and buzzing framework for pen-testing. The video series will guide you through numerous techniques using real time demonstrations to sharpen your skills and give you a clear understanding of the complete framework. The video series also explains ad-on tools, such as nmap, Armitage, and so on, that can further add more skill sets in your techniques for penetration testing. Overall the video series covers every nook and corner of Metasploit.

    The video series starts with scanning for vulnerabilities in the target/network, building standalone payloads using msfencode, exploiting operating systems and then moves ahead with client-side exploitation techniques, the Auxiliary module, and so on. In the post-exploitation phase, it covers persistence, the meterpreter, and pivoting. The final section deals with Armitage and explains how it can be used to leverage the powers of Metasploit over a GUI interface.

    "Expert Metasploit Penetration Testing" is a quick and comprehensive guide for people who are willing to learn by doing.

    "Expert Metasploit Penetration Testing" is a complete guide for beginners as well as security professionals who are willing to master the most popular and buzzing framework for pen-testing. The video series will guide you through numerous techniques using real-time demonstrations to sharpen your skills and give you a clear understanding of the complete framework. The video series also explains add-on tools, such as nmap, Armitage, and so on, that can add more penetration testing techniques to your skillset. Overall, the video series covers every aspect of Metasploit.

    Table of Contents

    1. Chapter 1: Getting Started with Scanning
      1. Scanning with Nmap 00:03:37
      2. More Nmap Scan Options 00:03:57
      3. Working with a Database to Store Scan Results 00:03:15
      4. Scanning with Auxiliary Modules 00:03:15
      5. Vulnerability Scanning with NeXpose 00:03:18
    2. Chapter 2: Working with Metasploit Payloads and Encoders
      1. Working with msfpayload 00:03:18
      2. Working with msfencode 00:02:40
      3. Generating Complex Payloads 00:02:38
      4. Setting Up Metasploit Exploit Modules and Reverse Handlers 00:01:54
      5. Penetration Testing Using an Executable and Reverse Handler 00:02:11
    3. Chapter 3: Working with Exploit Modules
      1. WinXP SP2 Vulnerability Assessment and Exploitation 00:03:20
      2. Binding Shells and Changing Payloads 00:01:49
      3. Understanding the Metasploit Directory Structure 00:03:41
      4. Penetration Testing on a Linux Machine 00:03:17
    4. Chapter 4: Client-side Exploitation Using Metasploit
      1. Client-side Exploitation Based on Internet Explorer 00:02:38
      2. Exploitation Module Based on Adobe Reader 00:02:54
      3. Exploitation and Pen-testing Based on a Java Applet 00:02:11
      4. Targeting the Microsoft File Format's Vulnerabilities for Penetration Testing 00:02:41
      5. Browser Autopwn 00:02:37
    5. Chapter 5: Post-Exploitation with Meterpreter
      1. Understanding Meterpreter 00:03:10
      2. Meterpreter System Commands 00:02:45
      3. Privilege Escalation Using Meterpreter 00:02:33
      4. Meterpreter File System Commands 00:01:55
      5. Meterpreter User Interface Commands 00:04:01
    6. Chapter 6: Advanced Meterpreter
      1. Passing the Hash 00:02:55
      2. Setting Up Persistent Connection Using Meterpreter 00:02:59
      3. Meterpreter Networking Commands 00:04:12
      4. Pivoting 00:03:46
      5. Railgun 00:02:35
    7. Chapter 7: Working with Auxiliary Modules
      1. Understanding the Module Directory Structure and Auxiliary Modules 00:03:12
      2. Working with Admin Auxiliary Modules 00:02:58
      3. Denial-of-service Auxiliary Modules 00:02:37
      4. Fuzzer Auxiliary Modules 00:02:33
      5. Post Exploitation Auxiliary Modules 00:02:23
    8. Chapter 8: Working with Armitage
      1. Getting Started with Armitage 00:02:07
      2. Understanding the Armitage GUI Interface 00:02:23
      3. Scanning with Armitage 00:02:39
      4. Launching Exploits against a Target Using Armitage 00:02:44
      5. Post Exploitation Using Armitage 00:03:11