Advanced Infrastructure Penetration Testing gives you the core skills and techniques you need to effectively conduct penetration tests and evaluate enterprise security posture. This book contains the crucial techniques to exploit the modern information technology infrastructures by providing a practical experience. Every chapter will take you through the attack vectors and system defenses, starting from the fundamentals to the latest cutting-edge techniques and utilities.

If you are a system administrator, SOC analyst, penetration tester, or a network engineer and want to take your penetration testing skills and security knowledge to the next level, then this book is for you. Some hands-on experience with penetration testing tools and knowledge of Linux and Windows command-line syntax would be beneficial.

Chapter 1, Introduction to Advanced Infrastructure Penetration Testing, introduces you to the different methodologies and techniques of penetration testing and shows you how to perform a penetration testing program.

Chapter 2, Advanced Linux Exploitation, explains how to exploit Linux infrastructure using the latest cutting-edge techniques.

Chapter 3, Corporate Network and Database Exploitation, gives you an overview of real-world corporate networks and databases attacks in addition to the techniques and procedures to effectively secure your network.

Chapter 4, Active Directory Exploitation, discusses how to exploit Active Directory environments using the latest tools and techniques.

Chapter 5, Docker Exploitation, covers most of the well-known techniques to exploit Dockerized environments and explains how to defend against Docker threats.

Chapter 6, Exploiting Git and Continuous Integration Servers, explains how to defend against major Continuous Integration Server threats.

Chapter 7, Metasploit and PowerShell for Post-Exploitation, shows how to use Metasploit and PowerShell for post-exploitation to perform advanced attacks.

Chapter 8, VLAN Exploitation, explains how to perform many layer 2 attacks, including VLAN threats.

Chapter 9, VoIP Exploitation, covers the major threats to VoIP systems and discusses VoIP protocols.

Chapter 10, Insecure VPN Exploitation, helps you to exploit insecure virtual private networks from theory to practice.

Chapter 11, Routing and Router Vulnerabilities, gives you an interesting overview of routing protocols and routers and shows you how to exploit and secure them.

Chapter 12, Internet of Things Exploitation, provides a practical guide to securing modern IoT projects and connected cars.

To get the most from this book, readers should have some technical information security experience and be familiar with common administrative tools in Windows and Linux. Readers should read this book actively; in other words, after being exposed to new information or tools, it is highly recommended to practice and search for more scenarios and capabilities.

Read the book with a goal in mind and try to use it or a part of it as an action plan toward making your infrastructure more secure.

The following are the requirements:

• Microsoft Windows OS
• Kali Linux (installed or hosted in a virtual machine)
• 2 GB RAM or more
• Internet access
• Wireless card or adapter supporting Kali Linux

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

1. Log in or register at www.packtpub.com.
2. Select the SUPPORT tab.
3. Click on Code Downloads & Errata.
4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

• WinRAR/7-Zip for Windows
• Zipeg/iZip/UnRarX for Mac
• 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Advanced-Infrastructure-Penetration-Testing. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it from https://www.packtpub.com/sites/default/files/downloads/AdvancedInfrastructurePenetrationTesting_ColorImages.pdf.

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."

A block of code is set as follows:

def intialize
super(
'Name' => 'TCP scanner',
'Version' => '$Revisiov: 1 $',
'Description' => 'This is a Demo for Packt Readers',
'License' => MSF_LICENSSE
)

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

def intialize
super(
'Name' => 'TCP scanner',
'Version' => '$Revisiov: 1 $',
'Description' => 'This is a Demo for Packt Readers',
'License' => MSF_LICENSSE
)

Any command-line input or output is written as follows:

git clone https://github.com/laramies/theHarvester 

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "To start a Nexpose scan, open a project, click on Create and select Site, for example. Then, enter a target IP or an IP range to start a scan"

Feedback from our readers is always welcome.

General feedback: Email feedback@packtpub.com and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at questions@packtpub.com.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packtpub.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

The information within this book is intended to be used only in an ethical manner. Do not
use any information from the book if you do not have written permission from the owner of
the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted
to the full extent of the law. Packt Publishing does not take any responsibility if you misuse
any of the information contained within the book. The information herein must only be
used while testing environments with proper written authorizations from appropriate
persons responsible.