Credits
Figure/Table | Attribution/Credit Line |
Unnumbered Figure Cover_01 | Sergey Nivens/Shutterstock |
Unnumbered Figure 1-1; Unnumbered Figure 2-1; Unnumbered Figure 3-1; Unnumbered Figure 4-1; Unnumbered Figure 5-1; Unnumbered Figure 6-1; Unnumbered Figure 7-1; Unnumbered Figure 8-1; Unnumbered Figure 9-1; Unnumbered Figure 10-1; Unnumbered Figure 11-1 | Charlie Edwards/Photodisc/Getty Images |
Screenshot of Revealing Additional Subdomains Using Digital Certificate Information in crt.sh © Sectigo Limited 2015–2021 | |
Screenshot of The Internet Archive Wayback Machine © 1992–1999 Cisco Systems, Inc. | |
Screenshot of The Recon-ng Marketplace Search © OffSec Services Limited 2021 | |
Screenshot of Exploring the Shodan Database © Shodan ® | |
Screenshot of Revealing Vulnerable Systems Using Shodan © Shodan ® | |
Screenshot of Starting scapy from the Command Line © 2008–2021 Philippe Biondi and the Scapy community | |
Screenshot of Using the explore() function in Scapy © 2008-2021 Philippe Biondi and the Scapy community | |
Screenshot of SET Main Menu ©2021 by TrustedSec | |
Screenshot of Social Engineering Attack Menu in SET ©2021 by TrustedSec | |
Screenshot of Spear-Phishing Attack Menu ©2021 by TrustedSec | |
Screenshot of Creating a FileFormat Payload ©2021 by TrustedSec | |
Screenshot of Adobe PDF Embedded EXE Social Engineering ©2021 by TrustedSec | |
Screenshot of Configuring SET to Spawn a Windows Reverse TCP Shell on the Victim ©2021 by TrustedSec | |
Screenshot of Generating the Payload in SET ©2021 by TrustedSec | |
Screenshot of Renaming the Payload ©2021 by TrustedSec | |
Screenshot of Using a One-Time Email Template in SET ©2021 by TrustedSec | |
Screenshot of Sending the Email in SET ©2021 by TrustedSec | |
Screenshot of Launching BeEF © BeEF | |
Screenshot of Stealing a Browser Cookie Using XSS and BeEF © BeEF | |
Screenshot of Sending a Fake Notification to the Victim’s Browser Using BeEF © BeEF | |
Screenshot of The Fake BeEF Notification in the Victim’s Browser © BeEF | |
Screenshot of Setting Up a Rogue DHCP Server in Yersenia © OffSec Services Limited 2021 | |
Screenshot of Performing a Deauthentication Attack with Aireplay-ng © OffSec Services Limited 2021 | |
Screenshot of Using Airodump-ng to View the Available Wireless Networks and Then Capturing Traffic to the Victim BSSID © OffSec Services Limited 2021 | |
Screenshot of Using Aireplay-ng to Disconnect the Wireless Clients © OffSec Services Limited 2021 | |
Screenshot of Collecting the WPA Handshake Using Airodump-ng © OffSec Services Limited 2021 | |
Screenshot of Cracking the WPA PSK Using Aircrack-ng © OffSec Services Limited 2021 | |
Screenshot of HTTP Request Details © The Wireshark Foundation | |
Screenshot of HTTP Response Details © The Wireshark Foundation | |
Screenshot of Example of an SQL Statement © 1999–2021 by Refsnes Data | |
Screenshot of Example of a Basic SQL Injection Attack Using String-Based User Input © 2021, OWASP Foundation, Inc. | |
Screenshot of Example of a Basic SQL Injection Attack Numeric-Based User Input © 2021, OWASP Foundation, Inc. | |
Screenshot of Example of a UNION Operand in an SQL Injection Attack © 2021, OWASP Foundation, Inc. | |
Screenshot of Example of a Blind SQL Injection Attack © Damn Vulnerable Web Application | |
Screenshot of Example of a Command Injection Vulnerability © Damn Vulnerable Web App | |
Screenshot of A Packet Capture of a Web Session © The Wireshark Foundation | |
Screenshot of A Stored XSS Attack in a Web Form © Damn Vulnerable Web App | |
Screenshot of A Persistent (Stored) XSS Attack © Damn Vulnerable Web App | |
Screenshot of CSRF Example © Damn Vulnerable Web App | |
Screenshot of Exploiting a Directory (Path) Traversal Vulnerability © Damn Vulnerable Web App | |
Screenshot of Exploiting a Remote File Inclusion Vulnerability © Damn Vulnerable Web App | |
Screenshot of Burp Suite Community Edition © 2021 PortSwigger Ltd. | |
Screenshot of OWASP Zed Attack Proxy (ZAP) © 2021 the ZAP Dev Team | |
Screenshot of Using gobuster to Enumerate Directories in a Web Application © OffSec Services Limited 2021 | |
Screenshot of Scanning Container Images with Grype © 2020 Anchore, Inc. | |
Screenshot of TrevorC2 Example © OffSec Services Limited 2021 | |
Courtesy of GitHub, Inc. | |
Screenshot of Starting a Web Service to Expose the PowerSploit Scripts to Compromised Hosts © OffSec Services Limited 2021 | |
Screenshot of Kali Linux All Applications Menu © OffSec Services Limited 2021 | |
Screenshot of Parrot OS © 2020–2021 Parrot Security CIC | |
Screenshot of BlackArch Applications Menu © BlackArch Linux 2013–2021 | |
Screenshot of Running BlackArch in a Docker Container © BlackArch Linux 2013–2021 | |
Screenshot of Shodan © Shodan ® | |
Screenshot of Maltego Search Results © 2021 by Maltego Technologies | |
Screenshot of Maltego’s Transform Hub © 2021 by Maltego Technologies | |
Screenshot of Recon-ng © OffSec Services Limited 2021 | |
Screenshot of Censys © 2021 Censys | |
Screenshot of Zenmap Scan © 1996–2020 Insecure.Com LLC | |
Screenshot of Zenmap Topology Tab © 1996–2020 Insecure.Com LLC | |
Screenshot of OpenVAS Scan Results Dashboard © 2015–2021, Greenbone Networks GmbH. | |
Screenshot of Multiple Critical Vulnerabilities Found by OpenVAS © 2015–2021, Greenbone Networks GmbH. | |
Screenshot of The OpenVAS Advanced Task Wizard © 2015–2021, Greenbone Networks GmbH. | |
Screenshot of Scheduling Vulnerability Scans in OpenVAS © 2015–2021, Greenbone Networks GmbH. | |
Screenshot of Scanning a Web Application Using OWASP ZAP © 2021, OWASP Foundation, Inc. | |
Screenshot of OWASP ZAP’s Vulnerability Scan Results © 2021, OWASP Foundation, Inc. | |
Screenshot of Kali Linux © 1996-2019 by Solar Designer | |
Screenshot of Veil’s Main Menu © OffSec Services Limited 2021 | |
Screenshot of Using Veil for Evasion © OffSec Services Limited 2021 | |
Screenshot of Veil’s Available Payloads © OffSec Services Limited 2021 | |
Screenshot of Configuring the LHOST and Generating the Payload © OffSec Services Limited 2021 | |
Screenshot of Displaying the Locations of the Payload Executable, Source Code, and Metasploit Resource File © OffSec Services Limited 2021 | |
Screenshot of The Tor Browser © The Tor Project, Inc. | |
Screenshot of The Metasploit Console © OffSec Services Limited 2021 | |
Screenshot of Searching for Exploits and Other Modules in Metasploit © OffSec Services Limited 2021 | |
Screenshot of Using Meterpreter to Create a Bind TCP Connection After Exploitation © OffSec Services Limited 2021 | |
Screenshot of Exploiting a Vulnerability and Establishing a Meterpreter Session © OffSec Services Limited 2021 | |
Screenshot of Meterpreter Commands, Part 1 © OffSec Services Limited 2021 | |
Screenshot of Meterpreter Commands, Part 2 © OffSec Services Limited 2021 | |
Screenshot of The hashdump Meterpreter Command © OffSec Services Limited 2021 | |
Screenshot of Getting System Information and Collecting a Screenshot of the Victim System’s Desktop © OffSec Services Limited 2021 | |
Screenshot of BeEF © Beef | |
Screenshot of OllyDbg Example © 2000–2014 Oleh Yuschuk | |
Screenshot of Using the edb Debugger © OffSec Services Limited 2021 | |
Screenshot of Disassembling a Vulnerable Program by Using IDA © 2021 Hex-Rays | |
Screenshot of Example of IDA Debugging and Disassembly Capabilities © 2021 Hex-Rays |