In this chapter, we focused on multiple vulnerability assessment tools and techniques. We learned how to write our own vulnerability script for Nmap using NSE, and also how to use a tool that can convert the findings from active reconnaissance into a defined action that establishes access for the tester to the target. We also learned how to install the OpenVAS, Nessus, and Nexpose vulnerability scanners on Kali Linux.

Kali provides several tools to facilitate the development, selection, and activation of exploits, including the internal exploit-db  (searchsploit), as well as several frameworks that simplify the use and management of exploits.

The next chapter focuses on the most important part of the attacker's kill chain, the exploitation phase. Physical security is one method to gain access to data systems (if you can boot, you've got root!); physical access is also closely tied to social engineering, the art of hacking humans and taking advantage of their trust. This is the part of the attack where the attackers achieve their objective. Typical exploitation activities include horizontal escalation by taking advantage of poor access controls, and vertical escalation by theft of user credentials.