Metasploit, 2nd Edition

The new and improved guide to penetration testing using the legendary Metasploit Framework.

The Metasploit Framework makes discovering, exploiting, and sharing systemic vulnerabilities quick and painless. But, this popular pentesting tool can be hard to grasp for first-time users. Written by some of the world’s top hackers and security experts, Metasploit fills the gap by teaching you how to best harness the Framework and interact with its vibrant community of Metasploit open-source contributors.

This indispensable guide's updated second edition introduces modules and commands recently added to the Metasploit Framework, along with a new chapter on conducting cloud-based assessments, and discussions of contemporary evasion techniques, malicious document generation, Active Directory attacks, and more.

You’ll learn:

• Foundational pentesting techniques, including network reconnaissance and enumeration
• The Metasploit Framework's conventions, interfaces, and module system
• Client-side attacks, wireless exploits, and targeted social-engineering attacks
• Methods of creating custom modules and porting existing exploits to the Framework

In a fast-paced digital ecosystem, the modern hacking techniques covered in Metasploit, 2nd Edition are essential for today's penetration testers.

Dave Kennedy has been named one of the Top 10 IT Security Influencers in the World by CISO Platform. In his more than 20 years of experience in the security industry, he cofounded Binary Defense and founded TrustedSec, an information security consulting company located in Fairlawn, Ohio, which specializes in attack simulations with a focus on strategic risk-management.

Jim O'Gorman is the Chief Content and Strategy Officer at OffSec, where he primarily focuses on cyber workforce development and training. He also heads the Kali Linux project, the industry-standard Linux distribution for information security tasks, and can be found online at https://elwood.net.

Devon Kearns is a Canadian information security professional. During his time at Offensive Security, he co-founded The Exploit Database and Kali Linux, and served as lead editor on all in-house content.

Mati Aharoni (muts) is the founder of OffSec. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.

Dr. Daniel G. Graham is a professor of computer science at The University of Virginia (UVA), where he has taught courses in computer networks and network security. His research interests include secure embedded systems and networks. Before teaching at UVA, Dr. Graham was a program manager at Microsoft. He publishes in IEEE journals relating to sensors and networks.

Foreword by HD Moore
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Fundamentals
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Analysis
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Client-Side Attacks
Chapter 9: Auxiliary Modules
Chapter 10: Social Engineering
Chapter 11: Wireless Attacks
Chapter 12: Porting Exploits to the Framework
Chapter 13: Building Your Own Modules
Chapter 14: Creating Your Own Exploits
Chapter 15: Simulated Penetration Test
Chapter 16: Pentesting the Cloud
Appendix A: Configuring Your Lab Environment
Appendix B: Cheat Sheet