Windows and Linux Penetration Testing from Scratch - Second Edition

Bramwell, Phil



Master the art of identifying and exploiting vulnerabilities with Metasploit, Empire, PowerShell, and Python, turning Kali Linux into your fighter cockpit

Key Features

- Map your client's attack surface with Kali Linux
- Discover the craft of shellcode injection and managing multiple compromises in the environment
- Understand both the attacker and the defender mindset

Book Description

Let's be honest―security testing can get repetitive. If you're ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients.

This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You'll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you'll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you'll be able to go deeper and keep your access.

By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients' environments and providing the necessary insight for proper remediation.

What you will learn

- Get to know advanced pen testing techniques with Kali Linux
- Gain an understanding of Kali Linux tools and methods from behind the scenes
- Get to grips with the exploitation of Windows and Linux clients and servers
- Understand advanced Windows concepts and protection and bypass them with Kali and living-off-the-land methods
- Get the hang of sophisticated attack frameworks such as Metasploit and Empire
- Become adept in generating and analyzing shellcode
- Build and tweak attack scripts and modules

Who this book is for

This book is for penetration testers, information technology professionals, cybersecurity professionals and students, and individuals breaking into a pentesting role after demonstrating advanced skills in boot camps. Prior experience with Windows, Linux, and networking is necessary.


精通使用Metasploit、Empire、PowerShell和Python等工具來識別和利用漏洞,將Kali Linux打造成您的戰鬥座艙。

- 使用Kali Linux來映射客戶的攻擊面
- 探索shellcode注入和在環境中管理多個入侵的技巧
- 理解攻擊者和防守者的思維方式


這本測試書籍將指導您學習從不可或缺的平台Kali Linux攻擊Windows和Linux環境的高級技術。您將學習核心網絡入侵概念和高級利用技巧,利用技術和人為因素來最大化成功。您還將探索如何利用公共資源來了解目標,發現潛在目標,分析它們,並使用各種利用技術獲得立足點,同時避開防禦措施,如防病毒軟件和防火牆。本書重點介紹了利用目標資源(如PowerShell)執行強大且難以檢測的攻擊。在此過程中,您將享受閱讀這些方法的工作原理,以便您能夠獲得必要的知識,向各種背景的客戶解釋您的發現。最後,您將學習後測試策略,深入挖掘並保持您的訪問權限。


- 了解使用Kali Linux的高級滲透測試技術
- 從幕後了解Kali Linux的工具和方法
- 掌握對Windows和Linux客戶端和服務器的利用
- 理解高級的Windows概念和保護措施,並使用Kali和活動中的方法繞過它們
- 掌握Metasploit和Empire等複雜的攻擊框架
- 熟練生成和分析shellcode
- 構建和調整攻擊腳本和模塊



Phil Bramwell, CISSP has been tinkering with gadgets since he was a kid in the 1980s. After obtaining the Certified Ethical Hacker and Certified Expert Penetration Tester certifications in 2004 and a Bachelors of Applied Science in Computer Security from Davenport University in 2007, Phil was a security engineer and consultant who conducted Common Criteria, FIPS, and PCI-DSS assessments, GDPR consulting for a firm in the UK, and social engineering and penetration testing for banks, governments, and universities throughout the USA. After specializing in antimalware analysis and security operations, Phil is now a penetration tester for a Fortune 100 automobile manufacturer. Phil is based in the Metro Detroit area.


Phil Bramwell, CISSP自1980年代以來就一直對小玩意兒進行改造。在2004年獲得了Certified Ethical Hacker和Certified Expert Penetration Tester的認證後,他於2007年從Davenport大學獲得了應用科學學士學位,專攻計算機安全。Phil曾擔任安全工程師和顧問,負責進行Common Criteria、FIPS和PCI-DSS評估,為英國一家公司提供GDPR諮詢,並為美國的銀行、政府和大學進行社交工程和滲透測試。在專攻防惡意軟件分析和安全運營後,Phil現在是一家財富100強的汽車製造商的滲透測試人員。Phil的工作地點位於底特律都會區。


1. Open Source Intelligence
2. Bypassing Network Access Control
3. Sniffing and Spoofing
4. Windows Passwords on the Network
5. Assessing Network Security
6. Cryptography and the Penetration Tester
7. Advanced Exploitation with Metasploit
8. Python Fundamentals
9. PowerShell Fundamentals
10. Shellcoding - The Stack
11. Shellcoding - Bypassing Protections
12. Shellcoding - Evading Antivirus
13. Windows Kernel Security
14. Fuzzing Techniques
15. Going Beyond the Foothold
16. Escalating Privileges
17. Maintaining Access
18. Answers


1. 開放源碼情報
2. 繞過網路存取控制
3. 嗅探和偽造
4. 網路上的Windows密碼
5. 評估網路安全
6. 密碼學和滲透測試人員
7. 使用Metasploit進行高級攻擊
8. Python基礎知識
9. PowerShell基礎知識
10. Shellcoding - 堆疊
11. Shellcoding - 繞過保護
12. Shellcoding - 規避防毒軟體
13. Windows核心安全
14. Fuzzing技術
15. 超越立足點
16. 提升權限
17. 維持存取
18. 答案