Introduction

What has remained a foundational skill despite the fast-evolving cybersecurity landscape?
Despite the fast-evolving cybersecurity landscape, bash scripting has remained a foundational skill.

Who wrote the bash shell?
The bash shell was written by Brian Fox.

When was the bash shell first released?
The bash shell was first released in 1989.

Where is the bash shell used?
The bash shell is used on most versions of the Linux operating system.

What does it mean to live off the land?
To live off the land means to use a system's native tools and processes to execute attacks.

What does living off the land enable an attacker to do?
Living off the land enables an attacker to blend in with legitimate activities and avoid detection.

Why is being able to live off the land inside a system important?
Being able to live off the land inside a system is important because otherwise you'd be relying too heavily on third-party tools and that will make you struggle in restricted environments with limited tool access.

What can bash scripting automate?
Bash scripting can automate execution of command line tools.

What are three things you can do when automating the execution of command line tools with bash scripting?
Three things you can do when automating the execution of command line tools with bash scripting are:

  1. Chain multiple tools together.
  2. Run them against many targets.
  3. Strategically schedule their execution.

What Is in This Book

How does this book begin?
This book begins by teaching the foundations of bash syntax and scripting.

What does the book do after teaching the foundations of bash syntax and scripting?
After teaching the foundations of bash syntax and scripting, the book applies those skills to each stage of a penetration test against a Linux-based target network from initial access to data exfiltration.

What are the different chapters of the book and what do they teach?
The different chapters of the book and what they teach include:

  1. Chapter 1 - High-level overview of bash syntax, assigning variables, using arithmetic operators, handling input and exit codes, and more.
  2. Chapter 2 - Testing conditions, using loops, consolidating code into functions, sending commands to the background, and customizing your bash environment for penetration testing.
  3. Chapter 3 - Building a lab to use throughout the book.
  4. Chapter 4 - Reconnaissance activities against a network from a black box point of view.
  5. Chapter 5 - Using bash to identify and exploit vulnerabilities.
  6. Chapter 6 - Techniques for gaining a low-privileged foothold on a target system, deploying web shells, performing OS command injections, and ways to upgrade limited shell environments.
  7. Chapter 7 - Establishing reverse shells and the theory behind how they work.
  8. Chapter 8 - Gathering information from a compromised Linux host without sending packets across the network, navigating the Linux file directory and permissions system, collecting information about user sessions, exploring installed software, and more.
  9. Chapter 9 - Potential paths to privilege escalation like misconfigured permissions, shared resources, and other flaws.
  10. Chapter 10 - Making your access to a network resilient to environment changes, stealing credentials, modifying service configurations, and more.
  11. Chapter 11 - Living-off-the-land approaches to reaching other servers on the target network.
  12. Chapter 12 - Defensive security controls commonly seen in corporate environments, tampering with security tools, and exfiltrating information from a system in evasive ways.

...