Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500.
His journey into the exciting world of security began in the 1980s while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5.25-inch diskettes.
Throughout the years, he has continued his attempts at remaining up-to-date with the latest and greatest in the security industry and the security community.
He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years.
His hobbies and obsessions include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, 3D Game development, and skiing.

• Preface
• Chapter 1：Planning and Scoping for a Successful Penetration Test
  • Introduction to advanced penetration testing
  • Before testing begins
  • Planning for action
  • Exploring BackTrack
  • Installing OpenOffice
  • Effectively manage your test results
  • Introduction to the Dradis Framework
  • Summary
• Chapter 2：Advanced Reconnaissance Techniques
  • Introduction to reconnaissance
  • DNS recon
  • Gathering and validating domain and IP information
  • Using search engines to do your job for you
  • Summary
• Chapter 3：Enumeration：Choosing Your Targets Wisely
  • Adding another virtual machine to our lab
  • Nmap — getting to know you
  • SNMP：A goldmine of information just waiting to be discovered
  • Creating network baselines with scanPBNJ
  • Enumeration avoidance techniques
  • Summary
• Chapter 4：Remote Exploitation
  • Exploitation – Why bother？
  • Target practice – Adding a Kioptrix virtual machine
  • Manual exploitation
  • Getting files to and from victim machines
  • Passwords：Something you know…
  • Metasploit — learn it and love it
  • Summary
Chapter 5：Web Application Exploitation
• Practice makes perfect
• Detecting load balancers
• Detecting Web Application Firewalls（WAF）
• Taking on Level 3 – Kioptrix
• Web Application Attack and Audit Framework（w3af）
• Introduction to Mantra
• Summary
Chapter 6：Exploits and Client-Side Attacks
• Buffer overflows—A refresher
• Introduction to fuzzing
• Introducing vulnserver
• Fuzzing tools included in BackTrack
• Fast-Track
• Social Engineering Toolkit
• Summary
Chapter 7：Post-Exploitation
• Rules of engagement
• Data gathering, network analysis, and pillaging
• Pivoting
• Summary
Chapter 8：Bypassing Firewalls and Avoiding Detection
• Lab preparation
• Stealth scanning through the firewall
• Now you see me, now you don't — Avoiding IDS
• Blending in
• Looking at traffic patterns
• Cleaning up compromised hosts
• Miscellaneous evasion techniques
• Summary
Chapter 9：Data Collection Tools and Reporting
• Record now — Sort later
• Old school — The text editor method
• Dradis framework for collaboration
• The report
• Challenge to the reader
• Summary
Chapter 10：Setting Up Virtual Test Lab Environments
• Why bother with setting up labs？
• Keeping it simple
• Adding complexity or emulating target environments
• Summary
Chapter 11：Take the Challenge – Putting It All Together
• The scenario
• The setup
• The challenge
• The walkthrough
• Reporting
• Summary
Index