Cover image for Penetration Testing Essentials

Penetration Testing Essentials

Author Sean-Philip Oriyano
Release Date: 2016/12/01
ISBN: 9781119235309
Topic:
0%
29
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Your pen testing career begins here, with a solid foundation in essential skills and concepts

Penetration Testing Essentials provides a starting place for professionals and beginners looking to learn more about penetration testing for cybersecurity. Certification eligibility requires work experience—but before you get that experience, you need a basic understanding of the technical and behavioral ways attackers compromise security, and the tools and techniques you'll use to discover the weak spots before others do. You'll learn information gathering techniques, scanning and enumeration, how to target wireless networks, and much more as you build your pen tester skill set. You'll learn how to break in, look around, get out, and cover your tracks, all without ever being noticed. Pen testers are tremendously important to data security, so they need to be sharp and well-versed in technique, but they also need to work smarter than the average hacker. This book set you on the right path, with expert instruction from a veteran IT security expert with multiple security certifications.

IT Security certifications have stringent requirements and demand a complex body of knowledge. This book lays the groundwork for any IT professional hoping to move into a cybersecurity career by developing a robust pen tester skill set.

  • Learn the fundamentals of security and cryptography
  • Master breaking, entering, and maintaining access to a system
  • Escape and evade detection while covering your tracks
  • Build your pen testing lab and the essential toolbox

Start developing the tools and mindset you need to become experienced in pen testing today.

Table of Contents

  1. ACKNOWLEDGMENTS
  2. ABOUT THE AUTHOR
  3. INTRODUCTION
  4. CHAPTER 1 Introduction to Penetration Testing
    1. Defining Penetration Testing
    2. Preserving Confidentiality, Integrity, and Availability
    3. Appreciating the Evolution of Hacking
  5. CHAPTER 2 Introduction to Operating Systems and Networking
    1. Comparing Common Operating Systems
    2. Exploring Networking Concepts
  6. CHAPTER 3 Introduction to Cryptography
    1. Recognizing the Four Goals of Cryptography
    2. The History of Encryption
    3. Speaking Intelligently About Cryptography
    4. Comparing Symmetric and Asymmetric Cryptography
    5. Transforming Data via Hashing
    6. A Hybrid System: Using Digital Signatures
    7. Working with PKI
  7. CHAPTER 4 Outlining the Pen Testing Methodology
    1. Determining the Objective and Scope of the Job
    2. Choosing the Type of Test to Perform
    3. Gaining Permission via a Contract
    4. Following the Law While Testing
  8. CHAPTER 5 Gathering Intelligence
    1. Introduction to Intelligence Gathering
    2. Examining a Company’s Web Presence
    3. Finding Websites That Don’t Exist Anymore
    4. Gathering Information with Search Engines
    5. Targeting Employees with People Searches
    6. Discovering Location
    7. Do Some Social Networking
    8. Looking via Financial Services
    9. Investigating Job Boards
    10. Searching Email
    11. Extracting Technical Information
  9. CHAPTER 6 Scanning and Enumeration
    1. Introduction to Scanning
    2. Checking for Live Systems
    3. Performing Port Scanning
    4. Identifying an Operating System
    5. Scanning for Vulnerabilities
    6. Using Proxies (Or Keeping Your Head Down)
    7. Performing Enumeration
  10. CHAPTER 7 Conducting Vulnerability Scanning
    1. Introduction to Vulnerability Scanning
    2. Recognizing the Limitations of Vulnerability Scanning
    3. Outlining the Vulnerability Scanning Process
    4. Types of Scans That Can Be Performed
  11. CHAPTER 8 Cracking Passwords
    1. Recognizing Strong Passwords
    2. Choosing a Password-Cracking Technique
    3. Executing a Passive Online Attack
    4. Executing an Active Online Attack
    5. Executing an Offline Attack
    6. Using Nontechnical Methods
    7. Escalating Privileges
  12. CHAPTER 9 Retaining Access with Backdoors and Malware
    1. Deciding How to Attack
    2. Installing a Backdoor with PsTools
    3. Opening a Shell with LAN Turtle
    4. Recognizing Types of Malware
    5. Launching Viruses
    6. Launching Worms
    7. Launching Spyware
    8. Inserting Trojans
    9. Installing Rootkits
  13. CHAPTER 10 Reporting
    1. Reporting the Test Parameters
    2. Collecting Information
    3. Highlighting the Important Information
    4. Adding Supporting Documentation
    5. Conducting Quality Assurance
  14. CHAPTER 11 Working with Defensive and Detection Systems
    1. Detecting Intrusions
    2. Recognizing the Signs of an Intrusion
    3. Evading an IDS
    4. Breaching a Firewall
    5. Using Honeypots: The Wolf in Sheep’s Clothing
  15. CHAPTER 12 Covering Your Tracks and Evading Detection
    1. Recognizing the Motivations for Evasion
    2. Getting Rid of Log Files
    3. Hiding Files
    4. Evading Antivirus Software
    5. Evading Defenses by Entering Through a Backdoor
    6. Using Rootkits for Evasion
  16. CHAPTER 13 Detecting and Targeting Wireless
    1. An Introduction to Wireless
    2. Breaking Wireless Encryption Technologies
    3. Conducting a Wardriving Attack
    4. Conducting Other Types of Attack
    5. Choosing Tools to Attack Wireless
    6. Knocking Out Bluetooth
    7. Hacking the Internet of Things (IoT)
  17. CHAPTER 14 Dealing with Mobile Device Security
    1. Recognizing Current-Generation Mobile Devices
    2. Working with Android OS
    3. Working with Apple iOS
    4. Finding Security Holes in Mobile Devices
    5. Encountering Bring Your Own Device (BYOD)
    6. Choosing Tools to Test Mobile Devices
  18. CHAPTER 15 Performing Social Engineering
    1. Introduction to Social Engineering
    2. Exploiting Human Traits
    3. Acting Like a Social Engineer
    4. Targeting Specific Victims
    5. Leveraging Social Networking
    6. Conducting Safer Social Networking
  19. CHAPTER 16 Hardening a Host System
    1. Introduction to Hardening
    2. Three Tenets of Defense
    3. Creating a Security Baseline
    4. Hardening with Group Policy
    5. Hardening Desktop Security
    6. Backing Up a System
  20. CHAPTER 17 Hardening Your Network
    1. Introduction to Network Hardening
    2. Intrusion Detection Systems
    3. Firewalls
    4. Physical Security Controls
  21. CHAPTER 18 Navigating the Path to Job Success
    1. Choosing Your Career Path
    2. Build a Library
    3. Practice Technical Writing
    4. Display Your Skills
  22. CHAPTER 19 Building a Test Lab for Penetration Testing
    1. Deciding to Build a Lab
    2. Considering Virtualization
    3. Getting Starting and What You Will Need
    4. Installing Software
  23. APPENDIX Answers to Review Questions
    1. Chapter 1: Introduction to Penetration Testing
    2. Chapter 2: Introduction to Operating Systems and Networking
    3. Chapter 3: Introduction to Cryptography
    4. Chapter 4: Outlining the Pentesting Methodology
    5. Chapter 5: Gathering Intelligence
    6. Chapter 6: Scanning and Enumeration
    7. Chapter 7: Conducting Vulnerability Scanning
    8. Chapter 8: Cracking Passwords
    9. Chapter 9: Retaining Access with Backdoors and Malware
    10. Chapter 10: Reporting
    11. Chapter 11: Working with Defensive and Detection Systems
    12. Chapter 12: Covering Your Tracks and Evading Detection
    13. Chapter 13: Detecting and Targeting Wireless
    14. Chapter 14: Dealing with Mobile Device Security
    15. Chapter 15: Performing Social Engineering
    16. Chapter 16: Hardening a Host System
    17. Chapter 17: Hardening Your Network
    18. Chapter 18: Navigating the Path to Job Success
    19. Chapter 19: Building a Test Lab for Penetration Testing
  24. EULA
3.141.8.247