Your pen testing career begins here, with a solid foundation in essential skills and concepts
Penetration Testing Essentials provides a starting place for professionals and beginners looking to learn more about penetration testing for cybersecurity. Certification eligibility requires work experience--but before you get that experience, you need a basic understanding of the technical and behavioral ways attackers compromise security, and the tools and techniques you'll use to discover the weak spots before others do. You'll learn information gathering techniques, scanning and enumeration, how to target wireless networks, and much more as you build your pen tester skill set. You'll learn how to break in, look around, get out, and cover your tracks, all without ever being noticed. Pen testers are tremendously important to data security, so they need to be sharp and well-versed in technique, but they also need to work smarter than the average hacker. This book set you on the right path, with expert instruction from a veteran IT security expert with multiple security certifications.
IT Security certifications have stringent requirements and demand a complex body of knowledge. This book lays the groundwork for any IT professional hoping to move into a cybersecurity career by developing a robust pen tester skill set.
* Learn the fundamentals of security and cryptography
* Master breaking, entering, and maintaining access to a system
* Escape and evade detection while covering your tracks
* Build your pen testing lab and the essential toolbox
Start developing the tools and mindset you need to become experienced in pen testing today.
Autorentext
About the Author
Sean Oriyano is a longtime security professional. Over the past 25
years he has divided his time between performing security research,
consulting and delivering training both in the field of general IT
and cybersecurity. In addition, he has become a best-selling author
with many years experience in both digital and print media. Sean
has published several books over the last decade and has expanded
his reach further by appearing on TV and radio shows. Additionally
Sean is a Chief Warrant Officer and Unit Commander specializing in
cybersecurity training, development and strategy. As a CWO he is
recognized as a SME in his field and is frequently called upon to
provide expertise, training and mentoring wherever needed.
Inhalt
Introduction xvii
Chapter 1 Introduction to Penetration Testing 1
Defining Penetration Testing 1
Preserving Confidentiality, Integrity, and Availability 4
Appreciating the Evolution of Hacking 5
Chapter 2 Introduction to Operating Systems and Networking 15
Comparing Common Operating Systems 15
Exploring Networking Concepts 21
Chapter 3 Introduction to Cryptography 37
Recognizing the Four Goals of Cryptography 37
The History of Encryption 38
Speaking Intelligently About Cryptography 39
Comparing Symmetric and Asymmetric Cryptography 41
Transforming Data via Hashing 47
A Hybrid System: Using Digital Signatures 48
Working with PKI 50
Chapter 4 Outlining the Pen Testing Methodology 55
Determining the Objective and Scope of the Job 55
Choosing the Type of Test to Perform 58
Gaining Permission via a Contract 60
Following the Law While Testing68
Chapter 5 Gathering Intelligence 71
Introduction to Intelligence Gathering 71
Examining a Company's Web Presence 73
Finding Websites That Don't Exist Anymore 77
Gathering Information with Search Engines 78
Targeting Employees with People Searches 80
Discovering Location 81
Do Some Social Networking 82
Looking via Financial Services 85
Investigating Job Boards 86
Searching Email 86
Extracting Technical Information 87
Chapter 6 Scanning and Enumeration 89
Introduction to Scanning89
Checking for Live Systems 91
Performing Port Scanning 96
Identifying an Operating System 107
Scanning for Vulnerabilities 110
Using Proxies (Or Keeping Your Head Down) 110
Performing Enumeration 112
Chapter 7 Conducting Vulnerability Scanning 121
Introduction to Vulnerability Scanning 122
Recognizing the Limitations of Vulnerability Scanning 123
Outlining the Vulnerability Scanning Process 124
Types of Scans That Can Be Performed 127
Chapter 8 Cracking Passwords 129
Recognizing Strong Passwords 129
Choosing a Password-Cracking Technique 130
Executing a Passive Online Attack 131
Executing an Active Online Attack 133
Executing an Offline Attack 134
Using Nontechnical Methods 137
Escalating Privileges 140
Chapter 9 Retaining Access with Backdoors and Malware 143
Deciding How to Attack 143
Installing a Backdoor with PsTools 144
Opening a Shell with LAN Turtle 145
Recognizing Types of Malware 146
Launching Viruses 147
Launching Worms 153
Launching Spyware 153
Inserting Trojans154
Installing Rootkits 159
Chapter 10 Reporting 161
Reporting the Test Parameters 161
Collecting Information 163
Highlighting the Important Information 164
Adding Supporting Documentation 168
Conducting Quality Assurance 169
Chapter 11 Working with Defensive and Detection Systems 171
Detecting Intrusions 171
Recognizing the Signs of an Intrusion 176
Evading an IDS 179
Breaching a Firewall 182
Using Honeypots: The Wolf in Sheep's Clothing 189
Chapter 12 Covering Your Tracks and Evading Detection 193
Recognizing the Motivations for Evasion 193
Getting Rid of Log Files 194
Hiding Files 201
Evading Antivirus Software 208
Evading Defenses by Entering Through a Backdoor210
Using Rootkits for Evasion 211
Chapter 13 Detecting and Targeting Wireless 213
An Introduction to Wireless 213
Breaking Wireless Encryption Techno...