book

Penetration Testing Essentials

by Sean-Philip Oriyano

December 2016

Beginner

360 pages

English

Sybex

Read now

Unlock full access

Defining Penetration TestingPreserving Confidentiality, Integrity, and AvailabilityAppreciating the Evolution of Hacking
Comparing Common Operating SystemsExploring Networking Concepts
Recognizing the Four Goals of CryptographyThe History of EncryptionSpeaking Intelligently About CryptographyComparing Symmetric and Asymmetric CryptographyTransforming Data via HashingA Hybrid System: Using Digital SignaturesWorking with PKI
Determining the Objective and Scope of the JobChoosing the Type of Test to PerformGaining Permission via a ContractFollowing the Law While Testing
Introduction to Intelligence GatheringExamining a Company’s Web PresenceFinding Websites That Don’t Exist AnymoreGathering Information with Search EnginesTargeting Employees with People SearchesDiscovering LocationDo Some Social NetworkingLooking via Financial ServicesInvestigating Job BoardsSearching EmailExtracting Technical Information
Introduction to ScanningChecking for Live SystemsPerforming Port ScanningIdentifying an Operating SystemScanning for VulnerabilitiesUsing Proxies (Or Keeping Your Head Down)Performing Enumeration
Introduction to Vulnerability ScanningRecognizing the Limitations of Vulnerability ScanningOutlining the Vulnerability Scanning ProcessTypes of Scans That Can Be Performed

Recognizing Strong PasswordsChoosing a Password-Cracking TechniqueExecuting a Passive Online AttackExecuting an Active Online AttackExecuting an Offline AttackUsing Nontechnical MethodsEscalating Privileges
Deciding How to AttackInstalling a Backdoor with PsToolsOpening a Shell with LAN TurtleRecognizing Types of MalwareLaunching VirusesLaunching WormsLaunching SpywareInserting TrojansInstalling Rootkits
Reporting the Test ParametersCollecting InformationHighlighting the Important InformationAdding Supporting DocumentationConducting Quality Assurance
Detecting IntrusionsRecognizing the Signs of an IntrusionEvading an IDSBreaching a FirewallUsing Honeypots: The Wolf in Sheep’s Clothing
Recognizing the Motivations for EvasionGetting Rid of Log FilesHiding FilesEvading Antivirus SoftwareEvading Defenses by Entering Through a BackdoorUsing Rootkits for Evasion
An Introduction to WirelessBreaking Wireless Encryption TechnologiesConducting a Wardriving AttackConducting Other Types of AttackChoosing Tools to Attack WirelessKnocking Out BluetoothHacking the Internet of Things (IoT)
Recognizing Current-Generation Mobile DevicesWorking with Android OSWorking with Apple iOSFinding Security Holes in Mobile DevicesEncountering Bring Your Own Device (BYOD)Choosing Tools to Test Mobile Devices
Introduction to Social EngineeringExploiting Human TraitsActing Like a Social EngineerTargeting Specific VictimsLeveraging Social NetworkingConducting Safer Social Networking
Introduction to HardeningThree Tenets of DefenseCreating a Security BaselineHardening with Group PolicyHardening Desktop SecurityBacking Up a System
Introduction to Network HardeningIntrusion Detection SystemsFirewallsPhysical Security Controls
Choosing Your Career PathBuild a LibraryPractice Technical WritingDisplay Your Skills
Deciding to Build a LabConsidering VirtualizationGetting Starting and What You Will NeedInstalling Software
Chapter 1: Introduction to Penetration TestingChapter 2: Introduction to Operating Systems and NetworkingChapter 3: Introduction to CryptographyChapter 4: Outlining the Pentesting MethodologyChapter 5: Gathering IntelligenceChapter 6: Scanning and EnumerationChapter 7: Conducting Vulnerability ScanningChapter 8: Cracking PasswordsChapter 9: Retaining Access with Backdoors and MalwareChapter 10: ReportingChapter 11: Working with Defensive and Detection SystemsChapter 12: Covering Your Tracks and Evading DetectionChapter 13: Detecting and Targeting WirelessChapter 14: Dealing with Mobile Device SecurityChapter 15: Performing Social EngineeringChapter 16: Hardening a Host SystemChapter 17: Hardening Your NetworkChapter 18: Navigating the Path to Job SuccessChapter 19: Building a Test Lab for Penetration Testing

Content preview from Penetration Testing Essentials

CHAPTER 10 Reporting

No job is complete until the paperwork is done, and that is definitely true with the process of penetration testing a client’s network and overall environment. Upon completion of a successful test, a client will expect a report documenting the results and providing suggestions and recommendations for addressing any deficiencies found on their network. This important part of the process will wrap up all the tasks and processes you performed into a package that will be presented to senior-level employees and technical staff in the target organization as well as kept on file for compliance and legal purposes.

A report should present the outcome of the pen testing process and include objectives, methodologies you used, vulnerabilities, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781119235309Purchase Link

Penetration Testing Essentials

by Sean-Philip Oriyano

CHAPTER 10 Reporting

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like