book

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

Name: Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits
Author: Chuck Easttom
ISBN: 9780134854564

by Chuck Easttom

March 2018

Beginner

448 pages

11h 51m

English

Pearson IT Certification

Read now

Unlock full access

Cover Page
About This E-Book
Title Page
Copyright Page
Contents at a Glance
Table of Contents
About the Author
About the Technical Reviewers
Dedication
Acknowledgments

We Want to Hear from You!
Reader Services
Introduction
Who Should Read This Book?
Chapter 1: Introduction to Penetration Testing
What Is Penetration Testing?AuditsVulnerability ScansPenetration TestsThe Hybrid TestTerminologyMethodologiesNature of the TestApproachesEthical IssuesEverything Is ConfidentialKeep in Your LaneIf You Break It, You Bought ItLegal IssuesComputer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030Unlawful Access to Stored Communications: 18 U.S. Code § 2701Identity Theft Enforcement and Restitution ActFraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029State LawsInternational LawsCertificationsCEHGPENOSCPMile2CISSPPPTThis Book and CertificationsCareers in Penetration TestingSecurity AdministratorsCommercial Penetration TestingGovernment/National DefenseLaw EnforcementBuilding Your SkillsetSummaryTest Your Skills
Chapter 2: Standards
PCI DSSThe Actual TestNIST 800-115PlanningExecutionPost-ExecutionNational Security Agency InfoSec Assessment Methodology (NSA-IAM)PTESCREST (UK)A Synthesis (Putting Standards Together into a Single Unified Approach)Pre-EngagementThe Actual TestReportingRelated StandardsOWASPOther StandardsISO 27002NIST 800-12, Revision 1NIST 800-14SummaryTest Your Skills
Chapter 3: Cryptography
Cryptography BasicsHistory of EncryptionThe Caesar CipherAtbashMulti-Alphabet SubstitutionRail FenceModern MethodsSymmetric EncryptionModification of Symmetric MethodsPractical ApplicationsPublic Key (Asymmetric) EncryptionDigital SignaturesHashingMD5SHARIPEMDWindows HashingMAC and HMACRainbow TablesPass the HashPassword CrackersSteganographyHistorical SteganographyMethods and ToolsCryptanalysisFrequency AnalysisModern MethodsPractical ApplicationLearning MoreSummaryTest Your Skills
Chapter 4: Reconnaissance
Passive Scanning TechniquesNetcraftBuiltWithArchive.orgShodanSocial MediaGoogle SearchingActive Scanning TechniquesPort ScanningEnumerationWiresharkMaltegoOther OSINT ToolsOSINT WebsiteAlexaWeb Master TipsSummaryTest Your Skills
Chapter 5: Malware
VirusesHow a Virus SpreadsTypes of VirusesVirus ExamplesTrojan HorsesOther Forms of MalwareRootkitMalicious Web-Based CodeLogic BombsCreating MalwareLevels of Malware Writing SkillGUI ToolsSimple Script VirusesCreating a Trojan HorseAltering Existing VirusesSummaryTest Your Skills
Chapter 6: Hacking Windows
Windows DetailsWindows HistoryThe Boot ProcessImportant Windows FilesWindows LogsThe RegistryVolume Shadow CopyWindows Password HashingWindows Hacking TechniquesPass the HashchntpwNet User ScriptLogin as SystemFind the AdminWindows Scriptingnet usersnet viewnet sharenet servicenetshellWindows Password CrackingOffline NT Registry EditorLCPpwdumpophcrackJohn the RipperDetecting Malware in WindowsCain and AbelSummaryTest Your Skills
Chapter 7: Web Hacking
Web TechnologySpecific Attacks on WebsitesSQL Script InjectionXSSOther Web AttacksToolsBurp SuiteBeEFSummaryTest Your Skills
Chapter 8: Vulnerability Scanning
VulnerabilitiesCVENISTOWASPPacket CapturetcpdumpWiresharkNetwork ScannersLanHelperWireless Scanners/CrackersAircrackGeneral ScannersMBSANessusNexposeSAINTWeb Application ScannersOWASP ZAPVegaCyber Threat IntelligenceThreatcrowd.orgPhishtankInternet Storm CenterOSINTSummaryTest Your Skills
Chapter 9: Introduction to Linux
Linux HistoryLinux Commandsls Commandcd CommandPipe Outputfinger Commandgrep Commandps Commandpstree Commandtop Commandkill CommandBasic File and Directory Commandschown Commandchmod Commandbg Commandfg Commanduseradd Commanduserdel Commandusermod Commandusers Commandwho CommandDirectories/root/bin/sbin/etc/dev/boot/usr/var/procGraphical User InterfaceGNOMEKDESummaryTest Your Skills
Chapter 10: Linux Hacking
More on the Linux OSsysfsCrondShell CommandsLinux FirewallIptablesiptables ConfigurationSyslogSyslogdScriptingLinux PasswordsLinux Hacking TricksBoot HackBackspace HackSummaryTest Your Skills
Chapter 11: Introduction to Kali Linux
Kali Linux HistoryKali BasicsKali Toolsrecon-ngDmitrySpartaJohn the RipperHashcatmacchangerGhost PhisherSummaryTest Your Skills
Chapter 12: General Hacking Techniques
Wi-Fi TestingCreate a HotspotUsing Kali as a HotspotTesting the WAP AdministrationOther Wi-Fi IssuesSocial EngineeringDoSWell-known DoS AttacksToolsSummaryTest Your Skills
Chapter 13: Introduction to Metasploit
Background on MetasploitGetting Started with MetasploitBasic Usage of msfconsoleBasic CommandsSearchingScanning with MetasploitSMB ScannerSQL Server ScanSSH Server ScanAnonymous FTP ServersFTP ServerHow to Use ExploitsExploit ExamplesCascading Style SheetsFile Format ExploitRemote Desktop ExploitMore ExploitsCommon ErrorPost ExploitsGet Logged-on UsersCheck VMEnumerate ApplicationsGoing Deeper into the TargetSummaryTest Your Skills
Chapter 14: More with Metasploit
Meterpreter and Post ExploitsARPNETSTATPSNavigationDownload and UploadDesktopsCamerasKey LoggerOther InformationmsfvenomMore Metasploit AttacksFormatting All DrivesAttacking Windows Server 2008 R2Attacking Windows via OfficeAttacking LinuxAttacking via the WebAnother Linux AttackLinux Post ExploitsSummaryTest Your Skills
Chapter 15: Introduction to Scripting with Ruby
Getting StartedBasic Ruby ScriptingA First ScriptSyntaxObject-Oriented ProgrammingSummaryTest Your Skills
Chapter 16: Write Your Own Metasploit Exploits with Ruby
The APIGetting StartedExamine an Existing ExploitExtending Existing ExploitsWriting Your First ExploitSummaryTest Your Skills
Chapter 17: General Hacking Knowledge
ConferencesDark WebCertification and TrainingCyber Warfare and TerrorismNation State ActorsSummaryTest Your Skills
Chapter 18: Additional Pen Testing Topics
Wireless Pen Testing802.11InfraredBluetoothOther Forms of WirelessWi-Fi HackingMainframe and SCADASCADA BasicsMainframesMobile Pen TestingCellular TerminologyBluetooth AttacksBluetooth/Phone ToolsSummaryTest Your Skills
Chapter 19: A Sample Pen Test Project
Pen Test OutlinePre-Test ActivitiesExternalInternalOptional ItemsReport OutlineSummary
Appendix A: Answers to Chapter Multiple Choice Questions
Index

Overview

The perfect introduction to pen testing for all IT professionals and students

· Clearly explains key concepts, terminology, challenges, tools, and skills

· Covers the latest penetration testing standards from NSA, PCI, and NIST

Welcome to today’s most useful and practical introduction to penetration testing. Chuck Easttom brings together up-to-the-minute coverage of all the concepts, terminology, challenges, and skills you’ll need to be effective.

Drawing on decades of experience in cybersecurity and related IT fields, Easttom integrates theory and practice, covering the entire penetration testing life cycle from planning to reporting.

You’ll gain practical experience through a start-to-finish sample project relying on free open source tools. Throughout, quizzes, projects, and review sections deepen your understanding and help you apply what you’ve learned.

Including essential pen testing standards from NSA, PCI, and NIST, Penetration Testing Fundamentals will help you protect your assets–and expand your career options.

LEARN HOW TO

· Understand what pen testing is and how it’s used

· Meet modern standards for comprehensive and effective testing

· Review cryptography essentials every pen tester must know

· Perform reconnaissance with Nmap, Google searches, and ShodanHq

· Use malware as part of your pen testing toolkit

· Test for vulnerabilities in Windows shares, scripts, WMI, and the Registry

· Pen test websites and web communication

· Recognize SQL injection and cross-site scripting attacks

· Scan for vulnerabilities with OWASP ZAP, Vega, Nessus, and MBSA

· Identify Linux vulnerabilities and password cracks

· Use Kali Linux for advanced pen testing

· Apply general hacking technique ssuch as fake Wi-Fi hotspots and social engineering

· Systematically test your environment with Metasploit

· Write or customize sophisticated Metasploit exploits

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Advanced Infrastructure Penetration Testing

Publisher Resources

ISBN: 9780134854564

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills