Penetration Testing Fundamentals. Pearson

A Hands-On Guide to Reliable Security Audits 

Chuck Easttom

Contents at a Glance

Introduction to Penetration Testing

Standards
Cryptography
Reconnaissance
Malware
Hacking Windows
Web Hacking
Vulnerability Scanning
Introduction to Linux
Linux Hacking
Introduction to Kali Linux
General Hacking Techniques
Introduction to Metasploit
More with Metasploit
Introduction to Scripting with Ruby
Write Your Own Metasploit Exploits with Ruby
General Hacking Knowledge
Additional Pen Testing Topics
A Sample Pen Test Project
Appendix A: Answers to Chapter Multiple Choice Questions
Index

e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 4.00 USD
 Pages
 510 p
 File Size
 17,138 KB
 File Type
 PDF format
 ISBN-13
 ISBN-10
 978-0-7897-5937-5
 0-7897-5937-3
 Copyright   
 2018 by Pearson Education, Inc 

About the Author
Chuck Easttom has been in the IT industry for well over 25 years and cybersecurity for over 15. He
has over 40 industry certifications, and has authored 24 other books. He is also an inventor with 13
patents. Chuck is a frequent speaker at various security conferences including Defcon, ISC2 Security
Congress, Secure World, and many others. He also has authored a number of papers on securityrelated
topics including malware development, penetration testing, and hacking techniques. He also
has hands-on experience consulting on cyber security issues and conducting penetration tests.

About the Technical Reviewers
Steve Kalman is both an attorney and a professional security expert. He holds the following
credentials from (ISC)2, for whom he worked as an authorized instructor: CISSP, CCFP-US, CSSLP,
ISSMP, ISSAP, HCISPP, SSCP. Steve has been author or technical editor for more than 20
Pearson/Cisco Press books.
Everett Stiles holds a Master of Science degree in Computer Engineering from the University of
Tennessee and is currently a senior engineer in security research at Cisco Systems, Inc.

Acknowledgments
I want to thank the various people at Pearson who made this happen. The technical reviewers and
editors were simply top-notch. I have worked with a lot of publishers and a lot of editors/reviewers,
and found none better than those at Pearson.

Table of Contents
Introduction
Chapter 1: Introduction to Penetration Testing
What Is Penetration Testing?
Audits
Vulnerability Scans
Penetration Tests
The Hybrid Test
Terminology
Methodologies
Nature of the Test
Approaches
Ethical Issues
Everything Is Confidential
Keep in Your Lane
If You Break It, You Bought It
Legal Issues
Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030
Unlawful Access to Stored Communications: 18 U.S. Code § 2701
Identity Theft Enforcement and Restitution Act
Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029
State Laws
International Laws
Certifications
CEH
GPEN
OSCP
Mile2
CISSP
PPT
This Book and Certifications
Careers in Penetration Testing
Security Administrators
Commercial Penetration Testing
Government/National Defense
Law Enforcement
Building Your Skillset
Summary
Test Your Skills
Chapter 2: Standards
PCI DSS
The Actual Test
NIST 800-115
Planning
Execution
Post-Execution
National Security Agency InfoSec Assessment Methodology (NSA-IAM)
PTES
CREST (UK)
A Synthesis (Putting Standards Together into a Single Unified Approach)
Pre-Engagement
The Actual Test
Reporting
Related Standards
OWASP
Other Standards
ISO 27002
NIST 800-12, Revision 1
NIST 800-14
Summary
Test Your Skills
Chapter 3: Cryptography
Cryptography Basics
History of Encryption
The Caesar Cipher
Atbash
Multi-Alphabet Substitution
Rail Fence
Modern Methods
Symmetric Encryption
Modification of Symmetric Methods
Practical Applications
Public Key (Asymmetric) Encryption
Digital Signatures
Hashing
MD5
SHA
RIPEMD
Windows Hashing
MAC and HMAC
Rainbow Tables
Pass the Hash
Password Crackers
Steganography
Historical Steganography
Methods and Tools
Cryptanalysis
Frequency Analysis
Modern Methods
Practical Application
Learning More
Summary
Test Your Skills
Chapter 4: Reconnaissance
Passive Scanning Techniques
Netcraft
BuiltWith
Archive.org
Shodan
Social Media
Google Searching
Active Scanning Techniques
Port Scanning
Enumeration
Wireshark
Maltego
Other OSINT Tools
OSINT Website
Alexa
Web Master Tips
Summary
Test Your Skills
Chapter 5: Malware
Viruses
How a Virus Spreads
Types of Viruses
Virus Examples
Trojan Horses
Other Forms of Malware
Rootkit
Malicious Web-Based Code
Logic Bombs
Creating Malware
Levels of Malware Writing Skill
GUI Tools
Simple Script Viruses
Creating a Trojan Horse
Altering Existing Viruses
Summary
Test Your Skills
Chapter 6: Hacking Windows
Windows Details
Windows History
The Boot Process
Important Windows Files
Windows Logs
The Registry
Volume Shadow Copy
Windows Password Hashing
Windows Hacking Techniques
Pass the Hash
chntpw
Net User Script
Login as System
Find the Admin
Windows Scripting
net users
net view
net share
net service
netshell
Windows Password Cracking
Offline NT Registry Editor
LCP
pwdump
ophcrack
John the Ripper
Detecting Malware in Windows
Cain and Abel
Summary
Test Your Skills
Chapter 7: Web Hacking
Web Technology
Specific Attacks on Websites
SQL Script Injection
XSS
Other Web Attacks
Tools
Burp Suite
BeEF
Summary
Test Your Skills
Chapter 8: Vulnerability Scanning
Vulnerabilities
CVE
NIST
OWASP
Packet Capture
tcpdump
Wireshark
Network Scanners
LanHelper
Wireless Scanners/Crackers
Aircrack
General Scanners
MBSA
Nessus
Nexpose
SAINT
Web Application Scanners
OWASP ZAP
Vega
Cyber Threat Intelligence
Threatcrowd.org
Phishtank
Internet Storm Center
OSINT
Summary
Test Your Skills
Chapter 9: Introduction to Linux
Linux History
Linux Commands
ls Command
cd Command
Pipe Output
finger Command
grep Command
ps Command
pstree Command
top Command
kill Command
Basic File and Directory Commands
chown Command
chmod Command
bg Command
fg Command
useradd Command
userdel Command
usermod Command
users Command
who Command
Directories
/root
/bin
/sbin
/etc
/dev
/boot
/usr
/var
/proc
Graphical User Interface
GNOME
KDE
Summary
Test Your Skills
Chapter 10: Linux Hacking
More on the Linux OS
sysfs
Crond
Shell Commands
Linux Firewall
Iptables
iptables Configuration
Syslog
Syslogd
Scripting
Linux Passwords
Linux Hacking Tricks
Boot Hack
Backspace Hack
Summary
Test Your Skills
Chapter 11: Introduction to Kali Linux
Kali Linux History
Kali Basics
Kali Tools
recon-ng
Dmitry
Sparta
John the Ripper
Hashcat
macchanger
Ghost Phisher
Summary
Test Your Skills
Chapter 12: General Hacking Techniques
Wi-Fi Testing
Create a Hotspot
Using Kali as a Hotspot
Testing the WAP Administration
Other Wi-Fi Issues
Social Engineering
DoS
Well-known DoS Attacks
Tools
Summary
Test Your Skills
Chapter 13: Introduction to Metasploit
Background on Metasploit
Getting Started with Metasploit
Basic Usage of msfconsole
Basic Commands
Searching
Scanning with Metasploit
SMB Scanner
SQL Server Scan
SSH Server Scan
Anonymous FTP Servers
FTP Server
How to Use Exploits
Exploit Examples
Cascading Style Sheets
File Format Exploit
Remote Desktop Exploit
More Exploits
Common Error
Post Exploits
Get Logged-on Users
Check VM
Enumerate Applications
Going Deeper into the Target
Summary
Test Your Skills
Chapter 14: More with Metasploit
Meterpreter and Post Exploits
ARP
NETSTAT
PS
Navigation
Download and Upload
Desktops
Cameras
Key Logger
Other Information
msfvenom
More Metasploit Attacks
Formatting All Drives
Attacking Windows Server 2008 R2
Attacking Windows via Office
Attacking Linux
Attacking via the Web
Another Linux Attack
Linux Post Exploits
Summary
Test Your Skills
Chapter 15: Introduction to Scripting with Ruby
Getting Started
Basic Ruby Scripting
A First Script
Syntax
Object-Oriented Programming
Summary
Test Your Skills
Chapter 16: Write Your Own Metasploit Exploits with Ruby
The API
Getting Started
Examine an Existing Exploit
Extending Existing Exploits
Writing Your First Exploit
Summary
Test Your Skills
Chapter 17: General Hacking Knowledge
Conferences
Dark Web
Certification and Training
Cyber Warfare and Terrorism
Nation State Actors
Summary
Test Your Skills
Chapter 18: Additional Pen Testing Topics
Wireless Pen Testing
802.11
Infrared
Bluetooth
Other Forms of Wireless
Wi-Fi Hacking
Mainframe and SCADA
SCADA Basics
Mainframes
Mobile Pen Testing
Cellular Terminology
Bluetooth Attacks
Bluetooth/Phone Tools
Summary
Test Your Skills
Chapter 19: A Sample Pen Test Project
Pen Test Outline
Pre-Test Activities
External
Internal
Optional Items
Report Outline
Summary
Appendix A: Answers to Chapter Multiple Choice Questions
Index


Bookscreen
e-books shop

Introduction
This book is an overview of the penetration testing profession. It includes standards to follow,
specific hacking techniques, and even how to conduct the penetration test and write your report. It is
not merely another hacking book, but rather a book for professional penetration testers. It includes
numerous hands-on exercises to ensure you have the skills you need to conduct a professional
penetration test.

Who Should Read This Book?
This book is designed for the professional penetration tester, both the novice and the experienced
professional. The novice will gain an introduction to the field that is very thorough. The seasoned
professional will fill in gaps in their knowledge, most likely in the areas of standards and
methodology. This book was designed specifically to be a text book for classes in penetration testing,
so it is well suited for college courses or for industry training.
Loading...
DMCA.com Protection Status