Register your product to gain access to bonus material or receive a coupon.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
The perfect introduction to pen testing for all IT professionals and students
· Clearly explains key concepts, terminology, challenges, tools, and skills
· Covers the latest penetration testing standards from NSA, PCI, and NIST
Welcome to today’s most useful and practical introduction to penetration testing. Chuck Easttom brings together up-to-the-minute coverage of all the concepts, terminology, challenges, and skills you’ll need to be effective.
Drawing on decades of experience in cybersecurity and related IT fields, Easttom integrates theory and practice, covering the entire penetration testing life cycle from planning to reporting.
You’ll gain practical experience through a start-to-finish sample project relying on free open source tools. Throughout, quizzes, projects, and review sections deepen your understanding and help you apply what you’ve learned.
Including essential pen testing standards from NSA, PCI, and NIST, Penetration Testing Fundamentals will help you protect your assets–and expand your career options.
LEARN HOW TO
· Understand what pen testing is and how it’s used
· Meet modern standards for comprehensive and effective testing
· Review cryptography essentials every pen tester must know
· Perform reconnaissance with Nmap, Google searches, and ShodanHq
· Use malware as part of your pen testing toolkit
· Test for vulnerabilities in Windows shares, scripts, WMI, and the Registry
· Pen test websites and web communication
· Recognize SQL injection and cross-site scripting attacks
· Scan for vulnerabilities with OWASP ZAP, Vega, Nessus, and MBSA
· Identify Linux vulnerabilities and password cracks
· Use Kali Linux for advanced pen testing
· Apply general hacking technique ssuch as fake Wi-Fi hotspots and social engineering
· Systematically test your environment with Metasploit
· Write or customize sophisticated Metasploit exploits
Introduction
Chapter 1: Introduction to Penetration Testing
What Is Penetration Testing?
Audits
Vulnerability Scans
Penetration Tests
The Hybrid Test
Terminology
Methodologies
Nature of the Test
Approaches
Ethical Issues
Everything Is Confidential
Keep in Your Lane
If You Break It, You Bought It
Legal Issues
Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030
Unlawful Access to Stored Communications: 18 U.S. Code § 2701
Identity Theft Enforcement and Restitution Act
Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029
State Laws
International Laws
Certifications
CEH
GPEN
OSCP
Mile2
CISSP
PPT
This Book and Certifications
Careers in Penetration Testing
Security Administrators
Commercial Penetration Testing
Government/National Defense
Law Enforcement
Building Your Skillset
Summary
Test Your Skills
Chapter 2: Standards
PCI DSS
The Actual Test
NIST 800-115
Planning
Execution
Post-Execution
National Security Agency InfoSec Assessment Methodology (NSA-IAM)
PTES
CREST (UK)
A Synthesis (Putting Standards Together into a Single Unified Approach)
Pre-Engagement
The Actual Test
Reporting
Related Standards
OWASP
Other Standards
ISO 27002
NIST 800-12, Revision 1
NIST 800-14
Summary
Test Your Skills
Chapter 3: Cryptography
Cryptography Basics
History of Encryption
The Caesar Cipher
Atbash
Multi-Alphabet Substitution
Rail Fence
Modern Methods
Symmetric Encryption
Modification of Symmetric Methods
Practical Applications
Public Key (Asymmetric) Encryption
Digital Signatures
Hashing
MD5
SHA
RIPEMD
Windows Hashing
MAC and HMAC
Rainbow Tables
Pass the Hash
Password Crackers
Steganography
Historical Steganography
Methods and Tools
Cryptanalysis
Frequency Analysis
Modern Methods
Practical Application
Learning More
Summary
Test Your Skills
Chapter 4: Reconnaissance
Passive Scanning Techniques
Netcraft
BuiltWith
Archive.org
Shodan
Social Media
Google Searching
Active Scanning Techniques
Port Scanning
Enumeration
Wireshark
Maltego
Other OSINT Tools
OSINT Website
Alexa
Web Master Tips
Summary
Test Your Skills
Chapter 5: Malware
Viruses
How a Virus Spreads
Types of Viruses
Virus Examples
Trojan Horses
Other Forms of Malware
Rootkit
Malicious Web-Based Code
Logic Bombs
Creating Malware
Levels of Malware Writing Skill
GUI Tools
Simple Script Viruses
Creating a Trojan Horse
Altering Existing Viruses
Summary
Test Your Skills
Chapter 6: Hacking Windows
Windows Details
Windows History
The Boot Process
Important Windows Files
Windows Logs
The Registry
Volume Shadow Copy
Windows Password Hashing
Windows Hacking Techniques
Pass the Hash
chntpw
Net User Script
Login as System
Find the Admin
Windows Scripting
net users
net view
net share
net service
netshell
Windows Password Cracking
Offline NT Registry Editor
LCP
pwdump
ophcrack
John the Ripper
Detecting Malware in Windows
Cain and Abel
Summary
Test Your Skills
Chapter 7: Web Hacking
Web Technology
Specific Attacks on Websites
SQL Script Injection
XSS
Other Web Attacks
Tools
Burp Suite
BeEF
Summary
Test Your Skills
Chapter 8: Vulnerability Scanning
Vulnerabilities
CVE
NIST
OWASP
Packet Capture
tcpdump
Wireshark
Network Scanners
LanHelper
Wireless Scanners/Crackers
Aircrack
General Scanners
MBSA
Nessus
Nexpose
SAINT
Web Application Scanners
OWASP ZAP
Vega
Cyber Threat Intelligence
Threatcrowd.org
Phishtank
Internet Storm Center
OSINT
Summary
Test Your Skills
Chapter 9: Introduction to Linux
Linux History
Linux Commands
ls Command
cd Command
Pipe Output
finger Command
grep Command
ps Command
pstree Command
top Command
kill Command
Basic File and Directory Commands
chown Command
chmod Command
bg Command
fg Command
useradd Command
userdel Command
usermod Command
users Command
who Command
Directories
/root
/bin
/sbin
/etc
/dev
/boot
/usr
/var
/proc
Graphical User Interface
GNOME
KDE
Summary
Test Your Skills
Chapter 10: Linux Hacking
More on the Linux OS
sysfs
Crond
Shell Commands
Linux Firewall
Iptables
iptables Configuration
Syslog
Syslogd
Scripting
Linux Passwords
Linux Hacking Tricks
Boot Hack
Backspace Hack
Summary
Test Your Skills
Chapter 11: Introduction to Kali Linux
Kali Linux History
Kali Basics
Kali Tools
recon-ng
Dmitry
Sparta
John the Ripper
Hashcat
macchanger
Ghost Phisher
Summary
Test Your Skills
Chapter 12: General Hacking Techniques
Wi-Fi Testing
Create a Hotspot
Using Kali as a Hotspot
Testing the WAP Administration
Other Wi-Fi Issues
Social Engineering
DoS
Well-known DoS Attacks
Tools
Summary
Test Your Skills
Chapter 13: Introduction to Metasploit
Background on Metasploit
Getting Started with Metasploit
Basic Usage of msfconsole
Basic Commands
Searching
Scanning with Metasploit
SMB Scanner
SQL Server Scan
SSH Server Scan
Anonymous FTP Servers
FTP Server
How to Use Exploits
Exploit Examples
Cascading Style Sheets
File Format Exploit
Remote Desktop Exploit
More Exploits
Common Error
Post Exploits
Get Logged-on Users
Check VM
Enumerate Applications
Going Deeper into the Target
Summary
Test Your Skills
Chapter 14: More with Metasploit
Meterpreter and Post Exploits
ARP
NETSTAT
PS
Navigation
Download and Upload
Desktops
Cameras
Key Logger
Other Information
msfvenom
More Metasploit Attacks
Formatting All Drives
Attacking Windows Server 2008 R2
Attacking Windows via Office
Attacking Linux
Attacking via the Web
Another Linux Attack
Linux Post Exploits
Summary
Test Your Skills
Chapter 15: Introduction to Scripting with Ruby
Getting Started
Basic Ruby Scripting
A First Script
Syntax
Object-Oriented Programming
Summary
Test Your Skills
Chapter 16: Write Your Own Metasploit Exploits with Ruby
The API
Getting Started
Examine an Existing Exploit
Extending Existing Exploits
Writing Your First Exploit
Summary
Test Your Skills
Chapter 17: General Hacking Knowledge
Conferences
Dark Web
Certification and Training
Cyber Warfare and Terrorism
Nation State Actors
Summary
Test Your Skills
Chapter 18: Additional Pen Testing Topics
Wireless Pen Testing
802.11
Infrared
Bluetooth
Other Forms of Wireless
Wi-Fi Hacking
Mainframe and SCADA
SCADA Basics
Mainframes
Mobile Pen Testing
Cellular Terminology
Bluetooth Attacks
Bluetooth/Phone Tools
Summary
Test Your Skills
Chapter 19: A Sample Pen Test Project
Pen Test Outline
Pre-Test Activities
External
Internal
Optional Items
Report Outline
Summary
Appendix A: Answers to Chapter Multiple Choice Questions
9780789759375 TOC 2/13/2018
We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.