O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits, First edition

Book Description

The perfect introduction to pen testing for all IT professionals and students

  • Clearly explains key concepts, terminology, challenges, tools, and skills
  • Covers the latest penetration testing standards from NSA, PCI, and NIST

Welcome to today’s most useful and practical introduction to penetration testing. Chuck Easttom brings together up-to-the-minute coverage of all the concepts, terminology, challenges, and skills you’ll need to be effective.

Drawing on decades of experience in cybersecurity and related IT fields, Easttom integrates theory and practice, covering the entire penetration testing life cycle from planning to reporting.

You’ll gain practical experience through a start-to-finish sample project relying on free open source tools. Throughout, quizzes, projects, and review sections deepen your understanding and help you apply what you’ve learned.

Including essential pen testing standards from NSA, PCI, and NIST, Penetration Testing Fundamentals will help you protect your assets–and expand your career options.

LEARN HOW TO

  • Understand what pen testing is and how it’s used
  • Meet modern standards for comprehensive and effective testing
  • Review cryptography essentials every pen tester must know
  • Perform reconnaissance with Nmap, Google searches, and ShodanHq
  • Use malware as part of your pen testing toolkit
  • Test for vulnerabilities in Windows shares, scripts, WMI, and the Registry
  • Pen test websites and web communication
  • Recognize SQL injection and cross-site scripting attacks
  • Scan for vulnerabilities with OWASP ZAP, Vega, Nessus, and MBSA
  • Identify Linux vulnerabilities and password cracks
  • Use Kali Linux for advanced pen testing
  • Apply general hacking technique ssuch as fake Wi-Fi hotspots and social engineering
  • Systematically test your environment with Metasploit
  • Write or customize sophisticated Metasploit exploits

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Contents at a Glance
  5. Table of Contents
  6. About This E-Book
  7. About the Author
  8. About the Technical Reviewers
  9. Dedication
  10. Acknowledgments
  11. We Want to Hear from You!
  12. Reader Services
  13. Introduction
  14. Who Should Read This Book?
  15. Chapter 1: Introduction to Penetration Testing
    1. What Is Penetration Testing?
      1. Audits
      2. Vulnerability Scans
      3. Penetration Tests
      4. The Hybrid Test
    2. Terminology
    3. Methodologies
      1. Nature of the Test
      2. Approaches
    4. Ethical Issues
      1. Everything Is Confidential
      2. Keep in Your Lane
      3. If You Break It, You Bought It
    5. Legal Issues
      1. Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030
      2. Unlawful Access to Stored Communications: 18 U.S. Code § 2701
      3. Identity Theft Enforcement and Restitution Act
      4. Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029
      5. State Laws
      6. International Laws
    6. Certifications
      1. CEH
      2. GPEN
      3. OSCP
      4. Mile2
      5. CISSP
      6. PPT
      7. This Book and Certifications
    7. Careers in Penetration Testing
      1. Security Administrators
      2. Commercial Penetration Testing
      3. Government/National Defense
      4. Law Enforcement
    8. Building Your Skillset
    9. Summary
    10. Test Your Skills
  16. Chapter 2: Standards
    1. PCI DSS
      1. The Actual Test
    2. NIST 800-115
      1. Planning
      2. Execution
      3. Post-Execution
    3. National Security Agency InfoSec Assessment Methodology (NSA-IAM)
    4. PTES
    5. CREST (UK)
    6. A Synthesis (Putting Standards Together into a Single Unified Approach)
      1. Pre-Engagement
      2. The Actual Test
      3. Reporting
    7. Related Standards
      1. OWASP
    8. Other Standards
      1. ISO 27002
      2. NIST 800-12, Revision 1
      3. NIST 800-14
    9. Summary
    10. Test Your Skills
  17. Chapter 3: Cryptography
    1. Cryptography Basics
    2. History of Encryption
      1. The Caesar Cipher
      2. Atbash
      3. Multi-Alphabet Substitution
      4. Rail Fence
    3. Modern Methods
      1. Symmetric Encryption
      2. Modification of Symmetric Methods
      3. Practical Applications
    4. Public Key (Asymmetric) Encryption
    5. Digital Signatures
    6. Hashing
      1. MD5
      2. SHA
      3. RIPEMD
      4. Windows Hashing
    7. MAC and HMAC
      1. Rainbow Tables
      2. Pass the Hash
    8. Password Crackers
    9. Steganography
      1. Historical Steganography
      2. Methods and Tools
    10. Cryptanalysis
      1. Frequency Analysis
      2. Modern Methods
      3. Practical Application
    11. Learning More
    12. Summary
    13. Test Your Skills
  18. Chapter 4: Reconnaissance
    1. Passive Scanning Techniques
      1. Netcraft
      2. BuiltWith
      3. Archive.org
      4. Shodan
      5. Social Media
      6. Google Searching
    2. Active Scanning Techniques
      1. Port Scanning
      2. Enumeration
    3. Wireshark
    4. Maltego
    5. Other OSINT Tools
      1. OSINT Website
      2. Alexa
      3. Web Master Tips
    6. Summary
    7. Test Your Skills
  19. Chapter 5: Malware
    1. Viruses
      1. How a Virus Spreads
      2. Types of Viruses
      3. Virus Examples
    2. Trojan Horses
    3. Other Forms of Malware
      1. Rootkit
      2. Malicious Web-Based Code
      3. Logic Bombs
    4. Creating Malware
      1. Levels of Malware Writing Skill
      2. GUI Tools
      3. Simple Script Viruses
      4. Creating a Trojan Horse
      5. Altering Existing Viruses
    5. Summary
    6. Test Your Skills
  20. Chapter 6: Hacking Windows
    1. Windows Details
      1. Windows History
      2. The Boot Process
      3. Important Windows Files
      4. Windows Logs
      5. The Registry
      6. Volume Shadow Copy
    2. Windows Password Hashing
    3. Windows Hacking Techniques
      1. Pass the Hash
      2. chntpw
      3. Net User Script
      4. Login as System
      5. Find the Admin
    4. Windows Scripting
      1. net users
      2. net view
      3. net share
      4. net service
      5. netshell
    5. Windows Password Cracking
      1. Offline NT Registry Editor
      2. LCP
      3. pwdump
      4. ophcrack
      5. John the Ripper
    6. Detecting Malware in Windows
    7. Cain and Abel
    8. Summary
    9. Test Your Skills
  21. Chapter 7: Web Hacking
    1. Web Technology
    2. Specific Attacks on Websites
      1. SQL Script Injection
      2. XSS
      3. Other Web Attacks
    3. Tools
      1. Burp Suite
      2. BeEF
    4. Summary
    5. Test Your Skills
  22. Chapter 8: Vulnerability Scanning
    1. Vulnerabilities
      1. CVE
      2. NIST
      3. OWASP
    2. Packet Capture
      1. tcpdump
      2. Wireshark
    3. Network Scanners
      1. LanHelper
    4. Wireless Scanners/Crackers
      1. Aircrack
    5. General Scanners
      1. MBSA
      2. Nessus
      3. Nexpose
      4. SAINT
    6. Web Application Scanners
      1. OWASP ZAP
      2. Vega
    7. Cyber Threat Intelligence
      1. Threatcrowd.org
      2. Phishtank
      3. Internet Storm Center
      4. OSINT
    8. Summary
    9. Test Your Skills
  23. Chapter 9: Introduction to Linux
    1. Linux History
    2. Linux Commands
      1. ls Command
      2. cd Command
      3. Pipe Output
      4. finger Command
      5. grep Command
      6. ps Command
      7. pstree Command
      8. top Command
      9. kill Command
      10. Basic File and Directory Commands
      11. chown Command
      12. chmod Command
      13. bg Command
      14. fg Command
      15. useradd Command
      16. userdel Command
      17. usermod Command
      18. users Command
      19. who Command
    3. Directories
      1. /root
      2. /bin
      3. /sbin
      4. /etc
      5. /dev
      6. /boot
      7. /usr
      8. /var
      9. /proc
    4. Graphical User Interface
      1. GNOME
      2. KDE
    5. Summary
    6. Test Your Skills
  24. Chapter 10: Linux Hacking
    1. More on the Linux OS
      1. sysfs
      2. Crond
      3. Shell Commands
    2. Linux Firewall
      1. Iptables
      2. iptables Configuration
      3. Syslog
    3. Syslogd
    4. Scripting
    5. Linux Passwords
    6. Linux Hacking Tricks
      1. Boot Hack
      2. Backspace Hack
    7. Summary
    8. Test Your Skills
  25. Chapter 11: Introduction to Kali Linux
    1. Kali Linux History
    2. Kali Basics
    3. Kali Tools
      1. recon-ng
      2. Dmitry
      3. Sparta
      4. John the Ripper
      5. Hashcat
      6. macchanger
      7. Ghost Phisher
    4. Summary
    5. Test Your Skills
  26. Chapter 12: General Hacking Techniques
    1. Wi-Fi Testing
      1. Create a Hotspot
      2. Using Kali as a Hotspot
      3. Testing the WAP Administration
      4. Other Wi-Fi Issues
    2. Social Engineering
    3. DoS
      1. Well-known DoS Attacks
      2. Tools
    4. Summary
    5. Test Your Skills
  27. Chapter 13: Introduction to Metasploit
    1. Background on Metasploit
    2. Getting Started with Metasploit
    3. Basic Usage of msfconsole
      1. Basic Commands
      2. Searching
    4. Scanning with Metasploit
      1. SMB Scanner
      2. SQL Server Scan
      3. SSH Server Scan
      4. Anonymous FTP Servers
      5. FTP Server
    5. How to Use Exploits
    6. Exploit Examples
      1. Cascading Style Sheets
      2. File Format Exploit
      3. Remote Desktop Exploit
      4. More Exploits
      5. Common Error
    7. Post Exploits
      1. Get Logged-on Users
      2. Check VM
      3. Enumerate Applications
      4. Going Deeper into the Target
    8. Summary
    9. Test Your Skills
  28. Chapter 14: More with Metasploit
    1. Meterpreter and Post Exploits
      1. ARP
      2. NETSTAT
      3. PS
      4. Navigation
      5. Download and Upload
      6. Desktops
      7. Cameras
      8. Key Logger
      9. Other Information
    2. msfvenom
    3. More Metasploit Attacks
      1. Formatting All Drives
      2. Attacking Windows Server 2008 R2
      3. Attacking Windows via Office
      4. Attacking Linux
      5. Attacking via the Web
      6. Another Linux Attack
      7. Linux Post Exploits
    4. Summary
    5. Test Your Skills
  29. Chapter 15: Introduction to Scripting with Ruby
    1. Getting Started
    2. Basic Ruby Scripting
      1. A First Script
      2. Syntax
      3. Object-Oriented Programming
    3. Summary
    4. Test Your Skills
  30. Chapter 16: Write Your Own Metasploit Exploits with Ruby
    1. The API
    2. Getting Started
    3. Examine an Existing Exploit
    4. Extending Existing Exploits
    5. Writing Your First Exploit
    6. Summary
    7. Test Your Skills
  31. Chapter 17: General Hacking Knowledge
    1. Conferences
    2. Dark Web
    3. Certification and Training
    4. Cyber Warfare and Terrorism
    5. Nation State Actors
    6. Summary
    7. Test Your Skills
  32. Chapter 18: Additional Pen Testing Topics
    1. Wireless Pen Testing
      1. 802.11
      2. Infrared
      3. Bluetooth
      4. Other Forms of Wireless
      5. Wi-Fi Hacking
    2. Mainframe and SCADA
      1. SCADA Basics
      2. Mainframes
    3. Mobile Pen Testing
      1. Cellular Terminology
      2. Bluetooth Attacks
      3. Bluetooth/Phone Tools
    4. Summary
    5. Test Your Skills
  33. Chapter 19: A Sample Pen Test Project
    1. Pen Test Outline
      1. Pre-Test Activities
      2. External
      3. Internal
      4. Optional Items
    2. Report Outline
    3. Summary
  34. Appendix A: Answers to Chapter Multiple Choice Questions
  35. Index