Penetration Testing Essentials 2017

What’s Covered in This Book

This book covers a broad range of topics for the beginning pentester. The following is a list of
the chapters with a brief description of what each focuses on.

Chapter 1
                   “Introduction to Penetration Testing”: Focuses on the general rationale for penetration testing as well as giving an idea of the skills and knowledge required to be successful.

Chapter 2
                      “Introduction to Operating Systems and Networking”: A firm understanding of the structure of an operating system and the network it attaches to is required to be a pentester. In this chapter, the fundamentals of both are explored to establish a foundation to build upon.

Chapter 3
                   “Introduction to Cryptography”: Without cryptography, a lot of the countermeasures used to protect against inadvertent disclosure of information would not work. Additionally, without an understanding of cryptography, meeting various laws and regulations becomes very difficult. In this chapter, a primer on the functioning and mechanics is covered as well as how it is applied.

Chapter 4
                    “Outlining the Pen Testing Methodology”: Pen testing has a process and methodology that must be followed to get the most complete and effective results reliably. In this chapter, we will cover one of the more popular methods for performing a pen test.

Chapter 5
                    “Gathering Intelligence”: The first step in the process of pen testing is gathering information about your target. In this chapter the various means for gathering information are explored and how they fit into the overall process.

Chapter 6
                      “Scanning and Enumeration”: Once you have gathered sufficient intelligence about a target, you can start probing and finding out which information can be extracted. Usernames, groups, security policies, and more are on the table in this chapter.

Chapter 7
                       “Conducting Vulnerability Scanning”: Want to take a different approach to finding out about your target? Well, you can use the process of manual or automatic vulnerability scanning to locate weaknesses in an environment for later exploitation.

Chapter 8
                       “Cracking Passwords”: Since passwords are the front line of defense in many environments and applications, time must be allocated to the process of obtaining these valuable pieces of information. Enumeration already gave us usernames, so we can focus on those usernames to gather passwords.

Chapter 9
                     “Retaining Access with Backdoors and Malware”: Investigate, explore, compromise, and now you are in the system. However, once you have gained access and established that beachhead, how do you keep it? In this chapter, we will explore precisely that.

Chapter 10
                    “Reporting”: Remember you are working for a client under contract to find and report on your findings. In this chapter, you will see the general format and layout of a report.

Chapter 11
                       “Working with Defensive and Detection Systems”: Of course not all systems are open and waiting to be penetrated. In fact, many systems will have several layers of defense in different forms waiting for you to get in. In this case, intrusion detection and prevention systems are your nemesis and here you will learn how to deal with them.

Chapter 12
                          “Covering Your Tracks and Evading Detection”: Leaving clues at the scene of a crime is a sure way to get caught and thwarted. In this chapter, you’ll learn how to clean up after yourself so hopefully, all but the most determined will find you.

Chapter 13
                           “Detecting and Targeting Wireless”: Wireless is ubiquitous and therefore you will have to deal with it in just about any environment you explore. If those environments include mobile devices, you are guaranteed to encounter these networks, which you can then target.

Chapter 14
                      “Dealing with Mobile Device Security”: No matter how you look at it, mobile devices are not only here to stay but they are taking new forms, tasks, form factors, and are part of our everyday lives. Since they have been integrated into the business environment and the lines between business and personal use have been blurred, you must learn how to deal with mobile devices.

Chapter 15
                       “Performing Social Engineering”: In every system, there is that one element that represents the weakest link, and in many cases, this weakest link is a human being. As a pentester, you can use your quick-talking, psychology, and clever wording to guide a conversation toward those topics that will give you useful information.

Chapter 16
                       “Hardening a Host System”: Countermeasures of all types are available to slow down or stop an attack. One of the first lines of defense is frequently locking down or hardening a system to reduce the chances of it being compromised

Chapter 17
                        “Hardening Your Network”: Much like with host hardening, countermeasures are available to slow down or stop an attack on networks. Removing protocols, implementing firewalls, and other mechanisms can slow down and frustrate an attacker.

Chapter 18
                       “Navigating the Path to Job Success”: In this chapter, consider yourself a graduate. Now you are looking at a future in penetration testing. This chapter will provide a guide to what to do next to keep developing your skills even further.

Chapter 19
                          “Building a Test Lab for Penetration Testing”: A good pentester needs to practice on equipment that they own. In this chapter, we will explore how to set up a basic lab that you can use to practice and experiment.

Also, Subscribe to my youtube channel