ebook img

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits PDF

510 Pages·2018·16.74 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

About This E-Book EPUB is an open, industry-standard format for e-books. However, support for EPUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturer’s Web site. Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the e-book in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a “Click here to view code image” link. Click the link to view the print-fidelity code image. To return to the previous page viewed, click the Back button on your device or app. Penetration Testing Fundamentals A Hands-On Guide to Reliable Security Audits Chuck Easttom 800 East 96th Street, Indianapolis, Indiana 46240 USA Penetration Testing Fundamentals Copyright © 2018 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-0-7897-5937-5 ISBN-10: 0-7897-5937-3 Library of Congress Control Number: 2017963673 Printed in the United States of America 1 18 Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published as part of the services for any purpose. All such documents and related graphics are provided “as is” without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular purpose, title and non-infringement. In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from the services. The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time. Partial screenshots may be viewed in full within the software version specified. Microsoft™ and Windows™ are registered trademarks of the Microsoft Corporation in the U.S.A. and other countries. Screenshots and icons reprinted with permission from the Microsoft Corporation. This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at Compositor codemantra Contents at a Glance Introduction 1 Introduction to Penetration Testing 2 Standards 3 Cryptography 4 Reconnaissance 5 Malware 6 Hacking Windows 7 Web Hacking 8 Vulnerability Scanning 9 Introduction to Linux 10 Linux Hacking 11 Introduction to Kali Linux 12 General Hacking Techniques 13 Introduction to Metasploit 14 More with Metasploit 15 Introduction to Scripting with Ruby 16 Write Your Own Metasploit Exploits with Ruby 17 General Hacking Knowledge 18 Additional Pen Testing Topics 19 A Sample Pen Test Project Appendix A: Answers to Chapter Multiple Choice Questions Index Table of Contents Introduction Chapter 1: Introduction to Penetration Testing What Is Penetration Testing? Audits Vulnerability Scans Penetration Tests The Hybrid Test Terminology Methodologies Nature of the Test Approaches Ethical Issues Everything Is Confidential Keep in Your Lane If You Break It, You Bought It Legal Issues Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030 Unlawful Access to Stored Communications: 18 U.S. Code § 2701 Identity Theft Enforcement and Restitution Act Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029 State Laws International Laws Certifications CEH GPEN OSCP Mile2 CISSP PPT This Book and Certifications Careers in Penetration Testing Security Administrators Commercial Penetration Testing Government/National Defense Law Enforcement Building Your Skillset Summary Test Your Skills Chapter 2: Standards PCI DSS The Actual Test NIST 800-115 Planning Execution Post-Execution National Security Agency InfoSec Assessment Methodology (NSA-IAM) PTES CREST (UK) A Synthesis (Putting Standards Together into a Single Unified Approach) Pre-Engagement The Actual Test Reporting Related Standards OWASP Other Standards ISO 27002 NIST 800-12, Revision 1 NIST 800-14 Summary Test Your Skills Chapter 3: Cryptography Cryptography Basics History of Encryption The Caesar Cipher Atbash Multi-Alphabet Substitution Rail Fence Modern Methods Symmetric Encryption Modification of Symmetric Methods Practical Applications Public Key (Asymmetric) Encryption Digital Signatures Hashing MD5 SHA RIPEMD Windows Hashing MAC and HMAC Rainbow Tables Pass the Hash Password Crackers Steganography Historical Steganography Methods and Tools Cryptanalysis Frequency Analysis Modern Methods Practical Application Learning More Summary Test Your Skills Chapter 4: Reconnaissance Passive Scanning Techniques Netcraft BuiltWith Archive.org Shodan Social Media Google Searching Active Scanning Techniques Port Scanning Enumeration Wireshark Maltego Other OSINT Tools OSINT Website Alexa

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.