Penetration Testing Essentials

Sean Oriyano is a longtime security professional. Over the past 25 years he has divided his time between performing security research, consulting and delivering training both in the field of general IT and cybersecurity. In addition, he has become a best-selling author with many years experience in both digital and print media. Sean has published several books over the last decade and has expanded his reach further by appearing on TV and radio shows. Additionally Sean is a Chief Warrant Officer and Unit Commander specializing in cybersecurity training, development and strategy. As a CWO he is recognized as a SME in his field and is frequently called upon to provide expertise, training and mentoring wherever needed.

Introduction xvii

Chapter 1 Introduction to Penetration Testing 1

Defining Penetration Testing 1

Preserving Confidentiality, Integrity, and Availability 4

Appreciating the Evolution of Hacking 5

Chapter 2 Introduction to Operating Systems and Networking 15

Comparing Common Operating Systems 15

Exploring Networking Concepts 21

Chapter 3 Introduction to Cryptography 37

Recognizing the Four Goals of Cryptography 37

The History of Encryption 38

Speaking Intelligently About Cryptography 39

Comparing Symmetric and Asymmetric Cryptography 41

Transforming Data via Hashing 47

A Hybrid System: Using Digital Signatures 48

Working with PKI 50

Chapter 4 Outlining the Pen Testing Methodology 55

Determining the Objective and Scope of the Job 55

Choosing the Type of Test to Perform 58

Gaining Permission via a Contract 60

Following the Law While Testing68

Chapter 5 Gathering Intelligence 71

Introduction to Intelligence Gathering 71

Examining a Company’s Web Presence 73

Finding Websites That Don’t Exist Anymore 77

Gathering Information with Search Engines 78

Targeting Employees with People Searches 80

Discovering Location 81

Do Some Social Networking 82

Looking via Financial Services 85

Investigating Job Boards 86

Searching Email 86

Extracting Technical Information 87

Chapter 6 Scanning and Enumeration 89

Introduction to Scanning89

Checking for Live Systems 91

Performing Port Scanning 96

Identifying an Operating System 107

Scanning for Vulnerabilities 110

Using Proxies (Or Keeping Your Head Down) 110

Performing Enumeration 112

Chapter 7 Conducting Vulnerability Scanning 121

Introduction to Vulnerability Scanning 122

Recognizing the Limitations of Vulnerability Scanning 123

Outlining the Vulnerability Scanning Process 124

Types of Scans That Can Be Performed 127

Chapter 8 Cracking Passwords 129

Recognizing Strong Passwords 129

Choosing a Password-Cracking Technique 130

Executing a Passive Online Attack 131

Executing an Active Online Attack 133

Executing an Offline Attack 134

Using Nontechnical Methods 137

Escalating Privileges 140

Chapter 9 Retaining Access with Backdoors and Malware 143

Deciding How to Attack 143

Installing a Backdoor with PsTools 144

Opening a Shell with LAN Turtle 145

Recognizing Types of Malware 146

Launching Viruses 147

Launching Worms 153

Launching Spyware 153

Inserting Trojans154

Installing Rootkits 159

Chapter 10 Reporting 161

Reporting the Test Parameters 161

Collecting Information 163

Highlighting the Important Information 164

Adding Supporting Documentation 168

Conducting Quality Assurance 169

Chapter 11 Working with Defensive and Detection Systems 171

Detecting Intrusions 171

Recognizing the Signs of an Intrusion 176

Evading an IDS 179

Breaching a Firewall 182

Using Honeypots: The Wolf in Sheep’s Clothing 189

Chapter 12 Covering Your Tracks and Evading Detection 193

Recognizing the Motivations for Evasion 193

Getting Rid of Log Files 194

Hiding Files 201

Evading Antivirus Software 208

Evading Defenses by Entering Through a Backdoor210

Using Rootkits for Evasion 211

Chapter 13 Detecting and Targeting Wireless 213

An Introduction to Wireless 213

Breaking Wireless Encryption Technologies 222

Conducting a Wardriving Attack 230

Conducting Other Types of Attack 232

Choosing Tools to Attack Wireless 234

Knocking Out Bluetooth 237

Hacking the Internet of Things (IoT)240

Chapter 14 Dealing with Mobile Device Security 243

Recognizing Current-Generation Mobile Devices 243

Working with Android OS 248

Working with Apple iOS 254

Finding Security Holes in Mobile Devices 256

Encountering Bring Your Own Device (BYOD) 257

Choosing Tools to Test Mobile Devices 258

Chapter 15 Performing Social Engineering 261

Introduction to Social Engineering 261

Exploiting Human Traits 263

Acting Like a Social Engineer 264

Targeting Specific Victims 265

Leveraging Social Networking 267

Conducting Safer Social Networking 268

Chapter 16 Hardening a Host System 271

Introduction to Hardening 271

Three Tenets of Defense 273

Creating a Security Baseline 276

Hardening with Group Policy 279

Hardening Desktop Security 279

Backing Up a System 289

Chapter 17 Hardening Your Network 291

Introduction to Network Hardening 291

Intrusion Detection Systems 292

Firewalls 296

Physical Security Controls 302

Chapter 18 Navigating the Path to Job Success 305

Choosing Your Career Path 305

Build a Library 307

Practice Technical Writing 309

Display Your Skills 309

Chapter 19 Building a Test Lab for Penetration Testing 311

Deciding to Build a Lab 311

Considering Virtualization 313

Getting Starting and What You Will Need 316

Installing Software 317

Appendix Answers to Review Questions 319

Index 331