Professional Penetration Testing (eBook)
Volume 1: Creating and Learning in a Hacking Lab
eBook Download:
EPUB
2015
|
1. Auflage
528 Seiten
Elsevier Science (Verlag)
978-0-08-096094-4 (ISBN)
528 Seiten
Elsevier Science (Verlag)
978-0-08-096094-4 (ISBN)
Professional Penetration Testing: Creating and Operating a Formal Hacking Lab examines all aspects of professional penetration testing, from project management to team building, metrics, risk management, training, reporting, information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, and test-data archival methods. It also discusses how to maintain access and cover one's tracks. It includes two video courses to teach readers fundamental and intermediate information-system penetration testing techniques, and to explain how to create and operate a formal hacking lab.
The book is divided into three parts. Part 1 focuses on the professionals who are members of a penetration test team, the skills required to be an effective team member, and the ways to create a PenTest lab. Part 2 looks at the activities involved in a penetration test and how to run a PenTest to improve the overall security posture of the client. Part 3 discusses the creation of a final report for the client, cleaning up the lab for the next penetration test, and identifying the training needs of penetration-test team members. This book will benefit both experienced and novice penetration test practitioners.
Professional Penetration Testing: Creating and Operating a Formal Hacking Lab examines all aspects of professional penetration testing, from project management to team building, metrics, risk management, training, reporting, information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, and test-data archival methods. It also discusses how to maintain access and cover one's tracks. It includes two video courses to teach readers fundamental and intermediate information-system penetration testing techniques, and to explain how to create and operate a formal hacking lab.The book is divided into three parts. Part 1 focuses on the professionals who are members of a penetration test team, the skills required to be an effective team member, and the ways to create a PenTest lab. Part 2 looks at the activities involved in a penetration test and how to run a PenTest to improve the overall security posture of the client. Part 3 discusses the creation of a final report for the client, cleaning up the lab for the next penetration test, and identifying the training needs of penetration-test team members. This book will benefit both experienced and novice penetration test practitioners. - Find out how to turn hacking and pen testing skills into a professional career- Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers- Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business- Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester
The book is divided into three parts. Part 1 focuses on the professionals who are members of a penetration test team, the skills required to be an effective team member, and the ways to create a PenTest lab. Part 2 looks at the activities involved in a penetration test and how to run a PenTest to improve the overall security posture of the client. Part 3 discusses the creation of a final report for the client, cleaning up the lab for the next penetration test, and identifying the training needs of penetration-test team members. This book will benefit both experienced and novice penetration test practitioners.
- Find out how to turn hacking and pen testing skills into a professional career
- Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers
- Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business
- Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst, Russian Linguist, and a Cryptanalyst. His expertise in the field of Information Security has led him to speak at prominent security conferences across the United States, including DefCon, HOPE, and CSI.
Thomas has contributed significantly to the field of professional penetration testing and information security. In his capacity as both a practice director and a managing director, he has played a pivotal role in executing offensive and defensive security initiatives for Fortune 100 companies and leading research and tool development that has influenced the security industry. Presently, he serves as a managing director at Redstone Securities and possesses master's degrees in both Computer Science and Management.
His influence also extends to education where he formerly held the position of Associate Professor at Colorado Technical University. Thomas has also written various publications, including magazines and books. Through Pentest.TV, he continues to provide advanced security training and has obtained numerous certifications over the years, including the ISSMP, CISSP, CCNP Security, AWS Cloud Solutions Architect, AWS Cloud Security Specialist, and multiple Solaris certifications as well.
Professional Penetration Testing: Creating and Operating a Formal Hacking Lab examines all aspects of professional penetration testing, from project management to team building, metrics, risk management, training, reporting, information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, and test-data archival methods. It also discusses how to maintain access and cover one's tracks. It includes two video courses to teach readers fundamental and intermediate information-system penetration testing techniques, and to explain how to create and operate a formal hacking lab.The book is divided into three parts. Part 1 focuses on the professionals who are members of a penetration test team, the skills required to be an effective team member, and the ways to create a PenTest lab. Part 2 looks at the activities involved in a penetration test and how to run a PenTest to improve the overall security posture of the client. Part 3 discusses the creation of a final report for the client, cleaning up the lab for the next penetration test, and identifying the training needs of penetration-test team members. This book will benefit both experienced and novice penetration test practitioners. - Find out how to turn hacking and pen testing skills into a professional career- Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers- Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business- Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester
CHAPTER 1. Introduction
Introduction
Без умения и сило ни причем. – Russian proverb: “Skill will accomplish what is denied to force.”
There are plenty of books on the market discussing how to use the various “hacker” tools, including some books to which I have contributed chapters. However, professional penetration tests are not all about tools – they require skills beyond simply understanding how to use a tool, including knowledge of project management, understanding and following methodologies, and understanding system and network architecture designs. The primary purpose of this book is to provide the reader an in-depth understanding of all facets of a penetration test, rather than simply discuss which tool to use and when.
The book and the accompanying DVD were written to be used in a variety of different ways. The initial intent is to provide a formal training program on penetration testing. The DVD includes video courses that have been used to teach how to use the current PenTest methodologies and apply those methodologies to a penetration test. In addition, this book can be used in technical courses – in either educational institutions or “boot camp” training events – to provide the readers a way to learn how to use various hacker tools in a controlled and secure manner, through the use of a personal PenTest lab. The final objective of this book is to provide managers an understanding of what engineering activities occur within a professional penetration test, what needs to be reported, how to take metrics, monitor quality, identify risks, and other essential processes, so that management may provide the resources, training, and funding necessary to successfully complete a PenTest.
This book is not meant to be a complete reference to all topics related to penetration testing; rather, it is a guide to conduct professional penetration tests from conception to conclusion. Volumes have been written on each topic discussed within this book, which will require us to expand our knowledge through other sources. To speed up the learning process, hands-on exercises are provided in each chapter, written in a way that will assist in locating authoritative sources and expand the skills of the reader.
Another feature of the DVD is that it includes several server images (in the form of LiveCDs or virtual machine [VM] images) that can be used in a penetration test lab. These LiveCDs are specifically designed to mimic exploitable real-world servers so that we can practice the skills learned within the video courses and the book in a safe and legal manner. Examples in both the book and the videos reference these LiveCDs, and after the readers set up their own penetration test lab, they can follow along, exactly as presented in the material.
About the Book
This book is different from most, in that there are two mediums in which you learn about the topic of penetration testing. The first is the printed material and the second is the accompanying DVD. Read from cover to cover, the printed material provides the reader a systematic way of learning how penetration tests are conducted professionally and what management and engineering skills are needed to successfully complete a PenTest.
The DVD includes two different video courses, which have been used to teach fundamental and intermediate penetration test skills online to students around the world. Even though the DVD could be used independently from the book, the material on the DVD and in the book complement each other, and should be used in tandem. The DVD also contains LiveCD images of servers that can be used as learning platforms so that we can reinforce what we cover in the book or in the videos.
Target Audience
There are three groups of people who can benefit by reading this book and performing the exercises at the end of each chapter:
■ Individuals new to the topic of professional penetration testing
■ Professional penetration testers who want to increase the “capability maturity” of their current PenTest processes
■ Management trying to understand how to conduct a penetration test
For those who are new to professional penetration testing, knowledge of computer systems or network devices should already be understood – the field of penetration testing is not an entry-level position within Information Technology (IT) and prior knowledge of computing systems and the networks that support them is necessary. Although this book will cover topics related to IT, including protocols and system configuration, it is not intended to instruct the readers on the communication mechanisms used in networks. Those who have experience in IT will be able to use personal knowledge throughout this book as a foundation to learn the challenges unique to penetration testing, and how to conduct penetration tests within an organization or for clients.
Those of us who have conducted or participated in a penetration test will understand that tools are not the only thing necessary to successfully complete a PenTest. Methodologies are essential for ensuring that the assessor identifies all vulnerabilities within the client's network. The book and the intermediate video course on the DVD can be used to incorporate methodologies into a PenTest project and provide the reader an understanding of the role of a PenTest engineer within the project as a whole.
Project managers new to penetration test projects are often confronted with dramatically different challenges than those found in other IT projects, such as application and engineering projects. A solid understanding of project management and the challenges posed within the field of PenTesting are essential to successfully conclude a professional penetration test. The book provides information beneficial to project managers who are tasked with overseeing a PenTest and discusses ways to integrate formal project management frameworks with methodologies related to penetration testing.
How to Use This Book
Although the book and the exercises can be used independently, it is intended to be used with the accompanying DVD. The examples within each chapter often use material from the DVD, which can be used by the reader to repeat the examples in a lab. Practice exercises are included at the end of each chapter, which can be used to expand understanding of the chapter's topic.
The chapters of the book are organized into three different sections:
Part 1 covers topics related to setting up a PenTest lab and knowledge essential to the profession of penetration testing, including ethics, methodologies, metrics, and project management. The following chapters are included in Part 1:
■ Ethics and Hacking: Discusses ethics and laws specific to penetration testing
■ Hacking as a Career: Identifies career paths, certifications, and information on security organizations that can assist in career development
■ Setting Up Your Lab: Designs a corporate or private penetration test lab
■ Creating and Using PenTest Targets in Your Lab: Uses turnkey scenarios and real-world targets in the penetration test lab
■ Methodologies: Examines the different methodologies available for professional penetration test projects
■ PenTest Metrics: Identifies the different methods of applying metrics to vulnerabilities found in a penetration test project
■ Management of a PenTest: Explains team members, roles, and organizational structures that influence the success of a penetration test
Part 2 discusses the actual penetration test and walks the reader through the different steps used to examine target systems and networks for vulnerabilities and exploits using a peer-reviewed methodology.
■ Information Gathering: Collects information on a target system
■ Vulnerability Identification: Examines target systems for possible vulnerabilities
■ Vulnerability Verification: Attempts to exploit discovered vulnerabilities
■ Compromising a System and Privilege Escalation: Finds ways to “own” the system
■ Maintaining Access: Discusses how to stay on the exploited system
■ Covering Your Tracks: Manipulates the system to remain undetected
Part 3 wraps up the PenTest project by discussing reporting, data archival, and preparing for the next penetration test.
■ Reporting Results: Writes a report and verify the facts
■ Archiving Data: Saves penetration test data
■ Cleaning Up Your Lab: Saves configuration and data from the lab
■ Planning for Your Next PenTest: Identifies training needs and obtaining resources
Each chapter includes information for both engineers and project managers. The addition of project management topics within a book on penetration testing provides engineers a better understanding of the engineer's role within the project. It also provides the project manager a view of what tasks the project engineers must perform to successfully complete the project on time and under budget.
For those individuals just starting out in the world of penetration testing, the way to get the most out...
| Erscheint lt. Verlag | 31.8.2015 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| ISBN-10 | 0-08-096094-4 / 0080960944 |
| ISBN-13 | 978-0-08-096094-4 / 9780080960944 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
Mehr entdecken
aus dem Bereich
aus dem Bereich
Lehrbuch für Prüfung und Praxis
eBook Download (2023)
Springer Gabler (Verlag)
14,99 €
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation
eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
34,99 €
Methodische Kombination von IT-Strategie und IT-Reifegradmodell
eBook Download (2024)
Springer Vieweg (Verlag)
42,99 €
