Professional Penetration Testing book cover

Professional Penetration Testing

Volume 1: Creating and Learning in a Hacking Lab

Professional Penetration Testing: Creating and Operating a Formal Hacking Lab examines all aspects of professional penetration testing, from project management to team building, metrics, risk management, training, reporting, information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, and test-data archival methods. It also discusses how to maintain access and cover one's tracks. It includes two video courses to teach readers fundamental and intermediate information-system penetration testing techniques, and to explain how to create and operate a formal hacking lab. The book is divided into three parts. Part 1 focuses on the professionals who are members of a penetration test team, the skills required to be an effective team member, and the ways to create a PenTest lab. Part 2 looks at the activities involved in a penetration test and how to run a PenTest to improve the overall security posture of the client. Part 3 discusses the creation of a final report for the client, cleaning up the lab for the next penetration test, and identifying the training needs of penetration-test team members. This book will benefit both experienced and novice penetration test practitioners.

Audience

Penetration testers, IT security consultants and practitioners

,

Published: August 2009

Imprint: Syngress

ISBN: 978-1-59749-425-0

Reviews

  • "Wilhelm has created the ultimate handbook for becoming a pen tester. This is going to help launch many a career." - Richard Stiennon, Chief Research Analyst, IT-Harvest

    "Professional Penetration Testing covers everything from ethical concerns, to advance concepts, to setting up your own custom laboratory. It is the most comprehensive and authoritative guide at penetration testing that I have seen. Tom Wilhelm is a true expert in the field who not only is in the trenches on a daily basis, but also takes the time to instruct others on the ways and means of pen testing." –Frank Thornton, Owner, Blackthorn Systems


Contents


  • Acknowledgments

    Foreword

    Part 1 Setting Up

    Chapter 1 Introduction

    Introduction

    About the Book

    About the DVD

    Summary

    Solutions Fast Track

    Reference

    Chapter 2 Ethics and Hacking

    Introduction

    Why Stay Ethical?

    Ethical Standards

    Computer Crime Laws

    Getting Permission to Hack

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 3 Hacking as a Career

    Introduction

    Career Paths

    Certifications

    Associations and Organizations

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 4 Setting Up Your Lab

    Introduction

    Personal Lab

    Corporate Lab

    Protecting Penetration Test Data

    Additional Network Hardware

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    Reference

    Chapter 5 Creating and Using PenTest Targets in Your Lab

    Introduction

    Turn-Key Scenarios versus Real-World Targets

    Turn-Key Scenarios

    Using Exploitable Targets

    Analyzing Malware - Viruses and Worms

    Other Target Ideas

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 6 Methodologies

    Introduction

    Project Management Body of Knowledge

    Information System Security Assessment Framework

    Open Source Security Testing Methodology Manual

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 7 PenTest Metrics

    Introduction

    Quantitative, Qualitative, and Mixed Methods

    Current Methodologies

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    References

    Chapter 8 Management of a PenTest

    Introduction

    Project Team Members

    Project Management

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Part 2 Running a Pentest

    Chapter 9 Information Gathering

    Introduction

    Passive Information Gathering

    Active Information Gathering

    Project Management

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 10 Vulnerability Identification

    Introduction

    Port Scanning

    System Identification

    Services Identification

    Vulnerability Identification

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    Reference

    Chapter 11 Vulnerability Verification

    Introduction

    Exploit Codes - Finding and Running

    Exploit Codes - Creating Your Own

    Web Hacking

    Project Management

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 12 Compromising a System and Privilege Escalation

    Introduction

    System Enumeration

    Network Packet Sniffing

    Social Engineering

    Wireless Attacks

    Project Management

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 13 Maintaining Access

    Introduction

    Shells and Reverse Shells

    Encrypted Tunnels

    Other Encryption and Tunnel Methods

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    Reference

    Chapter 14 Covering Your Tracks

    Introduction

    Manipulating Log Data

    Hiding Files

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    Reference

    Part 3 Wrapping Everything UP

    Chapter 15 Reporting Results

    Introduction

    What Should You Report?

    Initial Report

    Final Report

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    References

    Chapter 16 Archiving Data

    Introduction

    Should You Keep Data?

    Securing Documentation

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Reference

    Chapter 17 Cleaning Up Your Lab

    Introduction

    Archiving Lab Data

    Creating and Using System Images

    Creating a “Clean Shop”

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Reference

    Chapter 18 Planning for Your Next PenTest

    Introduction

    Risk Management Register

    Knowledge Database

    After-Action Review

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Expand Your Skills

    Reference

    Appendix A: Acronyms

    Appendix B: Definitions

    Index








Advertisement

advert image