Penetration Testing Essentials

Author : Sean-Philip Oriyano
Price : Rs 799.00
ISBN 13 : 9788126566426
ISBN 10 : 8126566426
Pages : 360
Type : Paperbound

Penetration Testing Essentials


Penetration Testing Essentials provides a starting place for professionals and beginners looking to learn more about penetration testing for cybersecurity. Certification eligibility requires work experience—but before you get that experience, you need a basic understanding of the technical and behavioral ways attackers compromise security and the tools and techniques you'll use to discover the weak spots before others do. You'll learn information gathering techniques, scanning and enumeration, how to target wireless networks and much more as you build your pen tester skill set. You'll learn how to break in, look around, get out and cover your tracks, all without ever being noticed.



Chapter 1 Introduction to Penetration Testing

  • Defining Penetration Testing  
  • Preserving Confidentiality, Integrity and Availability
  • Appreciating the Evolution of Hacking  


Chapter 2 Introduction to Operating Systems and Networking

  • Comparing Common Operating Systems
  • Exploring Networking Concepts


Chapter 3 Introduction to Cryptography

  • Recognizing the Four Goals of Cryptography
  • The History of Encryption
  • Speaking Intelligently About Cryptography
  • Comparing Symmetric and Asymmetric Cryptography
  • Transforming Data via Hashing
  • A Hybrid System: Using Digital Signatures
  • Working with PKI


Chapter 4 Outlining the Pen Testing Methodology

  • Determining the Objective and Scope of the Job
  • Choosing the Type of Test to Perform
  • Gaining Permission via a Contract
  • Following the Law While


Chapter 5 Gathering Intelligence

  • Introduction to Intelligence Gathering
  • Examining a Company's Web Presence  
  • Finding Websites That Don't Exist Anymore
  • Gathering Information with Search Engines  
  • Targeting Employees with People Searches  
  • Discovering Location
  • Do Some Social Networking
  • Looking via Financial Services
  • Investigating Job Boards
  • Searching Email
  • Extracting Technical Information


Chapter 6 Scanning and Enumeration

  • Introduction to Scanning
  • Checking for Live Systems
  • Performing Port Scanning
  • Identifying an Operating System
  • Scanning for Vulnerabilities
  • Using Proxies (Or Keeping Your Head Down)
  • Performing Enumeration


Chapter 7 Conducting Vulnerability Scanning

  • Introduction to Vulnerability Scanning
  • Recognizing the Limitations of Vulnerability Scanning
  • Outlining the Vulnerability Scanning Process
  • Types of Scans That Can Be Performed


Chapter 8 Cracking Passwords

  • Recognizing Strong Passwords
  • Choosing a Password-Cracking Technique
  • Executing a Passive Online Attack
  • Executing an Active Online Attack
  • Executing an Offline Attack
  • Using Nontechnical Methods
  • Escalating Privileges


Chapter 9 Retaining Access with Backdoors and Malware

  • Deciding How to Attack
  • Installing a Backdoor with Ps Tools
  • Opening a Shell with LAN Turtle
  • Recognizing Types of Malware
  • Launching Viruses
  • Launching Worms
  • Launching Spyware
  • Inserting Trojans
  • Installing Rootkits


Chapter 10 Reporting

  • Reporting the Test Parameters
  • Collecting Information
  • Highlighting the Important Information
  • Adding Supporting Documentation
  • Conducting Quality Assurance


Chapter 11 Working with Defensive and Detection Systems

  • Detecting Intrusions
  • Recognizing the Signs of an Intrusion
  • Evading an IDS
  • Breaching a Firewall
  • Using Honeypots: The Wolf in Sheep's Clothing


Chapter 12 Covering Your Tracks and Evading Detection

  • Recognizing the Motivations for Evasion
  • Getting Rid of Log Files
  • Hiding Files
  • Evading Antivirus Software
  • Evading Defenses by Entering Through a Backdoor
  • Using Rootkits for Evasion


Chapter 13 Detecting and Targeting Wireless

  • An Introduction to Wireless
  • Breaking Wireless Encryption Technologies
  • Conducting a Wardriving Attack
  • Conducting Other Types of Attack
  • Choosing Tools to Attack Wireless
  • Knocking Out Bluetooth
  • Hacking the Internet of Things (IoT)


Chapter 14 Dealing with Mobile Device Security

  • Recognizing Current-Generation Mobile Devices
  • Working with Android OS
  • Working with Apple iOS
  • Finding Security Holes in Mobile Devices
  • Encountering Bring Your Own Device (BYOD)
  • Choosing Tools to Test Mobile Devices


Chapter 15 Performing Social Engineering

  • Introduction to Social Engineering
  • Exploiting Human Traits
  • Acting Like a Social Engineer
  • Targeting Specific Victims
  • Leveraging Social Networking
  • Conducting Safer Social Networking


Chapter 16 Hardening a Host System

  • Introduction to Hardening
  • Three Tenets of Defense
  • Creating a Security Baseline
  • Hardening with Group Policy
  • Hardening Desktop Security
  • Backing Up a System


Chapter 17 Hardening Your Network

  • Introduction to Network Hardening
  • Intrusion Detection Systems
  • Firewalls
  • Physical Security Controls


Chapter 18 Navigating the Path to Job Success

  • Choosing Your Career Path
  • Build a Library
  • Practice Technical Writing
  • Display Your Skills


Chapter 19 Building a Test Lab for Penetration Testing

  • Deciding to Build a Lab
  • Considering Virtualization
  • Getting Starting and What You Will Need
  • Installing Software


Appendix Answers to Review Questions


Entry level IT practictioners moving into the cybersecurity field


Sean-Philip Oriyano is a veteran of the IT security field who has spent time consulting, training, writing and researching along the way.  During his career he has engaged and worked with a wide range of clients from all different types of industries and disciplines. No matter who his client is or the environment involved he has always been an advocate of security, privacy, training and supporting concepts. Sean has published seven books in the area of information security and has also authored several research papers and guides which have been used by many in the field.