eBook - ePub
Learn Penetration Testing
Understand the art of penetration testing and develop your white hat hacker skills
Rishalin Pillay
This is a test
Buch teilen
- 424 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Learn Penetration Testing
Understand the art of penetration testing and develop your white hat hacker skills
Rishalin Pillay
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Get up to speed with various penetration testing techniques and resolve security threats of varying complexity
Key Features
- Enhance your penetration testing skills to tackle security threats
- Learn to gather information, find vulnerabilities, and exploit enterprise defenses
- Navigate secured systems with the most up-to-date version of Kali Linux (2019.1) and Metasploit (5.0.0)
Book Description
Sending information via the internet is not entirely private, as evidenced by the rise in hacking, malware attacks, and security threats. With the help of this book, you'll learn crucial penetration testing techniques to help you evaluate enterprise defenses.
You'll start by understanding each stage of pentesting and deploying target virtual machines, including Linux and Windows. Next, the book will guide you through performing intermediate penetration testing in a controlled environment. With the help of practical use cases, you'll also be able to implement your learning in real-world scenarios. By studying everything from setting up your lab, information gathering and password attacks, through to social engineering and post exploitation, you'll be able to successfully overcome security threats. The book will even help you leverage the best tools, such as Kali Linux, Metasploit, Burp Suite, and other open source pentesting tools to perform these techniques. Toward the later chapters, you'll focus on best practices to quickly resolve security threats.
By the end of this book, you'll be well versed with various penetration testing techniques so as to be able to tackle security threats effectively
What you will learn
- Perform entry-level penetration tests by learning various concepts and techniques
- Understand both common and not-so-common vulnerabilities from an attacker's perspective
- Get familiar with intermediate attack methods that can be used in real-world scenarios
- Understand how vulnerabilities are created by developers and how to fix some of them at source code level
- Become well versed with basic tools for ethical hacking purposes
- Exploit known vulnerable services with tools such as Metasploit
Who this book is for
If you're just getting started with penetration testing and want to explore various security domains, this book is for you. Security professionals, network engineers, and amateur ethical hackers will also find this book useful. Prior knowledge of penetration testing and ethical hacking is not necessary.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Learn Penetration Testing als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Learn Penetration Testing von Rishalin Pillay im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Computer Science General. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Section 1: The Basics
In this section, we will begin with the basics. You will learn about penetration testing and what it entails. Understanding the stages of a penetration test is the key to success. We will start to prepare our environment by using an operating system that is geared toward penetration testing—Kali Linux. You will learn how to set up and configure the various elements of Kali Linux.
The following chapters will be covered in this section:
- Chapter 1, Introduction to Penetration Testing
- Chapter 2, Getting Started with Kali Linux
Introduction to Penetration Testing
In this chapter, we begin our journey by building a solid foundation. Having a good understanding of the basics of penetration testing will help you conduct a successful penetration test, as opposed to haphazardly scanning networks and performing tests blindly. We will define penetration testing and how it differs from other security assessments. Before the actual penetration test occurs, there are a few things that need to be done in order to ensure that the correct authorization is in place and the correct scope is defined. Every successful penetration testing student requires a lab environment—it can be daunting to build one, but don't despair. We will look at what options exist for a lab environment.
As you progress through the chapter, you will learn the following:
- What is penetration testing?
- Stages of a penetration test
- Getting started with your lab
- Creating virtual machines (VMs) in VMware, Hyper-V, and Virtualbox
Technical requirements
The following technical requirements are required for this chapter:
- Kali Linux version 2019.1
- Any hypervisor, such as VMware, Hyper-V, or Virtualbox
What is penetration testing?
Today, penetration testing is often confused with vulnerability assessments, red team assessments, and other security assessments. However, there are some differences between them, as follows:
- Vulnerability assessment: This is the process of identifying vulnerabilities and risks in systems. In a vulnerability assessment, the vulnerability is not exploited. It merely highlights the risks so that the business can identify the risks and plan for remediation.
- Penetration testing: This is the authorized process of finding and using vulnerabilities to perform an intrusion into a network, application, or host in a predefined time frame. Penetration testing can be conducted by an internal team or an external third party. Penetration testing goes one step further as opposed to a vulnerability assessment, in that a penetration test exploits the vulnerability to ensure it is not a false positive. Penetration testing does not involve anything that is unauthorized or uncoordinated. During a penetration test, some tests might affect business applications and cause downtime. For this reason, awareness at the management and staff levels is often required.
- Red team assessment: This is similar to a penetration test, but it's more targeted. As a penetration test's main aim is to discover multiple vulnerabilities and exploit them, the goal of a red team assessment is to test an organization's response capabilities and act on vulnerabilities that will meet their goals. In a red team assessment, the team will attempt to access information in any way possible and remain as quiet as possible. Stealth is key in a red team assessment. In a red team assessment, the duration of the assessment is much longer than a penetration test.
As you start your penetration testing journey, it's important to understand what penetration testing is. To illustrate what penetration testing is, let's consider a scenario.
You currently own an organization that holds customer data. Within your organization, you have SQL databases, public-facing websites, internet-facing servers, and a sizeable number of users. Your organization is a prime target for a number of attacks, such as SQL injections, social engineering against users, and weak passwords. Should your organization be compromised, there is a risk of customer data being exposed, and more.
In order to reduce your exposure to risks, you need to identify the holes in your current security posture. Penetration testing helps you to identify these holes in a controlled manner before an attacker does. Penetration testing uses real-world attacks that attackers would leverage; the aim is to obtain accurate information as to how deep an attacker could go within your network and how much information the attacker could obtain. The results of a penetration test give organizations an open view of the vulnerabilities and allow them to patch these before an adversary can act on them.
Think of penetration testing as looking through the eyes of an enemy.
Penetration testing is often referred to as ethical hacking, white hat hacking, pentest, or pentesting.
As the security maturity of organizations differs, so will the scope of your penetration tests. Some organizations might have really good security mechanisms in place, while others might not. As businesses have policies, business continuity plans, risk assessments, and disaster recovery as integral parts of their overall security, penetration testing needs to be included.
Stages of a penetration test
Now that you understand what penetration testing is, you may be wondering what the flow of a penetration test is. Penetration testing has a number of stages, and each stage forms an important part of the overall penetration test.
There are various standards that relate to penetration testing. This book does not follow any one of them specifically. There are other known standards, such as the following:
- NIST SP800-115 standard – https://csrc.nist.gov/publications/detail/sp/800-115/final
- Open Source Security Testing Methodology Manual (OSSTMM) – http://www.isecom.org/research
The following stages follow the Penetration Testing Execution Standard (PTES), which I found to be a great starting point. The full standard can be found at http://www.pentest-standard.org/.
Pre-engagement
This is the most important phase in every penetration test. In this phase, you start defining the blueprint for the penetration test and align this blueprint to the business goals of the client. The aim is to ensure that everyone involved is on the same page and expectations are set well in advance.
During this phase, as a penetration tester, you need to take time to understand your client's requirements and goals. For example, why is the client performing a penetration test? Was the client compromised? Is the client performing the penetration test purely to meet a compliance requirement, or does the client intend to perform remediation on the findings? Talking to the client and understanding their business goals will help you plan and scope your penetration test so that any sticky situation can be avoided.
The pre-engagement phase consists of a few additional components that you need to consider.
Scoping
This component defines what will be tested. Here, the key is in finding a balance between time, cost, and the goals of the business. It's important to note that everything agreed upon during the scope must be clearly documented and all legal implications must be considered.
During this component, you will ask questions such as the following:
- What is the number of IP address ranges or systems that will be tested?
- Does the ...