Learn Penetration Testing
Understand the art of penetration testing and develop your white hat hacker skills
Rishalin Pillay
- 424 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
Learn Penetration Testing
Understand the art of penetration testing and develop your white hat hacker skills
Rishalin Pillay
Über dieses Buch
Get up to speed with various penetration testing techniques and resolve security threats of varying complexity
Key Features
- Enhance your penetration testing skills to tackle security threats
- Learn to gather information, find vulnerabilities, and exploit enterprise defenses
- Navigate secured systems with the most up-to-date version of Kali Linux (2019.1) and Metasploit (5.0.0)
Book Description
Sending information via the internet is not entirely private, as evidenced by the rise in hacking, malware attacks, and security threats. With the help of this book, you'll learn crucial penetration testing techniques to help you evaluate enterprise defenses.
You'll start by understanding each stage of pentesting and deploying target virtual machines, including Linux and Windows. Next, the book will guide you through performing intermediate penetration testing in a controlled environment. With the help of practical use cases, you'll also be able to implement your learning in real-world scenarios. By studying everything from setting up your lab, information gathering and password attacks, through to social engineering and post exploitation, you'll be able to successfully overcome security threats. The book will even help you leverage the best tools, such as Kali Linux, Metasploit, Burp Suite, and other open source pentesting tools to perform these techniques. Toward the later chapters, you'll focus on best practices to quickly resolve security threats.
By the end of this book, you'll be well versed with various penetration testing techniques so as to be able to tackle security threats effectively
What you will learn
- Perform entry-level penetration tests by learning various concepts and techniques
- Understand both common and not-so-common vulnerabilities from an attacker's perspective
- Get familiar with intermediate attack methods that can be used in real-world scenarios
- Understand how vulnerabilities are created by developers and how to fix some of them at source code level
- Become well versed with basic tools for ethical hacking purposes
- Exploit known vulnerable services with tools such as Metasploit
Who this book is for
If you're just getting started with penetration testing and want to explore various security domains, this book is for you. Security professionals, network engineers, and amateur ethical hackers will also find this book useful. Prior knowledge of penetration testing and ethical hacking is not necessary.
Häufig gestellte Fragen
Information
Section 1: The Basics
- Chapter 1, Introduction to Penetration Testing
- Chapter 2, Getting Started with Kali Linux
Introduction to Penetration Testing
- What is penetration testing?
- Stages of a penetration test
- Getting started with your lab
- Creating virtual machines (VMs) in VMware, Hyper-V, and Virtualbox
Technical requirements
- Kali Linux version 2019.1
- Any hypervisor, such as VMware, Hyper-V, or Virtualbox
What is penetration testing?
- Vulnerability assessment: This is the process of identifying vulnerabilities and risks in systems. In a vulnerability assessment, the vulnerability is not exploited. It merely highlights the risks so that the business can identify the risks and plan for remediation.
- Penetration testing: This is the authorized process of finding and using vulnerabilities to perform an intrusion into a network, application, or host in a predefined time frame. Penetration testing can be conducted by an internal team or an external third party. Penetration testing goes one step further as opposed to a vulnerability assessment, in that a penetration test exploits the vulnerability to ensure it is not a false positive. Penetration testing does not involve anything that is unauthorized or uncoordinated. During a penetration test, some tests might affect business applications and cause downtime. For this reason, awareness at the management and staff levels is often required.
- Red team assessment: This is similar to a penetration test, but it's more targeted. As a penetration test's main aim is to discover multiple vulnerabilities and exploit them, the goal of a red team assessment is to test an organization's response capabilities and act on vulnerabilities that will meet their goals. In a red team assessment, the team will attempt to access information in any way possible and remain as quiet as possible. Stealth is key in a red team assessment. In a red team assessment, the duration of the assessment is much longer than a penetration test.
Stages of a penetration test
- NIST SP800-115 standard – https://csrc.nist.gov/publications/detail/sp/800-115/final
- Open Source Security Testing Methodology Manual (OSSTMM) – http://www.isecom.org/research
Pre-engagement
Scoping
- What is the number of IP address ranges or systems that will be tested?
- Does the ...