eBook - ePub
Python Ethical Hacking from Scratch
Fahad Ali Sarwar
This is a test
Compartir libro
- 214 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Python Ethical Hacking from Scratch
Fahad Ali Sarwar
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Explore the world of practical ethical hacking by developing custom network scanning and remote access tools that will help you test the system security of your organizationKey Features• Get hands-on with ethical hacking and learn to think like a real-life hacker• Build practical ethical hacking tools from scratch with the help of real-world examples• Leverage Python 3 to develop malware and modify its complexitiesBook DescriptionPenetration testing enables you to evaluate the security or strength of a computer system, network, or web application that an attacker can exploit. With this book, you'll understand why Python is one of the fastest-growing programming languages for penetration testing. You'll find out how to harness the power of Python and pentesting to enhance your system security. Developers working with Python will be able to put their knowledge and experience to work with this practical guide. Complete with step-by-step explanations of essential concepts and practical examples, this book takes a hands-on approach to help you build your own pentesting tools for testing the security level of systems and networks. You'll learn how to develop your own ethical hacking tools using Python and explore hacking techniques to exploit vulnerabilities in networks and systems. Finally, you'll be able to get remote access to target systems and networks using the tools you develop and modify as per your own requirements. By the end of this ethical hacking book, you'll have developed the skills needed for building cybersecurity tools and learned how to secure your systems by thinking like a hacker.What you will learn• Understand the core concepts of ethical hacking• Develop custom hacking tools from scratch to be used for ethical hacking purposes• Discover ways to test the cybersecurity of an organization by bypassing protection schemes• Develop attack vectors used in real cybersecurity tests• Test the system security of an organization or subject by identifying and exploiting its weaknesses• Gain and maintain remote access to target systems• Find ways to stay undetected on target systems and local networksWho this book is forIf you want to learn ethical hacking by developing your own tools instead of just using the prebuilt tools, this book is for you. A solid understanding of fundamental Python concepts is expected. Some complex Python concepts are explained in the book, but the goal is to teach ethical hacking, not Python.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Python Ethical Hacking from Scratch un PDF/ePUB en línea?
Sí, puedes acceder a Python Ethical Hacking from Scratch de Fahad Ali Sarwar en formato PDF o ePUB, así como a otros libros populares de Computer Science y Cyber Security. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
Section 1: The Nuts and Bolts of Ethical Hacking – The Basics
This part of the book deals with the basic concepts you need to understand before embarking on this journey. It deals with the basic knowledge and skillset you need in order to fully take advantage of this book. It gives a short overview of the field of ethical hacking and what it entails.
This part of the book comprises the following chapters:
- Chapter 1, Introduction to Hacking
- Chapter 2, Getting Started – Setting Up a Lab Environment
Chapter 1: Introduction to Hacking
This chapter will give you a quick introduction to the nuts and bolts of hacking. You will start exploring what the world of hacking entails and what it really takes to become a hacker. You will learn about what skill set is needed to become a successful hacker in the real world. We will also discuss some legal aspects of hacking and penetration testing and how you can avoid getting into legal trouble. Then, we will explore what the different kinds of hackers are and what categories they fall into. In the later sections of this chapter, we will explore the general steps and guidelines we should follow in order to carry out a successful attack. Lastly, we will conclude this chapter by talking about different attack vectors. We will talk about both technical and personal penetration testing techniques.
In this chapter, the following topics will be covered:
- What's all the fuss about hackers?
- What is hacking?
- Becoming a successful hacker
- Types of hackers
- Hacking phases and methodology
- Careers in cybersecurity
- Types of attacksDisclaimerAll the information provided in this book is purely for educational purposes. The book aims to serve as a starting point for learning penetration testing. Use the information provided in this book at your own discretion. The author and publisher hold no responsibility for any malicious use of the work provided in this book and cannot be held responsible for any damages caused by the work presented in this book.Penetration testing or attacking a target without previous written consent is illegal and should be avoided at all costs. It is the reader's responsibility to be compliant with all their local, federal, state, and international laws.
What's all the fuss about hackers?
What comes to your mind when you think of the word hacker? In recent decades, the word hacker has almost become synonymous with the notion of a genius computer nerd who can get access to any system within seconds and can control anything. From someone who can control traffic signals through their computer to someone penetrating the Pentagon's network, the world of movies and fiction has created a specific image of a hacker. Like everything else in movies, this is just a work of fiction; the real world of hacking and penetration testing is quite different and vastly more complex and challenging.
The real world is filled with unknowns. Carrying out a successful attack on a victim requires a lot of patience, hard work, dedication, and probably a bit of luck. The world of computer security and hacking is a constant cat-and-mouse chase. Developers create a product, hackers try to break it and find vulnerabilities and exploit them, developers find out about these vulnerabilities and develop a patch for them, hackers find new vulnerabilities, and this cycle continues. Both actors try to outsmart each other in this constant race. With each iteration, the process becomes more and more complex, and attacks are becoming more and more sophisticated to bypass detection mechanisms. Similarly, detection mechanisms are also getting smarter and smarter. You can clearly see a pattern here.
What is hacking?
In this section, we will learn what hacking is and the relevant terminologies used in the industry. Knowledge of these items is essential to understanding the world of penetration testing, so it is a good idea to go through them at this point. The word hacking refers to the process of getting unauthorized access to a system. The system could be either a personal computer or a network in an organization. You will often see the words hacking and penetration testing being used interchangeably in this book. Hacking is a more commonly understood umbrella term used for a lot of things. The focus of this book will be more on penetration testing, commonly referred to as ethical hacking, in which you have permission to attack the target. Penetration testing, or pen-testing for short, is an authorized simulated attack on a target. This is usually done to find the potential weaknesses and vulnerabilities in a system so that they are exposed before they can be exploited by malicious actors.
Most recognized companies have some kind of penetration testing programs in place to find weaknesses in their ecosystem. Authorized individuals and cybersecurity companies are paid to carry out attacks on their assets to detect potential weak points. These attackers often make a complete report of weaknesses and vulnerabilities, which helps these companies to patch them out. The following is a list of different nomenclature used in the industry:
- Hacker: Someone who is acting to get unauthorized access to a system/network.
- Target: An entity that is being attacked for malicious or testing purposes.
- Asset: Any hardware, software, or data that is owned by an organization that could potentially come under attack.
- Pen-test: The process of trying to infiltrate the system in order to test out its strengths and weaknesses.
- Vulnerability: A weakness in a system that can potentially be used to take control of the target's machine.
- Exploit: A program, code, or script that could take advantage of a system's vulnerability.
- Malware: A program intended for malicious purposes.
- Remote shell: A program that gives you control of the victim's machine remotely.
These listed terms will be used in the following chapters. It is necessary to get familiar with these terms as we go into more details. One term you will often see when reading literature regarding penetration testing is the CIA triad (which stands for confidentiality, integrity, and availability):
Figure 1.1 – CIA triad
Most aspects of the hacking process involve breaching one or more of these aspects. Let's explore these terms in detail.
Confidentiality
Confidentiality refers to an organization's attempt to keep its data private. This means that nobody should have access to the data without authorization, even inside the organization. Organizations often have access control that dictates which level of access each user has to their data. The access levels are usually divided into these categories:
Confidentiality is violated when people get access to infrastructure that they are not supposed to, for example, an ex-employee of a company logging in to the system using their previous credentials or guests getting a higher access level than necessary in the network. To ensure confidentiality, it is imperative that strict controls are in place to avoid violating confidentiality criteria. Confidentiality is also violated if someone has access to company data but doesn't cause any damage. Take a look at the following example:
Figure 1.2 – Violation of confidentiality
Let's say that John sends a message to Jack on a network. This message is only intended for Jack and no one else. The network is shared with various users. An unknown person, Mr. X, is also present in the network and he is listening to all the traffic on the network (also called sniffing). The principle of confidentiality indicates that only Jack should be able to decode this message. If Mr. X intercepts this package, reads it, and then just forwards it to Jack without modifying anything on the message, the confidentiality principle is said to be violated even though both John and Jack don't know that their traffic is intercepted. Network sniffing/monitoring violates the confidentiality principle.
Integrity
The integrity principle ensures that data has not been tampered with in any form and is reliable. Data integrity should be ensured in both static and transaction modes. Static integrity means that all files in the system remain intact and any unauthorized modification should be detected immediately. It also requires that data integrity should be maintained when transferred over a medium. Different techniques are used to ensure data integrity. One of the most common examples is the use of a checksum. A checksum is a string of characters that are calculated for a file to ensure it's not been modified. You will often see checksums associated with files downloaded from the internet. Once a file is downloaded, you can calculate the checksum and compare it with the checksum present on the website; if both of them are equal, it means that data integrity was maintained during downloading. If even one bit has been changed during downloading, the whole checksum string would change. It is of...