eBook - ePub
Learn Penetration Testing
Understand the art of penetration testing and develop your white hat hacker skills
Rishalin Pillay
This is a test
Partager le livre
- 424 pages
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Learn Penetration Testing
Understand the art of penetration testing and develop your white hat hacker skills
Rishalin Pillay
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Get up to speed with various penetration testing techniques and resolve security threats of varying complexity
Key Features
- Enhance your penetration testing skills to tackle security threats
- Learn to gather information, find vulnerabilities, and exploit enterprise defenses
- Navigate secured systems with the most up-to-date version of Kali Linux (2019.1) and Metasploit (5.0.0)
Book Description
Sending information via the internet is not entirely private, as evidenced by the rise in hacking, malware attacks, and security threats. With the help of this book, you'll learn crucial penetration testing techniques to help you evaluate enterprise defenses.
You'll start by understanding each stage of pentesting and deploying target virtual machines, including Linux and Windows. Next, the book will guide you through performing intermediate penetration testing in a controlled environment. With the help of practical use cases, you'll also be able to implement your learning in real-world scenarios. By studying everything from setting up your lab, information gathering and password attacks, through to social engineering and post exploitation, you'll be able to successfully overcome security threats. The book will even help you leverage the best tools, such as Kali Linux, Metasploit, Burp Suite, and other open source pentesting tools to perform these techniques. Toward the later chapters, you'll focus on best practices to quickly resolve security threats.
By the end of this book, you'll be well versed with various penetration testing techniques so as to be able to tackle security threats effectively
What you will learn
- Perform entry-level penetration tests by learning various concepts and techniques
- Understand both common and not-so-common vulnerabilities from an attacker's perspective
- Get familiar with intermediate attack methods that can be used in real-world scenarios
- Understand how vulnerabilities are created by developers and how to fix some of them at source code level
- Become well versed with basic tools for ethical hacking purposes
- Exploit known vulnerable services with tools such as Metasploit
Who this book is for
If you're just getting started with penetration testing and want to explore various security domains, this book is for you. Security professionals, network engineers, and amateur ethical hackers will also find this book useful. Prior knowledge of penetration testing and ethical hacking is not necessary.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Learn Penetration Testing est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Learn Penetration Testing par Rishalin Pillay en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Computer Science et Computer Science General. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Section 1: The Basics
In this section, we will begin with the basics. You will learn about penetration testing and what it entails. Understanding the stages of a penetration test is the key to success. We will start to prepare our environment by using an operating system that is geared toward penetration testingâKali Linux. You will learn how to set up and configure the various elements of Kali Linux.
The following chapters will be covered in this section:
- Chapter 1, Introduction to Penetration Testing
- Chapter 2, Getting Started with Kali Linux
Introduction to Penetration Testing
In this chapter, we begin our journey by building a solid foundation. Having a good understanding of the basics of penetration testing will help you conduct a successful penetration test, as opposed to haphazardly scanning networks and performing tests blindly. We will define penetration testing and how it differs from other security assessments. Before the actual penetration test occurs, there are a few things that need to be done in order to ensure that the correct authorization is in place and the correct scope is defined. Every successful penetration testing student requires a lab environmentâit can be daunting to build one, but don't despair. We will look at what options exist for a lab environment.
As you progress through the chapter, you will learn the following:
- What is penetration testing?
- Stages of a penetration test
- Getting started with your lab
- Creating virtual machines (VMs) in VMware, Hyper-V, and Virtualbox
Technical requirements
The following technical requirements are required for this chapter:
- Kali Linux version 2019.1
- Any hypervisor, such as VMware, Hyper-V, or Virtualbox
What is penetration testing?
Today, penetration testing is often confused with vulnerability assessments, red team assessments, and other security assessments. However, there are some differences between them, as follows:
- Vulnerability assessment: This is the process of identifying vulnerabilities and risks in systems. In a vulnerability assessment, the vulnerability is not exploited. It merely highlights the risks so that the business can identify the risks and plan for remediation.
- Penetration testing: This is the authorized process of finding and using vulnerabilities to perform an intrusion into a network, application, or host in a predefined time frame. Penetration testing can be conducted by an internal team or an external third party. Penetration testing goes one step further as opposed to a vulnerability assessment, in that a penetration test exploits the vulnerability to ensure it is not a false positive. Penetration testing does not involve anything that is unauthorized or uncoordinated. During a penetration test, some tests might affect business applications and cause downtime. For this reason, awareness at the management and staff levels is often required.
- Red team assessment: This is similar to a penetration test, but it's more targeted. As a penetration test's main aim is to discover multiple vulnerabilities and exploit them, the goal of a red team assessment is to test an organization's response capabilities and act on vulnerabilities that will meet their goals. In a red team assessment, the team will attempt to access information in any way possible and remain as quiet as possible. Stealth is key in a red team assessment. In a red team assessment, the duration of the assessment is much longer than a penetration test.
As you start your penetration testing journey, it's important to understand what penetration testing is. To illustrate what penetration testing is, let's consider a scenario.
You currently own an organization that holds customer data. Within your organization, you have SQL databases, public-facing websites, internet-facing servers, and a sizeable number of users. Your organization is a prime target for a number of attacks, such as SQL injections, social engineering against users, and weak passwords. Should your organization be compromised, there is a risk of customer data being exposed, and more.
In order to reduce your exposure to risks, you need to identify the holes in your current security posture. Penetration testing helps you to identify these holes in a controlled manner before an attacker does. Penetration testing uses real-world attacks that attackers would leverage; the aim is to obtain accurate information as to how deep an attacker could go within your network and how much information the attacker could obtain. The results of a penetration test give organizations an open view of the vulnerabilities and allow them to patch these before an adversary can act on them.
Think of penetration testing as looking through the eyes of an enemy.
Penetration testing is often referred to as ethical hacking, white hat hacking, pentest, or pentesting.
As the security maturity of organizations differs, so will the scope of your penetration tests. Some organizations might have really good security mechanisms in place, while others might not. As businesses have policies, business continuity plans, risk assessments, and disaster recovery as integral parts of their overall security, penetration testing needs to be included.
Stages of a penetration test
Now that you understand what penetration testing is, you may be wondering what the flow of a penetration test is. Penetration testing has a number of stages, and each stage forms an important part of the overall penetration test.
There are various standards that relate to penetration testing. This book does not follow any one of them specifically. There are other known standards, such as the following:
- NIST SP800-115 standard â https://csrc.nist.gov/publications/detail/sp/800-115/final
- Open Source Security Testing Methodology Manual (OSSTMM) â http://www.isecom.org/research
The following stages follow the Penetration Testing Execution Standard (PTES), which I found to be a great starting point. The full standard can be found at http://www.pentest-standard.org/.
Pre-engagement
This is the most important phase in every penetration test. In this phase, you start defining the blueprint for the penetration test and align this blueprint to the business goals of the client. The aim is to ensure that everyone involved is on the same page and expectations are set well in advance.
During this phase, as a penetration tester, you need to take time to understand your client's requirements and goals. For example, why is the client performing a penetration test? Was the client compromised? Is the client performing the penetration test purely to meet a compliance requirement, or does the client intend to perform remediation on the findings? Talking to the client and understanding their business goals will help you plan and scope your penetration test so that any sticky situation can be avoided.
The pre-engagement phase consists of a few additional components that you need to consider.
Scoping
This component defines what will be tested. Here, the key is in finding a balance between time, cost, and the goals of the business. It's important to note that everything agreed upon during the scope must be clearly documented and all legal implications must be considered.
During this component, you will ask questions such as the following:
- What is the number of IP address ranges or systems that will be tested?
- Does the ...