Table of Contents
Introduction 1
About This Book 1
Foolish Assumptions 2
Icons Used in This Book 2
What You're Not to Read 3
Where to Go from Here 3
Part 1 Getting Started with Pen Testing 5
Chapter 1 Understanding the Role Pen Testers Play in Security 7
Looking at Pen Testing Roles 8
Crowdsourced pen testers 8
In-house security pro 9
Security consultant 10
Getting Certified 10
Gaining the Basic Skills to Pen Test 10
Basic networking 12
General security technology 14
Systems infrastructure and applications 15
Mobile and cloud 16
Introducing Cybercrime 16
What You Need to Get Started 18
Deciding How and When to Pen Test 19
Taking Your First Steps 21
Chapter 2 An Overview Look at Pen Testing 23
The Goals of Pen Testing 23
Protecting assets 24
Identifying risk 24
Finding vulnerabilities 26
Scanning and assessing 27
Securing operations 28
Responding to incidents 29
Scanning Maintenance 31
Exclusions and ping sweeps 31
Patching 32
Antivirus and other technologies 33
Compliance 34
Hacker Agenda 35
Hackivist 36
Script kiddie to elite 36
White hat 36
Grey hat 37
Black hat 37
Doing Active Reconnaissance: How Hackers Gather Intelligence 37
Chapter 3 Gathering Your Tools 39
Considerations for Your Toolkit 39
Nessus 40
Wireshark 43
Kali Linux 46
Nmap 49
Part 2 Understanding the Different Types of Pen Testing 51
Chapter 4 Penetrate and Exploit 53
Understanding Vectors and the Art of Hacking 54
Examining Types of Penetration Attacks 55
Social engineering 55
Client-side and server-side attacks 60
Password cracking 62
Cryptology and Encryption 63
SSL/TLS 64
SSH 64
IPsec 65
Using Metasploit Framework and Pro 65
Chapter 5 Assumption (Man in the Middle) 69
Toolkit Fundamentals 70
Burp Suite 70
Wireshark 72
Listening In to Collect Data 74
Address spoofing 74
Eavesdropping 75
Packet capture and analysis 77
Key loggers 77
Card skimmers 77
USB drives 78
Chapter 6 Overwhelm and Disrupt (DoS/DDoS) 79
Toolkit Fundamentals 80
Kali 80
Kali T50 Mixed Packet Injector tool 83
Understanding Denial of Service (DoS) Attacks 84
Buffer Overflow Attacks 86
Fragmentation Attacks 88
Smurf Attacks 90
Tiny Packet Attacks 91
Xmas Tree Attacks 91
Chapter 7 Destroy (Malware) 93
Toolkit Fundamentals 94
Antivirus software and other tools 94
Nessus 94
Malware 97
Ransomware 99
Other Types of Destroy Attacks 101
Chapter 8 Subvert (Controls Bypass) 103
Toolkit Fundamentals 103
Antivirus software and other tools 104
Nmap 104
Attack Vectors 109
Phishing 111
Spoofing 111
Malware 112
Using malware to find a way in 112
Bypassing AV software 113
Part 3 Diving In: Preparations and Testing 115
Chapter 9 Preparing for the Pen Test 117
Handling the Preliminary Logistics 117
Holding an initial meeting 118
Gaining permission 120
Following change control 121
Keeping backups 121
Having documentation 121
Gathering Requirements 121
Reviewing past test results 122
Consulting the risk register 122
Coming Up with a Plan 124
Selecting a projector scan type 125
Selecting the tool(s) 125
Having a Backout Plan 127
Chapter 10 Conducting a Penetration Test 129
Attack! 130
Infiltration 131
Penetration 133
Exploitation 134
APT 135
Exfiltration (and success) 135
Next steps 135
Looking at the Pen Test from Inside 136
Documenting Your Every Move 136
Network mapping 137
Updating the risk register 138
Maintaining balance 138
Other Capture Methods and Vectors 139
Assessment 139
Infiltrate 140
Penetrate 140
Exploit 141
Exfiltrate 141
Prevention 142
Hardening 142
Active monitoring 143
Retesting 143
Devising best practices from lessons learned 143
Part 4 Creating a Pen Test Report 147
Chapter 11 Reporting 149
Structuring the Pen Test Report 150
Executive Summary 150
Tools, Methods, and Vectors 152
Detailed findings 153
Conclusion 154
Recommendations 155
Appendix/Appendices 155
Creating a Professional and Accurate Report 156
Be professional 156
Stay focused 156
Avoid false positives 156
Classify your data 157
Encourage staff awareness and training 157
Delivering the Report: Report Out Fundamentals 157
Updating the Risk Register 158
Chapter 12 Making Recommendations 161
Understanding Why Recommendations Are Necessary 162
Seeing How Assessments Fit into Recommendations 162
Networks 165
General network hardening 165
Network segmentation 166
Internal network 167
Wired/wireless 168
External 168
Systems 168
Servers 169
Client-side 170
Infrastructure 171
Mobile 172
Cloud 172
General Security Recommendations: All Systems 173
Ports 173
Unneeded services 173
A patch schedule 174
Firewalls 174
AV software 174
Sharing resources 175
Encryption 176
More Recommendations 177
Segmentation and visualization 177
Access control 177
Backups 178
Securing logs 179
Awareness and social engineering 179
Chapter 13 Retesting 181
Looking at the Benefits of Retesting 182
Understanding the Reiterative Nature of Pen Testing and Retesting 183
Determining When to Retest 184
Choosing What to Retest 185
Consulting your documentation 185
Reviewing the report 187
Reviewing the risk register 188
Running a Pen Retest 189
Part 5 The Part of Tens 191
Chapter 14 Top Ten Myths About Pen Testing 193
All Forms of Ethical Hacking Are the Same 194
We Can't Afford a Pen Tester 194
We Can't Trust a Pen Tester 195
We Don't Trust the Tools 196
Pen Tests Are Not Done Often 197
Pen Tests Are Only for Technical Systems 198
Contractors Can't Make Great Pen Testers 199
Pen Test Tool Kits Must Be Standardized 199
Pen Testing Itself is a Myth and Unneeded 200
Pen Testers Know Enough and Don't Need to Continue to Learn 200
Chapter 15 Ten Tips to Refine Your Pen Testing Skills 201
Continue Your Education 201
Build Your Toolkit 202
Think outside the Box 203
Think Like a Hacker 204
Get Involved 204
Use a Lab 205
Stay Informed 207
Stay Ahead of New Technologies 207
Build Your Reputation 207
Learn about Physical Security 208
Chapter 16 Ten Sites to Learn More About Pen Testing 209
SANS Institute 210
GIAC Certifications 211
Software Engineering Institute 211
(Assorted) Legal Penetration Sites 212
Open Web Application Security Project 212
Tenable 213
Nmap 214
Wireshark 214
Dark Reading 215
Offensive Security 215
Index 217
