The perfect introduction to pen testing for all IT professionals and students · Clearly explains key concepts, terminology, challenges, tools, and skills · Covers the latest penetration testing standards from NSA, PCI, and NIST Welcome to today’s most useful and practical introduction to penetration testing. Chuck Easttom brings together up-to-the-minute coverage of all the concepts, terminology, challenges, and skills you’ll need to be effective. Drawing on decades of experience in cybersecurity and related IT fields, Easttom integrates theory and practice, covering the entire penetration…mehr
The perfect introduction to pen testing for all IT professionals and students · Clearly explains key concepts, terminology, challenges, tools, and skills · Covers the latest penetration testing standards from NSA, PCI, and NIST Welcome to today’s most useful and practical introduction to penetration testing. Chuck Easttom brings together up-to-the-minute coverage of all the concepts, terminology, challenges, and skills you’ll need to be effective. Drawing on decades of experience in cybersecurity and related IT fields, Easttom integrates theory and practice, covering the entire penetration testing life cycle from planning to reporting. You’ll gain practical experience through a start-to-finish sample project relying on free open source tools. Throughout, quizzes, projects, and review sections deepen your understanding and help you apply what you’ve learned. Including essential pen testing standards from NSA, PCI, and NIST, Penetration Testing Fundamentals will help you protect your assets–and expand your career options. LEARN HOW TO · Understand what pen testing is and how it’s used · Meet modern standards for comprehensive and effective testing · Review cryptography essentials every pen tester must know · Perform reconnaissance with Nmap, Google searches, and ShodanHq · Use malware as part of your pen testing toolkit · Test for vulnerabilities in Windows shares, scripts, WMI, and the Registry · Pen test websites and web communication · Recognize SQL injection and cross-site scripting attacks · Scan for vulnerabilities with OWASP ZAP, Vega, Nessus, and MBSA · Identify Linux vulnerabilities and password cracks · Use Kali Linux for advanced pen testing · Apply general hacking technique ssuch as fake Wi-Fi hotspots and social engineering · Systematically test your environment with Metasploit · Write or customize sophisticated Metasploit exploits
Chuck Easttom has been in the IT industry for well over 25 years and cybersecurity for over 15. He has over 40 industry certifications, and has authored 24 other books. He is also an inventor with 13 patents. Chuck is a frequent speaker at various security conferences including Defcon, ISC2 Security Congress, Secure World, and many others. He also has authored a number of papers on security-related topics including malware development, penetration testing, and hacking techniques. He also has hands-on experience consulting on cyber security issues and conducting penetration tests.
Inhaltsangabe
Introduction Chapter 1: Introduction to Penetration Testing What Is Penetration Testing? Audits Vulnerability Scans Penetration Tests The Hybrid Test Terminology Methodologies Nature of the Test Approaches Ethical Issues Everything Is Confidential Keep in Your Lane If You Break It, You Bought It Legal Issues Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030 Unlawful Access to Stored Communications: 18 U.S. Code § 2701 Identity Theft Enforcement and Restitution Act Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029 State Laws International Laws Certifications CEH GPEN OSCP Mile2 CISSP PPT This Book and Certifications Careers in Penetration Testing Security Administrators Commercial Penetration Testing Government/National Defense Law Enforcement Building Your Skillset Summary Test Your Skills Chapter 2: Standards PCI DSS The Actual Test NIST 800-115 Planning Execution Post-Execution National Security Agency InfoSec Assessment Methodology (NSA-IAM) PTES CREST (UK) A Synthesis (Putting Standards Together into a Single Unified Approach) Pre-Engagement The Actual Test Reporting Related Standards OWASP Other Standards ISO 27002 NIST 800-12, Revision 1 NIST 800-14 Summary Test Your Skills Chapter 3: Cryptography Cryptography Basics History of Encryption The Caesar Cipher Atbash Multi-Alphabet Substitution Rail Fence Modern Methods Symmetric Encryption Modification of Symmetric Methods Practical Applications Public Key (Asymmetric) Encryption Digital Signatures Hashing MD5 SHA RIPEMD Windows Hashing MAC and HMAC Rainbow Tables Pass the Hash Password Crackers Steganography Historical Steganography Methods and Tools Cryptanalysis Frequency Analysis Modern Methods Practical Application Learning More Summary Test Your Skills Chapter 4: Reconnaissance Passive Scanning Techniques Netcraft BuiltWith Archive.org Shodan Social Media Google Searching Active Scanning Techniques Port Scanning Enumeration Wireshark Maltego Other OSINT Tools OSINT Website Alexa Web Master Tips Summary Test Your Skills Chapter 5: Malware Viruses How a Virus Spreads Types of Viruses Virus Examples Trojan Horses Other Forms of Malware Rootkit Malicious Web-Based Code Logic Bombs Creating Malware Levels of Malware Writing Skill GUI Tools Simple Script Viruses Creating a Trojan Horse Altering Existing Viruses Summary Test Your Skills Chapter 6: Hacking Windows Windows Details Windows History The Boot Process Important Windows Files Windows Logs The Registry Volume Shadow Copy Windows Password Hashing Windows Hacking Techniques Pass the Hash chntpw Net User Script Login as System Find the Admin Windows Scripting net users net view net share net service netshell Windows Password Cracking Offline NT Registry Editor LCP pwdump ophcrack John the Ripper Detecting Malware in Windows Cain and Abel Summary Test Your Skills Chapter 7: Web Hacking Web Technology Specific Attacks on Websites SQL Script Injection XSS Other Web Attacks Tools Burp Suite BeEF Summary Test Your Skills Chapter 8: Vulnerability Scanning Vulnerabilities CVE NIST OWASP Packet Capture tcpdump Wireshark Network Scanners LanHelper Wireless Scanners/Crackers Aircrack General Scanners MBSA Nessus Nexpose SAINT Web Application Scanners OWASP ZAP Vega Cyber Threat Intelligence Threatcrowd.org Phishtank Internet Storm Center OSINT Summary Test Your Skills Chapter 9: Introduction to Linux Linux History Linux Commands ls Command cd Command Pipe Output finger Command grep Command ps Command pstree Command top Command kill Command Basic File and Directory Commands chown Command chmod Command bg Command fg Command useradd Command userdel Command usermod Command users Command who Command Directories /root /bin /sbin /etc /dev /boot /usr /var /proc Graphical User Interface GNOME KDE Summary Test Your Skills Chapter 10: Linux Hacking More on the Linux OS sysfs Crond Shell Commands Linux Firewall Iptables iptables Configuration Syslog Syslogd Scripting Linux Passwords Linux Hacking Tricks Boot Hack Backspace Hack Summary Test Your Skills Chapter 11: Introduction to Kali Linux Kali Linux History Kali Basics Kali Tools recon-ng Dmitry Sparta John the Ripper Hashcat macchanger Ghost Phisher Summary Test Your Skills Chapter 12: General Hacking Techniques Wi-Fi Testing Create a Hotspot Using Kali as a Hotspot Testing the WAP Administration Other Wi-Fi Issues Social Engineering DoS Well-known DoS Attacks Tools Summary Test Your Skills Chapter 13: Introduction to Metasploit Background on Metasploit Getting Started with Metasploit Basic Usage of msfconsole Basic Commands Searching Scanning with Metasploit SMB Scanner SQL Server Scan SSH Server Scan Anonymous FTP Servers FTP Server How to Use Exploits Exploit Examples Cascading Style Sheets File Format Exploit Remote Desktop Exploit More Exploits Common Error Post Exploits Get Logged-on Users Check VM Enumerate Applications Going Deeper into the Target Summary Test Your Skills Chapter 14: More with Metasploit Meterpreter and Post Exploits ARP NETSTAT PS Navigation Download and Upload Desktops Cameras Key Logger Other Information msfvenom More Metasploit Attacks Formatting All Drives Attacking Windows Server 2008 R2 Attacking Windows via Office Attacking Linux Attacking via the Web Another Linux Attack Linux Post Exploits Summary Test Your Skills Chapter 15: Introduction to Scripting with Ruby Getting Started Basic Ruby Scripting A First Script Syntax Object-Oriented Programming Summary Test Your Skills Chapter 16: Write Your Own Metasploit Exploits with Ruby The API Getting Started Examine an Existing Exploit Extending Existing Exploits Writing Your First Exploit Summary Test Your Skills Chapter 17: General Hacking Knowledge Conferences Dark Web Certification and Training Cyber Warfare and Terrorism Nation State Actors Summary Test Your Skills Chapter 18: Additional Pen Testing Topics Wireless Pen Testing 802.11 Infrared Bluetooth Other Forms of Wireless Wi-Fi Hacking Mainframe and SCADA SCADA Basics Mainframes Mobile Pen Testing Cellular Terminology Bluetooth Attacks Bluetooth/Phone Tools Summary Test Your Skills Chapter 19: A Sample Pen Test Project Pen Test Outline Pre-Test Activities External Internal Optional Items Report Outline Summary Appendix A: Answers to Chapter Multiple Choice Questions 9780789759375 TOC 2/13/2018
Introduction Chapter 1: Introduction to Penetration Testing What Is Penetration Testing? Audits Vulnerability Scans Penetration Tests The Hybrid Test Terminology Methodologies Nature of the Test Approaches Ethical Issues Everything Is Confidential Keep in Your Lane If You Break It, You Bought It Legal Issues Computer Fraud and Abuse Act (CFAA): 18 U.S. Code § 1030 Unlawful Access to Stored Communications: 18 U.S. Code § 2701 Identity Theft Enforcement and Restitution Act Fraud and Related Activity in Connection with Access Devices: 18 U.S. Code § 1029 State Laws International Laws Certifications CEH GPEN OSCP Mile2 CISSP PPT This Book and Certifications Careers in Penetration Testing Security Administrators Commercial Penetration Testing Government/National Defense Law Enforcement Building Your Skillset Summary Test Your Skills Chapter 2: Standards PCI DSS The Actual Test NIST 800-115 Planning Execution Post-Execution National Security Agency InfoSec Assessment Methodology (NSA-IAM) PTES CREST (UK) A Synthesis (Putting Standards Together into a Single Unified Approach) Pre-Engagement The Actual Test Reporting Related Standards OWASP Other Standards ISO 27002 NIST 800-12, Revision 1 NIST 800-14 Summary Test Your Skills Chapter 3: Cryptography Cryptography Basics History of Encryption The Caesar Cipher Atbash Multi-Alphabet Substitution Rail Fence Modern Methods Symmetric Encryption Modification of Symmetric Methods Practical Applications Public Key (Asymmetric) Encryption Digital Signatures Hashing MD5 SHA RIPEMD Windows Hashing MAC and HMAC Rainbow Tables Pass the Hash Password Crackers Steganography Historical Steganography Methods and Tools Cryptanalysis Frequency Analysis Modern Methods Practical Application Learning More Summary Test Your Skills Chapter 4: Reconnaissance Passive Scanning Techniques Netcraft BuiltWith Archive.org Shodan Social Media Google Searching Active Scanning Techniques Port Scanning Enumeration Wireshark Maltego Other OSINT Tools OSINT Website Alexa Web Master Tips Summary Test Your Skills Chapter 5: Malware Viruses How a Virus Spreads Types of Viruses Virus Examples Trojan Horses Other Forms of Malware Rootkit Malicious Web-Based Code Logic Bombs Creating Malware Levels of Malware Writing Skill GUI Tools Simple Script Viruses Creating a Trojan Horse Altering Existing Viruses Summary Test Your Skills Chapter 6: Hacking Windows Windows Details Windows History The Boot Process Important Windows Files Windows Logs The Registry Volume Shadow Copy Windows Password Hashing Windows Hacking Techniques Pass the Hash chntpw Net User Script Login as System Find the Admin Windows Scripting net users net view net share net service netshell Windows Password Cracking Offline NT Registry Editor LCP pwdump ophcrack John the Ripper Detecting Malware in Windows Cain and Abel Summary Test Your Skills Chapter 7: Web Hacking Web Technology Specific Attacks on Websites SQL Script Injection XSS Other Web Attacks Tools Burp Suite BeEF Summary Test Your Skills Chapter 8: Vulnerability Scanning Vulnerabilities CVE NIST OWASP Packet Capture tcpdump Wireshark Network Scanners LanHelper Wireless Scanners/Crackers Aircrack General Scanners MBSA Nessus Nexpose SAINT Web Application Scanners OWASP ZAP Vega Cyber Threat Intelligence Threatcrowd.org Phishtank Internet Storm Center OSINT Summary Test Your Skills Chapter 9: Introduction to Linux Linux History Linux Commands ls Command cd Command Pipe Output finger Command grep Command ps Command pstree Command top Command kill Command Basic File and Directory Commands chown Command chmod Command bg Command fg Command useradd Command userdel Command usermod Command users Command who Command Directories /root /bin /sbin /etc /dev /boot /usr /var /proc Graphical User Interface GNOME KDE Summary Test Your Skills Chapter 10: Linux Hacking More on the Linux OS sysfs Crond Shell Commands Linux Firewall Iptables iptables Configuration Syslog Syslogd Scripting Linux Passwords Linux Hacking Tricks Boot Hack Backspace Hack Summary Test Your Skills Chapter 11: Introduction to Kali Linux Kali Linux History Kali Basics Kali Tools recon-ng Dmitry Sparta John the Ripper Hashcat macchanger Ghost Phisher Summary Test Your Skills Chapter 12: General Hacking Techniques Wi-Fi Testing Create a Hotspot Using Kali as a Hotspot Testing the WAP Administration Other Wi-Fi Issues Social Engineering DoS Well-known DoS Attacks Tools Summary Test Your Skills Chapter 13: Introduction to Metasploit Background on Metasploit Getting Started with Metasploit Basic Usage of msfconsole Basic Commands Searching Scanning with Metasploit SMB Scanner SQL Server Scan SSH Server Scan Anonymous FTP Servers FTP Server How to Use Exploits Exploit Examples Cascading Style Sheets File Format Exploit Remote Desktop Exploit More Exploits Common Error Post Exploits Get Logged-on Users Check VM Enumerate Applications Going Deeper into the Target Summary Test Your Skills Chapter 14: More with Metasploit Meterpreter and Post Exploits ARP NETSTAT PS Navigation Download and Upload Desktops Cameras Key Logger Other Information msfvenom More Metasploit Attacks Formatting All Drives Attacking Windows Server 2008 R2 Attacking Windows via Office Attacking Linux Attacking via the Web Another Linux Attack Linux Post Exploits Summary Test Your Skills Chapter 15: Introduction to Scripting with Ruby Getting Started Basic Ruby Scripting A First Script Syntax Object-Oriented Programming Summary Test Your Skills Chapter 16: Write Your Own Metasploit Exploits with Ruby The API Getting Started Examine an Existing Exploit Extending Existing Exploits Writing Your First Exploit Summary Test Your Skills Chapter 17: General Hacking Knowledge Conferences Dark Web Certification and Training Cyber Warfare and Terrorism Nation State Actors Summary Test Your Skills Chapter 18: Additional Pen Testing Topics Wireless Pen Testing 802.11 Infrared Bluetooth Other Forms of Wireless Wi-Fi Hacking Mainframe and SCADA SCADA Basics Mainframes Mobile Pen Testing Cellular Terminology Bluetooth Attacks Bluetooth/Phone Tools Summary Test Your Skills Chapter 19: A Sample Pen Test Project Pen Test Outline Pre-Test Activities External Internal Optional Items Report Outline Summary Appendix A: Answers to Chapter Multiple Choice Questions 9780789759375 TOC 2/13/2018
Es gelten unsere Allgemeinen Geschäftsbedingungen: www.buecher.de/agb
Impressum
www.buecher.de ist ein Internetauftritt der buecher.de internetstores GmbH
Geschäftsführung: Monica Sawhney | Roland Kölbl | Günter Hilger
Sitz der Gesellschaft: Batheyer Straße 115 - 117, 58099 Hagen
Postanschrift: Bürgermeister-Wegele-Str. 12, 86167 Augsburg
Amtsgericht Hagen HRB 13257
Steuernummer: 321/5800/1497
USt-IdNr: DE450055826
