Robert Shimonski - Penetration Testing For Dummies

3 Part 1: Getting Started with Pen Testing Part 1 Chapter 1: Understanding the Role Pen Testers Play in Security Chapter 1 Looking at Pen Testing Roles Looking at Pen Testing Roles The security arena has myriad names applied to anyone who does good or bad security stuff. If you’re new to pen testing, all that can be highly confusing. To clear up any and all confusion on the matter, I dedicate this section to describing the good guys who do pen testing and what roles you might have as a pen tester. (See Chapter 2 for a breakdown of the baddies.) The pen tester’s role is to penetrate and to ethically hack to find weaknesses within a company’s IT security program. Securing the weaknesses might be someone else’s responsibility. You may or may not be responsible for making recommendations based on the weaknesses you uncover, but I discuss that task in Chapter 12 . You must have permission to conduct penetration testing if you don’t work in the field or for a company hired to conduct it. Even if you’re hired to pen test an organization’s security, you likely still need permission for certain types of pen testing activities. See Chapter 9 for more on that issue. Getting Certified Getting Certified Professional organizations and vendors both offer industry standard, generalized and specialized certification programs, as well as those based on specific vendor tools. Some of them mix the two. For example, one of the biggest and most focused pen testing certifications on the market today is CompTIA’s pentest+ certification. Although it covers general topics on pen testing, it also goes in depth on the tools you use the most. There are also other certifications, such as the CEH (certified ethical hacker certification) and the SANS GIAC Penetration Testing certification (covered in Chapter 16 ). You can also start with general security certifications such as the CompTIA Security+ or the ISC2 CISSP. It would also benefit you to learn how to write and submit reports and present your findings. I cover these topics in detail in Part 4 . Gaining the Basic Skills to Pen Test Gaining the Basic Skills to Pen Test You’re going to need a wide variety of skills throughout your pen testing career, but the biggest (or most important) skills to have are in the realm of networking and general security, which I discuss in this section. Introducing Cybercrime What You Need to Get Started Deciding How and When to Pen Test Taking Your First Steps Chapter 2: An Overview Look at Pen Testing The Goals of Pen Testing Scanning Maintenance Hacker Agenda Doing Active Reconnaissance: How Hackers Gather Intelligence Chapter 3: Gathering Your Tools Considerations for Your Toolkit Nessus Wireshark Kali Linux Nmap

4 Part 2: Understanding the Different Types of Pen Testing Chapter 4: Penetrate and Exploit Understanding Vectors and the Art of Hacking Examining Types of Penetration Attacks Cryptology and Encryption Using Metasploit Framework and Pro Chapter 5: Assumption (Man in the Middle) Toolkit Fundamentals Listening In to Collect Data Chapter 6: Overwhelm and Disrupt (DoS/DDoS) Toolkit Fundamentals Understanding Denial of Service (DoS) Attacks Buffer Overflow Attacks Fragmentation Attacks Smurf Attacks Tiny Packet Attacks Xmas Tree Attacks Chapter 7: Destroy (Malware) Toolkit Fundamentals Malware Ransomware Other Types of Destroy Attacks Chapter 8: Subvert (Controls Bypass) Toolkit Fundamentals Attack Vectors Phishing Spoofing Malware

5 Part 3: Diving In: Preparations and Testing Chapter 9: Preparing for the Pen Test Handling the Preliminary Logistics Gathering Requirements Coming Up with a Plan Having a Backout Plan Chapter 10: Conducting a Penetration Test Attack! Looking at the Pen Test from Inside Documenting Your Every Move Other Capture Methods and Vectors Assessment Prevention

6 Part 4: Creating a Pen Test Report Chapter 11: Reporting Structuring the Pen Test Report Creating a Professional and Accurate Report Delivering the Report: Report Out Fundamentals Updating the Risk Register Chapter 12: Making Recommendations Understanding Why Recommendations Are Necessary Seeing How Assessments Fit into Recommendations Networks Systems General Security Recommendations: All Systems More Recommendations Chapter 13: Retesting Looking at the Benefits of Retesting Understanding the Reiterative Nature of Pen Testing and Retesting Determining When to Retest Choosing What to Retest Running a Pen Retest

7 Part 5: The Part of Tens Chapter 14: Top Ten Myths About Pen Testing All Forms of Ethical Hacking Are the Same We Can’t Afford a Pen Tester We Can’t Trust a Pen Tester We Don’t Trust the Tools Pen Tests Are Not Done Often Pen Tests Are Only for Technical Systems Contractors Can’t Make Great Pen Testers Pen Test Tool Kits Must Be Standardized Pen Testing Itself Is a Myth and Unneeded Pen Testers Know Enough and Don’t Need to Continue to Learn Chapter 15: Ten Tips to Refine Your Pen Testing Skills Continue Your Education Build Your Toolkit Think outside the Box Think Like a Hacker Get Involved Use a Lab Stay Informed Stay Ahead of New Technologies Build Your Reputation Learn about Physical Security Chapter 16: Ten Sites to Learn More About Pen Testing SANS Institute GIAC Certifications Software Engineering Institute (Assorted) Legal Penetration Sites Open Web Application Security Project Tenable Nmap Wireshark Dark Reading Offensive Security

8 Index

9 About the Author

10 Advertisement Page

11 Connect with Dummies

12 End User License Agreement

1 Chapter 2 TABLE 2-1 A Risk Register

2 Chapter 13TABLE 13-1 Reviewing the Risk Register for Issues to Retest

1 Chapter 1FIGURE 1-1: Adding an IP range to scan.FIGURE 1-2: Examining the OSI model.FIGURE 1-3: Digging into a network packet capture.FIGURE 1-4: Review a firewall log.FIGURE 1-5: Metasploit is one tool for pen testing.FIGURE 1-6: Use Nessus to conduct an assessment.FIGURE 1-7: Examining a Retina CS scan.

2 Chapter 2FIGURE 2-1: Sample output from Nessus.FIGURE 2-2: Nmap is a tool you use to conduct to ping sweeps.FIGURE 2-3: Examples of commonly used AV programs.

3 Chapter 3FIGURE 3-1: Nessus output.FIGURE 3-2: Using Nessus to scan a network router.FIGURE 3-3: Select a scan template type.FIGURE 3-4: Create your first Nessus scan.FIGURE 3-5: Using Wireshark Network Analyzer.FIGURE 3-6: Launching and using Wireshark to analyze traffic.FIGURE 3-7: Drilling down into captured data.FIGURE 3-8: Examining the traffic between host endpoints with Wireshark.FIGURE 3-9: Testing FTP access with Wireshark.FIGURE 3-10: Using tcdump on Kali Linux.FIGURE 3-11: Explore the Kali Linux toolset.FIGURE 3-12: Loading and using Nmap in Kali Linux.FIGURE 3-13: Creating a network map with Nmap.