Penetration Testing Essentials

Introduction

Introduction to Penetration Testing

• Defining Penetration Testing
• Preserving Confidentiality, Integrity, and Availability
• Appreciating the Evolution of Hacking

Introduction to Operating Systems and Networking

• Comparing Common Operating Systems
• Exploring Networking Concepts

Introduction to Cryptography

• Recognizing the Four Goals of Cryptography
• The History of Encryption
• Speaking Intelligently About Cryptography
• Comparing Symmetric and Asymmetric Cryptography
• Transforming Data via Hashing
• A Hybrid System: Using Digital Signatures
• Working with PKI

Outlining the Pen Testing Methodology

• Determining the Objective and Scope of the Job
• Choosing the Type of Test to Perform
• Gaining Permission via a Contract
• Following the Law While Testing

Gathering Intelligence

• Introduction to Intelligence Gathering
• Examining a Company's Web Presence
• Finding Websites That Don't Exist Anymore
• Gathering Information with Search Engines
• Targeting Employees with People Searches
• Discovering Location
• Do Some Social Networking
• Looking via Financial Services
• Investigating Job Boards
• Searching Email
• Extracting Technical Information

Scanning and Enumeration

• Introduction to Scanning
• Checking for Live Systems
• Performing Port Scanning
• Identifying an Operating System
• Scanning for Vulnerabilities
• Using Proxies (Or Keeping Your Head Down)
• Performing Enumeration

Conducting Vulnerability Scanning

• Introduction to Vulnerability Scanning
• Recognizing the Limitations of Vulnerability Scanning
• Outlining the Vulnerability Scanning Process
• Types of Scans That Can Be Performed

Cracking Passwords

• Recognizing Strong Passwords
• Choosing a Password-Cracking Technique
• Executing a Passive Online Attack
• Executing an Active Online Attack
• Executing an Offline Attack
• Using Nontechnical Methods
• Escalating Privileges

Retaining Access with Backdoors and Malware

• Deciding How to Attack
• Installing a Backdoor with PsTools
• Opening a Shell with LAN Turtle
• Recognizing Types of Malware
• Launching Viruses
• Launching Worms
• Launching Spyware
• Inserting Trojans
• Installing Rootkits

Reporting

• Reporting the Test Parameters
• Collecting Information
• Highlighting the Important Information
• Adding Supporting Documentation
• Conducting Quality Assurance

Working with Defensive and Detection Systems

• Detecting Intrusions
• Recognizing the Signs of an Intrusion
• Evading an IDS
• Breaching a Firewall
• Using Honeypots: The Wolf in Sheep's Clothing

Covering Your Tracks and Evading Detection

• Recognizing the Motivations for Evasion
• Getting Rid of Log Files
• Hiding Files
• Evading Antivirus Software
• Evading Defenses by Entering Through a Backdoor
• Using Rootkits for Evasion

Detecting and Targeting Wireless

• An Introduction to Wireless
• Breaking Wireless Encryption Technologies
• Conducting a Wardriving Attack
• Conducting Other Types of Attack
• Choosing Tools to Attack Wireless
• Knocking Out Bluetooth
• Hacking the Internet of Things (IoT)

Dealing with Mobile Device Security

• Recognizing Current-Generation Mobile Devices
• Working with Android OS
• Working with Apple iOS
• Finding Security Holes in Mobile Devices
• Encountering Bring Your Own Device (BYOD)
• Choosing Tools to Test Mobile Devices

Performing Social Engineering

• Introduction to Social Engineering
• Exploiting Human Traits
• Acting Like a Social Engineer
• Targeting Specific Victims
• Leveraging Social Networking
• Conducting Safer Social Networking

Hardening a Host System

• Introduction to Hardening
• Three Tenets of Defense
• Creating a Security Baseline
• Hardening with Group Policy
• Hardening Desktop Security
• Backing Up a System

Hardening Your Network

• Introduction to Network Hardening
• Intrusion Detection Systems
• Firewalls
• Physical Security Controls

Navigating the Path to Job Success

• Choosing Your Career Path
• Build a Library
• Practice Technical Writing
• Display Your Skills

Building a Test Lab for Penetration Testing

• Deciding to Build a Lab
• Considering Virtualization
• Getting Starting and What You Will Need
• Installing Software