Professional Penetration Testing walks you through the entire process of setting up and running a pen test lab. Penetration testing-the act of testing a computer network to find security vulnerabilities before they are maliciously exploited-is a crucial component of information security in any organization. With this book, you will find out how to turn hacking skills into a professional career. Chapters cover planning, metrics, and methodologies; the details of running a pen test, including identifying and verifying vulnerabilities; and archiving, reporting and management practices.
Author Thomas Wilhelm has delivered penetration testing training to countless security professionals, and now through the pages of this book you can benefit from his years of experience as a professional penetration tester and educator. After reading this book, you will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios.
All disc-based content for this title is now available on the Web.
Find out how to turn hacking and pen testing skills into a professional career
Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers
Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business
Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester
PART I - Setting Up
Chapter 1: Introduction
Chapter 2: Ethics and Hacking
Chapter 3: Hacking as a Career
Chapter 4: Setting up Your Lab
Chapter 5: Creating and Using PenTest Targets in Your Lab
Chapter 6: Methodologies
Chapter 7: PenTest Metrics
Chapter 8: Management of a PenTest
PART II - Running a PenTest
Chapter 9: Information Gathering
Chapter 10: Vulnerability Identification
Chapter 11: Vulnerability Verification
Chapter 12: Compromising a System and Privilege Escalation
Chapter 13: Maintaining Access
Chapter 14: Covering Your Tracks
PART III - Wrapping Everything Up
Chapter 15: Reporting Results
Chapter 16: Archiving Data
Chapter 17: Cleaning Up Your Lab
Chapter 18: Planning for Your Next PenTest
Appendix A - Acronyms
Appendix B - Definitions
"...this is a detailed and thorough examination of both the technicalities and the business of pen-testing, and an excellent starting point for anyone getting into the field." --Network Security, March 2014
Über den Autor
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through Heorot.net, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.
2nd edition of the guide that walks readers through the entire process of setting up and running a pen test lab.