How to conduct professional pentestings in 21 days or less!
Understanding the hacker´s mind, making reconnaissance, scanning and enumeration, exploiting vulnerabilities, writing a professional report and more!
Karina Astudillo B.
Purchase Now !
Just with Paypal
Just with Paypal
Book Details
Price
|
3.00 USD |
|---|---|
Pages
| 334 p |
File Size
|
25,243 KB |
File Type
|
PDF format |
Update
| Translated and Updated from the Spanish First Edition (IEPI Registration, Certificate No. GYE-004179) |
Copyright
| Karina Astudillo B., 2015 |
Note: All rights reserved. No part of this book shall be reproduced, distributed, or transmitted in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher and the author, exception made of brief quotes or quotations included in media articles or reviews.
Karina Astudillo B. is an IT consultant specialized in information security,
networking and Unix/Linux. She is a Computer Engineer, MBA, and has international
certifications such as: Certified Ethical Hacker (CEH), Computer Forensics US, Cisco
Security, Network Security, Internet Security, CCNA Routing and Switching, CCNA
Security, Cisco Certified Academy Instructor (CCAI), Hillstone Certified Security
Professional (HCSP) and Hillstone Certified Security Associate (HCSA).
Karina began her career in the world of networking in 1995, thanks to an
opportunity to work on an IBM project at his alma mater, the Escuela Superior Politécnica
del Litoral (ESPOL). Since then, the world of networking, operating systems and IT
security, fascinated her to the point of becoming her passion.
Years later, once gaining experience working in the area of customer service in the
transnational corporation ComWare, she became first an independent consultant in 2002
through Consulting Systems, and after a while the co-founder in 2007 of Elixircorp S.A., a
computer security company.
Alongside consulting, Karina has always had an innate passion for teaching, so she
took the opportunity of becoming a professor at the Faculty of Electrical Engineering and
Computer Science (FIEC) of ESPOL in 1996.
Currently she is an instructor for the Cisco Networking Academy Program, the
Master in Management Information Systems (MSIG) and the Master in Applied Computer
Security (MSIA) at FIEC-ESPOL.
Because of her teaching experience she considered to include as part of the offer of
her company, preparation programs in information security, including workshops on
Ethical Hacking. By posting the success of these workshops on Elixircorp S.A. Facebook
page (https://www.facebook.com/elixircorp), she began receiving applications from
students from different cities and countries asking for courses, only to be disappointed
when they were answered that they were dictated live in Ecuador.
That’s when the idea of writing this book was born, to convey - without boundaries
– the knowledge of the Ethical Hacking 101 Workshop.
On her leisure time Karina enjoys reading science fiction, travel, share with her
family and friends and write about her on third person ;-D
Contents at a glance
Preface
Chapter 1 – Introduction to Ethical Hacking
Chapter 2 - Reconnaissance or footprinting
Chapter 3 - Scanning
Chapter 4 - Enumeration
Chapter 5 - Exploitation or hacking
Chapter 6 - Writing the audit report without suffering a mental breakdown
Chapter 7 - Relevant international certifications
Final Recommendations
Please leave us a review
About the author
Glossary of technical terms
Appendix A: Tips for successful laboratories
Notes and references
Preface
Information security has gained popularity in recent years and has gone from being
considered a cost, to be seen as an investment by managers of companies and
organizations worldwide.
In some countries this has happened very fast, in others the pace has been slower;
but ultimately we all converged in a digital world where information is the most valuable
intangible asset that we have.
And being an asset, we must protect it from loss, theft, misuse, etc. It is here that
plays an important role a previously unknown actor: the ethical hacker.
The role of the ethical hacker is to make - from the point of view of a cracker - a
controlled attack over the client’s IT infrastructure, detecting and exploiting potential
vulnerabilities that could allow penetrating the target network’s defenses, but without
damaging the services and systems audited. And all this for the sole purpose of alerting
the client’s organization of present security risks and how to fix them.
This individual must have the ability to know when it is best not to exploit a
security hole and when it is safe to run an exploit to demonstrate the vulnerability severity.
It’s a mix between the criminal mind of Hannibal, the actions of Mother Teresa and the
professional background of a true nerd!
But where are these heroes? The answer to this question becomes increasingly
difficult if we believe in the studies made by leading consulting firms, which indicate that
each year the gap between demand and offer of certified information security
professionals widens.
And it is for this reason that it becomes essential to discover professional
technology enthusiasts, but especially with high ethical and moral values, to be ready to
accept the challenge of becoming pentesters.
This book is for them.
No previous knowledge of ethical hacking is required, the book has an
introductory level and therefore starts from scratch in that area; however, it is essential to
have a background in computational systems and information technologies.
What are the requirements?
• Understand the OSI model and its different layers.
• Possess notions about the TCP/IP architecture (IPv4 addressing, subnetting,
routing, protocols such as ARP, DNS, HTTP, SMTP, DHCP, etc.).
• Know how to use and manage Windows and Linux systems.
Bookscreen
How the book is divided?
The book unfolds in seven chapters and it is estimated that the student will spend
about 21 days to complete it, with minimal time commitment of 2 hours per day.
Nonetheless, the reader is free to move at their own pace and take more or less time.
My only suggestion is that the student completes all the proposed laboratories,
even with different target operating systems.
Always remember, “Practice makes the master”1.
Chapter 1 - Introduction to Ethical Hacking covers the basics about this
profession and describes the different types of pentesting. It also includes tips on how to
conduct the initial phase of gathering information in order to prepare a proposal adjusted
to our client’s needs.
Chapter 2 - Reconnaissance reviews methodologies that help the ethical hacker to
discover the environment of the target network, as well as useful software tools and
commands. Emphasis is done on the use of Maltego and Google Hacking techniques to
successfully conduct this phase.
In Chapters 3 and 4, Scanning and Enumeration techniques used by ethical
hackers and crackers are described for detecting the services present in the target hosts and
discern what operating systems and applications our victims use. The successful execution
of these stages provides the pentester with helpful resources for enumerating user
accounts, groups, shared folders, registry keys, etc., in order to detect potential security
holes to be exploited later. We’ll cover the usage of popular software tools such as NMAP
port scanner and OpenVAS and Nexpose vulnerability analyzers under the famous Kali
Linux distro (former Backtrack).
Chapter 5 - Hacking, key concepts are covered in this chapter as pentesting
frameworks and hacking mechanisms. Here we’ll perform step-by-step labs using the
Metasploit Framework and its various interfaces. Detailed workshops for key attacks such
as man in the middle, phishing, malware injection, wireless hacking, and so on are also
included. In the labs we’ll use popular applications such as Ettercap, Wireshark, Aircrackng
suite and the Social Engineering Toolkit (SET).
Then, in Chapter 6 - Writing the audit report without suffering a mental
breakdown, tips are given to make this phase as painless as possible for the auditor, while
at the same time suggestions are made to deliver a useful report for our client’s top management.
Later, in Chapter 7 - relevant international certifications, we review information
security and ethical hacking top certifications that would be useful for the curriculum of a pentester.
We also believe that, despite being a book of hacking, the same could not be
complete without including at each stage of the “circle of hacking” relevant defense
mechanisms that may be suggested to the client in the audit report.
Finally, in Appendix A - Tips for successful laboratories, hardware and software
requirements are shown to successfully run the workshops and provide the reader
guidelines on where to download the installers for the required operating systems.
Thanks for purchasing this book! I wish you nothing but success in your new
career as a Professional Ethical Hacker.