Foreword xvi Introduction xviii 1 What is a Pentester? 1 Synonymous Terms and Types of Hackers 2 Pentests Described 3 Benefits and Reasons 3 Legality and Permission 5 Pentest Methodology 5 Pre-engagement Interactions 7 Intelligence Gathering 7 Threat Modeling 7 Vulnerability Analysis 7 Exploitation 8 Post Exploitation 8 Reporting 8 Pentest Types 9 Vulnerability Scanning 10 Vulnerability Assessments 10 Pentest Targets and Specializations 11 Generalist Pentesting 11 Application Pentesting 11 Internet of ...
Read More
Foreword xvi Introduction xviii 1 What is a Pentester? 1 Synonymous Terms and Types of Hackers 2 Pentests Described 3 Benefits and Reasons 3 Legality and Permission 5 Pentest Methodology 5 Pre-engagement Interactions 7 Intelligence Gathering 7 Threat Modeling 7 Vulnerability Analysis 7 Exploitation 8 Post Exploitation 8 Reporting 8 Pentest Types 9 Vulnerability Scanning 10 Vulnerability Assessments 10 Pentest Targets and Specializations 11 Generalist Pentesting 11 Application Pentesting 11 Internet of Things (IoT) 12 Industrial Control Systems (ICS) 12 Hardware and Medical Devices 13 Social Engineering 13 Physical Pentesting 13 Transportation Pentesting 14 Red Team Pentesting 14 Career Outlook 14 Summary 16 2 Prerequisite Skills 17 Skills Required for Learning Pentesting 18 Operating Systems 18 Networking 19 Information Security 19 Prerequisites Learning 19 Information Security Basics 20 What is Information Security? 21 The CIA Triad 22 Security Controls 24 Access Control 26 Incident Response 28 Malware 30 Advanced Persistent Threats 34 The Cyber Kill Chain 35 Common Vulnerabilities and Exposures 36 Phishing and Other Social Engineering 37 Airgapped Machines 38 The Dark Web 39 Summary 40 3 Education of a Hacker 43 Hacking Skills 43 Hacker Mindset 44 The Pentester Blueprint Formula 45 Ethical Hacking Areas 45 Operating Systems and Applications 46 Networks 46 Social Engineering 47 Physical Security 48 Types of Pentesting 48 Black Box Testing 49 White Box Testing 49 Gray Box Testing 50 A Brief History of Pentesting 50 The Early Days of Pentesting 51 Improving the Security of Your Site by Breaking into It 51 Pentesting Today 52 Summary 53 4 Education Resources 55 Pentesting Courses 55 Pentesting Books 56 Pentesting Labs 60 Web Resources 60 Summary 64 5 Building a Pentesting Lab 65 Pentesting Lab Options 65 Minimalist Lab 66 Dedicated Lab 66 Advanced Lab 67 Hacking Systems 67 Popular Pentesting Tools 68 Kali Linux 68 Nmap 69 Wireshark 69 Vulnerability Scanning Applications 69 Hak5 70 Hacking Targets 70 PentestBox 70 VulnHub 71 Proving Grounds 71 How Pentesters Build Their Labs 71 Summary 81 6 Certifications and Degrees 83 Pentesting Certifications 83 Entry-Level Certifications 84 Intermediate-Level Certifications 85 Advanced-Level Certifications 87 Specialization Web Application Pentesting Certifications 88 Wireless Pentesting Certifications 90 Mobile Pentesting Certifications 91 Pentesting Training and Coursework 91 Acquiring Pentesting Credentials 92 Certification Study Resources 99 CEH v10 Certified Ethical Hacker Study Guide 100 EC-Council 100 Quizlet CEH v10 Study Flashcards 100 Hacking Wireless Networks for Dummies 100 CompTIA PenTest+ Study Guide 101 CompTIA PenTest+ Website 101 Cybrary's Advanced Penetration Testing 101 Linux Server Security: Hack and Defend 101 Advanced Penetration Testing: Hacking the World's Most Secure Networks 102 The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 102 Summary 102 7 Developing a Plan 105 Skills Inventory 105 Skill Gaps 111 Action Plan 112 Summary 113 8 Gaining Experience 115 Capture the Flag 115 Bug Bounties 123 A Brief History of Bug Bounty Programs 124 Pro Bono and Volunteer Work 125 Internships 126 Labs 126 Pentesters on Experience 126 Summary 135 9 Getting Employed as a Pentester 137 Job Descriptions 137 Professional Networking 138 Social Media 139 R???sum??? and Interview Tips 139 Summary 148 Appendix: The Pentester Blueprint 149 Glossary 155 Index 167
Read Less
