• Complain

Georgia Weidman - Penetration Testing: A Hands-On Introduction to Hacking

Here you can read online Georgia Weidman - Penetration Testing: A Hands-On Introduction to Hacking full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2014, publisher: No Starch Press, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Georgia Weidman Penetration Testing: A Hands-On Introduction to Hacking
  • Book:
    Penetration Testing: A Hands-On Introduction to Hacking
  • Author:
  • Publisher:
    No Starch Press
  • Genre:
  • Year:
    2014
  • Rating:
    4 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 80
    • 1
    • 2
    • 3
    • 4
    • 5

Penetration Testing: A Hands-On Introduction to Hacking: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Penetration Testing: A Hands-On Introduction to Hacking" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, youll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, youll experience the key stages of an actual assessment - including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.Learn how to: Crack passwords and wireless network keys with brute-forcing and wordlistsTest web applications for vulnerabilitiesUse the Metasploit Framework to launch exploits and write your own Metasploit modulesAutomate social-engineering attacksBypass antivirus softwareTurn access to one machine into total control of the enterprise in the post exploitation phaseYoull even explore writing your own exploits. Then its on to mobile hacking - Weidmans particular area of research - with her tool, the Smartphone Pentest Framework.With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

Georgia Weidman: author's other books


Who wrote Penetration Testing: A Hands-On Introduction to Hacking? Find out the surname, the name of the author of the book and a list of all author's works by series.

Penetration Testing: A Hands-On Introduction to Hacking — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Penetration Testing: A Hands-On Introduction to Hacking" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Penetration Testing: A Hands-On Introduction to Hacking
Georgia Weidman
Published by No Starch Press

In memory of Jess Hilden

About the Author

Georgia Weidman is a penetration tester and researcher, as well as the founder of Bulb Security, a security consulting firm. She presents at conferences around the world including Black Hat, ShmooCon, and DerbyCon, and teaches classes on topics such as penetration testing, mobile hacking, and exploit development. Her work in mobile security has been featured in print and on television internationally. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.

Tommy Phillips Photography Foreword I met Georgia Weidman at a conference - photo 1

Tommy Phillips Photography

Foreword

I met Georgia Weidman at a conference almost two years ago. Intrigued by what she was doing in the mobile device security field, I started following her work. At nearly every conference Ive attended since then, Ive run into Georgia and found her passionately sharing knowledge and ideas about mobile device security and her Smartphone Pentesting Framework.

In fact, mobile device security is only one of the things Georgia does. Georgia performs penetration tests for a living; travels the world to deliver training on pentesting, the Metasploit Framework, and mobile device security; and presents novel and innovative ideas on how to assess the security of mobile devices at conferences.

Georgia spares no effort in diving deeper into more advanced topics and working hard to learn new things. She is a former student of my (rather challenging) Exploit Development Bootcamp, and I can attest to the fact that she did very well throughout the entire class. Georgia is a true hackeralways willing to share her findings and knowledge with our great infosec communityand when she asked me to write the foreword to this book, I felt very privileged and honored.

As a chief information security officer, a significant part of my job revolves around designing, implementing, and managing an information security program. Risk management is a very important aspect of the program because it allows a company to measure and better understand its current position in terms of risk. It also allows a company to define priorities and implement measures to decrease risk to an acceptable level, based on the companys core business activities, its mission and vision, and legal requirements.

Identifying all critical business processes, data, and data flows inside a company is one of the first steps in risk management. This step includes compiling a detailed inventory of all IT systems (equipment, networks, applications, interfaces, and so on) that support the companys critical business processes and data from an IT perspective. The task is time consuming and its very easy to forget about certain systems that at first dont seem to be directly related to supporting critical business processes and data, but that are nonetheless critical because other systems depend on them. This inventory is fundamentally important and is the perfect starting point for a risk-assessment exercise.

One of the goals of an information-security program is to define what is necessary to preserve the desired level of confidentiality, integrity, and availability of a companys IT systems and data. Business process owners should be able to define their goals, and our job as information-security professionals is to implement measures to make sure we meet these goals and to test how effective these measures are.

There are a few ways to determine the actual risk to the confidentiality, integrity, and availability of a companys systems. One way is to perform a technical assessment to see how easy it would be for an adversary to undermine the desired level of confidentiality, break the integrity of systems, and interfere with the availability of systems, either by attacking them directly or by attacking the users with access to these systems.

Thats where a penetration tester (pentester, ethical hacker, or whatever you want to call it) comes into play. By combining knowledge of how systems are designed, built, and maintained with a skillset that includes finding creative ways around defenses, a good pentester is instrumental in identifying and demonstrating the strength of a companys information-security posture.

If you would like to become a penetration tester or if you are a systems/network administrator who wants to know more about how to test the security of your systems, this book is perfect for you. Youll learn some of the more technical phases of a penetration test, beginning with the initial information-gathering process. Youll continue with explanations of how to exploit vulnerable networks and applications as you delve deeper into the network in order to determine how much damage could be done.

This book is unique because its not just a compilation of tools with a discussion of the available options. It takes a very practical approach, designed around a laba set of virtual machines with vulnerable applicationsso you can safely try various pentesting techniques using publicly available free tools.

Each chapter starts with an introduction and contains one or more hands-on exercises that will allow you to better understand how vulnerabilities can be discovered and exploited. Youll find helpful tips and tricks from an experienced professional pentester, real-life scenarios, proven techniques, and anecdotes from actual penetration tests.

Entire books can be written (and have been) on the topics covered in each chapter in this book, and this book doesnt claim to be the Wikipedia of pentesting. That said, it will certainly provide you with more than a first peek into the large variety of attacks that can be performed to assess a targets security posture. Thanks to its guided, hands-on approach, youll learn how to use the Metasploit Framework to exploit vulnerable applications and use a single hole in a systems defenses to bypass all perimeter protections, dive deeper into the network, and exfiltrate data from the target systems. Youll learn how to bypass antivirus programs and perform efficient social-engineering attacks using tools like the Social-Engineer Toolkit. Youll see how easy it would be to break into a corporate Wi-Fi network, and how to use Georgias Smartphone Pentest Framework to assess how damaging a companys bring your own device policy (or lack thereof) could be. Each chapter is designed to trigger your interest in pentesting and to provide you with first-hand insight into what goes on inside a pentesters mind.

I hope this book will spark your creativity and desire to dive deeper into certain areas; to work hard and learn more; and to do your own research and share your knowledge with the community. As technology develops, environments change, and companies increasingly rely on technology to support their core business activities, the need for smart pentesters will increase. You are the future of this community and the information-security industry.

Good luck taking your first steps into the exciting world of pentesting. Im sure you will enjoy this book!

Peter corelanc0d3r Van Eeckhoutte

Founder of Corelan Team

Acknowledgments

Many thanks go to the following people and organizations (in no particular order).

My parents, who have always supported my career endeavorsincluding paying for me to go to my first conference and get my first certifications when I was still a broke college student.

Collegiate Cyber Defense Competition, particularly the Mid-Atlantic region Red Team, for helping me find what I wanted to do with my life.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Penetration Testing: A Hands-On Introduction to Hacking»

Look at similar books to Penetration Testing: A Hands-On Introduction to Hacking. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Penetration Testing: A Hands-On Introduction to Hacking»

Discussion, reviews of the book Penetration Testing: A Hands-On Introduction to Hacking and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.