Copyright
Publisher: Steve Elliot
Acquisitions Editor: Chris Katsaropoulos
Editorial Project Manager: Benjamin Rearick
Project Manager: Mohana Natarajan
Designer: Matthew Limbert
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
First edition 2014
Copyright 2014 Elsevier Inc. All rights reserved
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: http://www.elsevier.com/permissions
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described here in. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Application Submitted
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN: 978-0-12-407749-2
For information on all Syngress publications, visit our website at store.elsevier.com/syngress
This book has been manufactured using Print On Demand technology. Each copy is produced to order and is limited to black ink. The online version of this book will show color figures where appropriate.
Dedication
I would like to dedicate this book to my family, who have always stood by me. Lisa, Teresa, and Mary, my sisters, have always been there for me. My wife, Dee, and children Micheal and Tremara give me the reason to continue learning and growing. My extended family made of friends, new and old, makes life more exciting and are far too many to list, but include Amber and Adam, Vince and Annette, Darla, Travis and Kim, Steve and Sharon.
Thank you all!
If you arent doing, youre dying. Life is doing.
Jeff Olson
Chapter 1
Introduction
This chapter introduces the purpose of the book and key learning points. It introduces the chapters of the book and appendixes and desired outcome for readers of the book. This chapter also will introduce common definitions used in the penetration testing field.
Keywords
Introduction; penetration testing; gray hat; white hat; black hat; pentest; vulnerability test; vulnerability analysis; vulnerability; threat; risk; social engineering; phishing; spear phishing; dumpster diving; red team; red teaming; malicious user testing; maluser
Information in This Chapter
Book Overview and Key Learning Points
Book Audience
Diagrams, Figures, and Screen Captures
Common Terms
Kali Linux History
Book Overview and Key Learning Points
This book will walk the reader through the penetration testing lifecycle using the most advanced live disk available today, Kali Linux. After this brief introduction, the chapter details how to find, download, install, and customize Kali Linux. Next a brief introduction to basic Linux configurations and settings will ensure basic commands and settings are understood. The remainder of the book is devoted to the penetration testing lifecycleReconnaissance, Scanning, Exploitation, Maintaining Access, and Reporting. While there are hundreds of different tools on the Kali Linux distribution, each chapter covering the penetration testing lifecycle will cover the tools most commonly used in that phase. The reporting phase will detail reports that can be used to present findings to management and leadership and a Rules of Engagement (ROE) template that can be used before beginning a penetration test.
Book Audience
Technical Professionals
Technical professionals in a wide range of specialties can gain benefit from learning how penetration testers work. By gaining this understanding these professionals will better know the basic concepts and techniques used by penetration testers, this knowledge can then be used to better secure their information systems. These specialties include, but are not limited to, server administrators, network administrators, Database Administrators, and Help Desk Professionals.
Those technical professionals that want to transition into becoming a professional penetration tester will gain a good deal of knowledge by reading this book. The underlying understanding that these technical experts have in the various specialties gives them a distinct advantage when becoming a penetration tester. Who better to test the secure configuration of a server than a penetration tester that has extensive knowledge in the administration of server technologies? This is true for other specialties as well.
This book will introduce these technical professionals to the world of penetration testing, and the most common tool used by penetration testers, the Linux Live Disk. By following the examples and instructions in the coming chapters, these professionals will be on the way to understanding or becoming a penetration tester.
Security Engineers
Those security engineers that are striving to better secure the systems they develop and maintain will gain a wealth of knowledge by understanding the penetration testing mindset and lifecycle. Armed with this knowledge, these engineers can bake in security features on the systems they are developing and supporting.