Vision: Cybersecurity Made Easy

Mission: Making Life Better and Safer with Innovation

Values: Integrity Service Excellence 

Review + Study Notes: Patrick Engebretson -- The Basics of Hacking and Penetration Testing -- Ethical Hacking and Penetration Testing Made Easy (2011)

May 13, 2019

This book was recommended to me (Lehan Edirisinghe, CEO Cyberspace Command) by IT experts. I strongly recommend this book to those interested in cybersecurity, as a starting point.

 

You can find this book on Amazon: https://www.amazon.com/dp/1597496553?tag=hacking-books-20

 

It is useful to read and learn the basics of hacking, if unsure where to begin; you want to enjoy a challenge; you want to understand how to gain access to networks using cool tools or processes; you want to know about offensive security; you want to see how it all fits together.

 

There are 7 chapters: 

(1) What is Pen Testing

(2) Reconnaissance

(3) Scanning

(4) Exploitation

(5) Web-based exploitation

(6) Maintaining access with backdoors and rootkits

(7) Wrapping up the Pen Test

 

I cannot copy paste or rewrite in my own words the content of this book. But I can review these chapters critically as the CEO of Cyberspace Command. 

 

(1) Chapter 1: What is penetration testing? 

 

[1] Introduction to Backtrack Linux: Tools. Lots of tools.

 

1. Tools mentioned are free.

2. APTs are explained.

3. How to get network mapping tool Cheops.

 

[2] Working with Backtrack: Starting the engine

 

[3] The use and creation of a hacking lab

 

[4] Phases of a penetration test

 

[5] Chapter review

 

[6] Summary

 

(2) Chapter 2: Reconnaissance

 

[1] Introduction

 

[2] HTTrack: Website Copier

 

[3] Google directives -- practicing your Google-Fu

 

[4] The harvester: discovering and leveraging e-mail addresses

 

[5] Whois

 

[6] Netcraft

 

[7] Host

 

[8] Extracting information from DNS

 

[9] Extracting information from e-mail servers

 

[10] MetaGooFil

 

[11] Social engineering

 

[12] Sifting through the Intel to find attackable targets

 

[13] How do I practice this step?

 

[14] Where do I go from here?

 

[15] Summary

 

(3) Chapter 3: Scanning

 

[1] Introduction 

 

[2] Pings and ping sweeps

 

[3] Port scanning

 

[4] Vulnerability scanning

 

[5] How do I practice this step?

 

[6] Where do I go from here?

 

[7] Summary

 

(4) Chapter 4: Exploitation

 

[1] Introduction 

 

[2] Gaining access to remote services with Medusa

 

[3] Metasploit: Hacking, Hugh Jackman Style!

 

[4] John the Ripper: King of the password crackers

 

[5] Password resetting: kind of like driving a bulldozer through the side of a building

 

[6[ Sniffing network traffic

 

[7] Macof: making shicken salad out of chicken sh*t

 

[8] Fast-Track Autopwn: breaking out the M-60

 

[9] How do I practice this step?

 

[10] Where do I go from here?

 

[11] Summary

 

(5) Chapter 5: Web-based Exploitation

 

[1] Introduction

 

[2] Interrogating web servers: Nikto

 

[3] Websecurify: automated web vulnerability scanning

 

[4] Spidering: crawling your target's website

 

[5] Intercepting requests with webscarab

 

[6] Code injection attacks

 

[7] Cross-site scripting: browsers that trust sites

 

[8] How do I practice this step?

 

[9] Where do I go from here?

 

[10] Summary

 

(6) Chapter 6: Maintaining Access with Backdoors and Rootkits

 

[1] Introduction

 

[2] Netcat: the Swiss army knife

 

[3] Netcat's Cryptic cousin: Cryptcat

 

[4] Netbus: A classic

 

[5] Rootkits

 

[6] Detecting and defending against rootkits

 

[7] How do I practice this step?

 

[8] Where do I go from here?

 

[9[ Summary

 

(7) Chapter 7: Wrapping up the Penetration Test

 

[1] Introduction

 

[2] Writing the penetration testing report

 

[3] You don't have to go home but you can't stay here

 

[4] Where do I go from here?

 

[5] Wrap up

 

[6] The circle of life

 

[7] Summary

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Please reload

Our Recent Posts

This book was recommended to me (Lehan Edirisinghe, CEO Cyberspace Command) by IT experts. I strongly recommend this book to those interested in cyber...

Review + Study Notes: Patrick Engebretson -- The Basics of Hacking and Penetration Testing -- Ethical Hacking and Penetration Testing Made Easy (2011)

May 13, 2019

Cybersecurity Principles

August 18, 2018

Ways to improve client communication

May 3, 2016

1/1
Please reload

Tags

Please reload