Our Recent Posts

Tags

Review + Study Notes: Patrick Engebretson -- The Basics of Hacking and Penetration Testing -- Ethica

This book was recommended to me (Lehan Edirisinghe, CEO Cyberspace Command) by IT experts. I strongly recommend this book to those interested in cybersecurity, as a starting point.

You can find this book on Amazon: https://www.amazon.com/dp/1597496553?tag=hacking-books-20

It is useful to read and learn the basics of hacking, if unsure where to begin; you want to enjoy a challenge; you want to understand how to gain access to networks using cool tools or processes; you want to know about offensive security; you want to see how it all fits together.

There are 7 chapters:

(1) What is Pen Testing

(2) Reconnaissance

(3) Scanning

(4) Exploitation

(5) Web-based exploitation

(6) Maintaining access with backdoors and rootkits

(7) Wrapping up the Pen Test

I cannot copy paste or rewrite in my own words the content of this book. But I can review these chapters critically as the CEO of Cyberspace Command.

(1) Chapter 1: What is penetration testing?

[1] Introduction to Backtrack Linux: Tools. Lots of tools.

1. Tools mentioned are free.

2. APTs are explained.

3. How to get network mapping tool Cheops.

[2] Working with Backtrack: Starting the engine

[3] The use and creation of a hacking lab

[4] Phases of a penetration test

[5] Chapter review

[6] Summary

(2) Chapter 2: Reconnaissance

[1] Introduction

[2] HTTrack: Website Copier

[3] Google directives -- practicing your Google-Fu

[4] The harvester: discovering and leveraging e-mail addresses

[5] Whois

[6] Netcraft

[7] Host

[8] Extracting information from DNS

[9] Extracting information from e-mail servers

[10] MetaGooFil

[11] Social engineering

[12] Sifting through the Intel to find attackable targets

[13] How do I practice this step?

[14] Where do I go from here?

[15] Summary

(3) Chapter 3: Scanning

[1] Introduction

[2] Pings and ping sweeps

[3] Port scanning

[4] Vulnerability scanning

[5] How do I practice this step?

[6] Where do I go from here?

[7] Summary

(4) Chapter 4: Exploitation

[1] Introduction

[2] Gaining access to remote services with Medusa

[3] Metasploit: Hacking, Hugh Jackman Style!

[4] John the Ripper: King of the password crackers

[5] Password resetting: kind of like driving a bulldozer through the side of a building

[6[ Sniffing network traffic

[7] Macof: making shicken salad out of chicken sh*t

[8] Fast-Track Autopwn: breaking out the M-60

[9] How do I practice this step?

[10] Where do I go from here?

[11] Summary

(5) Chapter 5: Web-based Exploitation

[1] Introduction

[2] Interrogating web servers: Nikto

[3] Websecurify: automated web vulnerability scanning

[4] Spidering: crawling your target's website

[5] Intercepting requests with webscarab

[6] Code injection attacks

[7] Cross-site scripting: browsers that trust sites

[8] How do I practice this step?

[9] Where do I go from here?

[10] Summary

(6) Chapter 6: Maintaining Access with Backdoors and Rootkits

[1] Introduction

[2] Netcat: the Swiss army knife

[3] Netcat's Cryptic cousin: Cryptcat

[4] Netbus: A classic

[5] Rootkits

[6] Detecting and defending against rootkits

[7] How do I practice this step?

[8] Where do I go from here?

[9[ Summary

(7) Chapter 7: Wrapping up the Penetration Test

[1] Introduction

[2] Writing the penetration testing report

[3] You don't have to go home but you can't stay here

[4] Where do I go from here?

[5] Wrap up

[6] The circle of life

[7] Summary

Vision: Cyber Security Made Easy

Mission: Better and Safer Life 

Values: Integrity Service Excellence 

logo cc.png