The Pentester BluePrint

Starting a Career as an Ethical Hacker

; Kim Crawley

JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER


The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Les mer
Vår pris
357,-

(Paperback) Fri frakt!
Leveringstid: Usikker levering*
*Vi bestiller varen fra forlag i utlandet. Dersom varen finnes, sender vi den så snart vi får den til lager
På grunn av Brexit-tilpasninger og tiltak for å begrense covid-19 kan det dessverre oppstå forsinket levering.

Paperback
Legg i
Paperback
Legg i
Vår pris: 357,-

(Paperback) Fri frakt!
Leveringstid: Usikker levering*
*Vi bestiller varen fra forlag i utlandet. Dersom varen finnes, sender vi den så snart vi får den til lager
På grunn av Brexit-tilpasninger og tiltak for å begrense covid-19 kan det dessverre oppstå forsinket levering.

Om boka

JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER


The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.


You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement.


Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing.


Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you:





The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems

The development of hacking skills and a hacker mindset

Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study

Which certifications and degrees are most useful for gaining employment as a pentester

How to get experience in the pentesting field, including labs, CTFs, and bug bounties

Fakta

Innholdsfortegnelse

Foreword xvi


Introduction xviii


1 What is a Pentester? 1


Synonymous Terms and Types of Hackers 2


Pentests Described 3


Benefits and Reasons 3


Legality and Permission 5


Pentest Methodology 5


Pre-engagement Interactions 7


Intelligence Gathering 7


Threat Modeling 7


Vulnerability Analysis 7


Exploitation 8


Post Exploitation 8


Reporting 8


Pentest Types 9


Vulnerability Scanning 10


Vulnerability Assessments 10


Pentest Targets and Specializations 11


Generalist Pentesting 11


Application Pentesting 11


Internet of Things (IoT) 12


Industrial Control Systems (ICS) 12


Hardware and Medical Devices 13


Social Engineering 13


Physical Pentesting 13


Transportation Pentesting 14


Red Team Pentesting 14


Career Outlook 14


Summary 16


2 Prerequisite Skills 17


Skills Required for Learning Pentesting 18


Operating Systems 18


Networking 19


Information Security 19


Prerequisites Learning 19


Information Security Basics 20


What is Information Security? 21


The CIA Triad 22


Security Controls 24


Access Control 26


Incident Response 28


Malware 30


Advanced Persistent Threats 34


The Cyber Kill Chain 35


Common Vulnerabilities and Exposures 36


Phishing and Other Social Engineering 37


Airgapped Machines 38


The Dark Web 39


Summary 40


3 Education of a Hacker 43


Hacking Skills 43


Hacker Mindset 44


The Pentester Blueprint Formula 45


Ethical Hacking Areas 45


Operating Systems and Applications 46


Networks 46


Social Engineering 47


Physical Security 48


Types of Pentesting 48


Black Box Testing 49


White Box Testing 49


Gray Box Testing 50


A Brief History of Pentesting 50


The Early Days of Pentesting 51


Improving the Security of Your Site by Breaking into It 51


Pentesting Today 52


Summary 53


4 Education Resources 55


Pentesting Courses 55


Pentesting Books 56


Pentesting Labs 60


Web Resources 60


Summary 64


5 Building a Pentesting Lab 65


Pentesting Lab Options 65


Minimalist Lab 66


Dedicated Lab 66


Advanced Lab 67


Hacking Systems 67


Popular Pentesting Tools 68


Kali Linux 68


Nmap 69


Wireshark 69


Vulnerability Scanning Applications 69


Hak5 70


Hacking Targets 70


PentestBox 70


VulnHub 71


Proving Grounds 71


How Pentesters Build Their Labs 71


Summary 81


6 Certifications and Degrees 83


Pentesting Certifications 83


Entry-Level Certifications 84


Intermediate-Level Certifications 85


Advanced-Level Certifications 87


Specialization Web Application Pentesting Certifications 88


Wireless Pentesting Certifications 90


Mobile Pentesting Certifications 91


Pentesting Training and Coursework 91


Acquiring Pentesting Credentials 92


Certification Study Resources 99


CEH v10 Certified Ethical Hacker Study Guide 100


EC-Council 100


Quizlet CEH v10 Study Flashcards 100


Hacking Wireless Networks for Dummies 100


CompTIA PenTest+ Study Guide 101


CompTIA PenTest+ Website 101


Cybrary's Advanced Penetration Testing 101


Linux Server Security: Hack and Defend 101


Advanced Penetration Testing: Hacking the World's Most Secure Networks 102


The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 102


Summary 102


7 Developing a Plan 105


Skills Inventory 105


Skill Gaps 111


Action Plan 112


Summary 113


8 Gaining Experience 115


Capture the Flag 115


Bug Bounties 123


A Brief History of Bug Bounty Programs 124


Pro Bono and Volunteer Work 125


Internships 126


Labs 126


Pentesters on Experience 126


Summary 135


9 Getting Employed as a Pentester 137


Job Descriptions 137


Professional Networking 138


Social Media 139


Resume and Interview Tips 139


Summary 148


Appendix: The Pentester Blueprint 149


Glossary 155


Index 167

Om forfatteren

PHILLIP L. WYLIE has over two decades of experience working in IT and information security. In addition to working as a penetration tester he has founded and runs The Pwn School Project, teaching ethical hacking. He holds the CISSP, OSCP, and GWAPT certifications. He is a highly sought-after public speaker who frequently presents at conferences about pentesting. He was interviewed for the Tribe of Hackers Red Team book.
KIM CRAWLEY is dedicated to researching and writing about a plethora of cybersecurity issues. Some of the companies Kim has worked for over the years include Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, and Venafi. All matters red team, blue team, and purple team fascinate her. But she's especially fascinated by malware, social engineering, and advanced persistent threats. Kim's extracurricular activities include running an online cybersecurity event called DisInfoSec, and autistic self-advocacy.