The book “Penetration Testing Fundamentals” is an instructional guide to performing a network penetration test, which involves using real hacking techniques to test the security of a target system. Nowadays, most people think that penetration testing and hacking are synonymous, but this is not true at all.
Let’s start with the definition of hacking. Contrary to what you might infer from hearsay, hacking is not inherently illegal. Hacking is a process for gaining a complete understanding of a system in order to identify all of its vulnerabilities and exploit them. Of course, these techniques can also be used by criminals, but most of the hacking community are not criminals and do not violate the law.
They are researchers who try to understand systems. In many cases, these researches are individual and outside of any scientific environment. In simpler terms, hacking is mostly driven by curiosity and leads us to the penetration testing experiment. Penetration testing is a formal process that should include standard project management methodologies.
The goal of penetration testing is to try to exploit weaknesses in the target system. Essentially, you are attempting to penetrate the system, but in a positive and legal approach. The first and most obvious difference between penetration testing and hacking is this approach. Hacking is an unstructured and decentralized process, and hackers only have their own satisfaction in mind. This means that when a hacker hacks a system, it is only out of their personal curiosity, but penetration testing is for testing the security of the system. There is no personal curiosity involved for a penetration tester, and they do it for achieving a specific goal.
The second difference between hacking and penetration testing is their scope. A hacker may only focus on one aspect of the system, but a penetration tester focuses on a wide range that has been determined for them.
The third difference is the legality of the work. As I mentioned before, hacking is not necessarily a crime, and many hackers are law-abiding citizens. However, certainly, some hackers get involved in crimes. The activities of a penetration tester are never at risk of being criminal or illegal. Penetration testers always have permission from the owners of the system and network.
Download the book “Network Penetration Testing – Penetration Testing Fundamentals”.
What topics will we learn in this book?
- Introduction to Penetration Testing
- Hacking Windows
- Web Hacking
- Vulnerability Scanning
- Introduction to Linux
- Linux Hacking
- Introduction to Kali Linux
- General Hacking Techniques
- Introduction to Metasploit
- More with Metasploit
- Introduction to Scripting with Ruby
- Write Your Own Metasploit Exploits with Ruby
- General Hacking Knowledge
- Additional Pen Testing Topics
- A Sample Pen Test Project
- Appendix A: Answers to Chapter Multiple-Choice Questions
- by William Easttom
- Publisher: Pearson IT Certification
- Release Date: March 2018
- ISBN: 9780134854564
- LEARN HOW TO
- Understand what pen testing is and how it’s used
- Meet modern standards for comprehensive and effective testing
- Review cryptography essentials every pen tester must know
- Perform reconnaissance with Nmap, Google searches, and ShodanHq
- Use malware as part of your pen testing toolkit
- Test for vulnerabilities in Windows shares, scripts, WMI, and the Registry
- Pen test websites and web communication
- Recognize SQL injection and cross-site scripting attacks
- Scan for vulnerabilities with OWASP ZAP, Vega, Nessus, and MBSA
- Identify Linux vulnerabilities and password cracks
- Use Kali Linux for advanced pen testing
- Apply general hacking techniques ssuch as fake Wi-Fi hotspots and social engineering
- Systematically test your environment with Metasploit
- Write or customize sophisticated Metasploit exploits