دانلود کتاب From Hacking to Report Writing: An Introduction to Security and Penetration Testing

فهرست مطالب :

Contents at a Glance
Contents
About the Author
About the Technical Reviewer
Acknowledgments
Preface
Chapter 1: Introduction
Why Security Testing Is Important
Vulnerabilities Are Everywhere
Not Only Hackers Exploit Vulnerabilities
What Is a Security Test?
The Inevitable Weakness of Any Security Test
What’s In a Name?
The World’s First Security Test
Who Are These Hackers Anyway?
State-Sponsored Actors
Two Examples of State-Sponsored Hacking
Computer Criminals
The SpyEye Botnet
Hacktivists
Welcome to the Central Stupidity Agency
Insider
Edward Snowden
Script Kiddies
Examples of Script Kiddies
What Is a Threat?
Threats and Threat Agents
Summary
Chapter 2: Security Testing Basics
Types of Security Tests
The Knowledge Factor vs. The Guesswork Factor
On The Job: When Black Box Testing Goes Wrong
Social Engineering
What Is a Vulnerability?
Uncovering Vulnerabilities
The Vulnerability Wheel and the Heartbleed Bug
The Vulnerability Wheel by Example
Zero Day Exploits
How Vulnerabilities Are Scored and Rated
A Real-World Example Using CVSS
Software Development Life Cycle and Security Testing
How Security Testing Can Be Applied to the SDLC
Security Metrics
What Is Important Data?
Client-Side vs. Server-Side Testing
Summary
Chapter 3: The Security Testing Process
The Process of a Security Test
The Initialization Phase
Setting the Scope
Setting the Scope Using Old Reports
Helping the Client to Set a Good Scope
Pre Security Test System Q&A
Statement of Work
Statement of Work Example: Organization XYZ
Get Out of Jail Free Card
Security Test Execution
Security Test Report
Summary
Chapter 4: Technical Preparations
Collecting Network Traffic
Software Based
Hardware Based
Inform The CSIRT
Keep Track of Things
A Note on Notes
Software Versioning and Revision Control Systems
Use a Jump Server
Screen
Know Which System You’re Testing
The Habit of Saving Complex Commands
Be Verifiable
Visually Recording Your Work
Tools of the Trade
The Worst Tools One Can Possibly Imagine
Bash Lovely Bash
Keep a Command Log
The Security Tester’s Software Setup
Virtual Machines for Security Testing
When to Use Hacker Distributions
Metasploit
Don’t Be Volatile
End-of-the-Day Checklists
Keep Secrets Safe
Keep Your Backups Secure
Get Liability Insurance
Automated Vulnerability Scanners (and When to Use Them)
The Google Proxy Avoidance Service
When to Connect Via VPN
Summary
Chapter 5: Security Test Execution
Security Test Execution
The Technical Security Test Process
The Layered Approach
The Layered Approach by Example
Identify
Footprinting
Scanning
Enumeration
Exploit
Report
The Circular Approach
When to Use What Approach
The Layered Approach
The Circular Approach
Expecting the Unexpected
The Pre-Security Test System Q&A Taken with a Grain of Salt
To Test Production Systems or to Not Test Productions Systems - That Is the Question
Production Systems versus Pre-Production Systems
The Goal Is to Eventually Fail
Legal Considerations
The Report
Summary
Chapter 6: Identifying Vulnerabilities
Footprinting
When to Footprint
Footprinting Examples
Scanning
What a Network Scanner Is
A Very Short Brush-Up on Ports
Using NMAP
Ping Sweep
Scanning for TCP Services
Scanning for UDP Services
Operating System Detection
Common TCP and UDP-Based Services
NMAP Scripting Engine
Unknown Networks Ports
On the Job: On Poor Documentation
DNS Zone Transfers
DNS Brute Forcing
Server Debug Information
Nslookup
Looping Nslookup
Getting Geographical IP Info Using Pollock
Harvesting E-Mail Addresses with the Harvester
Enumeration
Enumeration Example
Enumerating Web Presence Using Netcraft
American Registry for Internet Numbers (ARIN)
Searching for IP Addresses
The Downside of Manual Domain Name and IP Address Searching
Data from Hacked Sites
Where to Find Raw Data from Hacked Websites
The Ashley Madison Hack
Have I Been PWNED
Shodan
Checking Password Reset Functionality
Summary
Chapter 7: Exploiting Vulnerabilities
System Compromise
Password Attacks
The Password Is Dead – Long Live the Password
Brute Force Password Guessing
Usernames and Passwords
Online vs. Offline Password Attacks
Build Password Lists
And be smart about it
Combining Custom Word Lists and Passwords
Know the User Base
FTP
SSH
HTTP
MYSQL
Remote Desktop Connection
SMB
A Note on Speed and Reliability
Medusa Usage
The Most Common Reason Why Online Password Attacks Fail
How Hackers Can Take Advantage of Centralized Access Control Systems
A Very Short Brush-Up on Hashing with Security Testing in Mind
Cracking Hashed Passwords
Salt and Passwords
Proper Salt Usage
Rainbow Tables
Too Much Salt Can Make Any Rainbow Fade
Where to Find a Rainbow
Crack Hashes Online
Creating a Custom Online Cracking Platform
Default Accounts and Their Passwords
OWASP Top Ten
1. Code Injection
Code Injection Example
2. Broken Authentication and Session Management
Web Application Timeout Issue
Poorly Protected Passwords
3. Cross-Site Scripting (XSS)
The Two Types of XSS Vulnerabilities
Reflected (Or Non-Persistent)
Persistent (Or Stored)
4. Insecure Direct Object Reference
5. Sensitive Data Exposure
URL Fuzzing
Cleartext Communication
6. Security Misconfiguration
Uncovering Poor Password Management
7. Missing Function Level Access Control
8. Cross-Site Request Forgery (CSRF)
9. Using Known Vulnerable Components
10. Unvalidated Redirects and Forwards
OWASP Top Ten Training Ground
SQL Injection
SQL Injection Example
A Very Short Brush-Up on Fuzzing
Simple SQL Injection Fuzzing
Blind SQL Injection
SQL Injection Is Not Always Extracting Data
No Default Protection against SQL Injection
SQL Is SQL
All the Hacker Needs Is a Web Browser
Why Manual Searching Is Better Than Using a Scanner
Summary
Chapter 8: Reporting Vulnerabilities
Why the Final Report Is So Important
The Executive Summary
Report Everything or Just the Bad Stuff
Deliver the Final Report Securely
The Cost of Security
SLE Calculation
ARO Calculation
Putting It All Together with ALE
Why the ALE Value Is Important
The Importance of an Understandable Presentation
The WAPITI Model
W - Why security testing is important
A – Approach to testing
P – Problems found
I – Impact of problems
T – Things to correct
I – Is everything clear?
Risk Choices
Risk Acceptance
Risk Mitigation
Risk Transfer
Risk Avoidance
Risk Choices Applied to the Heartbleed Bug
Be Constructive When Presenting Your Findings
(Almost) Always Suggest Patching
Learn to Argue over the Seriousness of Your Findings
Put Lengthy Raw Data in an Appendix
Make a Slide Presentation
On the Job: Password Cracking
Practice Your Presentation
Post-Security Test Cleanup
Summary
Chapter 9: Example Reports
Security Test Report ZUKUNFT GMBH
Security Test Scope
Statement of Work
Executive Summary
Report Structure
The Testing Process
Netadmin
CVSS Netadmin
Recommendations
23/tcp Telnet
79/tcp finger
161/udp SNMP
Webgateway
CVSS Webgateway
Recommendations
80/tcp http
3000/tcp
FILESERVER
CVSS FILESERVER
Recommendations
139/tcp and 445/tcp
111/tcp and 36547/tcp
Summary
Appendix
Unknown Service Type on Webgateway Port 3000
Website Sample Report
Executive Summary
Security Test Scope
Score Matrix
SQL Injection Vulnerabilities
CVSS Score
Persistent Code Injection
CVSS Score
Insecure Direct Object References
CVSS Score
CVSS Score Summary
Summary
Chapter 10: Ten Tips to Become a Better Security Tester
1. Learn How to Program
2. It’s Elementary, Watson
3. Read The Boy Who Cried Wolf
4. Read Read Read Write Write Write
5. Learn to Spot the Shape that Breaks the Pattern
6. Put Your Money where Your Mouth is (Most of the Time)
7. Tap Into the Noise
8. Watch the Movie Wargames
9. Know that Old Vulnerabilities Never Get Old
10. Have Fun
Summary
Index