Normal view MARC view ISBD view

The pentester blueprint : starting a career as an ethical hacker / Phillip Wylie, Kim Crawley.

By: Wylie, Phillip [author.]

Contributor(s): Crawley, Kim [author.]

Language: English Publisher: Indianapolis : John Wiley and Sons, 2021Edition: 1Description: 1 online resourceContent type: text Media type: computer Carrier type: online resourceISBN: 9781119684305Genre/Form: Electronic books.Online resources: Full text available at Wiley Online Library Click here to view.

Contents:

Table of contents Foreword xvi Introduction xviii 1 What is a Pentester? 1 Synonymous Terms and Types of Hackers 2 Pentests Described 3 Benefits and Reasons 3 Legality and Permission 5 Pentest Methodology 5 Pre-engagement Interactions 7 Intelligence Gathering 7 Threat Modeling 7 Vulnerability Analysis 7 Exploitation 8 Post Exploitation 8 Reporting 8 Pentest Types 9 Vulnerability Scanning 10 Vulnerability Assessments 10 Pentest Targets and Specializations 11 Generalist Pentesting 11 Application Pentesting 11 Internet of Things (IoT) 12 Industrial Control Systems (ICS) 12 Hardware and Medical Devices 13 Social Engineering 13 Physical Pentesting 13 Transportation Pentesting 14 Red Team Pentesting 14 Career Outlook 14 Summary 16 2 Prerequisite Skills 17 Skills Required for Learning Pentesting 18 Operating Systems 18 Networking 19 Information Security 19 Prerequisites Learning 19 Information Security Basics 20 What is Information Security? 21 The CIA Triad 22 Security Controls 24 Access Control 26 Incident Response 28 Malware 30 Advanced Persistent Threats 34 The Cyber Kill Chain 35 Common Vulnerabilities and Exposures 36 Phishing and Other Social Engineering 37 Airgapped Machines 38 The Dark Web 39 Summary 40 3 Education of a Hacker 43 Hacking Skills 43 Hacker Mindset 44 The Pentester Blueprint Formula 45 Ethical Hacking Areas 45 Operating Systems and Applications 46 Networks 46 Social Engineering 47 Physical Security 48 Types of Pentesting 48 Black Box Testing 49 White Box Testing 49 Gray Box Testing 50 A Brief History of Pentesting 50 The Early Days of Pentesting 51 Improving the Security of Your Site by Breaking into It 51 Pentesting Today 52 Summary 53 4 Education Resources 55 Pentesting Courses 55 Pentesting Books 56 Pentesting Labs 60 Web Resources 60 Summary 64 5 Building a Pentesting Lab 65 Pentesting Lab Options 65 Minimalist Lab 66 Dedicated Lab 66 Advanced Lab 67 Hacking Systems 67 Popular Pentesting Tools 68 Kali Linux 68 Nmap 69 Wireshark 69 Vulnerability Scanning Applications 69 Hak5 70 Hacking Targets 70 PentestBox 70 VulnHub 71 Proving Grounds 71 How Pentesters Build Their Labs 71 Summary 81 6 Certifications and Degrees 83 Pentesting Certifications 83 Entry-Level Certifications 84 Intermediate-Level Certifications 85 Advanced-Level Certifications 87 Specialization Web Application Pentesting Certifications 88 Wireless Pentesting Certifications 90 Mobile Pentesting Certifications 91 Pentesting Training and Coursework 91 Acquiring Pentesting Credentials 92 Certification Study Resources 99 CEH v10 Certified Ethical Hacker Study Guide 100 EC-Council 100 Quizlet CEH v10 Study Flashcards 100 Hacking Wireless Networks for Dummies 100 CompTIA PenTest+ Study Guide 101 CompTIA PenTest+ Website 101 Cybrary’s Advanced Penetration Testing 101 Linux Server Security: Hack and Defend 101 Advanced Penetration Testing: Hacking the World’s Most Secure Networks 102 The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 102 Summary 102 7 Developing a Plan 105 Skills Inventory 105 Skill Gaps 111 Action Plan 112 Summary 113 8 Gaining Experience 115 Capture the Flag 115 Bug Bounties 123 A Brief History of Bug Bounty Programs 124 Pro Bono and Volunteer Work 125 Internships 126 Labs 126 Pentesters on Experience 126 Summary 135 9 Getting Employed as a Pentester 137 Job Descriptions 137 Professional Networking 138 Social Media 139 Résumé and Interview Tips 139 Summary 148 Appendix: The Pentester Blueprint 149 Glossary 155 Index 167

Summary: JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications. You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement. Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing. Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you: The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems The development of hacking skills and a hacker mindset Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study Which certifications and degrees are most useful for gaining employment as a pentester How to get experience in the pentesting field, including labs, CTFs, and bug bounties

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings ( 1 )
Title notes
Comments ( 0 )

Item type	Current location	Home library	Call number	Status	Date due	Barcode	Item holds
EBOOK	COLLEGE LIBRARY	COLLEGE LIBRARY	005.87 W977 2021 (Browse shelf)	Available		CL-52889

Total holds: 0

Browsing COLLEGE LIBRARY Shelves Close shelf browser

Previous								Next
Previous	005.87 C188 2020 Tribe of hackers blue team : tribal knowledge from the best in defensive cybersecurity /	005.87 H526 2020 Hands on hacking /	005.87 L5142 20023 Cyber threat intelligence /	005.87 W977 2021 The pentester blueprint : starting a career as an ethical hacker /	006.74C189 1998 New perspective on creating web pages with html : comprehensive /	006 T618 2022 Tools, languages, methodologies for representing semantics on the web of things /	006.22 B149 2016 Practical microcontroller engineering with ARM® technology /	Next

Includes index.

PHILLIP L. WYLIE has over two decades of experience working in IT and information security. In addition to working as a penetration tester he has founded and runs The Pwn School Project, teaching ethical hacking. He holds the CISSP, OSCP, and GWAPT certifications. He is a highly sought-after public speaker who frequently presents at conferences about pentesting. He was interviewed for the Tribe of Hackers Red Team book.

KIM CRAWLEY is dedicated to researching and writing about a plethora of cybersecurity issues. Some of the companies Kim has worked for over the years include Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, and Venafi. All matters red team, blue team, and purple team fascinate her. But she's especially fascinated by malware, social engineering, and advanced persistent threats. Kim's extracurricular activities include running an online cybersecurity event called DisInfoSec, and autistic self-advocacy.

Table of contents

Foreword xvi

Introduction xviii

1 What is a Pentester? 1

Synonymous Terms and Types of Hackers 2

Pentests Described 3

Benefits and Reasons 3

Legality and Permission 5

Pentest Methodology 5

Pre-engagement Interactions 7

Intelligence Gathering 7

Threat Modeling 7

Vulnerability Analysis 7

Exploitation 8

Post Exploitation 8

Reporting 8

Pentest Types 9

Vulnerability Scanning 10

Vulnerability Assessments 10

Pentest Targets and Specializations 11

Generalist Pentesting 11

Application Pentesting 11

Internet of Things (IoT) 12

Industrial Control Systems (ICS) 12

Hardware and Medical Devices 13

Social Engineering 13

Physical Pentesting 13

Transportation Pentesting 14

Red Team Pentesting 14

Career Outlook 14

Summary 16

2 Prerequisite Skills 17

Skills Required for Learning Pentesting 18

Operating Systems 18

Networking 19

Information Security 19

Prerequisites Learning 19

Information Security Basics 20

What is Information Security? 21

The CIA Triad 22

Security Controls 24

Access Control 26

Incident Response 28

Malware 30

Advanced Persistent Threats 34

The Cyber Kill Chain 35

Common Vulnerabilities and Exposures 36

Phishing and Other Social Engineering 37

Airgapped Machines 38

The Dark Web 39

Summary 40

3 Education of a Hacker 43

Hacking Skills 43

Hacker Mindset 44

The Pentester Blueprint Formula 45

Ethical Hacking Areas 45

Operating Systems and Applications 46

Networks 46

Social Engineering 47

Physical Security 48

Types of Pentesting 48

Black Box Testing 49

White Box Testing 49

Gray Box Testing 50

A Brief History of Pentesting 50

The Early Days of Pentesting 51

Improving the Security of Your Site by Breaking into It 51

Pentesting Today 52

Summary 53

4 Education Resources 55

Pentesting Courses 55

Pentesting Books 56

Pentesting Labs 60

Web Resources 60

Summary 64

5 Building a Pentesting Lab 65

Pentesting Lab Options 65

Minimalist Lab 66

Dedicated Lab 66

Advanced Lab 67

Hacking Systems 67

Popular Pentesting Tools 68

Kali Linux 68

Nmap 69

Wireshark 69

Vulnerability Scanning Applications 69

Hak5 70

Hacking Targets 70

PentestBox 70

VulnHub 71

Proving Grounds 71

How Pentesters Build Their Labs 71

Summary 81

6 Certifications and Degrees 83

Pentesting Certifications 83

Entry-Level Certifications 84

Intermediate-Level Certifications 85

Advanced-Level Certifications 87

Specialization Web Application Pentesting Certifications 88

Wireless Pentesting Certifications 90

Mobile Pentesting Certifications 91

Pentesting Training and Coursework 91

Acquiring Pentesting Credentials 92

Certification Study Resources 99

CEH v10 Certified Ethical Hacker Study Guide 100

EC-Council 100

Quizlet CEH v10 Study Flashcards 100

Hacking Wireless Networks for Dummies 100

CompTIA PenTest+ Study Guide 101

CompTIA PenTest+ Website 101

Cybrary’s Advanced Penetration Testing 101

Linux Server Security: Hack and Defend 101

Advanced Penetration Testing: Hacking the World’s Most Secure Networks 102

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 102

Summary 102

7 Developing a Plan 105

Skills Inventory 105

Skill Gaps 111

Action Plan 112

Summary 113

8 Gaining Experience 115

Capture the Flag 115

Bug Bounties 123

A Brief History of Bug Bounty Programs 124

Pro Bono and Volunteer Work 125

Internships 126

Labs 126

Pentesters on Experience 126

Summary 135

9 Getting Employed as a Pentester 137

Job Descriptions 137

Professional Networking 138

Social Media 139

Résumé and Interview Tips 139

Summary 148

Appendix: The Pentester Blueprint 149

Glossary 155

Index 167

JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER

The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.

You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement.

Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing.

Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you:

The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems
The development of hacking skills and a hacker mindset
Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study
Which certifications and degrees are most useful for gaining employment as a pentester
How to get experience in the pentesting field, including labs, CTFs, and bug bounties

There are no comments for this item.

to post a comment.