180
179 181
180 182
181 183
182 184
183 185
184 186
185 187
186 188
187 189
188 190
189 191
190 192
191 193
192 194
193 195
194 196
195 197
196 198
197 199
198 200
199 201
200 202
201 203
202 204
203 205
204 206
205 207
206 208
207 209
208 210
209 211
210 212
211 213
212 214
213 215
214 216
215 217
216 218
217 219
218 220
219 221
220 222
221 223
222 224
223 225
224 226
225 227
226 228
227 229
228 230
229 231
230 232
231 233
232 235
233 237
234 238
Introduction
Welcome to Penetration Testing For Dummies! It is my goal to start you down the path to learning more about pen testing and why it’s such a hot topic for anyone interested in information technology security. This book shows you how to target, test, analyze, and report on security vulnerabilities with pen testing tools.
I break down the most complex of topics into easily digestible chunks that familiarize you with the details of conducting a pen test, but also why you need to do it and how the hackers you are trying to access your systems are doing so. Your purpose as a pen tester is to test systems, identify risks, and then mitigate those risks before the hackers do.
It takes a person with hacking skills to look for the weaknesses that make an organization susceptible to hacking. The topics in this book aim to equip IT professionals at various levels with the basic knowledge of pen testing.
About This Book
One of my main goals in writing this book is to give you an understanding of the different attacks, vectors, vulnerabilities, patterns, and paths that hackers use to get into your network and systems. Pen testing is intended to follow those same steps, so security pros know about them (and can fix or monitor them) before the hackers do.
For this book, I use a Windows workstation and where I must, I use Linux tools run from a virtual machine. I have chosen this because this is where many beginners are likely to start their pen testing journey. For this book, you can use any current supported version of Windows (Windows 7 and above) on a device that has a network connection (wired and wireless).
A highly experienced pen tester will likely use a native Linux system like Ubuntu (as an example), but you do not need to use it now.
If you are using Linux or Apple, you can follow the same steps throughout the book with a few modifications here and there.
Foolish Assumptions
As I was writing this book, I assumed you work in IT and want to transition to security. It is the go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.
You might have an entry-level or junior position, or you might be a manager or director, with more experience but coming from a different area of expertise. Either way, you want to know more about how pen testing fits into the big picture. As such, you’ll find that I explain even simple concepts to clarify things in the context of penetration testing and overall security.
Icons Used in This Book
Throughout the book, I use various icons to draw your attention to specific information. Here’s a list of those icons and what they mean.
