From Hacking to Report Writing

Overview

Below is an outline for the ebook "From Hacking to Report Writing". If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Security - Penetration Testing

If you are having issues logging in, please check the following help guide, HERE.

 

Outline

1. Introduction
2. Why Security Testing Is Important
3. Vulnerabilities Are Everywhere
4. Not Only Hackers Exploit Vulnerabilities
5. What Is a Security Test
6. The Inevitable Weakness of Any Security Test
7. What's In a Name
8. The Worlds First Security Test
9. Who Are These Hackers Anyway
9.1.1. State-Sponsored Actors
9.1.2. Computer Criminals
9.1.3. Hacktivists
9.1.4. Insider
9.1.5. Script Kiddies
9.1.6. What Is a Threat
9.1.7. Threats and Threat Agents
10. Summary
11. Security Testing Basics
12. Types of Security Tests
12.1.1. The Knowledge Factor vs The Guesswork Factor
13. Social Engineering
14. What Is a Vulnerability
15. Uncovering Vulnerabilities
16. The Vulnerability Wheel and the Heartbleed Bug
16.1.1. The Vulnerability Wheel by Example
17. Zero Day Exploits
18. How Vulnerabilities Are Scored and Rated
18.1.1. A Real-World Example Using CVSS
19. Software Development Life Cycle and Security Testing
19.1.1. How Security Testing Can Be Applied to the SDLC
20. Security Metrics
21. What Is Important Data
22. ClientSide vs ServerSide Testing
23. Summary
24. The Security Testing Process
25. The Process of a Security Test
26. The Initialization Phase
27. Setting the Scope
27.1.1. Setting the Scope Using Old Reports
27.1.2. Helping the Client to Set a Good Scope
28. Pre Security Test System QA
29. Statement of Work
29.1.1. Statement of Work Example Organization XYZ
30. Get Out of Jail Free Card
31. Security Test Execution
32. Security Test Report
33. Summary
34. Technical Preparations
35. Collecting Network Traffic
35.1.1. Software Based
35.1.2. Hardware Based
36. Inform The CSIRT
37. Keep Track of Things
37.1.1. A Note on Notes
37.1.2. Software Versioning and Revision Control Systems
37.1.3. Use a Jump Server
37.1.4. Screen
38. Know Which System You're Testing
39. The Habit of Saving Complex Commands
40. Be Verifiable
41. Visually Recording Your Work
42. Tools of the Trade
43. The Worst Tools One Can Possibly Imagine
44. Bash Lovely Bash
45. Keep a Command Log
46. The Security Testers Software Setup
47. Virtual Machines for Security Testing
48. When to Use Hacker Distributions
49. Metasploit
50. Don't Be Volatile
51. End-of-the-Day Checklists
52. Keep Secrets Safe
52.1.1. Keep Your Backups Secure
53. Get Liability Insurance
54. Automated Vulnerability Scanners (and When to Use Them)
55. The Google Proxy Avoidance Service
56. When to Connect Via VPN
57. Summary

58. Security Test Execution
59. Security Test Execution
60. The Technical Security Test Process
60.1.1. The Layered Approach
60.1.2. The Circular Approach
61. When to Use What Approach
61.1.1. The Layered Approach
61.1.2. The Circular Approach
62. Expecting the Unexpected
63. The PreSecurity Test System QA Taken with a Grain of Salt
64. To Test Production Systems or to Not Test Productions Systems That Is the Question
64.1.1. Production Systems versus PreProduction Systems
65. The Goal Is to Eventually Fail
66. Legal Considerations
67. The Report
68. Summary
69. Identifying Vulnerabilities
70. Footprinting
70.1.1. When to Footprint
70.1.2. Footprinting Examples
71. Scanning
71.1.1. What a Network Scanner Is
72. A Very Short BrushUp on Ports
72.1.1. Using NMAP
72.1.2. Ping Sweep
72.1.3. Scanning for TCP Services
72.1.4. Scanning for UDP Services
72.1.5. Operating System Detection
72.1.6. Common TCP and UDPBased Services
72.1.7. NMAP Scripting Engine
73. Unknown Networks Ports
74. On the Job On Poor Documentation
75. DNS Zone Transfers
76. DNS Brute Forcing
77. Server Debug Information
78. Nslookup
78.1.1. Looping Nslookup
79. Getting Geographical IP Info Using Pollock
80. Harvesting EMail Addresses with the Harvester
81. Enumeration
81.1.1. Enumeration Example
82. Enumerating Web Presence Using Netcraft
83. American Registry for Internet Numbers ARIN
84. Searching for IP Addresses
84.1.1. The Downside of Manual Domain Name and IP Address Searching
85. Data from Hacked Sites
85.1.1. Where to Find Raw Data from Hacked Websites
85.1.2. The Ashley Madison Hack
86. Have I Been PWNED
87. Shodan
88. Checking Password Reset Functionality
89. Summary
90. Exploiting Vulnerabilities
91. System Compromise
92. Password Attacks
92.1.1. The Password Is Dead Long Live the Password
92.1.2. Brute Force Password Guessing
92.1.3. Online vs Offline Password Attacks
92.1.4. Build Password Lists
92.1.5. And be smart about it
92.1.6. Medusa Usage
92.1.7. The Most Common Reason Why Online Password Attacks Fail
92.1.8. Salt and Passwords
92.1.9. Proper Salt Usage
92.1.10. Rainbow Tables
92.1.11. Too Much Salt Can Make Any Rainbow Fade
92.1.12. Crack Hashes Online
92.1.13. Creating a Custom Online Cracking Platform
92.1.14. Default Accounts and Their Passwords
93. OWASP Top Ten
94. OWASP Top Ten Training Ground
95. SQL Injection
95.1.1. SQL Injection Example
95.1.2. A Very Short BrushUp on Fuzzing
95.1.3. Blind SQL Injection
95.1.4. SQL Is SQL
95.1.5. All the Hacker Needs Is a Web Browser
96. Summary

97. Reporting Vulnerabilities
98. Why the Final Report Is So Important
99. The Executive Summary
100. Report Everything or Just the Bad Stuff
101. Deliver the Final Report Securely
102. The Cost of Security
102.1.1. SLE Calculation
102.1.2. ARO Calculation
102.1.3. Putting It All Together with ALE
102.1.4. Why the ALE Value Is Important
103. The Importance of an Understandable Presentation
103.1.1. The WAPITI Model
104. Risk Choices
104.1.1. Risk Acceptance
104.1.2. Risk Mitigation
104.1.3. Risk Transfer
104.1.4. Risk Avoidance
104.1.5. Risk Choices Applied to the Heartbleed Bug
105. Be Constructive When Presenting Your Findings
106. Almost Always Suggest Patching
107. Learn to Argue over the Seriousness of Your Findings
108. Put Lengthy Raw Data in an Appendix
109. Make a Slide Presentation
110. On the Job Password Cracking
111. Practice Your Presentation
112. PostSecurity Test Cleanup
113. Summary
114. Example Reports
115. Security Test Report ZUKUNFT GMBH
115.1.1. Security Test Scope
115.1.2. Statement of Work
115.1.3. Executive Summary
115.1.4. Report Structure
115.1.5. The Testing Process
115.1.6. Netadmin
115.1.7. Webgateway
115.1.8. FILESERVER
116. Summary
116.1.1. Appendix
117. Website Sample Report
117.1.1. Executive Summary
117.1.2. Security Test Scope
117.1.3. Score Matrix
117.1.4. SQL Injection Vulnerabilities
117.1.5. Persistent Code Injection
117.1.6. Insecure Direct Object References
118. Summary
119. Ten Tips to Become a Better Security Tester
120. Learn How to Program
121. Its Elementary Watson
122. Read the Boy Who Cried Wolf
123. Read Read Read Write Write Write
124. Learn to Spot the Shape that Breaks the Pattern
125. Put Your Money where Your Mouth is Most of the Time
126. Tap Into the Noise
127. Watch the Movie Wargames
128. Know that Old Vulnerabilities Never Get Old
129. Have Fun
130. Summary
131. Index

 

-----

Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.