Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On Ethical Hacking Tactics

You're reading from   Hands-On Ethical Hacking Tactics Strategies, tools, and techniques for effective cyber defense

Arrow left icon
Product type Paperback
Published in May 2024
Publisher Packt
ISBN-13 9781801810081
Length 464 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Shane Hartman Shane Hartman
Author Profile Icon Shane Hartman
Shane Hartman
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1:Information Gathering and Reconnaissance
2. Chapter 1: Ethical Hacking Concepts FREE CHAPTER 3. Chapter 2: Ethical Hacking Footprinting and Reconnaissance 4. Chapter 3: Ethical Hacking Scanning and Enumeration 5. Chapter 4: Ethical Hacking Vulnerability Assessments and Threat Modeling 6. Part 2:Hacking Tools and Techniques
7. Chapter 5: Hacking the Windows Operating System 8. Chapter 6: Hacking the Linux Operating System 9. Chapter 7: Ethical Hacking of Web Servers 10. Chapter 8: Hacking Databases 11. Chapter 9: Ethical Hacking Protocol Review 12. Chapter 10: Ethical Hacking for Malware Analysis 13. Part 3:Defense, Social Engineering, IoT, and Cloud
14. Chapter 11: Incident Response and Threat Hunting 15. Chapter 12: Social Engineering 16. Chapter 13: Ethical Hacking of the Internet of Things 17. Chapter 14: Ethical Hacking in the Cloud 18. Index 19. Other Books You May Enjoy

Ethical hacking and penetration testing

As has been pointed out earlier, ethical hacking is commonly associated with penetration testing or pentesting. So, let’s take moment to talk about pentesting and the unique role that it plays in organizational security. Pentesting is when an individual or organization attempts to simulate a hostile attacker to test the overall security posture of the network and its staff. This legal form of hacking is commonly outsourced to a third-party company that specializes in this area. Before a pentest can take place, the team needs to get explicit permission to perform their operation, with clear definitions about what is in scope or covered under the project responsibilities or deliverables and what is off-limits. An example of something in scope might be “ping sweep of the entire subnet to inventory responding devices.” while something that might be out of scope would be “The capture and or attempt to crack user passwords is prohibited.” This document, loosely referred to as the get out of jail free card, contains those definitions and is signed by both parties before proceeding. Once signed, violation of this agreement could land an individual, or even the whole group, in jail, so be aware of that.

Penetration tests can take many forms but the two most common are black-box testing and white-box testing. Black-box testing is the testing of systems where no prior knowledge is provided. The testing is meant to resemble more closely what an attacker might see and the methods they would be most likely to choose. Some companies do not like this approach as there is time spent on research and they wish to get the most technical details as quickly as they can. This is where white-box testing comes in, and advanced knowledge of the system(s) is provided to help expedite tests and get the most technical details.

Penetration tests are also commonly used as part of a larger set of security controls and audits that are in place to confirm the overall effectiveness of the security controls in place.

When an organization decides to carry out a penetration test, there are certain questions that will need to be asked to establish goals. These might include the following:

  • Why are you doing a penetration test?
  • What is the goal of the organization from the test results?
  • What are the limits or rules of engagement?
  • What data and or services will the test include?
  • Who are the data owners?
  • What will be done with the results?

There are many other areas that might need to be covered depending on the scope and depth of the penetration test. Also note that the penetration test is something to be considered after the basics have been implemented, such as firewalls, access controls, and account management, otherwise, the results of the test will gravitate to this lowest common denominator.

Now that we have discussed penetration testing, let’s look at some of the defensive techniques and technologies.

You have been reading a chapter from
Hands-On Ethical Hacking Tactics
Published in: May 2024
Publisher: Packt
ISBN-13: 9781801810081
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime