Foreword xvi
Introduction xviii
1 What is a Pentester? 1
Synonymous Terms and Types of Hackers 2
Pentests Described 3
Benefits and Reasons 3
Legality and Permission 5
Pentest Methodology 5
Pre-engagement Interactions 7
Intelligence Gathering 7
Threat Modeling 7
Vulnerability Analysis 7
Exploitation 8
Post Exploitation 8
Reporting 8
Pentest Types 9
Vulnerability Scanning 10
Vulnerability Assessments 10
Pentest Targets and Specializations 11
Generalist Pentesting 11
Application Pentesting 11
Internet of Things (IoT) 12
Industrial Control Systems (ICS) 12
Hardware and Medical Devices 13
Social Engineering 13
Physical Pentesting 13
Transportation Pentesting 14
Red Team Pentesting 14
Career Outlook 14
Summary 16
2 Prerequisite Skills 17
Skills Required for Learning Pentesting 18
Operating Systems 18
Networking 19
Information Security 19
Prerequisites Learning 19
Information Security Basics 20
What is Information Security? 21
The CIA Triad 22
Security Controls 24
Access Control 26
Incident Response 28
Malware 30
Advanced Persistent Threats 34
The Cyber Kill Chain 35
Common Vulnerabilities and Exposures 36
Phishing and Other Social Engineering 37
Airgapped Machines 38
The Dark Web 39
Summary 40
3 Education of a Hacker 43
Hacking Skills 43
Hacker Mindset 44
The Pentester Blueprint Formula 45
Ethical Hacking Areas 45
Operating Systems and Applications 46
Networks 46
Social Engineering 47
Physical Security 48
Types of Pentesting 48
Black Box Testing 49
White Box Testing 49
Gray Box Testing 50
A Brief History of Pentesting 50
The Early Days of Pentesting 51
Improving the Security of Your Site by Breaking into It 51
Pentesting Today 52
Summary 53
4 Education Resources 55
Pentesting Courses 55
Pentesting Books 56
Pentesting Labs 60
Web Resources 60
Summary 64
5 Building a Pentesting Lab 65
Pentesting Lab Options 65
Minimalist Lab 66
Dedicated Lab 66
Advanced Lab 67
Hacking Systems 67
Popular Pentesting Tools 68
Kali Linux 68
Nmap 69
Wireshark 69
Vulnerability Scanning Applications 69
Hak5 70
Hacking Targets 70
PentestBox 70
VulnHub 71
Proving Grounds 71
How Pentesters Build Their Labs 71
Summary 81
6 Certifications and Degrees 83
Pentesting Certifications 83
Entry-Level Certifications 84
Intermediate-Level Certifications 85
Advanced-Level Certifications 87
Specialization Web Application Pentesting Certifications 88
Wireless Pentesting Certifications 90
Mobile Pentesting Certifications 91
Pentesting Training and Coursework 91
Acquiring Pentesting Credentials 92
Certification Study Resources 99
CEH v10 Certified Ethical Hacker Study Guide 100
EC-Council 100
Quizlet CEH v10 Study Flashcards 100
Hacking Wireless Networks for Dummies 100
CompTIA PenTest+ Study Guide 101
CompTIA PenTest+ Website 101
Cybrary’s Advanced Penetration Testing 101
Linux Server Security: Hack and Defend 101
Advanced Penetration Testing: Hacking the World’s Most Secure Networks 102
The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 102
Summary 102
7 Developing a Plan 105
Skills Inventory 105
Skill Gaps 111
Action Plan 112
Summary 113
8 Gaining Experience 115
Capture the Flag 115
Bug Bounties 123
A Brief History of Bug Bounty Programs 124
Pro Bono and Volunteer Work 125
Internships 126
Labs 126
Pentesters on Experience 126
Summary 135
9 Getting Employed as a Pentester 137
Job Descriptions 137
Professional Networking 138
Social Media 139
Resume and Interview Tips 139
Summary 148
Appendix: The Pentester Blueprint 149
Glossary 155
Index 167