Risk Identification by Penetration Testing: A Comprehensive Guide to the PTES Framework
Risk Identification by Penetration Testing: A Comprehensive Guide to the PTES Framework
About the Book
"Risk Identification by Penetration Testing" is an indispensable resource for those looking to explore the captivating world of penetration testing and cybersecurity. Authored by Brandon S. Keath, the founder of TheHackingLab LLC, an industry expert with over 15 years of experience, and a corporate faculty member at Harrisburg University of Science and Technology, this comprehensive guide is specifically tailored to a 7-week introductory college course on penetration testing.
Brandon's extensive experience in ethical hacking, cybersecurity strategy, regulatory compliance, and cyber defense is brought to life in this groundbreaking book. As a speaker at numerous cybersecurity conferences, including BSIDES Harrisburg, BSIDES Long Island, and Harrisburg University Cyber Security Summit, he has consistently shared his expertise on penetration testing and ethical hacking with the community.
In this book, you will gain valuable insights from Brandon's wide-ranging experience as he covers essential topics such as risk assessment models, methodologies, and processes. Through hands-on examples and exercises, you will learn how to conduct mission-focused data risk assessments and provide strategic and tactical recommendations to senior leaders on mitigating risks to your organization's data.
Key benefits of "Risk Identification by Penetration Testing" include:
- A comprehensive introduction to penetration testing for students at all levels
- Expert insights from a recognized authority in the field
- Real-world examples and practical exercises to reinforce key concepts
- The ideal companion for a 7-week college course on penetration testing
With a Master's degree in Cyber Security and Information Assurance, an MBA in IT management, and certifications such as EC-Council's Certified Ethical Hacker (CEH), Certified Hacking Forensics Investigator (CHFI), and CompTIA's PenTest+, Brandon is exceptionally qualified to guide you through this thrilling field. Don't miss the chance to learn from one of the best – secure your copy of "Risk Identification by Penetration Testing" today and embark on your journey into the world of penetration testing and cybersecurity!
The content of this book covers several key areas, walking through the Penetration Testing Process with the PTES framework:
- Introduction to Penetration Testing and Risk Assessment: This chapter lays the foundation for understanding penetration testing and risk assessment by introducing key concepts, models, methodologies, and the PTES framework. It highlights the importance of mission-focused data risk assessments and sets the stage for the rest of the book.
- Pre-Engagement Interactions and Intelligence Gathering: This chapter delves into the crucial pre-engagement interactions and intelligence gathering phase, discussing communication, rules of engagement, and reconnaissance techniques. It emphasizes the importance of documenting findings and prepares readers for the next phase of penetration testing.
- Threat Modeling and Vulnerability Analysis: This chapter covers the process of identifying, modeling, and prioritizing threats and vulnerabilities. It provides an understanding of vulnerability scanning, analysis, and common vulnerability scoring systems to help readers effectively assess an organization's security posture.
- Exploitation and Post-Exploitation: This chapter focuses on the exploitation phase, detailing various techniques and tools used to exploit vulnerabilities. It also discusses post-exploitation strategies, lateral movement, and maintaining persistence, which are crucial for understanding the potential impact of a successful cyber attack.
- Reporting and Risk Mitigation: This chapter highlights the importance of documenting, reporting, and communicating findings to senior leaders and stakeholders. It guides readers on creating strategic and tactical recommendations for risk mitigation, remediation, and follow-up, emphasizing the need for clear communication.
- Penetration Testing Tools and Techniques: This chapter provides an overview of popular penetration testing tools, including hands-on lab exercises with Metasploit, Nmap, PowerShell Empire, and CrackMapExec. It discusses customizing, scripting, and automating tools for specific testing scenarios, showcasing the versatility and adaptability required in the field of penetration testing. It also includes examples of custom exploits in Python and introduces automation strategies.
- Simulating a Real Life Penetration Testing Environment: In this chapter, readers will learn how to create their simulated environments for practicing penetration testing. It covers setting up realistic environments and various options for automated configuration and testing, including cloud-based, home labs with VirtualBox, Kali Linux, and Docker. The chapter also encourages reflection on personal growth and development, preparing readers for future penetration testing engagements, and highlighting various careers for red teamers.
Table of Contents
- Introduction
- Overview of Penetration testing
- Risk Assessment Models and Methodologies
- Introduction to the PTES Framework
- Mission-Focused Data Risk Assessments
- Key Takeaways
- Critical Thinking Questions
- Case Study
- References and Addtional Resources
- Pre-Engagement Interactions and Intelligence Gathering
- Introduction
- Communication and Rules of Engagement
- Open-Source Intelligence (OSINT) Gathering
- Passive and Active Reconnaissance Techniques
- Documenting Findings and preparing for the Next Phase
- Key Takeaways
- Critical Thinking Questions
- Case Study SolarWinds Cybersecurity Incident
- References and Additional Resources
- Threat Modeling and Vulnerability Analysis
- Introduction
- Identifying and Modeling Threats
- Vulnerability Scanning and Analysis
- Prioritizing Vulnerabillities Based on Risk
- Common Vulnerability Scoring Systems
- Key Takeaways
- Critical Thinking Questions
- Case Study Equifax Data Breach and Risk Assessment Failures
- References and Addtional Resources
- Exploitation and Post-Exploitation
- Network Exploitation Techniques and Tools
- Key Takeaways
- Critical Thinking Questions
- Case Study: The WannaCry Ransomware Attack
- References and Addtional Resources
- Reporting and Risk Mitigation
- Documenting and Reporting Findings
- Creating Strategic and Tactical Recommendations for Risk Mitigation
- Communication with Senior Leaders and Stakeholders
- Remediation and Follow-Up
- Key Takeaways
- Critical Thinking Questions
- Case Study The Home Depot Data Breach and Risk Mitigation Efforts
- References and Addtional Resources
- Penetration Testing Tools and Techniques
- Overview of Popular Penetration Testing Tools
- Hands-On Penetration Testing
- Customizing and Scripting Tools for Specific Testing Scenarios
- Automation in Penetration Testing
- Key Takeaways
- Critical Thinking Questions
- Case Study The Target Breach
- References and Additional Resources
- Simulating a Real Life Penetration Testing Environment
- Why perform a mock penetration test?
- Setting up a Simulated Penetration Test Environment
- Setting up your Simulated Organzation
- Conducting a Penetration Test on a Simulated Organization
- Presentation of Findings and Risk Mitigation Recommendations Review
- Preparing for Future Penetration Testing Engagements
- Reflection on Personal Growth and Development
- Key cybersecurity Roles for Penetration Testers in a changing Industry
- Key Takeaways
- Critical Thinking Questions
- Case Study
- References and Addtional Resources
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them