About the Book
"Risk Identification by Penetration Testing" is an indispensable resource for those looking to explore the captivating world of penetration testing and cybersecurity. Authored by Brandon S. Keath, the founder of TheHackingLab LLC, an industry expert with over 15 years of experience, and a corporate faculty member at Harrisburg University of Science and Technology, this comprehensive guide is specifically tailored to a 7-week introductory college course on penetration testing.
Brandon's extensive experience in ethical hacking, cybersecurity strategy, regulatory compliance, and cyber defense is brought to life in this groundbreaking book. As a speaker at numerous cybersecurity conferences, including BSIDES Harrisburg, BSIDES Long Island, and Harrisburg University Cyber Security Summit, he has consistently shared his expertise on penetration testing and ethical hacking with the community.
In this book, you will gain valuable insights from Brandon's wide-ranging experience as he covers essential topics such as risk assessment models, methodologies, and processes. Through hands-on examples and exercises, you will learn how to conduct mission-focused data risk assessments and provide strategic and tactical recommendations to senior leaders on mitigating risks to your organization's data.
Key benefits of "Risk Identification by Penetration Testing" include:
- A comprehensive introduction to penetration testing for students at all levels
- Expert insights from a recognized authority in the field
- Real-world examples and practical exercises to reinforce key concepts
- The ideal companion for a 7-week college course on penetration testing
With a Master's degree in Cyber Security and Information Assurance, an MBA in IT management, and certifications such as EC-Council's Certified Ethical Hacker (CEH), Certified Hacking Forensics Investigator (CHFI), and CompTIA's PenTest+, Brandon is exceptionally qualified to guide you through this thrilling field. Don't miss the chance to learn from one of the best – secure your copy of "Risk Identification by Penetration Testing" today and embark on your journey into the world of penetration testing and cybersecurity!
The content of this book covers several key areas, walking through the Penetration Testing Process with the PTES framework:
- Introduction to Penetration Testing and Risk Assessment: This chapter lays the foundation for understanding penetration testing and risk assessment by introducing key concepts, models, methodologies, and the PTES framework. It highlights the importance of mission-focused data risk assessments and sets the stage for the rest of the book.
- Pre-Engagement Interactions and Intelligence Gathering: This chapter delves into the crucial pre-engagement interactions and intelligence gathering phase, discussing communication, rules of engagement, and reconnaissance techniques. It emphasizes the importance of documenting findings and prepares readers for the next phase of penetration testing.
- Threat Modeling and Vulnerability Analysis: This chapter covers the process of identifying, modeling, and prioritizing threats and vulnerabilities. It provides an understanding of vulnerability scanning, analysis, and common vulnerability scoring systems to help readers effectively assess an organization's security posture.
- Exploitation and Post-Exploitation: This chapter focuses on the exploitation phase, detailing various techniques and tools used to exploit vulnerabilities. It also discusses post-exploitation strategies, lateral movement, and maintaining persistence, which are crucial for understanding the potential impact of a successful cyber attack.
- Reporting and Risk Mitigation: This chapter highlights the importance of documenting, reporting, and communicating findings to senior leaders and stakeholders. It guides readers on creating strategic and tactical recommendations for risk mitigation, remediation, and follow-up, emphasizing the need for clear communication.
- Penetration Testing Tools and Techniques: This chapter provides an overview of popular penetration testing tools, including hands-on lab exercises with Metasploit, Nmap, PowerShell Empire, and CrackMapExec. It discusses customizing, scripting, and automating tools for specific testing scenarios, showcasing the versatility and adaptability required in the field of penetration testing. It also includes examples of custom exploits in Python and introduces automation strategies.
- Simulating a Real Life Penetration Testing Environment: In this chapter, readers will learn how to create their simulated environments for practicing penetration testing. It covers setting up realistic environments and various options for automated configuration and testing, including cloud-based, home labs with VirtualBox, Kali Linux, and Docker. The chapter also encourages reflection on personal growth and development, preparing readers for future penetration testing engagements, and highlighting various careers for red teamers.
About the Author
Brandon S. Keath is a seasoned cybersecurity executive and educator with over 15 years of experience in both private and public sectors. His expertise spans a wide range of areas, including ethical hacking, cybersecurity strategy, regulatory compliance, and cyber defense. Throughout his career, Brandon has demonstrated an unwavering commitment to transforming cybersecurity education and shaping the next generation of cybersecurity professionals.
Brandon holds multiple advanced degrees in the field, including a Master's of Cybersecurity and Information Assurance, a Master of Business Administration in Information Technology Management, and a Master of Education in Instructional Design. He is currently pursuing a Ph.D. in Information Technology with a focus on Cyber Engineering.
In addition to his professional pursuits, Brandon is a dedicated volunteer, co-organizer of BSides Harrisburg, founder of the PA Hackers Meetup Group, and former Central Penn College Alumni Council Representative for IT. As an adjunct faculty member at several universities, he has taught numerous courses on various cybersecurity topics.
Brandon's passion for teaching and extensive experience in the industry inspired him to write "Penetration Testing through Risk Identification," a comprehensive guide for college students and aspiring penetration testers. The book aims to provide readers with a solid foundation in the penetration testing process, tools, and techniques, as well as valuable insights from Brandon's real-world experience.
With a unique blend of technical expertise, practical wisdom, and a genuine passion for education, Brandon S. Keath is a trusted voice in the ever-evolving world of cybersecurity.