Dec 26 2021

Penetration Testing Tools for Blue Team

Category: Pen TestDISC @ 10:26 am

Ethical hacking and lock picking

Pen Testing Titles

Tags: Pen testing, Penetration test


May 28 2014

8 Best Books That Every Budding #Hacker Must Read

Category: Hacking,Pen TestDISC @ 11:41 am

hacking1

Everyone knows that a hacker by extension is always a programmer. What many don’t know though is that there is a lot more to it. It’s not just about knowing the language. A hacking is mainly defined by his curiosity to know what is otherwise not to be known.

While the following books are on a subject of hacking, they cover a lot of in-depth knowledge on the subject which includes but not limited to examples and exercises. As an ethical hacker, it’s something you can never pass up and may need to know.

 

1. Hacking: The Art of Exploitation, 2nd Edition

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker’s perspective.

The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book’s examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits.

 

2. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack. You learn how to properly utilize and interpret the results of modern day hacking tools; which are required to complete a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, and more. A simple and clean explanation of how to utilize these tools will allow you to gain a solid understanding of each of the four phases and prepare them to take on more in-depth texts and topics. This book includes the use of a single example (pen test target) all the way through the book which allows you to clearly see how the tools and phases relate.

 

3. Metasploit: The Penetration Tester’s Guide

The author of this book David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. Some see this book as a right of passage for anyone to be a hacker.

 

4. BackTrack 5 Wireless Penetration Testing Beginner’s Guide

Written in Packt’s Beginner’s Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

 

5. CEH Certified Ethical Hacker All-in-One Exam Guide

Get complete coverage of all the objectives included on the EC-Council’s Certified Ethical Hacker exam inside this comprehensive resource. Written by an IT security expert, this authoritative guide covers the vendor-neutral CEH exam in full detail. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

 

6. Ghost in the Wire

Get complete coverage of all the objectives included on the EC-Council’s Certified Ethical Hacker exam inside . Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information

 

7. America the Vulnerable

A former top-level National Security Agency insider goes behind the headlines to explore America’s next great battleground: digital security. An urgent wake-up call that identifies our foes; unveils their methods; and charts the dire consequences for government, business, and individuals.

 

8. CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide is an update to the top-selling SY0-201 guide, which helped thousands of readers pass the exam the first time they took it. The SY0-301 version covers every aspect of the SY0-301 exam, and includes the same elements readers raved about in the previous version.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action. The author uses many of the same analogies and explanations he’s honed in the classroom that have helped hundreds of students master the Security+ content. You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

Over 450 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes a 100 question pre-test, a 100 question post-test, and practice test questions at the end of every chapter. Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

 




Tags: BackTrack, hackers, Hacking, Linux, Metasploit Project, Netbus, Netcat, Nmap, Penetration test, White hat (computer security)


May 12 2014

Bestselling Books at Infosecurity 2014

Category: cyber security,Information SecurityDISC @ 9:36 am

InfoseEurope2014

by Lewis Morgan @ITG

It has now been a week since Infosecurity Europe 2014. This year was my first at Infosec, and I found it to be one of the most interesting and diverse events I have ever been to.

During my short time on the IT Governance stand, I spoke to several people who were showing a keen interest in our wide range of books. It was a common opinion that our range of books is one of the broadest in the industry – something of which we are very proud.

To demonstrate our range of books and their popularity, We have created the below list of the 5 bestselling books at Infosecurity 2014*. All of the following books are available in multiple formats.

PCI DSS Pocket Guide

    A quick guide for anyone dealing with the PCI DSS and related issues. Now also covers PCI DSS version 3.0.

ISO27001 / ISO27002 Pocket Guide

    Now updated for the 2013 editions of ISO27001/ISO27002, this pocket guide gives a useful overview of two important information security standards.

Governance of Enterprise IT based on COBIT®5

    A perfect introduction to the principles and practice underpinning the governance of enterprise IT using COBIT®5.

Penetration Testing –  Protecting Networks and Systems

    An essential guide to penetration testing and vulnerability assessment, which can be used as a preparation guide for Certified Penetration Testing Engineer exams.

Securing Cloud Services

    This book provides an overview of security architecture processes, and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud.

 




Tags: Certified Penetration Testing Engineer, Cloud computing, cloud computing security, London, Payment Card Industry Data Security Standard, Penetration test


Feb 25 2013

PENETRATION TESTING & ISO27001

Category: ISO 27k,Pen TestDISC @ 10:38 pm

penetration testing

Penetration testing (often called “pen testing” or “security testing”) establishes whether or not the security in place to protect a network or application against external threats is adequate and functioning correctly. It is an essential component of most ISO27001 and UK public sector contracts.

Why would my company need penetration testing services?

In a world where attacks on networks and applications are growing in number at an exponential rate, and the penalties incurred by organisations for failing to defend against such attacks are becoming ever steeper, effective penetration testing is the only way of establishing that your networks and applications are truly secure. Penetration testing is also an essential component in any ISO27001 ISMS – from initial development through to on-going maintenance and continual improvement.

How does penetration testing fit into my ISO27001 ISMS project?

There are three specific points in your ISMS project at which penetration testing has a significant contribution to make:

1. As part of the risk assessment process: uncovering vulnerabilities in any Internet-facing IP addresses, web applications, or internal devices and applications, and linking them to identifiable threats.

2. As part of the Risk Treatment Plan ensuring controls that are implemented do actually work as designed.

3. As part of the on-going corrective action/preventive action (CAPA) and continual improvement processes; ensuring that controls continue to work as required and that new and emerging threats and vulnerabilities are identified and dealt with.

The Basics of Hacking and Penetration Testing
This guide will show you how to undertake a penetration test or as it is sometimes known an ethical hack. This book focuses on how to hack one particular target, this allows you to see how the tools and phases of the pen test relate. to get your copy of The Basics of Hacking and Penetration Testing
ITG | eBay | Amazon

Penetration Testing – Protecting Networks and Systems
An essential guide to penetration testing and vulnerability assessment, which can be used as a Certified Penetration Testing Engineer Exam Prep Guide. to get your copy of your Penetration Testing – Protecting Networks and Systems
ITG | eBay | Amazon




Tags: Information Security, Information Security Management System, ISO/IEC 27001, Penetration test