• No results found

Assuming you have read the entire book (congrats by the way!), you are prob- ably wondering “what’s next?” the answer to that question depends entirely on you. first, it is suggested that you practice and master the basic informa- tion and techniques presented in this book. once you are comfortable with the basics, move onto the advanced topics and tools covered in the “where do i go from Here” section of each chapter.

After mastering all the material in this book, you should have a solid under- standing of the hacking and penetration testing process. You should feel comfortable enough with the basic information that you are able to take on advanced topics and even specialize.

it is worth noting, however, that there is much more to hacking and penetra- tion testing than just running tools. there are entire communities out there that are built around these topics. You should become active in these com- munities. introduce yourself and learn by asking questions and observing. You should give back to these communities whenever possible. Hacking, security, and penetration testing communities are available through various websites, online forums, icQ, mailing lists, and news groups, and even in person.

chat rooms are a great place to learn more about security. chat rooms are usu- ally highly focused on a single topic and, as the name implies, typically involve lots of communication over a wide variety of subtopics pertaining to the over- all theme of the room. in many respects, a chat room is like sitting at a bar and listening to the conversations around you. You can participate by asking ques- tions or simply by sitting quietly and reading the conversations of everyone in the room.

if you have never been to a security conference (also known as a “con”), you owe it to yourself to go. defcon is an annual hacker convention held in las Vegas at the end of each summer. Yes it is a bit of a circus, yes there are more than 11,000 people attending, and yes it is hot in las Vegas in August. But despite all that, defcon remains one of the single best security communities on earth. in general the crowds are very pleasant, the goons (official defcon workers) are friendly and helpful, and the community is open and inviting. the price of admission is peanuts compared to some of the other security events, and one more thing—the talks are amazing.

the quality and variety of talks at defcon are nothing short of mind boggling. talks vary each year, but they are sure to include the topics of network hacking, web app security, physical security, hardware hacking, lock picking, and many

more. the speakers are not only approachable, more often than not they are willing to take time and talk to you, answering your questions one on one. it is consistently amazing how approachable and helpful con speakers are. it is natural to be a little nervous when approaching someone at a conference, especially if you have been part of an online community where “newbies” are put down and questions are discouraged; however, if you take the initiative, you will often be pleasantly surprised by the openness of the entire defcon community.

if you cannot make it to the official defcon conference, you should try to get involved in other security communities that are closer to you. infragard, owAsP, the Backtrack-linux forums, and many others are great resources for you.

reading this book and joining a security community are great ways to expand your horizons and learn additional and advanced security concepts. following a thread or seeing a talk will often spur an interest in a specific security topic. once you have mastered the basics, you can look at diving more deeply into a particular area of security. most people learn the basics, then tend to special- ize in a particular area. this is not something you have to choose today, and becoming specialized in a single area does not preclude you from becoming specialized in other areas. However, in general, most people tend to be highly focused with an advanced knowledge in one or two areas of security. the list below is just a small sample of topics that you can specialize in. it is not meant to be all-inclusive but rather to provide you with a sample of the various areas that require advanced training:

n offensive security/ethical Hacking n web Application security

n system security n reverse engineering n tool development n malware Analysis n defensive security n software security n digital forensics n wireless security

WhERE DO I GO fROM hERE?

After reading this book, you may be hungry to learn more about a particular topic, step, or technique that was discussed. now that you have mastered the basics, there should be many additional doors open to you. if you have truly studied, practiced, and understood the basic material presented in this book, you are equipped to tackle more advanced training.

remember one of the main motivations for writing a book like this was not to turn you into an elite hacker or penetration tester but rather to provide you

with a springboard for advancing your knowledge. with a firm understand- ing of the basics, you should feel confident and prepared to take on advanced training in any of the areas we discussed. there are many opportunities for you to take your skill to the next level.

if you enjoyed learning by reading this book, syngress has a series of truly amaz- ing hacking books over a wide range of topics including (listed alphabetically) n Aggressive Network Self-Defense: by neil r. wyler, Bruce Potter, and chris Hurley n A Guide to Kernel Exploitation: by enrico Perla, massimiliano oldani

n Managed Code Rootkits: by erez metula n Nessus Network Auditing: by russ rogers

n Ninja Hacking: by thomas wilhelm and Jason Andress

n PenTester’s Open Source Tookit: by Jeremy faircloth, chris Hurley, and Jesse Varsalone

n Professional Penetration Testing: by thomas wilhelm n Seven Deadliest Attack Series

l Seven Deadliest Microsoft Attacks: by rob kraus, Brian Barber, mike Borkin, and naomi Alpern

l Seven Deadliest Network Attacks: by stacy Prowell, rob kraus, and mike Borkin

l Seven Deadliest Social Network Attacks: by carl timm and richard Perez l Seven Deadliest Unified Communications Attacks: by dan York

l Seven Deadliest USB Attacks: by Brian Anderson and Barbara Anderson l Seven Deadliest Web Application Attacks: by mike shema

l Seven Deadliest Wireless Technologies Attacks: by Brad Haines

n Stealing the Network: The Complete Series: by Johnny long, ryan russell, and timothy mullen

if you are interested in a more “hands-on” learning approach, there are many great two- to five-day security boot camps available to you. these classes are often expensive and very labor-intensive, but often highly worth their price of admission. the Black Hat conference usually offers a series of highly special- ized and focused classes delivered by some of the most well-known names in security today. there are literally dozens of security topics and specializations to choose from at these events. the trainings change from year to year, but you can find them on the Black Hat website at: http://www.blackhat.com

the crew responsible for creating and distributing Backtrack linux also offer a hands-on highly intense series of classes. these classes will challenge you and push you by making you work through a series of realistic scenarios.

even traditional universities are beginning to get into the security mode today. Just a few years ago, it was difficult to find any security-related cur- riculum. now most universities offer at least one class or devote time during a class to cover some security. dakota state University in madison, sd, offers an entire Bachelor’s degree in computer and network security along with a master’s degree in information Assurance and a doctorate of science with a specialization in information Assurance.

if you are interested in pursuing a security-related degree through a higher education institution, you are highly encouraged to attend an nsA-accredited center of Academic excellence. these programs are information assurance education degrees that have undergone a designation by the national security Agency or the department of Homeland security to verify the value of the cur- riculum. You can find more about this program at: http://www.nsa.gov/ia/ academic_outreach/nat_cae/index.shtml

it is well worth your time to take a close look and examine the various security testing methodologies including the open source security testing methodology manual (osstmm). this book focused on the specific tools and methods used in a penetration test. osstmm provides security professionals with a well- defined, mature framework that can be implemented in conjunction with many of the topics covered in this book.

Another great penetration testing methodology can be found at: http://www. vulnerabilityassessment.co.uk. the Penetration testing framework (Ptf) is an excellent resource for penetration testers and security assessment teams. the Ptf includes assessment templates as well as a robust list of tools that can be used to conduct each phase.

WRAp Up

if you read the book from front to back, take a minute to stop and consider all that you learned. At this point, you should have a solid understanding of the various steps involved in a typical penetration test and the tools required to complete each of the steps. more importantly, you should understand how the penetration testing process flows and how to take the information and out- put from each of the phases and feed those results into the next phase. many people are eager to learn about hacking and penetration testing, but most new- comers only understand how to run a single tool or complete a single step. they refuse to see the big picture and often end up spinning their wheels in frustration when their tool does not work or provides unexpected results. this group does not realize how the entire process works and how to leverage the power of each phase to strengthen the phases that come after it.

for those of you who stuck with the book, completed each of the examples, and gave an honest effort at following along, at the very least, this book should have provided you with the knowledge and ability to see the big picture and understand the importance of each phase.

You also now should have the ability to answer the question posed to you in a scenario at the beginning of chapter 2:

Assume you are an ethical penetration tester working for a security company. Your boss walks over to your office and hands you a piece of paper. “I just got off the phone with the CEO of that company. He wants my best employee to Pen Test his company – that’s you. Our Legal Department will be sending you an email confirming we

have all of the proper authorizations and insurance”. You nod, accepting the job. He leaves. You flip over the paper, a single word is written on the paper, “Syngress.” It’s a company you’ve never heard of before, and no other information is written on the paper.

What now?