Getting Started Audience How to Use This Book Setting the Stage Perspectives of Value Where Does Penetration Testing Fit? What Constitutes a Success? A Quick Look Back Hacking Impacts Resources Information Time Brand and Reputation The Hacker Types of Hackers Script Kiddies Independent Hackers Organized Hackers Sociology Motives The Framework Planning the Test Sound Operations Reconnaissance Enumeration Vulnerability Analysis Exploitation Final Analysis Deliverable Integration The Business Perspective Business Objectives Previous Test Results Building a Roadmap Business Challenges Security Drivers &am; Organized Hackers Sociology Motives The Framework Planning the Test Sound Operations Reconnaissance Enumeration Vulnerability Analysis Exploitation Final Analysis Deliverable Integration The Business Perspective Business Objectives Previous Test Results Building a Roadmap Business Challenges Security Drivers Increasing Network Complexity Ensuring Corporate Value Lower Management Investment Business Consolidation Mobile Workforce Government Regulations and Standards Why Have the Test? Proof of Issue Limited Staffing and Capability Third-Party Perspective It Is All about Perspective Overall Expectations How Deep Is Deep Enough? One-Hole Wonder Today''s Hole Planning for a Controlled Attack Inherent Limitations Time Money Determination Legal Restrictions Ethics Imposed Limitations Timing Is Everything Attack Type Source Point Required Knowledge Timing of Information Internet Web Authenticated Application Service Direct Access Multiphased Attacks Parallel Shared Parallel Isolated Series Shared Series Isolated Value of Multiphase Testing Employing Multiphased Tests Teaming and Attack Structure Red Team Vulnerability Explanation Testing Focus Mitigation White Team Piggyback Attacks Reverse Impact Detection Blue Team Incident Response Vulnerability Impact Counterattack Team Communications Engagement Planner The Right Security Consultant Technologists Architects Ethics The Tester Logistics Agreements Downtime Issues System and Data Integrity Get Out of Jail Free Card Intermediates Partners Customers Service Providers Law Enforcement Preparing for a Hack Technical Preparation Attacking System Operating System Tools Data Management and Protection Attacking Network Attacking Network Architecture Managing the Engagement Project Initiation Identify Sponsors Building the Teams Schedule and Milestones Tracking Escalation Customer Approval During the Project Status Reports Scope Management Deliverable Review Concluding the Engagement Reconnaissance Social Engineering E-Mail Value Controlling Depth Help Desk Fraud Value Controlling Depth Prowling and Surfing Internal Relations and Collaboration Corporate Identity Assumption Physical Security Observation Dumpster Diving Theft Internet Reconnaissance General Information Web Sites Social Networking Enumeration Enumeration Techniques Connection Scanning SYN Scanning FIN Scanning Fragment Scanning TCP Reverse IDENT Scanning FTP Bounce Scanning UDP Scanning ACK Scanning Soft Objective Looking Around or Attack? Elements of Enumeration Account Data Architecture Operating Systems Wireless Networks Applications Custom Applications Preparing for the Next Phase Vulnerability Analysis Weighing the Vulnerability Source Points Obtained Data The Internet Vendors Alerts Service Packs Reporting Dilemma Exploitation Intuitive Testing Evasion Threads and Groups Threads Groups Operating Systems Windows UNIX Password Crackers Rootkits Applications Web Applications Distributed Applications Customer Applications Wardialing Network Perimeter Network Nodes Services and Areas of Concern Services Services Started by Default Windows Ports Null Connection Remote Procedure Call (RPC) Simple Network Management Protocol (SNMP) Berkeley Internet Name Domain (BIND) Common Gateway Interface (CGI) Cleartext Services Network File System (NFS) Domain Name Service (DNS) File and Directory Permissions FTP and Telnet Internet Control Message Protocol (ICMP)