Foreword xviIntroduction xviii1 What is a Pentester? 1Synonymous Terms and Types of Hackers 2Pentests Described 3Benefits and Reasons 3Legality and Permission 5Pentest Methodology 5Pre-engagement Interactions 7Intelligence Gathering 7Threat Modeling 7Vulnerability Analysis 7Exploitation 8Post Exploitation 8Reporting 8Pentest Types 9Vulnerability Scanning 10Vulnerability Assessments 10Pentest Targets and Specializations 11Generalist Pentesting 11Application Pentesting 11Internet of Things (IoT) 12Industrial Control Systems (ICS) 12Hardware and Medical Devices 13Social Engineering 13Physical Pentesting 13Transportation Pentesting 14Red Team Pentesting 14Career Outlook 14Summary 162 Prerequisite Skills 17Skills Required for Learning Pentesting 18Operating Systems 18Networking 19Information Security 19Prerequisites Learning 19Information Security Basics 20What is Information Security? 21The CIA Triad 22Security Controls 24Access Control 26Incident Response 28Malware 30Advanced Persistent Threats 34The Cyber Kill Chain 35Common Vulnerabilities and Exposures 36Phishing and Other Social Engineering 37Airgapped Machines 38The Dark Web 39Summary 403 Education of a Hacker 43Hacking Skills 43Hacker Mindset 44The Pentester Blueprint Formula 45Ethical Hacking Areas 45Operating Systems and Applications 46Networks 46Social Engineering 47Physical Security 48Types of Pentesting 48Black Box Testing 49White Box Testing 49Gray Box Testing 50A Brief History of Pentesting 50The Early Days of Pentesting 51Improving the Security of Your Site by Breaking into It 51Pentesting Today 52Summary 534 Education Resources 55Pentesting Courses 55Pentesting Books 56Pentesting Labs 60Web Resources 60Summary 645 Building a Pentesting Lab 65Pentesting Lab Options 65Minimalist Lab 66Dedicated Lab 66Advanced Lab 67Hacking Systems 67Popular Pentesting Tools 68Kali Linux 68Nmap 69Wireshark 69Vulnerability Scanning Applications 69Hak5 70Hacking Targets 70PentestBox 70VulnHub 71Proving Grounds 71How Pentesters Build Their Labs 71Summary 816 Certifications and Degrees 83Pentesting Certifications 83Entry-Level Certifications 84Intermediate-Level Certifications 85Advanced-Level Certifications 87Specialization Web Application Pentesting Certifications 88Wireless Pentesting Certifications 90Mobile Pentesting Certifications 91Pentesting Training and Coursework 91Acquiring Pentesting Credentials 92Certification Study Resources 99CEH v10 Certified Ethical Hacker Study Guide 100EC-Council 100Quizlet CEH v10 Study Flashcards 100Hacking Wireless Networks for Dummies 100CompTIA PenTest+ Study Guide 101CompTIA PenTest+ Website 101Cybrary's Advanced Penetration Testing 101Linux Server Security: Hack and Defend 101Advanced Penetration Testing: Hacking the World's Most Secure Networks 102The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 102Summary 1027 Developing a Plan 105Skills Inventory 105Skill Gaps 111Action Plan 112Summary 1138 Gaining Experience 115Capture the Flag 115Bug Bounties 123A Brief History of Bug Bounty Programs 124Pro Bono and Volunteer Work 125Internships 126Labs 126Pentesters on Experience 126Summary 1359 Getting Employed as a Pentester 137Job Descriptions 137Professional Networking 138Social Media 139Résumé and Interview Tips 139Summary 148Appendix: The Pentester Blueprint 149Glossary 155Index 167

PHILLIP L. WYLIE has over two decades of experience working in IT and information security. In addition to working as a penetration tester he has founded and runs The Pwn School Project, teaching ethical hacking. He holds the CISSP, OSCP, and GWAPT certifications. He is a highly sought-after public speaker who frequently presents at conferences about pentesting. He was interviewed for the Tribe of Hackers Red Team book.KIM CRAWLEY is dedicated to researching and writing about a plethora of cybersecurity issues. Some of the companies Kim has worked for over the years include Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, and Venafi. All matters red team, blue team, and purple team fascinate her. But she's especially fascinated by malware, social engineering, and advanced persistent threats. Kim's extracurricular activities include running an online cybersecurity event called DisInfoSec, and autistic self-advocacy.