Building a pen-testing Methodology from the ground up

[Gonzalez]

First things first, communication: Understanding TCPIP

My recommendations: after you read each section, fire up ethereal and packet capture, start sending and rcving packets, to understand really whats going on!

tcp-ip illustrated:

http://la.gg/upl/TCP-IP_Illustrated.rar

ethereal traffic analyzer:

http://www.ethereal.com/distribution/win32/ethereal-setup-0.99.0.exe

Then start studing on ARP/MITM based attacks.

INTRO to DNS/ Zone Transfer

I need to add more to this one but this should get you covered, most of the other books on hacking I list here for other things, go over this above and beyond anyway, but enjoy!

http://technet.microsoft.com/en-us/library/cc781340.aspx

Understanding Scanning

ncluded: James messer: Secrets of network cartography

Fyodor (nmap author) TCP IP OS Fingerprinting Phrack Article

And a Firewall Ruleset mapping intro (Stateful or Packet filtering

evasion)

http://la.gg/upl/Nmap.rar

heres some links for video presentations of scanning:

http://irongeek.com/i.php?page=videos/nmap1

http://irongeek.com/i.php?page=videos/nmap2

http://irongeek.com/i.php?page=videos/droops1

FYODOR(NMAP AUTHORS) Video... must watch!

http://media.defcon.org/dc-13/video/2005_Defcon_V3-Fyodor-Hacking_Nmap.mp4

Consult Insecure.org for more!

http://la.gg/upl/Nmap.rar

CCNA, CISCO CERTIFIED NETWORK ASSOCIATE

Cisco pretty much defines routing and networking these days, skim over this at least.

http://www.filestube.com/ec96176785a0f49b03ea/details.html

WIRELESS HACKING

Included are a few various PDF's and the amazing book WIFOO, most definatly check it out.

http://la.gg/upl/Wireless_haxing.rar

LAYER 2 OWNAGE

Little collection of ARP/MITM attack papers. This is more than fun, so be sure to read it. it accounts for 90% of internal hacking.

http://la.gg/upl/LAYER_2_ownage.rar

Google hacking for penetration testers, most definatly read this.

what it will provide:

Skills to pretty much understand advanced operators, and Google's SOAP API for finding anything you want (remember google is the oracle, and accounts for about 90% of the information you glean during reconnassaince in a pen-test)

http://la.gg/upl/Google_Hacking_For_Penetration_Testers_%282005%29.rar

Johnns longs live presentation video at defcon, MUST SEE!

http://media.defcon.org/dc-13/video/2005_Defcon_V65-Johnny_Long-Google_Hacking_for_Pen_Test.mp4

Info Gathering

Most important stage of pen-test, this is just a little bit.

Info gathering - by Aelphaeis Mangarae included.

http://la.gg/upl/Passive_Info_Gathering.rar

HACK IT SEC: through pen-testing

decent for understanding pen-testing fundamentals.

http://la.gg/upl/Hack_IT__Security_Through_Penetration_Testing_%28Addison_Wesley-2002%29.chm

CEH (Certified Ethical Hackers exam)

Covers the more conventional pen-testing methodology... its a real certification, and its great.

Go through all the modules at least once (if some of the tools seem outdated or you think you can improve the methods in some of the phases, then do it, remember it is a pen-test.)

http://www.megaupload.com/?d=PIITMEAT

also check out Cisco Press Penetration Testing and Network Defense

http://www.megaupload.com/?d=IMHY2W50

CISSP: Security Specialist Cert.

This is important too, try to go over most of this, and especially if you're interested in the cert

http://la.gg/upl/Wiley.The.CISSP.Prep.Guide.Gold.Edition.rar

ZEN and the ART OF INFORMATION SECURITY by SYNGRESS

Good book to get you started on the infoSec mindset.

http://la.gg/upl/Syngress.Zen.and.the.Art.of.Information.Security.%282007%29.rar

And Vulnerability Enumeration for penetration testing

By Aelphaeis Mangarae

http://la.gg/upl/Vulnerability_Enumerating_for_Penetration_Testing.rar

Quick and indepth look into linux, administering and hardening it

Understand at least the basics of linux are important for hacking, as

most web servers are running shit like LAMP (linux, apache, mysql,php)

because its free, so read! get vmware and follow along if you dont want to make a linux partition.

http://la.gg/upl/Understanding_and_hardening_linux_.rar

Web app security is a must, considering most of the attacks are through the HYPER TEXT TARGET PROTOCOL

So definatly read these two, along with SPIDYNAMICS SQL whitepapers, and use your newly found google crawling abilities to find even more filtype:pdf's about webapp security.

http://la.gg/upl/Web_Hacking_-_Attacks_And_Defense_%282002%29.chm

little more in depth

http://la.gg/upl/1931769494.A-List_Publishing.Hacker_Web_Exploitation_Uncovered.chm

w3schools.org

Make a quick run through:

SQL

PHP

HTML

peruse CSS

Small collage of SQL/PHP/XSS papers

follow the links at the end of these, be sure to try the shit you're reading

http://la.gg/upl/SQL_PHP_XSS.rar

HACKnotes: a must for referencing

Sometimes you'll find yourself referencing shit over and over again, and these books are just that, peruse them, and use it during a pen-test.

http://la.gg/upl/Hacknotes.rar

HACKING EXPOSED; another major reference

this is 2nd edition, kinda old, feel free to crawl for more.

http://la.gg/upl/Network_Security_Secrets_and_Solutions_%28MCGraw-Hill-2001%29.rar

HACKING: ART of EXPLOITATION

MOST DEFINATLY read this until you understand the x86 stack, and its structure, and how differrent type of exploits work, also pay attention to the network exploitation chapters, as theyre really indepth as well.

http://la.gg/upl/Hacking-The_Art_of_Exploitation%28No_Starch-2003%29.chm

Stealing the network & other must hacker reads

2 books in one.... fucking amazing, you must read. i also have stealing the identity, and stealing the shadow, i'll post lat0r.

http://la.gg/upl/STN.rar

Windows internals

Understanding the inner mechanics and subsystems of the kernel(brain child of the os) will help you a long way if you are a developing a device driver with NTDDK or coder, understanding how memory is mapped and handles, and how objects are handled is important to, give this one a read, get your Sysinternals toolkit ready, cause you'll be following along

http://la.gg/upl/Microsoft_Windows_Internals_-_Microsoft_Windows_Server_2003%2C_Windows_XP%2C_and_Windows_2000%2C_4th_Edition_%282004%29.rar

MORE WINDOWS KERNEL INTERNALS

This is a huuuuuge project by a korean Driver development team, its amazingly in-depth, give it a read.

http://www.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/00-WindowsKernelOverview/WindowsKernelOverview.pdf

ROOTKIT:Subverting The Windows Kernel

After perusing Windows internals give this a read if you're interested in furthering your gains while entrenching (maintaining access to your targets)

http://la.gg/upl/Addison.Wesley.Professional.Rootkits.Subverting.the.Windows.Kernel.chm

DISSASSEMBLY

Disasm is very important as well. Also its fun for owning botnet kiddies, haha.

http://la.gg/upl/A.LIST.Publishing.Hacker.Disassembling.Uncovered.eBook-LiB.rar

CRYPTOGRAPHY

Applied crypto is important, its not important to be insanely versed in crypto, but knowin the fundamentals is important.

VPN IPSEC book included

Wiley.CRYPTO and comp Security included

and a few more

http://www.megaupload.com/?d=B4MF1B4N

Other shit you need to do:

Read all of the important papers on milw0rm/ other infosec sites.

Bookmark every decent infosec site and read it daily.

read slashdot daily.

read all of the phrack releases/h0no ezines/ el8 ezine/ PU ezine/ zf0

read all of the RFC's in your spare time.

Sign yourself up for mailing lists like vulnwatch,pentesting,infosec, etc...

Check RSS feeds daily for w/e

Be semi-active in IRC if possible to interact and share knowledge with others

Set up Vmware networks and test exploits yourself, make real situations out of it, where you gotta perform real black-box style hacks.

Exercise 2-3 hours a day, eat healthy

[begood]

very very very nice.

[NullCode]

Foarta buna lista, multumesc!