Index
A
- access
- maintaining / Maintaining access
- Access Control List Format (ACL) / Understanding the Nessus Audit policy and its customization
- active information gathering
- about / Active information gathering
- SPARTA, using / Active information gathering with SPARTA
- recon-ng / Recon-ng
- Dmitry / Dmitry
- administrator / Privilege escalation on Windows
- anti-forensics / Anti-forensics
- application
- profiling / Application profiling
- attacks, auditing
- attacks, authentication
- brute force / Authentication
- insufficient authentication / Authentication
- weak password recovery validation / Authentication
- attacks, authorization
- vertical privilege escalation / Authorization
- authorization creep / Authorization
- horizontal privilege escalation / Authorization
- attacks, availability
- denial of service attacks / Availability
- SYN flood attacks / Availability
- distributed denial of service attacks / Availability
- electrical power attacks / Availability
- server room environment attacks / Availability
- natural calamities and accidents / Availability
- attacks, confidentiality
- packet sniffing / Confidentiality
- password attacks / Confidentiality
- port scanning and ping sweeps / Confidentiality
- dumpster driving / Confidentiality
- shoulder surfing / Confidentiality
- social engineering / Confidentiality
- phishing and pharming / Confidentiality
- wiretapping / Confidentiality
- keylogging / Confidentiality
- attacks, integrity
- auditing
- about / Auditing and logging
- OWASP mapping / OWASP mapping
- authentication
- about / Authentication
- credentials over secure channel / Credentials over a secure channel
- of error messages / Authentication error messages
- password policy / Password policy
- credential submission, methods / Method for submitting credentials
- OWASP mapping / OWASP mapping
- authentication, authorization, and accountability (AAA) / Identification
- authorization
- about / Authorization
- OWASP mapping / OWASP mapping
- automated testing
- about / Automated testing
- agentless and agent-based scans / Agentless and agent-based scans
B
- Backdoor Factory
- backdoors, creating / Creating backdoors using Backdoor Factory
- backdoors
- creating, Backdoor Factory used / Creating backdoors using Backdoor Factory
- base metric group
- about / Base metric group
- exploitability metrics / Exploitability metrics
- impact metrics / Impact metrics
- Burp Suite
- about / Burp Suite
- reference / Burp Suite
- features / Burp Suite
- Burp Suite features
- proxy / Burp Suite
- scanner / Burp Suite
- spider / Burp Suite
- intruder / Burp Suite
- decoder / Burp Suite
- repeater / Burp Suite
- extender / Burp Suite
- business drivers, vulnerability management
- about / Business drivers for vulnerability management
- regulatory compliance / Regulatory compliance
- customer demands, satisfying / Satisfying customer demands
- fraud/incident response / Response to some fraud/incident
- competitive edge, gaining / Gaining a competitive edge
- critical infrastructures, critical infrastructures / Safeguarding/protecting critical infrastructures
- business logic flaws
- about / Business logic flaws
- testing / Testing for business logic flaws
C
- Center for Internet Security (CIS) / Compliance standards, Security hardening and secure configuration reviews
- CIA triad
- about / The CIA triad
- confidentiality / Confidentiality
- integrity / Integrity
- availability / Availability
- CIS benchmarks
- using / Using CIS benchmarks
- reference / Using CIS benchmarks
- collaborative vulnerability management
- Faraday v2.6, using / Collaborative vulnerability management with Faraday v2.6
- Commercial Of The Shelf (COTS) / Identifying stakeholders
- Common Platform Enumeration (CPE) / Vulnerability information
- Common Vulnerability Scoring System (CVSS) / Risk information
- complexity, network vulnerability scanning
- scan, scope / Scope of the scan
- network architecture / Network architecture
- network access / Network access
- report / Response
- compliance scan
- about / Introducing compliance scans
- policy, selecting / Selecting a compliance scan policy
- plugins / Plugins
- compliance scan, plugins
- synopsis / Synopsis
- description / Description
- solution / Solution
- plugin information / Plugin information
- risk information / Risk information
- vulnerability information / Vulnerability information
- reference information / Reference information
- compliance standards / Compliance standards, Getting ready, How do it…
- configuration audits
- about / Introducing configuration audits
- database audit / Database audit
- network device audit / Network device audit
- operating system audit / Operating system audit
- application audit / Application audit
- context setup
- about / Setting up the context
- bottom-up approach, using / Bottom-up
- top-down approach / Top-down
- Cross-Site Request Forgery
- reference / Cross-Site Request Forgery
- Cross-site scripting (XSS) / Application audit
- cryptography
- about / Cryptography
- OWASP mapping / OWASP mapping
- customer requirements
- gathering / Gathering requirements
- detailed checklist, preparing / Preparing a detailed checklist of test requirements
- testing hours / Suitable time frame and testing hours
- suitable time frame / Suitable time frame and testing hours
- stakeholders, identifying / Identifying stakeholders
- CVSS
- used, for vulnerability scoring / Vulnerability scoring using CVSS
- CVSS calculator
- about / CVSS calculator
- reference / CVSS calculator
- Cybersecurity technical committee (TC CYBER) / Compliance standards
D
- database audit
- performing / Performing a database audit, How do it…, How it works...
- data flow diagram (DFD) / Threat modeling terminology
- deliverables
- estimating / Estimating the resources and deliverables
- denial of service (DoS) / Suitable time frame and testing hours
- Denial of Service (DoS) attack / Understanding Nmap Script Engine and its customization
- detailed technical reports / Detailed technical reports
- discrete process control systems (DPC) / Introduction to SCADA/ICS
- Dmitry / Dmitry
- Domain Name System (DNS) / DNS
- Dradis / Dradis
- DREAD
E
- embedded devices
- hacking, with RouterSpoilt / Hacking embedded devices using RouterSploit
- enumerating service
- enumeration / What is enumeration?
- environmental metrics
- reference / Remediation level
- executive reports / Executive reports
- exploitability metrics
- attack vector / Attack vector
- attack complexity / Attack complexity
- required privileges / Privileges required
- user interaction / User interaction
- scope / Scope
F
- faraday IDE / Collaborative vulnerability management with Faraday v2.6
- Faraday v2.6
- used, for collaborative vulnerability management / Collaborative vulnerability management with Faraday v2.6
- File Transfer Protocol (FTP) / File Transfer Protocol (FTP), FTP
- flags, Nmap
- interactive output / Understanding Nmap outputs
- normal output (-oN) / Understanding Nmap outputs
- XML output (-oX) / Understanding Nmap outputs
- grepable output (-oG) / Understanding Nmap outputs
- script kiddie (-oS) / Understanding Nmap outputs
- save in all formats (-oA) / Understanding Nmap outputs
G
H
- hashes
- identifying / Identifying hashes
- Health Insurance Portability and Accountability Act (HIPAA) / Compliance standards
- horizontal privilege escalation
- versus vertical privilege escalation / Horizontal versus vertical privilege escalation
- about / Horizontal versus vertical privilege escalation, Horizontal privilege escalation
- host discovery
- performing / How to perform host discovery, How do it…, How it works…
- Hydra
- used, for password cracking / Password cracking with Hydra
- Hypertext Transfer Protocol (HTTP) / HTTP
I
- Identity Access Management Systems (IDAM) / Estimating the resources and deliverables
- impact metrics
- confidentiality impact / Confidentiality impact
- integrity impact / Integrity impact
- availability impact / Availability impact
- industrial control systems (ICS) / Introduction to SCADA/ICS
- industry standards / Industry standards
- information gathering
- about / What is information gathering?
- importance / Importance of information gathering
- information gathering phase, penetration testing lifecycle
- passive information / Penetration testing lifecycle
- active information gathering / Penetration testing lifecycle
- input validation
- about / Input validation
- OWASP mapping / OWASP mapping
- intrusion prevention systems (IPS) / Estimating the resources and deliverables
- ISA Security Compliance Institute (ISCI) / Compliance standards
K
- Kali Linux
- reference / Setting up a Kali virtual machine
- basics / Basics of Kali Linux
- about / Basics of Kali Linux
- environment, configuring / Environment configuration and setup
- environment setup / Environment configuration and setup
- web server / Web server
- Secure Shell (SSH) / Secure Shell (SSH)
- File Transfer Protocol (FTP) / File Transfer Protocol (FTP)
- software management / Software management
- Kali virtual machine
- setting up / Setting up a Kali virtual machine
- KeepNote / KeepNote
L
- Linux
- privilege escalation / Privilege escalation on Linux
- Linux patch enumeration / Linux patch enumeration
- logging
- about / Auditing and logging
- OWASP mapping / OWASP mapping
- Lynis
- reference / Linux patch enumeration
M
- Maltego
- used, for advanced information gathering / Advanced information gathering using Maltego
- Metasploit
- used, for exploiting / Exploiting remote services using Metasploit
- metrics
- about / Metrics
- mean time to detect / Mean time to detect
- mean time to resolve / Mean time to resolve
- scanner coverage / Scanner coverage
- scan frequency by asset group / Scan frequency by asset group
- open critical/high vulnerabilities count / Number of open critical/high vulnerabilities
- asset group / Average risk by BU, asset group, and so on
- average risk by BU / Average risk by BU, asset group, and so on
- number of exceptions granted / Number of exceptions granted
- vulnerability reopen rate / Vulnerability reopen rate
- percentage of systems with no open high/critical vulnerability / Percentage of systems with no open high/critical vulnerability
- vulnerability ageing / Vulnerability ageing
- Microsoft Baseline Security Analyzer (MBSA)
- reference / Windows patch enumeration
- Microsoft Threat Modeling Tool
- reference / Microsoft Threat Modeling Tool
- about / Microsoft Threat Modeling Tool
- model / What is threat modeling?
N
- National Vulnerability Database (NVD) / Vulnerability information
- NDAs
- signing / Getting approval and signing NDAs
- non-disclosure agreements / Confidentiality and nondisclosure agreements
- confidentiality / Confidentiality and nondisclosure agreements
- Nessus
- about / Introducing Nessus and Nmap
- features / Useful features of Nessus
- policies / Policies
- plugin rules / Plugin Rules
- installing / Installing and activating Nessus, How to do it …, How it works…, There's more…
- activating / Installing and activating Nessus, How to do it …, How it works…, There's more…
- updating / Updating Nessus, How to do it…, There's more…
- removing / Removing Nessus, There's more…
- used, for performing vulnerability scan / How to perform a vulnerability scan using Nessus, How to do it…
- used, for scanning SCADA/ICS systems / Using Nessus to scan SCADA/ICS systems, Getting ready, How do it.., There's more...
- Nessus Attack Scripting Language (NASL) / How it works…, Compliance standards
- Nessus Audit policy
- Nessus outputs
- about / Understanding Nessus outputs, Getting ready, How do it…, How it works...
- .nessus format / Nessus
- HTML file format / HTML
- CSV format / CSV
- Nessus DB format / Nessus DB
- Nessus policies
- Nessus scans
- managing / How to manage Nessus scans, How to do it…
- Nessus scan template
- Nessus settings
- managing / How to manage Nessus settings, How to do it…
- Nessus user accounts
- Nessus vulnerabilities
- confirming, with Nmap / How to confirm Nessus vulnerabilities using Nmap and other tools, Getting ready, How do it…, How it works...
- bind shell backdoor detection / How to confirm Nessus vulnerabilities using Nmap and other tools
- SSL version 2 and 3 protocol detection / How to confirm Nessus vulnerabilities using Nmap and other tools
- Apache Tomcat default files / How to confirm Nessus vulnerabilities using Nmap and other tools
- Netcraft
- reference / Site report
- Network Address Translation (NAT) / Target behind router
- network protection systems
- networks
- about / Basic networks and their components
- components / Basic networks and their components
- network vulnerability scanning
- about / Network Vulnerability Scanning, Vulnerability scanning
- procedure flow / Flow of procedures
- Host Discovery / Discovery
- port scanning / Port scanning
- usages / Uses
- complexity / Complexity
- Nmap
- about / Introducing Nessus and Nmap
- features / Various features of Nmap
- host discovery / Host discovery
- scan techniques / Scan techniques
- port specification / Port specification and scan order
- scan order / Port specification and scan order
- service or version detection / Service or version detection
- script scan / Script scan
- OS detection / OS detection
- timing and performance / Timing and performance
- evasion and spoofing / Evasion and spoofing
- output / Output
- target specification / Target specification
- downloading / Downloading and installing Nmap, How it works…
- installing / Downloading and installing Nmap, How it works…
- updating / Updating Nmap, How to do it…
- removing / Removing Nmap
- used, for confirming Nessus vulnerabilities / How to confirm Nessus vulnerabilities using Nmap and other tools, Getting ready, How do it…, How it works...
- used, for scanning SCADA/ICS / Using Nmap to scan SCADA/ICS, Getting ready, How do it…, There's more...
- Nmap command
- used, for scanning / How to specify a target, Getting ready, How do it…, How it works...
- Nmap outputs / Understanding Nmap outputs, Getting ready, How do it…, How it works...
- Nmap Script Engine
- about / Understanding Nmap Script Engine and its customization, Getting ready, How do it…, How it works...
- customization / Understanding Nmap Script Engine and its customization, Getting ready, How do it…, How it works...
- syntax / Syntax
- environment variables / Environment variables
- template / Script template
- Nmap scripts
- using / Using Nmap scripts
- http-methods / http-methods
- smb-os-discovery / smb-os-discovery
- http-sitemap-generator / http-sitemap-generator
- mysql-info / mysql-info
- number of exceptions granted metric / Number of exceptions granted
O
- open ports
- identifying / How to identify open ports, How do it…
- OpenVAS
- used, for performing vulnerability assessments / Vulnerability assessments using OpenVAS
- reference / Vulnerability assessments using OpenVAS
- Open Web Application Security Project (OWASP) testing guide
- benefits / Benefits of the framework
- operating system
- detecting / How to detect operating system, How it works…
- operating system audit
- performing / Performing an operating system audit, How do it…, How it works...
- OWASP ZAP
P
- passive information gathering
- about / Passive information gathering
- reverse IP lookup / Reverse IP lookup
- site report / Site report
- way-back / Site archive and way-back
- site archive / Site archive and way-back
- site metadata / Site metadata
- vulnerable systems, searching with Shodan / Looking for vulnerable systems using Shodan
- advanced information gathering, Maltego used / Advanced information gathering using Maltego
- theHarvester / theHarvester
- passwords
- cracking / Cracking passwords
- passwords cracking
- dictionary attack / Cracking passwords
- brute-force attack / Cracking passwords
- rainbow tables / Cracking passwords
- hashes, identifying / Identifying hashes
- Windows passwords, cracking / Cracking Windows passwords
- password profiling / Password profiling
- Hydra, using / Password cracking with Hydra
- patch enumeration
- about / Patch enumeration
- Windows patch enumeration / Windows patch enumeration
- Linux patch enumeration / Linux patch enumeration
- patching / Defining patching?
- penetration testing
- standards / Penetration testing standards
- lifecycle / Penetration testing lifecycle
- penetration testing execution standard (PTES)
- reference / Penetration testing execution standard
- benefits / Benefits of the framework
- penetration testing lifecycle
- information gathering phase / Penetration testing lifecycle
- enumeration phase / Penetration testing lifecycle
- gaining access phase / Penetration testing lifecycle
- privilege escalation phase / Penetration testing lifecycle
- maintaining access phase / Penetration testing lifecycle
- covering tracks phase / Penetration testing lifecycle
- assessment tools / List of tools to be used during assessment
- personal identification number (PIN) / Authentication
- plugin rules, Nessus
- customized reports / Customized Reports
- policy / Policy versus procedure versus standard versus guideline
- port specification
- privilege escalation
- about / What is privilege escalation?
- on Windows / Privilege escalation on Windows
- on Linux / Privilege escalation on Linux
- procedure / Policy versus procedure versus standard versus guideline
- proof of concepts (PoCs) / Identifying stakeholders
Q
- quality assurance (QA) testing / Understanding the need for security assessments
- Qualys SSL test
- reference / OWASP mapping
R
- Recon-ng / Recon-ng
- regulatory standards / Regulatory compliance
- remote access
- gaining / Gaining remote access
- direct access / Direct access
- target behind router / Target behind router
- Remote Code Execution (RCE) attack / Network Vulnerability Scanning
- Remote Procedure Call (RPC) / Authenticated and unauthenticated scans
- remote services
- exploiting, Metasploit used / Exploiting remote services using Metasploit
- Remote terminal units (RTUs) / Introduction to SCADA/ICS
- reporting
- importance / Importance of reporting
- tools / Reporting tools
- reporting tools
- about / Reporting tools
- Dradis / Dradis
- KeepNote / KeepNote
- reports
- about / Type of reports
- executive reports / Executive reports
- detailed technical reports / Detailed technical reports
- resources
- estimating / Estimating the resources and deliverables
- reverse IP lookup
- reference / Reverse IP lookup
- ROIs
- calculating / Calculating ROIs
- RouterSploit
- used, for hacking embedded devices / Hacking embedded devices using RouterSploit
S
- SCADA/ICS systems
- about / Introduction to SCADA/ICS
- scanning, with Nmap / Using Nmap to scan SCADA/ICS, Getting ready, How do it…, There's more...
- scanning, with Nessus / Using Nessus to scan SCADA/ICS systems, Getting ready, How do it.., There's more...
- scanners, Nessus
- scan order
- script scan
- performing / How to perform a script and version scan, How do it…, How it works …
- SeaSponge
- secure configuration
- Secure Shell (SSH) / Secure Shell (SSH), SSH
- security
- about / Security basics
- CIA triad / The CIA triad
- identification / Identification
- authentication / Authentication
- authorization / Authorization
- auditing / Auditing
- accounting / Accounting
- non–repudiation / Non–repudiation
- vulnerability / Vulnerability
- threats / Threats
- exposure / Exposure
- risk / Risk
- safeguards / Safeguards
- safeguards, examples / Safeguards
- attack vectors / Attack vectors
- Security Accounts Manager (SAM) / Cracking Windows passwords
- security assessments
- need for / Understanding the need for security assessments
- security tests, types / Types of security tests
- security audit
- internal audit / Security audit
- external audit / Security audit
- security hardening
- security misconfiguration
- about / Security misconfiguration
- OWASP mapping / OWASP mapping
- security tests
- types / Types of security tests
- security testing / Security testing
- vulnerability assessment, versus penetration testing / Vulnerability assessment versus penetration testing
- security assessment / Security assessment
- security audit / Security audit
- Server Message Block (SMB) / SMB
- session management
- about / Session management
- cookie checks / Cookie checks
- Cross-Site Request Forgery / Cross-Site Request Forgery
- OWASP mapping / OWASP mapping
- SET
- used, for social engineering / Social engineering using SET
- Shodan
- used, for searching for vulnerable systems / Looking for vulnerable systems using Shodan
- reference / Looking for vulnerable systems using Shodan
- Simple Mail Transfer Protocol (SMTP) / Scanners, SMTP
- single point of contact (SPOC) / Identifying stakeholders
- social engineering
- SET, using / Social engineering using SET
- software management / Software management
- SPARTA
- used, for active information gathering / Active information gathering with SPARTA
- stakeholders
- executive/top management / Identifying stakeholders
- IT security head / Identifying stakeholders
- VA lead tester / Identifying stakeholders
- VA tester / Identifying stakeholders
- asset owners / Identifying stakeholders
- third-party service provider / Identifying stakeholders
- end users / Identifying stakeholders
- standard / Policy versus procedure versus standard versus guideline
- standard operating procedure (SOP) / Policy versus procedure versus standard versus guideline
- Statement of Work (SoW) / Identifying stakeholders
- STRIDE
- Supervisory Control and Data Acquisition (SCADA) / Introduction to SCADA/ICS
T
- temporal metric group
- about / Temporal metric group
- exploit code maturity / Exploit code maturity
- remediation level / Remediation level
- report confidence / Report confidence
- Tenable Network Security (TNS) / Compliance standards
- testing tools
- about / Testing tools
- OWASP ZAP / OWASP ZAP
- test plan
- preparing / Preparing a test plan
- test plan, elements
- overview / Preparing a test plan
- applicable laws and regulations / Preparing a test plan
- applicable standards and guidelines / Preparing a test plan
- scope / Preparing a test plan
- assumptions / Preparing a test plan
- methodology / Preparing a test plan
- test plan / Preparing a test plan
- rules of engagement / Preparing a test plan
- stakeholder communication / Preparing a test plan
- liabilities / Preparing a test plan
- authorized approvals and signature / Preparing a test plan
- threat / What is threat modeling?
- threat modeling
- about / What is threat modeling?
- benefits / Benefits of threat modeling
- asset / Threat modeling terminology
- attack / Threat modeling terminology
- attack vector / Threat modeling terminology
- attack surface / Threat modeling terminology
- countermeasures / Threat modeling terminology
- use case / Threat modeling terminology
- abuse case / Threat modeling terminology
- actor or threat agent / Threat modeling terminology
- impact / Threat modeling terminology
- attack trees / Threat modeling terminology
- data flow diagram (DFD) / Threat modeling terminology
- process / How to model threats?
- techniques / STRIDE
- tools / Threat modeling tools
- threat modeling techniques
- threat modeling tools
- Microsoft Threat Modeling Tool / Microsoft Threat Modeling Tool
- SeaSponge / SeaSponge
- Tomcat
- exploiting / Exploiting Tomcat
- tracks
- clearing / Clearing tracks and trails
- trails
- clearing / Clearing tracks and trails
- transform
- reference / Advanced information gathering using Maltego
U
- Unicornscan / Enumerating services
- unified threat management (UTM) / Estimating the resources and deliverables
V
- version scan
- performing / How to perform a script and version scan, How do it…, How it works …
- vertical privilege escalation / Vertical privilege escalation
- Virtual Network Computing (VNC) / VNC
- vsftpd
- exploiting / Exploiting vsftpd
- vulnerability assessment
- target scope / Target scoping and planning
- target planning / Target scoping and planning
- customer requirements / Gathering requirements
- type, deciding / Deciding upon the type of vulnerability assessment
- types / Types of vulnerability assessment
- types, based on location / Types of vulnerability assessment based on the location
- types, based on knowledge about environment/infrastructure / Based on knowledge about environment/infrastructure
- announced testing / Announced and unannounced testing
- unannounced testing / Announced and unannounced testing
- automated testing / Automated testing
- manual testing / Manual testing
- execution, challenges / Estimating the resources and deliverables
- vulnerability assessment, based on knowledge about environment/infrastructure
- about / Based on knowledge about environment/infrastructure
- black-box testing / Black-box testing
- white-box testing / White-box testing
- gray-box testing / Gray-box testing
- vulnerability assessment, based on location
- external vulnerability assessment / External vulnerability assessment
- internal vulnerability assessment / Internal vulnerability assessment
- vulnerability assessment policy template / Vulnerability assessment policy template
- vulnerability assessments
- OpenVAS, using / Vulnerability assessments using OpenVAS
- vulnerability assessment scope
- common assests / Target scoping and planning
- vulnerability scan
- performing, with Nessus / How to perform a vulnerability scan using Nessus, How to do it…
- vulnerability scoring
- requirements / Requirements for vulnerability scoring
- CVSS, using / Vulnerability scoring using CVSS
- vulnerability scoring, CVSS used
- about / Vulnerability scoring using CVSS
- benefits / Vulnerability scoring using CVSS
- base metric group / Base metric group
- temporal metric group / Temporal metric group
- vulnerable component / Exploitability metrics
W
- web application scan
- performing / Performing a web application scan, How do it…, How it works...
- web application security testing
- web server / Web server
- Windows
- privilege escalation / Privilege escalation on Windows
- Windows passwords
- cracking / Cracking Windows passwords
X
- XML external entities (XXE) / Application audit
Z
- Zenmap
- using / How to use Zenmap, How do it…, How it works…