Samsara

   （本文引自WWW.BLACKHAT-FORUMS.COM ,作者   d1m ）

 Building a pen-testing Methodology from the ground up.

Still got more to add, this is just a fraction of my what ive read the past year and a half, since I started.
Making it anywhere takes the zeal, patience, and constitution to go as far as needed. (oh yeah, and a fuckload of trial and error)
 

/*also i'd like to thank the following protocols and standards for making internal hacking a fucking cakewalk: NFS! NIS (YP)! LDAP! (SMB) NETBIOS! Active Directory! SNMP! <3 <3 <3 haha */

First things first, communication: Understanding TCPIP
My recommendations: after you read each section, fire up ethereal and packet capture, start sending and rcving packets, to understand really whats going on!

tcp-ip illustrated:

ethereal traffic analyzer:

Then start studing on ARP/MITM based attacks.

INTRO to DNS/ Zone Transfer
I need to add more to this one but this should get you covered, most of the other books on hacking I list here for other things, go over this above and beyond anyway, but enjoy!

Understanding Scanning
Included: James messer: Secrets of network cartography
Fyodor (nmap author) TCP IP OS Fingerprinting Phrack Article
And a Firewall Ruleset mapping intro (Stateful or Packet filtering
evasion)

heres some links for video presentations of scanning:

FYODOR(NMAP AUTHORS) Video… must watch!

Consult Insecure.org for more!

CCNA, CISCO CERTIFIED NETWORK ASSOCIATE
Cisco pretty much defines routing and networking these days, skim over this at least.

WIRELESS HACKING
Included are a few various PDF's and the amazing book WIFOO, most definatly check it out.

LAYER 2 OWNAGE
Little collection of ARP/MITM attack papers. This is more than fun, so be sure to read it. it accounts for 90% of internal hacking.

Google hacking for penetration testers, most definatly read this.
what it will provide:
Skills to pretty much understand advanced operators, and Google's SOAP API for finding anything you want (remember google is the oracle, and accounts for about 90% of the information you glean during reconnassaince in a pen-test)

Johnns longs live presentation video at defcon, MUST SEE!

Info Gathering
Most important stage of pen-test, this is just a little bit.

Info gathering - by Aelphaeis Mangarae included.

HACK IT SEC: through pen-testing
decent for understanding pen-testing fundamentals.

CEH (Certified Ethical Hackers exam) Covers the more conventional pen-testing methodology… its a real certification, and its great.
Go through all the modules at least once (if some of the tools seem outdated or you think you can improve the methods in some of the phases, then do it, remember it is a pen-test.)

also check out Cisco Press Penetration Testing and Network Defense

CISSP: Security Specialist Cert.
This is important too, try to go over most of this, and especially if you're interested in the cert

ZEN and the ART OF INFORMATION SECURITY by SYNGRESS
Good book to get you started on the infoSec mindset.

And Vulnerability Enumeration for penetration testing

By Aelphaeis Mangarae

Quick and indepth look into linux, administering and hardening it
Understand at least the basics of linux are important for hacking, as
most web servers are running shit like LAMP (linux, apache, mysql,php)
because its free, so read! get vmware and follow along if you dont want to make a linux partition.

Web app security is a must, considering most of the attacks are through the HYPER TEXT TARGET PROTOCOL

So definatly read these two, along with SPIDYNAMICS SQL whitepapers, and use your newly found google crawling abilities to find even more filtype:pdf's about webapp security.

little more in depth

w3schools.org
Make a quick run through:
SQL
PHP
HTML
peruse CSS

Small collage of SQL/PHP/XSS papers
follow the links at the end of these, be sure to try the shit you're reading

HACKnotes: a must for referencing
Sometimes you'll find yourself referencing shit over and over again, and these books are just that, peruse them, and use it during a pen-test.

HACKING EXPOSED; another major reference

this is 2nd edition, kinda old, feel free to crawl for more.

HACKING: ART of EXPLOITATION
MOST DEFINATLY read this until you understand the x86 stack, and its structure, and how differrent type of exploits work, also pay attention to the network exploitation chapters, as theyre really indepth as well.

Stealing the network & other must hacker reads

2 books in one…. fucking amazing, you must read. i also have stealing the identity, and stealing the shadow, i'll post lat0r.

Windows internals
Understanding the inner mechanics and subsystems of the kernel(brain child of the os) will help you a long way if you are a developing a device driver with NTDDK or coder, understanding how memory is mapped and handles, and how objects are handled is important to, give this one a read, get your Sysinternals toolkit ready, cause you'll be following along

MORE WINDOWS KERNEL INTERNALS
This is a huuuuuge project by a korean Driver development team, its amazingly in-depth, give it a read.

ROOTKIT:Subverting The Windows Kernel
After perusing Windows internals give this a read if you're interested in furthering your gains while entrenching (maintaining access to your targets)

DISSASSEMBLY
Disasm is very important as well. Also its fun for owning botnet kiddies, haha.

CRYPTOGRAPHY
Applied crypto is important, its not important to be insanely versed in crypto, but knowin the fundamentals is important.

VPN IPSEC book included
Wiley.CRYPTO and comp Security included
and a few more

Other shit you need to do:

Read all of the important papers on milw0rm/ other infosec sites.
Bookmark every decent infosec site and read it daily.
read slashdot daily.
read all of the phrack releases/h0no ezines/ el8 ezine/ PU ezine/ zf0
read all of the RFC's in your spare time.
Sign yourself up for mailing lists like vulnwatch,pentesting,infosec, etc…
Check RSS feeds daily for w/e
Be semi-active in IRC if possible to interact and share knowledge with others
Set up Vmware networks and test exploits yourself, make real situations out of it, where you gotta perform real black-box style hacks.
Exercise 2-3 hours a day, eat healthy (gotta be leet irl too, lmfao)

Realising how little you know, is the first step.