ABSTRACT
Whatever you do, don’t skip this rst chapter. It contains the background you need in order to properly utilize and understand the rest of this book. Also, keep in mind that although there are many things in here that a beginner can use, this is not being written as a beginner’s book for penetration testing. A number of items throughout the book assume that the user has the experience to recognize what is going on, how to modify something to work for your environment, and so on. So don’t expect to see everything step-by-step, and don’t expect to see explanations for everything I do. ere are other books on the market that beginners can use for steps and explanations. At times it may seem to you that certain items are out of order, or what the heck is he talking about here, or really? Stay with me anyway. Read through the book in order the rst time, start to nish; after another read or two things will fall all the more into place. I’ve lived or worked in a number of countries while serving in the military, working for the intelligence community (IC), and just as a tourist, and I’ve learned something from all of them, both culturally and technically. A list of such countries would be:
◾ China ◾ Vietnam ◾ Syria ◾ ailand ◾ Turkey
◾ Japan ◾ Canada ◾ Mexico ◾ Iceland ◾ Czech Republic
◾ Switzerland ◾ Egypt ◾ Guam
2 ◾
I’m going to mention a few things now, but I’m going to repeat this later on in the book as a reminder. Do not just jump in and begin using tools trying to hack into a system somewhere. at’s what impatient losers do (it’s also done by those who have already had the recon work done for them by someone else). You need to spend as much time as necessary learning all you can about your target without your target knowing that you are researching them. Also remember-and this applies to those whose assignment includes seeking to bypass the network defense team-that when doing recon, no matter which tool and which site you are visiting to learn information, you must keep your MAC address, IP address, and physical location a secret. at means either disguising each of those in some way, shape, or form, or using a totally dierent computer system and more than one geographical location for your endeavors. You could also be part of a team in which each of you agrees on who will do what from dispersed geographical locations. Never discuss your plans via any type of electronic means if you are up against a tough adversary-only together, in person, in whispers (and never travel to meet each other in a way that can track all of you as to being together at any one time). Patience and perseverance are your biggest allies. Keep all this in mind during other steps of the pen test process where it makes sense to do so. Impatience and poor planning will be your downfall. One more thing: Don’t do any pen test work (if you need or want to remain hidden from a powerful adversary) using modern operating systems, including both Microsoft Windows and various avors of modern Unix/ Linux. Using operating systems that were in existence prior to 1999 is ne, and if you must use email communications, there are a few anonymous ones out there, but the best route to keep your communications private is to use the email application that came with Unix prior to 1999 in conjunction with a compromised or unsecured message transfer agent (MTA). I recommend against encrypting your email communications because that just calls attention to you and raises a red ag. Instead, in your in-person meetings agree on common words or sentences used in everyday life that mean something special to your group and use those. Also, remember that the hardware you are using can be vulnerable to detection due to some extra electronics now embedded in laptops and desktops. Either build your own system from scratch or use laptops or desktops built prior to 1999. And one last thing-again, depending on just how private your penetration test needs to be-if you are up against a tough adversary, then before doing any pen testing, wipe (not just format, but wipe) your hard drive and reinstall your operating system from scratch. Do not update your operating system with any service packs, antivirus software, etc.; that will be a mistake-you want the operating system you are running to be as bare bones as possible. As soon as you do that, make a list of any and all services running on your computer and absolutely know what each one is for. You want to keep those services as stripped down as possible and check them hourly to be sure you recognize each and every one. And don’t just rely on the names of the services. Know their MD5 checksum, le size, or whatever it is that allows you to know that you have not been fooled into loading a Trojaned service. Before each pen test be sure to wipe your drive and reload your operating
system from scratch, and even if you are not pen testing, I still recommend having an image of your drive that you trust, and subsequently on a monthly basis wipe your hard drive and reload that trusted image of your operating system. e recommendations I’ve just mentioned depend on just how much you value your privacy and how powerful your adversary is.
