Travis DeForge
SKU: 9788197081866
ISBN: 9788197081866
eISBN: 9788197081880
Rights: Worldwide
Author Name: Travis DeForge
Publishing Date: 30-March-2024
Dimension: 7.5*9.25 Inches
Binding: Paperback
Page Count: 204
Download code from GitHubKey Features
● Strategic deployment of Nmap across diverse security assessments, optimizing its capabilities for each scenario.
● Proficient mapping of corporate attack surfaces, precise fingerprinting of system information, and accurate identification of vulnerabilities.
● Seamless integration of advanced obfuscation tactics and firewall evasion techniques into your scanning strategies, ensuring thorough and effective assessments.
Book Description
This essential handbook offers a systematic journey through the intricacies of Nmap, providing both novice and seasoned professionals with the tools and techniques needed to conduct thorough security assessments with confidence. The purpose of this book is to educate and empower cyber security professionals to increase their skill set, and by extension, contribute positively to the cyber security posture of organizations through the use of Nmap.
This book starts at the ground floor by establishing a baseline understanding of what Penetration Testing is, how it is similar but distinct from other types of security engagements, and just how powerful of a tool Nmap can be to include in a pen tester’s arsenal. By systematically building the reader's proficiency through thought-provoking case studies, guided hands-on challenges, and robust discussions about how and why to employ different techniques, the reader will finish each chapter with new tangible skills.
With practical best practices and considerations, you'll learn how to optimize your Nmap scans while minimizing risks and false positives. At the end, you will be able to test your knowledge with Nmap practice questions and utilize the quick reference guide for easy access to essential commands and functions.
What you will learn
● Establish a robust penetration testing lab environment to simulate real-world scenarios effectively.
● Utilize Nmap proficiently to thoroughly map an organization’s attack surface identifying potential entry points and weaknesses.
● Conduct comprehensive vulnerability scanning and exploiting discovered vulnerabilities using Nmap’s powerful features.
● Navigate complex and extensive network environments with ease and precision, optimizing scanning efficiency.
● Implement advanced obfuscation techniques to bypass security measures and accurately assess system vulnerabilities.
● Master the capabilities of the Nmap Scripting Engine, enhancing your toolkit with custom scripts for tailored security assessments and automated tasks.
Who is This Book For?
This book is tailored for junior and aspiring cybersecurity professionals, offering a comprehensive journey into advanced penetration testing methodologies to elevate their skills to proficiently navigate complex cybersecurity landscapes. While a basic grasp of networking concepts and intrusion detection systems can be advantageous not a prerequisite to derive significant value from this resource. Whether you’re seeking to fortify your understanding of penetration testing or aiming to expand your arsenal with sophisticated Nmap techniques, this book provides a valuable roadmap for growth in the field of cybersecurity.
2. Setting Up a Lab Environment For Nmap
3. Introduction to Attack Surface Mapping
4. Identifying Vulnerabilities Through Reconnaissance and Enumeration
5. Mapping a Large Environment
6. Leveraging Zenmap and Legion
7. Advanced Obfuscation and Firewall Evasion Techniques
8. Leveraging the Nmap Scripting Engine
9. Best Practices and Considerations
APPENDIX A. Additional Questions
APPENDIX B. Nmap Quick Reference Guide
Index
Travis DeForge is the Manager of Cybersecurity Engineering at Gotham Security, a US-based boutique cybersecurity firm that provides high-quality penetration testing, malicious adversary simulation, threat intelligence, and cybersecurity strategy services. In this role, Travis routinely conducts network and web application penetration tests, social engineering engagements, and cloud security assessments for multibillion-dollar global organizations.
Travis holds a Bachelor of Arts from the University of Vermont in Mandarin Chinese and a Master of Science from Western Governors University in Information Technology Management as well as numerous certifications in networking, project management, cyber security, cloud computing, and information technology including CompTIA SecuritY+, Network+, Pentest+ and Lean Six Sigma Blackbelt.
Before joining Gotham Security, Travis served as a Military Intelligence Officer in the United States Army for several years. During this tenure, he held several positions related to signals intelligence (SIGINT), open-source intelligence (OSINT), electronic warfare (EW), and information operations at both the tactical and operational levels. Travis brings his experience working in the Department of Defense and the intelligence community together with penetration testing expertise to provide high-quality insight to clients.
Travis routinely creates open-source content for the cyber security community through a recurring video series he cohosts called Cyber Judo; as well as by engaging in numerous speaking engagements for local chapters of the Open Web Application Security Project (OWASP) as well as the Federal Reserve Bank. While professionally, Travis is an engineer, he is a teacher at heart and loves to help mentor and educate those interested in cybersecurity.
____________________________________________________________________________________________
____________________________________________________________________________________________
Michael Hallman is an Associate Security Engineer at Gotham Security, where he conducts day-to-day activities such as penetration testing applications and APIs. He also performs social engineering engagements and risk assessments.
Michael is an AWS Cloud Practitioner and a dual-degreed cybersecurity professional. He has participated in numerous CTF competitions, including USCC, Hack a Sat, Defcon, and NCL. He is highly experienced in vulnerability assessment, enumeration, and digital forensics, utilizing multiple tools in penetration testing for network and application security.
He is proficient in various operating systems, including Windows, Server, Linux, and MacOS.
He is skilled in using a wide range of tools such as NMAP, Nessus, Nikto, Burpsuite, Zap, Dirbuster, Gobuster, Feroxbuster, Wireshark, Netcat, John, Hydra, Hashcat, Exiftool, SQL Map, FTK Imager, Autopsy, Foremost, Zeek (formerly Bro), Snort, and Kibana.
Michael's skills include enumeration, social engineering, SQL injection, cross-site scripting (XSS), network penetration testing, and web application OWASP 10.