Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Editi电子书

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Credits

About the Author

Acknowledgments

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

1. Introducing Penetration Testing

Security testing

Authentication

Authorization

Confidentiality

Integrity

Availability

Non-repudiation

An abstract testing methodology

Planning

Nonintrusive target search

Nslookup

Central Ops

The Wayback Machine

Shodan

Intrusive target search

Find live systems

Discover open ports

Discover services

Enumeration

Identify vulnerabilities

Exploitation

Data analysis

Reporting

Description

Analysis and exposure

Recommendations

References

Myths and misconceptions about pen testing

Summary

2. Choosing the Virtual Environment

Open source and free environments

VMware Workstation Player

VirtualBox

Xen

Hyper-V

vSphere Hypervisor

Commercial environments

vSphere

XenServer

VMware Workstation Pro

Image conversion

Converting from a physical to a virtual environment

Summary

3. Planning a Range

Planning

What are we trying to accomplish?

By when do we have to accomplish it?

Identifying vulnerabilities

Vulnerability sites

Vendor sites

Summary

4. Identifying Range Architectures

Building the machines

Building new machines

Conversion

Cloning a virtual machine

Selecting network connections

The bridged setting

Network Address Translation

The host-only switch

The custom settings

Choosing range components

The attacker machine

Router

Firewall

Web server

Readers' challenge

Summary

5. Identifying a Methodology

The OSSTMM

The Posture Review

Logistics

Active detection verification

Visibility Audit

Access verification

Trust verification

Control verification

Process verification

Configuration verification

Property validation

Segregation review

Exposure verification

Competitive intelligence scouting

Quarantine verification

Privileges audit

Survivability validation

Alert and log review

CHECK

NIST SP-800-115

The information security assessment methodology

Technical assessment techniques

Comparing tests and examinations

Testing viewpoints

Overt and covert

Penetration Testing Execution Standard (PTES)

Offensive Security

Other methodologies

Customization

Readers' challenge

Summary

6. Creating an External Attack Architecture

Configuring firewall architectures and establishing layered architectures

iptables

Testing

Adding a web server

Configuring the second layer

Setting the VLAN

Review pfSense

Deploying IDS

Intrusion Detection System (IDS)

Readers' challenge

Summary

7. Assessment of Devices

Assessing routers

Router machine

Router scanning analysis

Verify our assumptions

Kali 2.0

iptables

Iptables network analysis

Evaluating switches

VLAN hopping attacks

GARP attacks

Layer two attack tool

Attacking the firewall

Tricks to penetrate filters

Readers' challenge

Summary

8. Architecting an IDS/IPS Range

Deploying a network-based IDS

Security Incident and Event Management (SIEM)

Implementing the host-based IDS and endpoint security

Working with virtual switches

Evasion

Determining thresholds

Stress testing

Shell code obfuscation

Readers' challenge

Summary

9. Assessment of Web Servers and Web Applications

OWASP top ten attacks

Analysing web applications with Burp Suite

Input validation example

Integrating web application firewalls

Penetrating web application firewalls

Tools

Readers' challenge

Summary

10. Testing Flat and Internal Networks

The role of vulnerability scanners

Microsoft Baseline Security Analyzer

Scanning without credentials

Nessus

Scanning with credentials

Dealing with host protection

User Account Control

The host firewall

Endpoint protection

Enhanced Mitigation Experience Toolkit

Bypassing EMET

Readers' challenge

Summary

11. Testing Servers

Common protocols and applications for servers

Web

File transfer protocol

Protocol research

Secure Shell

Mail

Database assessment

MS SQL

MySQL

Oracle

OS platform specifics

Windows legacy

Windows Server 2008, 2012, and 2016

Unix

Linux

MAC

Readers' challenge

Summary

12. Exploring Client-Side Attack Vectors

Client-side attack methods

Bait

Lure

Pilfering data from the client

Using the client as a pivot point

Pivoting

Proxy exploitation

Leveraging the client configuration

Client-side exploitation

Client-side exploitation using PowerShell

Bypassing antivirus and other protection tools

Readers' challenge

Summary

13. Building a Complete Cyber Range

Creating the layered architecture

Architecting the switching

Segmenting the architecture

A public DMZ

A private DMZ

Decoy DMZ

Building a complete enterprise architecture

Integrating decoys and honeypots

Attacking the cyber range

Recording the attack data for further training and analysis

Readers' challenge

Summary