Building Virtual Pentesting Labs for Advanced Penetration Testing电子书

Building Virtual Pentesting Labs for Advanced Penetration Testing

Table of Contents

Building Virtual Pentesting Labs for Advanced Penetration Testing

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Introducing Penetration Testing

Security testing

Authentication

Authorization

Confidentiality

Integrity

Availability

Non-repudiation

Abstract testing methodology

Planning

Nonintrusive target search

Intrusive target search

Data analysis

Reporting

Myths and misconceptions of pen testing

Summary

2. Choosing the Virtual Environment

Open source and free environments

VMware Player

VirtualBox

Xen

Hyper-V

vSphere Hypervisor

Commercial environments

vSphere

VMware Player Plus

XenServer

VMware Workstation

Image conversion

Converting from a physical to virtual environment

Summary

3. Planning a Range

Planning

What are we trying to accomplish?

By when do we have to accomplish it?

Identifying vulnerabilities

Vulnerability sites

Vendor sites

Summary

4. Identifying Range Architecture

Building the machines

Building new machines

Conversion

Cloning a virtual machine

Selecting network connections

The bridged setting

Network Address Translation

The host-only switch

The custom settings

Choosing range components

The attacker machine

Router

Firewall

Web server

Summary

5. Identifying a Methodology

The OSSTMM

The Posture Review

Logistics

Active detection verification

Visibility Audit

Access verification

Trust verification

Control verification

Process verification

Configuration verification

Property validation

Segregation review

Exposure verification

Competitive intelligence scouting

Quarantine verification

Privileges audit

Survivability validation

Alert and log review

CHECK

NIST SP-800-115

The information security assessment methodology

Technical assessment techniques

Comparing tests and examinations

Testing viewpoints

Overt and covert

Offensive Security

Other methodologies

Customization

Summary

6. Creating an External Attack Architecture

Establishing layered architectures

Configuring firewall architectures

iptables

Deploying IDS/IPS and load balancers

Intrusion Detection System (IDS)

Intrusion Prevention System (IPS)

Load balancers

Integrating web application firewalls

Summary

7. Assessment of Devices

Assessing routers

Evaluating switches

MAC attacks

VLAN hopping attacks

GARP attacks

Attacking the firewall

Identifying the firewall rules

Tricks to penetrate filters

Summary

8. Architecting an IDS/IPS Range

Deploying a network-based IDS

Implementing the host-based IDS and endpoint security

Working with virtual switches

Evasion

Determining thresholds

Stress testing

Shell code obfuscation

Summary

9. Assessment of Web Servers and Web Applications

Analyzing the OWASP Top Ten attacks

Injection flaws

Broken authentication and session management

Cross-Site Scripting

Insecure direct object references

Security misconfiguration

Sensitive data exposure

Missing function-level access control

Cross-Site Request Forgery

Using known vulnerable components

Invalidated redirects and forwards

Identifying web application firewalls

Penetrating web application firewalls

Tools

Summary

10. Testing Flat and Internal Networks

The role of Vulnerability Scanners

Microsoft Baseline Security Analyzer

Open Vulnerability Assessment Language

Scanning without credentials

Nessus

Scanning with credentials

Dealing with host protection

User Account Control

The host firewall

Endpoint protection

Enhanced Mitigation Experience Toolkit

Summary

11. Attacking Servers

Common protocols and applications for servers

Web

File Transfer Protocol

Protocol research

Secure Shell

Mail

Database assessment

MSSQL

MySQL

Oracle

OS platform specifics

Windows legacy

Windows Server 2008 and 2012

Unix

Linux

MAC

Summary

12. Exploring Client-side Attack Vectors

Client-side attack methods

Bait

Lure

Pilfering data from the client

Using the client as a pivot point

Pivoting

Proxy exploitation

Leveraging the client configuration

Client-side exploitation

Binary payloads

Malicious PDF files

Bypassing antivirus and other protection tools

Obfuscation and encoding

Summary

13. Building a Complete Cyber Range

Creating the layered architecture

Architecting the switching

Segmenting the architecture

A public DMZ

A private DMZ

Decoy DMZ

Integrating decoys and honeypots

Attacking the cyber range

Recording the attack data for further training and analysis

Summary

Index