eBook - ePub

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Name: Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Author: Kevin Cardwell

Kevin Cardwell

Share book

524 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Kevin Cardwell

Book details

Book preview

Table of contents

Citations

About This Book

Learn how to build complex virtual architectures that allow you to perform virtually any required testing methodology and perfect itAbout This Book• Explore and build intricate architectures that allow you to emulate an enterprise network• Test and enhance your security skills against complex and hardened virtual architecture• Learn methods to bypass common enterprise defenses and leverage them to test the most secure environments.Who This Book Is ForWhile the book targets advanced penetration testing, the process is systematic and as such will provide even beginners with a solid methodology and approach to testing.You are expected to have network and security knowledge. The book is intended for anyone who wants to build and enhance their existing professional security and penetration testing methods and skills.What You Will Learn • Learning proven security testing and penetration testing techniques• Building multi-layered complex architectures to test the latest network designs• Applying a professional testing methodology• Determining whether there are filters between you and the target and how to penetrate them• Deploying and finding weaknesses in common firewall architectures.• Learning advanced techniques to deploy against hardened environments• Learning methods to circumvent endpoint protection controls In DetailSecurity flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep. With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams.Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you're going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients.Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams. Style and approach The book is written in an easy-to-follow format that provides a step–by-step, process-centric approach. Additionally, there are numerous hands-on examples and additional references for readers who might want to learn even more. The process developed throughout the book has been used to train and build teams all around the world as professional security and penetration testers.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition an online PDF/ePUB?

Yes, you can access Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition by Kevin Cardwell in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciberseguridad. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2016

ISBN

9781785884955

Edition

Topic

Ciencia de la computación

Subtopic

Ciberseguridad

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: June 2014

Second edition: August 2016

Production reference: 1240816

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-78588-349-1

www.packtpub.com

Credits

Authors Kevin Cardwell	Copy Editors Madhusudan Uchil
Reviewer Joseph Muniz	Project Coordinator Judie Jose
Commissioning Editor Kartikey Pandey	Proofreader Safis Editing
Acquisition Editor Kirk D'costa	Indexer Hemangini Bari
Content Development Editor Abhishek Jadhav	Graphics Kirk D'Penha
Technical Editor Vishal K. Mewada	Production Coordinator Shantanu Zagade

About the Author

Kevin Cardwell is currently working as a freelance consultant and provides consulting services for companies throughout the world, and he also works as an advisor to numerous government entities within the USA, the Middle East, Africa, Asia, and the UK. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is the author of the Center for Advanced Security and Training (CAST), Advanced Network Defense, and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics courses. He has presented at the Black Hat USA, Hacker Halted, ISSA, and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyber Defense Summit in Oman and was the executive chairman of the Oil and Gas Cyber Defense Summit. He is the author of Building Virtual Pen testing Labs for Advanced Penetration Testing, 1st Edition, Advanced Penetration Testing for Highly Secured Environments, Second Edition, and Backtrack: Testing Wireless Network Security. He holds a bachelor of science degree in computer science from National University in California and a master’s degree in software engineering from the Southern Methodist University (SMU) in Texas. He developed the strategy and training development plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and he developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe, and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks, and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman, and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016 as well as for the Oman Telephone Company. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices, as well as applications.

Acknowledgments

This book is dedicated to all of the students I have had over the years. Each class is a new learning experience, and taking from that is how a book like this gets created. I would also like to thank Loredana, Aspen, and my family for all of their support, which makes this book possible.

About the Reviewer

Joseph Muniz is an architect at Cisco Systems and a security researcher. He started his career in software development and later managed networks as a contracted technical resource. He moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved in the design and implementation of multiple projects, ranging from Fortune 500 corporations to large federal networks. He has spoken at popular security conferences such as RSA, DEFCON, and Cisco Live on various topics. You can learn more about him by visiting his blogs at http://www.thesecurityblogger.com/.

Joseph has authored the following books as well as contributing to many other publications:

Security Operations Center: Building, Operating and Maintaining your SOC—November 2015 Cisco Press
Penetration Testing with Raspberry Pi—January 2015 Packt Publishing
Web Penetration Testing with Kali Linux—August 2013 Packt Publishing

I would like to give a huge thank you to my friends and family for supporting me in this and my other crazy projects. This book goes out to Irene Muniz, Ray Muniz, Alex and Martha Muniz, Raylin Muniz, my friends at Cisco, and the many other great people in my life.

www.PacktPub.com

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser

Preface

This book will provide you with a systematic process to follow when building a virtual environment to practice penetration testing. This book teaches you how to build the architecture, identify the latest vulnerabilities, and test them in your own environment before you use them in a production environment. This allows you to build, enhance, and hone your penetration-testing skills.

What this book covers

Chapter 1, Introducing Penetration Testing, provides an introduction to what pen testing is and explains how a component of professional security testing and it is the validation of vulnerabilities. By understanding penetration testing, we can prepare for providing professional security testing services to our clients.

Chapter 2, Choosing the Virtual Environment, explores the different types of virtualization technologies and introduces a number of different options. We then compare and contrast and select our software for our range.

Chapter 3, Planning a Range, takes you through the process of what is required to plan a test environment. Professional testing is all about planning and practicing against different vulnerabilities. We review the planning techniques of the professional security tester.

C...