Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
eBook - ePub

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

  1. 414 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

About this book

In Detail

The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business's true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company.

Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.

The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.

Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.

Approach

An intensive hands-on guide to perform professional penetration testing for highly-secured environments from start to finish. You will learn to provide penetration testing services to clients with mature security infrastructure. Understand how to perform each stage of the penetration test by gaining hands-on experience in performing attacks that mimic those seen in the wild. In the end, take the challenge and perform a virtual penetration test against a fictional corporation.

Who this book is for

If you are looking for guidance and detailed instructions on how to perform a penetration test from start to finish, are looking to build out your own penetration testing lab, or are looking to improve on your existing penetration testing skills, this book is for you. Although the books attempts to accommodate those that are still new to the penetration testing field, experienced testers should be able to gain knowledge and hands-on experience as well. The book does assume that you have some experience in web application testing and as such the chapter regarding this subject may require you to understand the basic concepts of web security. The reader should also be familiar with basic IT concepts, and commonly used protocols such as TCP/IP.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weโ€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere โ€” even offline. Perfect for commutes or when youโ€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide by Lee Allen in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Table of Contents

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Planning and Scoping for a Successful Penetration Test
Introduction to advanced penetration testing
Vulnerability assessments
Penetration testing
Advanced penetration testing
Before testing begins
Determining scope
Setting limits โ€” nothing lasts forever
Rules of engagement documentation
Planning for action
Installing VirtualBox
Installing your BackTrack virtual machine
Preparing the virtual guest machine for BackTrack
Installing BackTrack on the virtual disk image
Exploring BackTrack
Logging in
Changing the default password
Updating the applications and operating system
Installing OpenOffice
Effectively manage your test results
Introduction to MagicTree
Starting MagicTree
Adding nodes
Data collection
Report generation
Introduction to the Dradis Framework
Exporting a project template
Importing a project template
Preparing sample data for import
Importing your Nmap data
Exporting data into HTML
Dradis Category field
Changing the default HTML template
Summary
2. Advanced Reconnaissance Techniques
Introduction to reconnaissance
Reconnaissance workflow
DNS recon
Nslookup โ€” it's there when you need it
Default output
Changing nameservers
Creating an automation script
What did we learn?
Domain Information Groper (Dig)
Default output
Zone transfers using Dig
Advanced features of Dig
Shortening the output
Listing the bind version
Reverse DNS lookup using Dig
Multiple commands
Tracing the path
Batching with dig
DNS brute forcing with fierce
Default command usage
Creating a custom wordlist
Gathering and validating domain and IP information
Gathering information with whois
Specifying which registrar to use
Where in the world is this IP?
Defensive measures
Using search engines to do your job for you
SHODAN
Filters
Understanding banners
HTTP banners
Finding specific assets
Finding people (and their documents) on the web
Google hacking database
Google filters
Metagoofil
Searching the Internet for clues
Metadata collection
Extracting metadata from photos using exiftool
Summary
3. Enumeration: Choosing Your Targets Wisely
Adding another virtual machine to our lab
Configuring and testing our Vlab_1 clients
BackTrack Manual ifconfig
Ubuntu โ€” Manual ifconfig
Verifying connectivity
Maintaining IP settings after reboot
Nmap โ€” getting to know you
Commonly seen Nmap scan types and options
Basic scans โ€” warming up
Other Nmap techniques
Remaining stealthy
Taking your time
Trying different scan types
SYN scan
Null scan
ACK scan
Conclusion
Shifting blame โ€” the zombies did it!
IDS rules, how to avoid them
Using decoys
Adding custom Nmap scripts to your arsenal
How to decide if a script is right for you
Adding a new script to the database
SNMP: A goldmine of information just waiting to be discovered
SNMPEnum
SNMPCheck
When the SNMP community string is NOT "public"
Creating network baselines with scanPBNJ
Setting up MySQL for PBNJ
Starting MySQL
Preparing the PBNJ database
First scan
Reviewing the data
Enumeration avoidance techniques
Naming conventions
Port knocking
Intrusion detection and avoidance systems
Trigger points
SNMP lockdown
Summary
4. Remote Exploitation
Exploitation โ€” Why bother?
Target practice โ€” Adding a Kioptrix virtual machine
Manual exploitation
Enumerating services
Quick scan with Unicornscan
Full scan with Nmap
Banner grabbing with Netcat and Ncat
Banner grabbing with Netcat
Banner grabbing with Ncat
Banner grabbing with smbclient
Searching Exploit-DB
Exploit-DB at hand
Compiling the code
Compiling the proof of concept code
Troubleshooting the code
What are all of these ^M characters and why will they not go away?
Broken strings โ€” The reunion
Running the exploit
Getting files to and from victim machines
Installing and starting a TFTP server on BackTrack 5
Installing and configuring pure-ftpd
Starting pure-ftpd
Passwords: Something you knowโ€ฆ
Cracking the hash
Brute forcing passwords
THC Hydra
Metasploit โ€” learn it and love it
Updating the Metasploit framework
Databases and Metasploit
Installing PostgreSQL on BackTrack 5
Verifying database connectivity
Performing an Nmap scan from within Metasploit
Using auxiliary modules
Using Metasploit to exploit Kioptrix
Summary
5. Web Application Exploitation
Practice makes perfect
Installing Kioptrix Level 3
Creating a Kioptrix VM Level 3 clone
Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
Installing and configuring pfSense
Preparing the virtual machine for pfSense
pfSense virtual machine persistence
Configuring the pfSense DHCP server
Starting the virtual lab
pfSense DHCP โ€” Permanent reservations
Installing HAProxy for load balancing
Adding Kioptrix3.com to the host file
Detecting load balancers
Quick reality check โ€” Load Balance Detector
So, what are we looking for anyhow?
Detecting Web Application Firewalls (WAF)
Taking on Level 3 โ€” Kioptrix
Web Application Attack and Audit Framework (w3af)
Using w3af GUI to save time
Scanning by using the w3af console
Using WebScarab as a HTTP proxy
Introduction to Mantra
Summary
6. Exploits and Client-Side Attacks
Buffer overflows โ€” A refresher
"C"ing is believing โ€” Create a vulnerable program
Turning ASLR on and off in BackTrack
Understanding the...

Table of contents

  1. Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide