eBook - ePub

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Name: Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Author: Kevin Cardwell

Kevin Cardwell

Partager le livre

524 pages
English
ePUB (adapté aux mobiles)
Disponible sur iOS et Android

eBook - ePub

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Kevin Cardwell

Détails du livre

Aperçu du livre

Table des matières

Citations

À propos de ce livre

Learn how to build complex virtual architectures that allow you to perform virtually any required testing methodology and perfect itAbout This Book• Explore and build intricate architectures that allow you to emulate an enterprise network• Test and enhance your security skills against complex and hardened virtual architecture• Learn methods to bypass common enterprise defenses and leverage them to test the most secure environments.Who This Book Is ForWhile the book targets advanced penetration testing, the process is systematic and as such will provide even beginners with a solid methodology and approach to testing.You are expected to have network and security knowledge. The book is intended for anyone who wants to build and enhance their existing professional security and penetration testing methods and skills.What You Will Learn • Learning proven security testing and penetration testing techniques• Building multi-layered complex architectures to test the latest network designs• Applying a professional testing methodology• Determining whether there are filters between you and the target and how to penetrate them• Deploying and finding weaknesses in common firewall architectures.• Learning advanced techniques to deploy against hardened environments• Learning methods to circumvent endpoint protection controls In DetailSecurity flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep. With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams.Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you're going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients.Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams. Style and approach The book is written in an easy-to-follow format that provides a step–by-step, process-centric approach. Additionally, there are numerous hands-on examples and additional references for readers who might want to learn even more. The process developed throughout the book has been used to train and build teams all around the world as professional security and penetration testers.

Foire aux questions

Comment puis-je résilier mon abonnement ?

Il vous suffit de vous rendre dans la section compte dans paramètres et de cliquer sur « Résilier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez résilié votre abonnement, il restera actif pour le reste de la période pour laquelle vous avez payé. Découvrez-en plus ici.

Puis-je / comment puis-je télécharger des livres ?

Pour le moment, tous nos livres en format ePub adaptés aux mobiles peuvent être téléchargés via l’application. La plupart de nos PDF sont également disponibles en téléchargement et les autres seront téléchargeables très prochainement. Découvrez-en plus ici.

Quelle est la différence entre les formules tarifaires ?

Les deux abonnements vous donnent un accès complet à la bibliothèque et à toutes les fonctionnalités de Perlego. Les seules différences sont les tarifs ainsi que la période d’abonnement : avec l’abonnement annuel, vous économiserez environ 30 % par rapport à 12 mois d’abonnement mensuel.

Qu’est-ce que Perlego ?

Nous sommes un service d’abonnement à des ouvrages universitaires en ligne, où vous pouvez accéder à toute une bibliothèque pour un prix inférieur à celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! Découvrez-en plus ici.

Prenez-vous en charge la synthèse vocale ?

Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte à haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accélérer ou le ralentir. Découvrez-en plus ici.

Est-ce que Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition est un PDF/ePUB en ligne ?

Oui, vous pouvez accéder à Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition par Kevin Cardwell en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Computer Science et Cyber Security. Nous disposons de plus d’un million d’ouvrages à découvrir dans notre catalogue.

Informations

Éditeur

Packt Publishing

Année

2016

ISBN

9781785884955

Édition

Sujet

Computer Science

Sous-sujet

Cyber Security

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: June 2014

Second edition: August 2016

Production reference: 1240816

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-78588-349-1

www.packtpub.com

Credits

Authors Kevin Cardwell	Copy Editors Madhusudan Uchil
Reviewer Joseph Muniz	Project Coordinator Judie Jose
Commissioning Editor Kartikey Pandey	Proofreader Safis Editing
Acquisition Editor Kirk D'costa	Indexer Hemangini Bari
Content Development Editor Abhishek Jadhav	Graphics Kirk D'Penha
Technical Editor Vishal K. Mewada	Production Coordinator Shantanu Zagade

About the Author

Kevin Cardwell is currently working as a freelance consultant and provides consulting services for companies throughout the world, and he also works as an advisor to numerous government entities within the USA, the Middle East, Africa, Asia, and the UK. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is the author of the Center for Advanced Security and Training (CAST), Advanced Network Defense, and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics courses. He has presented at the Black Hat USA, Hacker Halted, ISSA, and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyber Defense Summit in Oman and was the executive chairman of the Oil and Gas Cyber Defense Summit. He is the author of Building Virtual Pen testing Labs for Advanced Penetration Testing, 1st Edition, Advanced Penetration Testing for Highly Secured Environments, Second Edition, and Backtrack: Testing Wireless Network Security. He holds a bachelor of science degree in computer science from National University in California and a master’s degree in software engineering from the Southern Methodist University (SMU) in Texas. He developed the strategy and training development plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and he developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe, and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks, and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman, and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016 as well as for the Oman Telephone Company. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices, as well as applications.

Acknowledgments

This book is dedicated to all of the students I have had over the years. Each class is a new learning experience, and taking from that is how a book like this gets created. I would also like to thank Loredana, Aspen, and my family for all of their support, which makes this book possible.

About the Reviewer

Joseph Muniz is an architect at Cisco Systems and a security researcher. He started his career in software development and later managed networks as a contracted technical resource. He moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved in the design and implementation of multiple projects, ranging from Fortune 500 corporations to large federal networks. He has spoken at popular security conferences such as RSA, DEFCON, and Cisco Live on various topics. You can learn more about him by visiting his blogs at http://www.thesecurityblogger.com/.

Joseph has authored the following books as well as contributing to many other publications:

Security Operations Center: Building, Operating and Maintaining your SOC—November 2015 Cisco Press
Penetration Testing with Raspberry Pi—January 2015 Packt Publishing
Web Penetration Testing with Kali Linux—August 2013 Packt Publishing

I would like to give a huge thank you to my friends and family for supporting me in this and my other crazy projects. This book goes out to Irene Muniz, Ray Muniz, Alex and Martha Muniz, Raylin Muniz, my friends at Cisco, and the many other great people in my life.

www.PacktPub.com

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser

Preface

This book will provide you with a systematic process to follow when building a virtual environment to practice penetration testing. This book teaches you how to build the architecture, identify the latest vulnerabilities, and test them in your own environment before you use them in a production environment. This allows you to build, enhance, and hone your penetration-testing skills.

What this book covers

Chapter 1, Introducing Penetration Testing, provides an introduction to what pen testing is and explains how a component of professional security testing and it is the validation of vulnerabilities. By understanding penetration testing, we can prepare for providing professional security testing services to our clients.

Chapter 2, Choosing the Virtual Environment, explores the different types of virtualization technologies and introduces a number of different options. We then compare and contrast and select our software for our range.

Chapter 3, Planning a Range, takes you through the process of what is required to plan a test environment. Professional testing is all about planning and practicing against different vulnerabilities. We review the planning techniques of the professional security tester.

C...