You are previewing Building Virtual Pentesting Labs for Advanced Penetration Testing.
O'Reilly logo
Building Virtual Pentesting Labs for Advanced Penetration Testing

Book Description

Build intricate virtual architecture to practice any penetration testing technique virtually

In Detail

A penetration test, also known as pentest, is a method of assessing computer and network security by replicating an attack on a computer system or network from the outside world and internal threats. With the increase of advanced hackers and threats to our virtual world, pentesting is an absolute necessity.

Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you how to build your own labs and give you a proven process to test these labs; a process that is currently used in industry by global pentesting teams. You will also learn a systematic approach to professional security testing, building routers, firewalls, and web servers to hone your pentesting skills.

What You Will Learn

  • Build routers, firewalls, and web servers to hone your pentesting skills
  • Deploy and then find the weaknesses in a firewall architecture
  • Construct a layered architecture and perform a systematic process and methodology to use for conducting an external test
  • Get introduced to several of the different security testing methodologies
  • Design monitored environments and evade them
  • Create complex architecture
  • Bypass antivirus and other protection
  • Practice methods of evasion against today's top defenses
  • Leverage the client configuration
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Building Virtual Pentesting Labs for Advanced Penetration Testing
      1. Table of Contents
      2. Building Virtual Pentesting Labs for Advanced Penetration Testing
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Introducing Penetration Testing
        1. Security testing
          1. Authentication
          2. Authorization
          3. Confidentiality
          4. Integrity
          5. Availability
          6. Non-repudiation
        2. Abstract testing methodology
          1. Planning
          2. Nonintrusive target search
          3. Intrusive target search
          4. Data analysis
          5. Reporting
        3. Myths and misconceptions of pen testing
        4. Summary
      9. 2. Choosing the Virtual Environment
        1. Open source and free environments
          1. VMware Player
          2. VirtualBox
          3. Xen
          4. Hyper-V
          5. vSphere Hypervisor
        2. Commercial environments
          1. vSphere
          2. VMware Player Plus
          3. XenServer
          4. VMware Workstation
        3. Image conversion
        4. Converting from a physical to virtual environment
        5. Summary
      10. 3. Planning a Range
        1. Planning
          1. What are we trying to accomplish?
          2. By when do we have to accomplish it?
        2. Identifying vulnerabilities
          1. Vulnerability sites
          2. Vendor sites
        3. Summary
      11. 4. Identifying Range Architecture
        1. Building the machines
          1. Building new machines
          2. Conversion
          3. Cloning a virtual machine
        2. Selecting network connections
          1. The bridged setting
          2. Network Address Translation
          3. The host-only switch
          4. The custom settings
        3. Choosing range components
          1. The attacker machine
          2. Router
          3. Firewall
          4. Web server
        4. Summary
      12. 5. Identifying a Methodology
        1. The OSSTMM
          1. The Posture Review
          2. Logistics
          3. Active detection verification
          4. Visibility Audit
          5. Access verification
          6. Trust verification
          7. Control verification
          8. Process verification
          9. Configuration verification
          10. Property validation
          11. Segregation review
          12. Exposure verification
          13. Competitive intelligence scouting
          14. Quarantine verification
          15. Privileges audit
          16. Survivability validation
          17. Alert and log review
        2. CHECK
        3. NIST SP-800-115
          1. The information security assessment methodology
          2. Technical assessment techniques
          3. Comparing tests and examinations
          4. Testing viewpoints
          5. Overt and covert
          6. Offensive Security
          7. Other methodologies
          8. Customization
        4. Summary
      13. 6. Creating an External Attack Architecture
        1. Establishing layered architectures
        2. Configuring firewall architectures
        3. iptables
          1. Deploying IDS/IPS and load balancers
          2. Intrusion Detection System (IDS)
          3. Intrusion Prevention System (IPS)
          4. Load balancers
          5. Integrating web application firewalls
        4. Summary
      14. 7. Assessment of Devices
        1. Assessing routers
        2. Evaluating switches
          1. MAC attacks
          2. VLAN hopping attacks
          3. GARP attacks
        3. Attacking the firewall
        4. Identifying the firewall rules
        5. Tricks to penetrate filters
        6. Summary
      15. 8. Architecting an IDS/IPS Range
        1. Deploying a network-based IDS
        2. Implementing the host-based IDS and endpoint security
        3. Working with virtual switches
        4. Evasion
          1. Determining thresholds
          2. Stress testing
          3. Shell code obfuscation
        5. Summary
      16. 9. Assessment of Web Servers and Web Applications
        1. Analyzing the OWASP Top Ten attacks
          1. Injection flaws
          2. Broken authentication and session management
          3. Cross-Site Scripting
          4. Insecure direct object references
          5. Security misconfiguration
          6. Sensitive data exposure
          7. Missing function-level access control
          8. Cross-Site Request Forgery
          9. Using known vulnerable components
          10. Invalidated redirects and forwards
        2. Identifying web application firewalls
        3. Penetrating web application firewalls
        4. Tools
        5. Summary
      17. 10. Testing Flat and Internal Networks
        1. The role of Vulnerability Scanners
          1. Microsoft Baseline Security Analyzer
          2. Open Vulnerability Assessment Language
          3. Scanning without credentials
          4. Nessus
          5. Scanning with credentials
        2. Dealing with host protection
          1. User Account Control
          2. The host firewall
          3. Endpoint protection
          4. Enhanced Mitigation Experience Toolkit
        3. Summary
      18. 11. Attacking Servers
        1. Common protocols and applications for servers
          1. Web
          2. File Transfer Protocol
          3. Protocol research
          4. Secure Shell
          5. Mail
        2. Database assessment
          1. MSSQL
          2. MySQL
          3. Oracle
        3. OS platform specifics
          1. Windows legacy
          2. Windows Server 2008 and 2012
          3. Unix
          4. Linux
          5. MAC
        4. Summary
      19. 12. Exploring Client-side Attack Vectors
        1. Client-side attack methods
          1. Bait
          2. Lure
        2. Pilfering data from the client
        3. Using the client as a pivot point
          1. Pivoting
          2. Proxy exploitation
          3. Leveraging the client configuration
        4. Client-side exploitation
        5. Binary payloads
        6. Malicious PDF files
        7. Bypassing antivirus and other protection tools
        8. Obfuscation and encoding
        9. Summary
      20. 13. Building a Complete Cyber Range
        1. Creating the layered architecture
          1. Architecting the switching
            1. Segmenting the architecture
              1. A public DMZ
              2. A private DMZ
              3. Decoy DMZ
        2. Integrating decoys and honeypots
        3. Attacking the cyber range
        4. Recording the attack data for further training and analysis
        5. Summary
      21. Index