You are previewing Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition.
O'Reilly logo
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Book Description

Learn how to build complex virtual architectures that allow you to perform virtually any required testing methodology and perfect it

About This Book

  • Explore and build intricate architectures that allow you to emulate an enterprise network

  • Test and enhance your security skills against complex and hardened virtual architecture

  • Learn methods to bypass common enterprise defenses and leverage them to test the most secure environments.

  • Who This Book Is For

    While the book targets advanced penetration testing, the process is systematic and as such will provide even beginners with a solid methodology and approach to testing.

    You are expected to have network and security knowledge. The book is intended for anyone who wants to build and enhance their existing professional security and penetration testing methods and skills.

    What You Will Learn

  • Learning proven security testing and penetration testing techniques

  • Building multi-layered complex architectures to test the latest network designs

  • Applying a professional testing methodology

  • Determining whether there are filters between you and the target and how to penetrate them

  • Deploying and finding weaknesses in common firewall architectures.

  • Learning advanced techniques to deploy against hardened environments

  • Learning methods to circumvent endpoint protection controls

  • In Detail

    Security flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep . With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams.

    Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you’re going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients.

    Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams.

    Style and approach

    The book is written in an easy-to-follow format that provides a step–by-step, process-centric approach. Additionally, there are numerous hands-on examples and additional references for readers who might want to learn even more. The process developed throughout the book has been used to train and build teams all around the world as professional security and penetration testers.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
      1. Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
      2. Credits
      3. About the Author
      4. Acknowledgments
      5. About the Reviewer
      6. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
        7. Downloading the color images of this book
        8. Errata
        9. Piracy
        10. Questions
      8. 1. Introducing Penetration Testing
        1. Security testing
          1. Authentication
          2. Authorization
          3. Confidentiality
          4. Integrity
          5. Availability
          6. Non-repudiation
        2. An abstract testing methodology
          1. Planning
          2. Nonintrusive target search
            1. Nslookup
            2. Central Ops
            3. The Wayback Machine
            4. Shodan
          3. Intrusive target search
            1. Find live systems
            2. Discover open ports
          4. Discover services
          5. Enumeration
          6. Identify vulnerabilities
          7. Exploitation
          8. Data analysis
        3. Reporting
          1. Description
          2. Analysis and exposure
          3. Recommendations
          4. References
        4. Myths and misconceptions about pen testing
        5. Summary
      9. 2. Choosing the Virtual Environment
        1. Open source and free environments
          1. VMware Workstation Player
          2. VirtualBox
          3. Xen
          4. Hyper-V
          5. vSphere Hypervisor
        2. Commercial environments
          1. vSphere
          2. XenServer
          3. VMware Workstation Pro
        3. Image conversion
        4. Converting from a physical to a virtual environment
        5. Summary
      10. 3. Planning a Range
        1. Planning
          1. What are we trying to accomplish?
          2. By when do we have to accomplish it?
        2. Identifying vulnerabilities
          1. Vulnerability sites
          2. Vendor sites
        3. Summary
      11. 4. Identifying Range Architectures
        1. Building the machines
          1. Building new machines
          2. Conversion
          3. Cloning a virtual machine
        2. Selecting network connections
          1. The bridged setting
          2. Network Address Translation
          3. The host-only switch
          4. The custom settings
        3. Choosing range components
          1. The attacker machine
          2. Router
          3. Firewall
          4. Web server
        4. Readers' challenge
        5. Summary
      12. 5. Identifying a Methodology
        1. The OSSTMM
          1. The Posture Review
          2. Logistics
          3. Active detection verification
          4. Visibility Audit
          5. Access verification
          6. Trust verification
          7. Control verification
          8. Process verification
          9. Configuration verification
          10. Property validation
          11. Segregation review
          12. Exposure verification
          13. Competitive intelligence scouting
          14. Quarantine verification
          15. Privileges audit
          16. Survivability validation
          17. Alert and log review
        2. CHECK
        3. NIST SP-800-115
          1. The information security assessment methodology
          2. Technical assessment techniques
          3. Comparing tests and examinations
          4. Testing viewpoints
          5. Overt and covert
          6. Penetration Testing Execution Standard (PTES)
          7. Offensive Security
          8. Other methodologies
          9. Customization
        4. Readers' challenge
        5. Summary
      13. 6. Creating an External Attack Architecture
        1. Configuring firewall architectures and establishing layered architectures
          1. iptables
          2. Testing
          3. Adding a web server
          4. Configuring the second layer
            1. Setting the VLAN
          5. Review pfSense
          6. Deploying IDS
          7. Intrusion Detection System (IDS)
        2. Readers' challenge
        3. Summary
      14. 7. Assessment of Devices
        1. Assessing routers
          1. Router machine
          2. Router scanning analysis
          3. Verify our assumptions
          4. Kali 2.0
          5. iptables
          6. Iptables network analysis
        2. Evaluating switches
          1. VLAN hopping attacks
          2. GARP attacks
          3. Layer two attack tool
        3. Attacking the firewall
        4. Tricks to penetrate filters
        5. Readers' challenge
        6. Summary
      15. 8. Architecting an IDS/IPS Range
        1. Deploying a network-based IDS
        2. Security Incident and Event Management (SIEM)
        3. Implementing the host-based IDS and endpoint security
        4. Working with virtual switches
        5. Evasion
          1. Determining thresholds
          2. Stress testing
          3. Shell code obfuscation
        6. Readers' challenge
        7. Summary
      16. 9. Assessment of Web Servers and Web Applications
        1. OWASP top ten attacks
        2. Analysing web applications with Burp Suite
          1. Input validation example
          2. Integrating web application firewalls
        3. Penetrating web application firewalls
        4. Tools
        5. Readers' challenge
        6. Summary
      17. 10. Testing Flat and Internal Networks
        1. The role of vulnerability scanners
          1. Microsoft Baseline Security Analyzer
          2. Scanning without credentials
          3. Nessus
          4. Scanning with credentials
        2. Dealing with host protection
          1. User Account Control
          2. The host firewall
          3. Endpoint protection
          4. Enhanced Mitigation Experience Toolkit
            1. Bypassing EMET
        3. Readers' challenge
        4. Summary
      18. 11. Testing Servers
        1. Common protocols and applications for servers
          1. Web
          2. File transfer protocol
          3. Protocol research
          4. Secure Shell
          5. Mail
        2. Database assessment
          1. MS SQL
          2. MySQL
          3. Oracle
        3. OS platform specifics
          1. Windows legacy
          2. Windows Server 2008, 2012, and 2016
          3. Unix
          4. Linux
          5. MAC
        4. Readers' challenge
        5. Summary
      19. 12. Exploring Client-Side Attack Vectors
        1. Client-side attack methods
          1. Bait
          2. Lure
          3. Pilfering data from the client
          4. Using the client as a pivot point
            1. Pivoting
            2. Proxy exploitation
            3. Leveraging the client configuration
          5. Client-side exploitation
          6. Client-side exploitation using PowerShell
          7. Bypassing antivirus and other protection tools
        2. Readers' challenge
        3. Summary
      20. 13. Building a Complete Cyber Range
        1. Creating the layered architecture
          1. Architecting the switching
            1. Segmenting the architecture
              1. A public DMZ
              2. A private DMZ
              3. Decoy DMZ
            2. Building a complete enterprise architecture
        2. Integrating decoys and honeypots
        3. Attacking the cyber range
        4. Recording the attack data for further training and analysis
        5. Readers' challenge
        6. Summary