Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing

By : Kevin Cardwell
Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing

By: Kevin Cardwell

Overview of this book

Table of Contents (20 chapters)
Building Virtual Pentesting Labs for Advanced Penetration Testing
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Identifying vulnerabilities


As we have already defined pen testing as the validation and verification of vulnerabilities, this is one of our main focuses when we are preparing to build a pen testing lab. We have to find vulnerabilities that we can leverage to gain access when the scope of work permits it. You will spend the most time in preparation on trying to find vulnerabilities that will provide the access we need and also be reliable.

The important thing to remember is that all systems will have vulnerabilities, but not all vulnerabilities will have exploits. There will be many occasions when you see there is a vulnerability, but your search does not discover an exploit for that vulnerability; moreover, you might find an exploit, but it will not work against the target you have. This is because, as we like to say, exploitation is not 100 percent. Often, you will do everything right, but the exploit will just fail! Welcome to the real world of penetration testing.

Before we look at information...