Book Image

Advanced Penetration Testing for Highly-Secured Environments, Second Edition - Second Edition

By : Lee Allen, Kevin Cardwell
Book Image

Advanced Penetration Testing for Highly-Secured Environments, Second Edition - Second Edition

By: Lee Allen, Kevin Cardwell

Overview of this book

The defences continue to improve and become more and more common, but this book will provide you with a number or proven techniques to defeat the latest defences on the networks. The methods and techniques contained will provide you with a powerful arsenal of best practices to increase your penetration testing successes. The processes and methodology will provide you techniques that will enable you to be successful, and the step by step instructions of information gathering and intelligence will allow you to gather the required information on the targets you are testing. The exploitation and post-exploitation sections will supply you with the tools you would need to go as far as the scope of work will allow you. The challenges at the end of each chapter are designed to challenge you and provide real-world situations that will hone and perfect your penetration testing skills. You will start with a review of several well respected penetration testing methodologies, and following this you will learn a step-by-step methodology of professional security testing, including stealth, methods of evasion, and obfuscation to perform your tests and not be detected! The final challenge will allow you to create your own complex layered architecture with defences and protections in place, and provide the ultimate testing range for you to practice the methods shown throughout the book. The challenge is as close to an actual penetration test assignment as you can get!
Table of Contents (19 chapters)
Advanced Penetration Testing for Highly-Secured Environments Second Edition
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Preface
Index

Methodology defined


What exactly is a methodology? This is a term that we use often in the Information Technology (IT) world, but what exactly does it mean? As you might expect, there are a number of different interpretations of this term that usually is dependent on whom you ask. If we use the search capability of the Internet, we can possibly get a better idea of what the term means. From the Wikipedia website, at https://en.wikipedia.org/wiki/Methodology, we see that the term is defined as a systematic, theoretical analysis of the methods applied to a field of study. This definition is a bit too vague for our purposes, so we will look at another source. The site at http://www.wisegeek.com defines the term as "a set of practices." This term may be used to refer to practices, which are widely used across an industry or scientific discipline, the techniques used in a particular research study, or the techniques used to accomplish a particular project."

This definition is closer to what we are looking for, but as with most definition sources, we will use their information as guidance and define the term in our own words. For the concept of this book, we look at a methodology as a "systematic approach to professional security testing that follows a structured process based on the motives of a potential attacker when targeting an organization."