Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By : Kevin Cardwell
Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By: Kevin Cardwell

Overview of this book

Security flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep . With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams. Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you’re going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients. Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams.
Table of Contents (20 chapters)
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Preface

Dealing with host protection


We know there is more than likely going to be host protection that we may have to encounter; therefore, in our pen testing labs, we want to test the different host protection to see what we can and cannot do. This is an area that again is going to depend on the administrator and the team that we are up against. A hardened machine with very few services running on it will present a challenge to our testing.

User Account Control

One of the most common things we are going to encounter is User Account Control (UAC); this is because it is on by default and is rarely changed when a site installs Windows. One good thing about UAC is the fact that the users are conditioned to click. So, if something pops up saying it needs permission, the user more than likely will click on it. We can use this to our advantage, but there is always a chance that the user might not click. So, for these situations, we rely on some form of UAC bypass to get us past the UAC protections. At...