Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By : Kevin Cardwell
Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By: Kevin Cardwell

Overview of this book

Security flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep . With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams. Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you’re going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients. Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams.
Table of Contents (20 chapters)
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Preface

Summary


In this chapter, we discussed the process of testing a flat and internal network. We discovered that this means we do not have filters or layers that we have to traverse to attack the target. While this is a good thing, we also explained that these machines would have a number of protections in place. We also reviewed the role a vulnerability scanner plays with respect to internal testing; furthermore, we added the credentials to the scan and showed how much more information we can gather from this.

Following the introduction to the different host-based protection, we looked at them in more detail and in some cases, attempted a number of different techniques to bypass the different protections on the host that we might encounter. Specifically, we looked at the host firewall and the UAC settings and their impact on the testing results.

After we looked at the host firewall and UAC, we moved on and briefly looked at the additional endpoint protections that could challenge our testing...