Index
A
- abstract security testing
- about / Abstract testing methodology
- abstract security testing methodology
- planning / Planning
- nonintrusive target search / Nonintrusive target search
- intrusive target search / Intrusive target search
- data analysis / Data analysis
- reporting / Reporting
- Access Control List (ACL) / Data analysis
- access verification
- about / Access verification
- administrative access, evaluating / Access verification
- device configuration, evaluating / Access verification
- configuration, evaluating / Access verification
- authentication, evaluating / Access verification
- encryption, evaluating / Access verification
- authentication / Access verification
- access control, evaluating / Access verification
- active detection verification
- about / Active detection verification
- channel monitoring / Active detection verification
- channel moderating / Active detection verification
- alert and log review
- about / Alert and log review
- alarm / Alert and log review
- storage and retrieval / Alert and log review
- analysis techniques
- about / Technical assessment techniques
- antivirus
- bypassing / Bypassing antivirus and other protection tools
- antiy
- architecture
- planning, for pen testing / Planning
- attack data
- attacker machine
- selecting / The attacker machine
- attack phase
- for pen testing / Overt and covert
- Attack surface
- about / The OSSTMM
- authentication
- about / Authentication
- authentication flaws
- authorization
- about / Authorization
- availability
- about / Availability
B
- Back Officer Friendly
- about / Integrating decoys and honeypots
- BackTrack
- about / Scanning without credentials
- bait
- about / Bait
- Base64-decode
- Base Analysis Search Engine (BASE) / Deploying a network-based IDS
- Bastion Host
- about / Building the machines
- binary payloads
- generating / Binary payloads
- bridged setting
- about / The bridged setting
- browser_autopwn module
- about / Client-side exploitation
- Burp Suite
- about / Tools
C
- Capture The Flag (CTF)
- about / The custom settings
- CHECK
- cisco-auditing-tool
- about / Assessing routers
- Cisco Data Center Manager
- about / Vulnerability sites
- client-side attack methods
- about / Client-side attack methods
- bait / Bait
- lure / Lure
- client-side exploitation
- about / Client-side exploitation
- client configuration
- leveraging / Leveraging the client configuration
- Colasoft Packet Player
- about / Recording the attack data for further training and analysis
- URL, for downloading / Recording the attack data for further training and analysis
- commercial environments
- about / Commercial environments
- vSphere / vSphere
- VMware Player Plus / VMware Player Plus
- XenServer / XenServer
- VMware Workstation / VMware Workstation
- common protocols and applications, servers
- web application / Web
- FTP / File Transfer Protocol
- protocol research / Protocol research
- SSH protocol / Secure Shell
- mail server / Mail
- Common Vulnerability and Exposure (CVE)
- about / Vulnerability sites
- Common Vulnerability Exposure (CVE)
- Common Vulnerability Scoring System (CVSS)
- about / Identifying vulnerabilities
- Common Weakness Enumeration (CWE)
- about / Vulnerability sites
- Communication-Electronics Security Group (CESG)
- about / CHECK
- competitive intelligence scouting
- about / Competitive intelligence scouting
- business grinding / Competitive intelligence scouting
- business environment / Competitive intelligence scouting
- organizational environment / Competitive intelligence scouting
- components
- selecting / Choosing range components
- attacker machine, selecting / The attacker machine
- router, configuring / Router
- firewall, configuring / Firewall
- web server, configuring / Web server
- confidentiality
- about / Confidentiality
- configuration, firewall / Firewall
- for external attack architecture / Configuring firewall architectures
- configuration, router / Router
- configuration, web server / Web server
- configuration verification
- about / Configuration verification
- common configuration errors / Configuration verification
- configuration controls / Configuration verification
- test wiring, evaluating / Configuration verification
- emissions, evaluating / Configuration verification
- Content Addressable Memory (CAM)
- about / MAC attacks
- control verification
- about / Control verification
- non-repudiation / Control verification
- confidentiality / Control verification
- privacy / Control verification
- integrity / Control verification
- Core Rule Set signature
- covert
- about / Overt and covert
- CSRF
- about / Cross-Site Request Forgery
- customization, network connections
- about / The custom settings
- customization, professional security testing methodology / Customization
D
- data
- pilfering, from client / Pilfering data from the client
- data analysis
- for abstract security testing / Data analysis
- database
- assessing / Database assessment
- MSSQL / MSSQL
- MySQL / MySQL
- Oracle / Oracle
- Debian
- URL, for downloading / Router
- decoy DMZ
- about / Decoy DMZ
- decoys
- and honeypots, integrating / Integrating decoys and honeypots
- Direct Kernel Object Memory (DKOM)
- discovery phase
- for pen testing / Overt and covert
- dotDefender
- Dynagen
- about / Router
- Dynamips
- about / Router, iptables, Protocol research
E
- ELSEC
- about / The OSSTMM
- EMET
- EMSEC
- about / The OSSTMM
- encoding
- about / Obfuscation and encoding
- endpoint protections
- about / Endpoint protection
- bypassing / Bypassing antivirus and other protection tools
- endpoint security
- implementing / Implementing the host-based IDS and endpoint security
- evasion
- about / Evasion
- thresholds, determining / Determining thresholds
- stress testing / Stress testing
- shell code obfuscation / Shell code obfuscation
- examinations
- and tests, comparing / Comparing tests and examinations
- execution phase
- exploit-db
- URL / Vulnerability sites
- Exploit DB
- URL / Protocol research
- exposure verification
- about / Exposure verification
- exposure mapping / Exposure verification
- profiling / Exposure verification
- external attack architecture
- layered architecture, establishing / Establishing layered architectures
- firewall, configuring / Configuring firewall architectures
- WAF, integrating to / Integrating web application firewalls
- ExternalNet / Hyper-V
F
- filters
- penetrating / Tricks to penetrate filters
- firewall
- configuring / Firewall
- configuring, for external attack architecture / Configuring firewall architectures
- attacking / Attacking the firewall
- rules, identifying / Identifying the firewall rules
- FreeBSD
- about / Vulnerability sites
- FreeBSD Unix
- using / Scanning with credentials
- FTP
- about / File Transfer Protocol
G
- GARP
- about / GARP attacks
- GARP attacks
- about / GARP attacks
- getsystem command
- about / Client-side exploitation
- GNS3
H
- Hacktool.Rootkit
- hashdump command / Pilfering data from the client
- honeypots
- and decoys, integrating / Integrating decoys and honeypots
- Back Officer Friendly / Integrating decoys and honeypots
- Labrea / Integrating decoys and honeypots
- KFSensor / Integrating decoys and honeypots
- host-based IDS
- implementing / Implementing the host-based IDS and endpoint security
- host-only switch
- about / The host-only switch
- host firewall
- about / The host firewall
- host protections
- dealing with / Dealing with host protection
- UAC / User Account Control
- host firewall / The host firewall
- endpoint protections / Endpoint protection
- EMET / Enhanced Mitigation Experience Toolkit
- Hping
- about / Identifying the firewall rules
- Hyper-V
I
- IDS
- about / Intrusion Detection System (IDS), Deploying a network-based IDS
- network-based IDS, deploying / Deploying a network-based IDS
- host-based IDS, implementing / Implementing the host-based IDS and endpoint security
- image conversion
- about / Image conversion
- Starwind V2V Converter, using / Image conversion
- IMAP
- about / Mail
- information security assessment methodology
- about / The information security assessment methodology
- planning phase / The information security assessment methodology
- execution phase / The information security assessment methodology
- post-execution phase / The information security assessment methodology
- Information Technology Laboratory (ITL)
- about / NIST SP-800-115
- injection flaws
- about / Injection flaws
- insecure direct object references
- integrity
- about / Integrity
- InternalNet / Hyper-V
- intrusive target search
- for abstract security testing / Intrusive target search
- live systems, searching / Intrusive target search
- open ports, discovering / Intrusive target search
- services, discovering / Intrusive target search
- enumeration / Intrusive target search
- vulnerabilities, identifying / Intrusive target search
- exploitation / Intrusive target search
- invalidated redirects and forwards
- IPS
- iptables
- about / iptables
- IPS, deploying / Deploying IDS/IPS and load balancers
- IDS, deploying / Deploying IDS/IPS and load balancers
- load balancers, deploying / Deploying IDS/IPS and load balancers
- IDS / Intrusion Detection System (IDS)
- IPS / Intrusion Prevention System (IPS)
- load balancers, adding / Load balancers
- WAF, integrating to external attack architecture / Integrating web application firewalls
- IP Tables machine
- about / Protocol research
J
- John the Ripper / Pilfering data from the client
K
- Kali
- URL, for downloading virtual machine / The attacker machine
- kali
- URL / Intrusive target search
- KFSensor
- Kioptrix
- known vulnerable components
L
- Labrea
- layered architecture
- establishing / Establishing layered architectures
- layered architecture, pen testing range
- creating / Creating the layered architecture
- switches, architecting / Architecting the switching
- Linux
- about / Linux
- load balancers
- adding / Load balancers
- Logistics
- lure
- used, for performing client-side attacks / Lure
M
- MAC
- about / MAC
- MAC attacks
- about / MAC attacks
- machines
- building / Building the machines
- new machines, building / Building new machines
- converting / Conversion
- virtual machine, cloning / Cloning a virtual machine
- macof
- about / MAC attacks
- URL / MAC attacks
- mail server
- malicious PDF files
- using / Malicious PDF files
- MBSA
- about / Microsoft Baseline Security Analyzer
- URL, for downloading / Microsoft Baseline Security Analyzer
- md5decrypter
- metasploit
- URL / Vendor sites
- methodology, professional security testing
- customization / Customization
- missing function-level access control
- Mitre
- about / Microsoft Baseline Security Analyzer
- URL, for downloading / Open Vulnerability Assessment Language
- ModSecurity
- msfencode -h command / Obfuscation and encoding
- MSSQL database
- about / MSSQL
- MySQL database
- about / MySQL
N
- NAT
- Nessus
- netcat command
- about / Integrating decoys and honeypots
- network-based IDS
- deploying / Deploying a network-based IDS
- network connections
- selecting / Selecting network connections
- bridged setting / The bridged setting
- NAT / Network Address Translation
- host-only switch / The host-only switch
- customization / The custom settings
- Network Security Toolkit
- about / Intrusion Detection System (IDS)
- Network Sorcery
- about / Assessing routers
- URL / Assessing routers, File Transfer Protocol
- Network Vulnerability Tests (NVT)
- about / Scanning without credentials
- new machines
- building / Building new machines
- NIST
- URL / NIST SP-800-115
- NIST SP-800-115
- about / NIST SP-800-115
- URL, for downloading / NIST SP-800-115
- information security assessment methodology / The information security assessment methodology
- technical assessment techniques / Technical assessment techniques
- tests and examinations, comparing / Comparing tests and examinations
- viewpoints, testing / Testing viewpoints
- covert / Overt and covert
- overt / Overt and covert
- Offensive Security / Offensive Security
- nmap
- URL, for downloading / Intrusive target search
- Nmap tool
- non-repudiation
- about / Non-repudiation
- nonintrusive target search
- for abstract security testing / Nonintrusive target search
- with NsLookup tool / Nonintrusive target search
- Serversniff, using / Nonintrusive target search
- Way Back Machine, using / Nonintrusive target search
- Shodanhq, using / Nonintrusive target search
- NsLookup
- about / Nonintrusive target search
- NVD
- about / Vulnerability sites
O
- obfuscation
- about / Obfuscation and encoding
- Offensive Security
- about / Offensive Security
- URL / Offensive Security
- Offensive Security Kali Linux / Hyper-V
- OpenBSD
- about / Vulnerability sites
- open source virtual environments
- about / Open source and free environments
- VMware Player / VMware Player
- VirtualBox / VirtualBox
- Xen / Xen
- Hyper-V / Hyper-V
- vSphere Hypervisor / vSphere Hypervisor
- Open System Interconnect (OSI) model
- about / Evaluating switches
- OpenVAS scanner
- about / Scanning without credentials
- Open Web Application Security Group (OWASP) / VMware Workstation
- operational security, OSSTMM
- Attack surface / The OSSTMM
- vector / The OSSTMM
- pentest security / The OSSTMM
- Oracle
- URL, for setup / Oracle
- Oracle database
- about / Oracle
- OS platform, servers
- Windows servers / Windows legacy
- Windows Server 2008 / Windows Server 2008 and 2012
- Windows Server 2012 / Windows Server 2008 and 2012
- Unix / Unix
- Linux / Linux
- MAC / MAC
- OSSTMM
- about / The OSSTMM
- URL, for downloading / The OSSTMM
- operational security / The OSSTMM
- Posture Review / The Posture Review
- Logistics / Logistics
- active detection verification / Active detection verification
- Visibility Audit / Visibility Audit
- access verification / Access verification
- trust verification / Trust verification
- control verification / Control verification
- process verification / Process verification
- configuration verification / Configuration verification
- property validation / Property validation
- segregation review / Segregation review
- exposure verification / Exposure verification
- competitive intelligence scouting / Competitive intelligence scouting
- quarantine verification / Quarantine verification
- privileges audit / Privileges audit
- survivability validation / Survivability validation
- alert and log review / Alert and log review
- OVAL
- OVAL Interpreter
- about / Open Vulnerability Assessment Language
- URL, for downloading / Open Vulnerability Assessment Language
- overt
- about / Overt and covert
- OWASP
- OWASP Top Ten attacks
- analyzing / Analyzing the OWASP Top Ten attacks
- injection flaws / Injection flaws
- authentication flaws / Broken authentication and session management
- session management flaws / Broken authentication and session management
- XSS / Cross-Site Scripting
- insecure direct object references / Insecure direct object references
- security misconfiguration / Security misconfiguration
- sensitive data exposure / Sensitive data exposure
- missing function-level access control / Missing function-level access control
- CSRF / Cross-Site Request Forgery
- known vulnerable components, using / Using known vulnerable components
- invalidated redirects and forwards / Invalidated redirects and forwards
P
- P2V concept
- packet storm
- about / Vulnerability sites
- URL / Vulnerability sites
- pen testing
- myths and misconceptions / Myths and misconceptions of pen testing
- planning phase / Overt and covert
- discovery phase / Overt and covert
- attack phase / Overt and covert
- reporting phase / Overt and covert
- pen testing range
- layered architecture, creating / Creating the layered architecture
- attacking / Attacking the cyber range
- pentest security
- about / The OSSTMM
- physical switches
- using / Working with virtual switches
- pilfering, data
- from client / Pilfering data from the client
- pivot point
- setting up / Pivoting
- proxy exploitation / Proxy exploitation
- client configuration, leveraging / Leveraging the client configuration
- planning
- for abstract security testing / Planning
- architecture, for pen testing / Planning
- requirements, identifying for pen testing / What are we trying to accomplish?
- timeline, defining for pen testing / By when do we have to accomplish it?
- planning phase
- about / The information security assessment methodology
- for pen testing / Overt and covert
- POP
- about / Mail
- portswigger
- URL / Tools
- post-execution phase
- Posture Review
- policy / The Posture Review
- legislation / The Posture Review
- culture / The Posture Review
- age / The Posture Review
- fragile artifacts / The Posture Review
- private DMZ
- about / A private DMZ
- privileges audit
- about / Privileges audit
- identification / Privileges audit
- authorization / Privileges audit
- escalation / Privileges audit
- subjugation / Privileges audit
- process verification
- about / Process verification
- baseline / Process verification
- proper shielding / Process verification
- due diligence / Process verification
- indemnification / Process verification
- professional security testing
- other methodologies / Other methodologies
- methodology, customization / Customization
- property validation
- about / Property validation
- sharing / Property validation
- rogue wireless transceivers / Property validation
- protocol research
- about / Protocol research
- proxy exploitation
- about / Proxy exploitation
- public DMZ
- about / A public DMZ
Q
- quarantine verification
- containment process identification / Quarantine verification
- containment levels / Quarantine verification
R
- Radio Frequency Identification (RFID)
- about / Visibility Audit
- Rapid7
- URL, for downloading virtual machine / Web server
- reporting
- reporting phase
- for pen testing / Overt and covert
- Request For Comment (RFC)
- about / Assessing routers
- requirements
- identifying, for pen testing / What are we trying to accomplish?
- reverse_http / Leveraging the client configuration
- reverse_https / Leveraging the client configuration
- review techniques
- about / Technical assessment techniques
- router
- configuring / Router
- routermall
- URL / Router
- routers
- assessing / Assessing routers
- rules, firewall
- identifying / Identifying the firewall rules
- run getcountermeasure command
- about / Client-side exploitation
- run killav command
- about / Client-side exploitation
S
- Samurai Web Testing Framework (WTF) / VirtualBox
- search uac command
- about / Client-side exploitation
- Second Level Address Translation (SLAT) / Hyper-V
- Secure Shell (SSH)
- about / Scanning with credentials
- Secure Sockets Layer (SSL)
- about / Deploying a network-based IDS
- SecuriTeam
- about / Vulnerability sites
- URL / Vulnerability sites
- Security Check (SC)
- about / CHECK
- Security Compass
- Security Content Automation Protocol (SCAP)
- about / Scanning without credentials
- Security Focus
- about / Vulnerability sites
- URL / Vulnerability sites
- security misconfiguration
- about / Security misconfiguration
- Security Test Audit Report (STAR)
- about / The OSSTMM
- security testing
- about / Security testing
- authentication / Authentication
- authorization / Authorization
- confidentiality / Confidentiality
- integrity / Integrity
- availability / Availability
- non-repudiation / Non-repudiation
- segmented architecture, switches
- creating / Segmenting the architecture
- public DMZ / A public DMZ
- private DMZ / A private DMZ
- decoy DMZ / Decoy DMZ
- segregation review
- about / Segregation review
- privacy containment mapping / Segregation review
- disclosure / Segregation review
- limitations / Segregation review
- sensitive data exposure
- about / Sensitive data exposure
- servers
- common protocols and applications / Web
- OS platform / OS platform specifics
- Serversniff
- about / Nonintrusive target search
- URL / Nonintrusive target search
- Service Level Agreements (SLAs) / The Posture Review
- Service Set Identifier (SSID)
- about / Access verification
- session management flaws
- shell code obfuscation
- about / Shell code obfuscation
- Shodanhq
- about / Nonintrusive target search
- SIGSEC
- about / The OSSTMM
- Smoothwall
- about / Firewall, Attacking the firewall
- URL, for downloading / Firewall
- SMTP
- about / Mail
- Snort
- URL, for guidance / Intrusion Detection System (IDS)
- Social Engineering Toolkit
- sol.exe file
- about / Obfuscation and encoding
- Solaris
- about / Unix
- SPAN
- about / Working with virtual switches
- comparing, with TAP / Working with virtual switches
- SQL Inject-Me
- SQL injection
- about / Injection flaws
- SSH protocol
- about / Secure Shell
- Starwind V2V Converter
- used, for image conversion / Image conversion
- stress testing
- about / Stress testing
- sudo command
- about / Identifying the firewall rules
- Supervisory Control and Data Acquisition (SCADA)
- about / Windows legacy
- survivability validation
- about / Survivability validation
- continuity / Survivability validation
- resilience / Survivability validation
- switches
- evaluating / Evaluating switches
- MAC attacks / MAC attacks
- VLAN hopping attacks / VLAN hopping attacks
- GARP attacks / GARP attacks
- virtual switches, using / Working with virtual switches
- physical switches, using / Working with virtual switches
- architecting / Architecting the switching
- segmented architecture, creating / Segmenting the architecture
T
- Tamper Data
- TAP
- about / Working with virtual switches
- comparing, with SPAN / Working with virtual switches
- target identification
- about / Technical assessment techniques
- target vulnerability validation techniques
- about / Technical assessment techniques
- tarpitting
- about / Integrating decoys and honeypots
- tcpreplay tool
- technical assessment techniques
- about / Technical assessment techniques
- review techniques / Technical assessment techniques
- target identification / Technical assessment techniques
- analysis techniques / Technical assessment techniques
- target vulnerability validation techniques / Technical assessment techniques
- tests
- and examinations, comparing / Comparing tests and examinations
- thresholds
- determining / Determining thresholds
- timeline
- defining, for pen testing / By when do we have to accomplish it?
- Time to Live (TTL) / Leveraging the client configuration
- tools
- trust verification
- about / Trust verification
- misrepresentation / Trust verification
- fraud / Trust verification
- resource abuse / Trust verification
- blind trust / Trust verification
U
- UAC
- about / User Account Control
- Ubuntu
- URL, for downloading / Router
- Unix
- about / Unix
- URIPATH setting
- about / Client-side exploitation
- Use after Free vulnerabilities
- about / Identifying vulnerabilities
- User Account Control (UAC)
- User Datagram Protocol (UDP)
- about / Assessing routers
- user interface (UI)
V
- Van Eck phreaking
- vCenter Converter
- vector
- about / The OSSTMM
- vendor sites
- about / Vendor sites
- viewpoints
- testing / Testing viewpoints
- VirtualBox
- about / VirtualBox
- download link / VirtualBox
- user guide / VirtualBox
- launching / VirtualBox
- virtual machine, creating / VirtualBox
- virtual machine, starting / VirtualBox
- virtual environment
- open source virtual environments / Open source and free environments
- commercial environments / Commercial environments
- image conversion / Image conversion
- P2V concept / Converting from a physical to virtual environment
- virtual machine
- cloning / Cloning a virtual machine
- virtual switches
- using / Working with virtual switches
- virustotal
- Visibility Audit
- about / Visibility Audit
- interception / Visibility Audit
- passive signal detection / Visibility Audit
- active signal detection / Visibility Audit
- VLAN hopping attacks
- about / VLAN hopping attacks
- VMware Player
- about / VMware Player
- download link / VMware Player
- VMware Player Plus
- about / VMware Player Plus
- feature / VMware Player Plus
- trial download link / VMware Player Plus
- VMware Workstation
- about / VMware Workstation
- features / VMware Workstation
- download link / VMware Workstation
- starting / VMware Workstation
- virtual machine, using / VMware Workstation
- access process, starting / VMware Workstation
- vSphere
- vSphere Hypervisor
- about / vSphere Hypervisor
- setup, performing / vSphere Hypervisor
- vulnerabilities
- identifying, for pen testing / Identifying vulnerabilities
- vulnerability sites / Vulnerability sites
- vendor sites / Vendor sites
- Vulnerability Scanners
- about / The role of Vulnerability Scanners
- MBSA / Microsoft Baseline Security Analyzer
- OVAL / Open Vulnerability Assessment Language
- using, without credentials / Scanning without credentials
- Nessus / Nessus
- using, with credentials / Scanning with credentials
- vulnerability sites
- about / Vulnerability sites
- searching / Vulnerability sites
- NVD / Vulnerability sites
- Security Focus / Vulnerability sites
- zero day initiative / Vulnerability sites
- SecuriTeam / Vulnerability sites
- packet storm / Vulnerability sites
W
- WAF
- integrating, to external attack architecture / Integrating web application firewalls
- about / Identifying web application firewalls
- identifying / Identifying web application firewalls
- penetrating / Penetrating web application firewalls
- Way Back Machine
- about / Nonintrusive target search
- web application
- about / Web
- WebGoat
- web server
- configuring / Web server
- Windows Server 2008
- about / Windows Server 2008 and 2012
- Windows Server 2012
- about / Windows Server 2008 and 2012
- Windows servers
- about / Windows legacy
- Windows 2000 / Windows legacy
- Windows Server 2003 / Windows legacy
- winenum
- about / Pilfering data from the client
X
- Xen
- XenServer
- XSS
- about / Cross-Site Scripting
Z
- zero day initiative
- about / Vulnerability sites
- URL / Vulnerability sites