Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By : Kevin Cardwell
Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By: Kevin Cardwell

Overview of this book

Security flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep . With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams. Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you’re going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients. Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams.

Related Content you might be interested in

Current Title:

Small book image
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Kevin Cardwell
Aug, 2016 | 524 pages
No titles found
Table of Contents (20 chapters)
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Credits
Credits
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introducing Penetration Testing
Introducing Penetration Testing
Security testing
An abstract testing methodology
Reporting
Myths and misconceptions about pen testing
Summary
2
Choosing the Virtual Environment
Choosing the Virtual Environment
Open source and free environments
Commercial environments
Image conversion
Converting from a physical to a virtual environment
Summary
3
Planning a Range
Planning a Range
Planning
Identifying vulnerabilities
Summary
4
Identifying Range Architectures
Identifying Range Architectures
Building the machines
Selecting network connections
Choosing range components
Readers' challenge
Summary
5
Identifying a Methodology
Identifying a Methodology
The OSSTMM
CHECK
NIST SP-800-115
Readers' challenge
Summary
6
Creating an External Attack Architecture
Creating an External Attack Architecture
Configuring firewall architectures and establishing layered architectures
Readers' challenge
Summary
7
Assessment of Devices
Assessment of Devices
Assessing routers
Evaluating switches
Attacking the firewall
Tricks to penetrate filters
Readers' challenge
Summary
8
Architecting an IDS/IPS Range
Architecting an IDS/IPS Range
Deploying a network-based IDS
Security Incident and Event Management (SIEM)
Implementing the host-based IDS and endpoint security
Working with virtual switches
Evasion
Readers' challenge
Summary
9
Assessment of Web Servers and Web Applications
Assessment of Web Servers and Web Applications
OWASP top ten attacks
Analysing web applications with Burp Suite
Penetrating web application firewalls
Tools
Readers' challenge
Summary
10
Testing Flat and Internal Networks
Testing Flat and Internal Networks
The role of vulnerability scanners
Dealing with host protection
Readers' challenge
Summary
11
Testing Servers
Testing Servers
Common protocols and applications for servers
Database assessment
OS platform specifics
Readers' challenge
Summary
12
Exploring Client-Side Attack Vectors
Exploring Client-Side Attack Vectors
Client-side attack methods
Readers' challenge
Summary
13
Building a Complete Cyber Range
Building a Complete Cyber Range
Creating the layered architecture
Integrating decoys and honeypots
Attacking the cyber range
Recording the attack data for further training and analysis
Readers' challenge
Summary

Readers' challenge

Throughout this chapter we identified a number of methods of completing an enterprise architecture, and identifying methods to attack it, and correspondingly create a plan that we can use when we encounter different environments during our penetration testing. Attempt the following challenges to enhance and perfect your skills:

  • Review the network diagram, and then build the enterprise network. Add the intrusion detection sensors and then practice attacking the layers at different segments, and identify what works and does not work. Once you have completed this build scripts that will perform those actions that you discovered will work. Add web application firewalls and other protections to the architecture and then test methods to evade these devices, as before create scripts and as always develop the documentation of the results. Create different types of firewalls, and test what works against these as well, how you identify the ports that are allowed, and so on.

  • For the...

Previous Section
End of Section 6
Next Section