Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By : Kevin Cardwell
Book Image

Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

By: Kevin Cardwell

Overview of this book

Security flaws and new hacking techniques emerge overnight – security professionals need to make sure they always have a way to keep . With this practical guide, learn how to build your own virtual pentesting lab environments to practice and develop your security skills. Create challenging environments to test your abilities, and overcome them with proven processes and methodologies used by global penetration testing teams. Get to grips with the techniques needed to build complete virtual machines perfect for pentest training. Construct and attack layered architectures, and plan specific attacks based on the platforms you’re going up against. Find new vulnerabilities for different kinds of systems and networks, and what these mean for your clients. Driven by a proven penetration testing methodology that has trained thousands of testers, Building Virtual Labs for Advanced Penetration Testing, Second Edition will prepare you for participation in professional security teams.

Related Content you might be interested in

Current Title:

Small book image
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Kevin Cardwell
Aug, 2016 | 524 pages
No titles found
Table of Contents (20 chapters)
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition
Credits
Credits
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introducing Penetration Testing
Introducing Penetration Testing
Security testing
An abstract testing methodology
Reporting
Myths and misconceptions about pen testing
Summary
2
Choosing the Virtual Environment
Choosing the Virtual Environment
Open source and free environments
Commercial environments
Image conversion
Converting from a physical to a virtual environment
Summary
3
Planning a Range
Planning a Range
Planning
Identifying vulnerabilities
Summary
4
Identifying Range Architectures
Identifying Range Architectures
Building the machines
Selecting network connections
Choosing range components
Readers' challenge
Summary
5
Identifying a Methodology
Identifying a Methodology
The OSSTMM
CHECK
NIST SP-800-115
Readers' challenge
Summary
6
Creating an External Attack Architecture
Creating an External Attack Architecture
Configuring firewall architectures and establishing layered architectures
Readers' challenge
Summary
7
Assessment of Devices
Assessment of Devices
Assessing routers
Evaluating switches
Attacking the firewall
Tricks to penetrate filters
Readers' challenge
Summary
8
Architecting an IDS/IPS Range
Architecting an IDS/IPS Range
Deploying a network-based IDS
Security Incident and Event Management (SIEM)
Implementing the host-based IDS and endpoint security
Working with virtual switches
Evasion
Readers' challenge
Summary
9
Assessment of Web Servers and Web Applications
Assessment of Web Servers and Web Applications
OWASP top ten attacks
Analysing web applications with Burp Suite
Penetrating web application firewalls
Tools
Readers' challenge
Summary
10
Testing Flat and Internal Networks
Testing Flat and Internal Networks
The role of vulnerability scanners
Dealing with host protection
Readers' challenge
Summary
11
Testing Servers
Testing Servers
Common protocols and applications for servers
Database assessment
OS platform specifics
Readers' challenge
Summary
12
Exploring Client-Side Attack Vectors
Exploring Client-Side Attack Vectors
Client-side attack methods
Readers' challenge
Summary
13
Building a Complete Cyber Range
Building a Complete Cyber Range
Creating the layered architecture
Integrating decoys and honeypots
Attacking the cyber range
Recording the attack data for further training and analysis
Readers' challenge
Summary

Chapter 5.  Identifying a Methodology

In this chapter, we will look at a number of different references with respect to a testing methodology. In Chapter 1, Introducing Penetration Testing, we discussed an abstract methodology, but in this chapter, we will look into it in more detail. This is because now that we have set our initial target range environment for design, we want to look at a systematic process for our testing practice. Without a methodology in place, we fall into what is categorized as an ad hoc testing group, and this is something a professional tester should avoid; furthermore, without a plan in place we cannot cover a number of possible situations that can occur, such as scope creep and underestimating the task at hand. We will discuss the following topics:

  • Open Source System Testing Methodology Manual (OSSTMM)

  • CHECK

  • NIST SP-800-115

  • Offensive security

  • Other methodologies

  • Customization

This chapter will provide us with multiple testing methodologies so that we can make an intelligent...

Previous Section
End of Section 1
Next Section