Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
  • Table Of Contents Toc
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

By : Lee Allen
4 (23)
Buy this Book
close
close
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

4 (23)
By: Lee Allen
Buy this Book

Overview of this book

The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business's true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company. Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.
Table of Contents (18 chapters)
close
close
close
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Icon
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Credits
Icon
Credits
About the Author
Icon
About the Author
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
Planning and Scoping for a Successful Penetration Test
chevron up
Icon
Planning and Scoping for a Successful Penetration Test
Icon
Introduction to advanced penetration testing
Icon
Before testing begins
Icon
Planning for action
Icon
Exploring BackTrack
Icon
Installing OpenOffice
Icon
Effectively manage your test results
Icon
Introduction to the Dradis Framework
Icon
Summary
2
Advanced Reconnaissance Techniques
Icon
Advanced Reconnaissance Techniques
Icon
Introduction to reconnaissance
Icon
DNS recon
Icon
Gathering and validating domain and IP information
Icon
Using search engines to do your job for you
Icon
Summary
3
Enumeration: Choosing Your Targets Wisely
Icon
Enumeration: Choosing Your Targets Wisely
Icon
Adding another virtual machine to our lab
Icon
Nmap — getting to know you
Icon
SNMP: A goldmine of information just waiting to be discovered
Icon
Creating network baselines with scanPBNJ
Icon
Enumeration avoidance techniques
Icon
Summary
4
Remote Exploitation
Icon
Remote Exploitation
Icon
Exploitation – Why bother?
Icon
Target practice – Adding a Kioptrix virtual machine
Icon
Manual exploitation
Icon
Getting files to and from victim machines
Icon
Passwords: Something you know…
Icon
Metasploit — learn it and love it
Icon
Summary
5
Web Application Exploitation
Icon
Web Application Exploitation
Icon
Practice makes perfect
Icon
Detecting load balancers
Icon
Detecting Web Application Firewalls (WAF)
Icon
Taking on Level 3 – Kioptrix
Icon
Web Application Attack and Audit Framework (w3af)
Icon
Introduction to Mantra
Icon
Summary
6
Exploits and Client-Side Attacks
Icon
Exploits and Client-Side Attacks
Icon
Buffer overflows—A refresher
Icon
Introduction to fuzzing
Icon
Introducing vulnserver
Icon
Fuzzing tools included in BackTrck
Icon
Fast-Track
Icon
Social Engineering Toolkit
Icon
Summary
7
Post-Exploitation
Icon
Post-Exploitation
Icon
Rules of engagement
Icon
Data gathering, network analysis, and pillaging
Icon
Pivoting
Icon
Summary
8
Bypassing Firewalls and Avoiding Detection
Icon
Bypassing Firewalls and Avoiding Detection
Icon
Lab preparation
Icon
Stealth scanning through the firewall
Icon
Now you see me, now you don't — Avoiding IDS
Icon
Blending in
Icon
Looking at traffic patterns
Icon
Cleaning up compromised hosts
Icon
Miscellaneous evasion techniques
Icon
Summary
9
Data Collection Tools and Reporting
Icon
Data Collection Tools and Reporting
Icon
Record now — Sort later
Icon
Old school — The text editor method
Icon
Dradis framework for collaboration
Icon
The report
Icon
Challenge to the reader
Icon
Summary
10
Setting Up Virtual Test Lab Environments
Icon
Setting Up Virtual Test Lab Environments
Icon
Why bother with setting up labs?
Icon
Keeping it simple
Icon
Adding complexity or emulating target environments
Icon
Summary
11
Take the Challenge – Putting It All Together
Icon
Take the Challenge – Putting It All Together
Icon
The scenario
Icon
The setup
Icon
The challenge
Icon
The walkthrough
Icon
Reporting
Icon
Summary
1
Index
Icon
Index

Exploring BackTrack

Congratulations, you now have one of the most powerful collections of penetration tools available and ready for your usage. Entire books are dedicated to covering the excellent collection of tools that are part of the BackTrack Linux platform. This toolkit will definitely save you a lot of time out in the field.

Logging in

Your login information for the default install is:

bt login: root
bt password: toor

Changing the default password

After logging in, we should change this default password as soon as possible. You can do this by typing passwd at the prompt and replacing 1NewPassWordHere as seen in the example with your own secure password.

root@bt:~# passwd
Enter new UNIX password: 1NewPassWordHere!
Retype new UNIX password: 1NewPassWordHere!
passwd: password updated successfully
root@bt:~#

Tip

If you are having issues with screen resolution or experiencing other minor annoyances, you may want to install the VirtualBox Guest Additions. With the guest machine running, click on Devices and then Install Guest Additions to initiate this install. You will be required to restart BackTrack afterwards.

Updating the applications and operating system

Your virtual machine network cards are currently configured to allow your BackTrack installation to access your host system's Internet connection using NAT. In order to update the operating system there are a few commands that you should become familiar with.

Note

If you do not have an Internet connection the system will not be able to update.

One thing to keep in mind is that BackTrack is based on Ubuntu and as with any other operating system, patching is required in order to ensure that the latest security patches are applied. It is also important to keep applications up-to-date so that the latest testing techniques and tools can be taken advantage of!

By default, BackTrack is set up to use only the BackTrack repositories. If curious, you can see what these are by looking at the /etc/apt/sources.list file.

The first command that will need to be initialized is the advanced packaging tools (APT) update function. This will synchronize the package index files to ensure that you have information about the latest packages available. The update functionality should always be used prior to installing any software or updating your installed packages.

# apt-get update

After this update is complete you may initialize apt's upgrade command. All installed packages will be updated to the latest release found within your repositories.

# apt-get upgrade

There is another apt command that is used to update your system. dist-upgrade will bring BackTrack to the latest release. For example, if you are running BackTrack 4 and would like to upgrade instead of downloading and installing the latest version BackTrack 5 release, you may do so by typing:

# apt-get dist-upgrade

Note

You need not worry about dependencies; all of this is handled automatically by the apt-get dist-upgrade command!

Now that your system has been updated, it is time to start up the graphical user interface (type startx at the prompt again) and have a look around at your new toolkit. We will be making extensive use of these tools throughout the course of this book.

Note

When performing an apt-get dist-upgrade it may be beneficial to follow up with a reboot. This is the case with any kernel upgrade.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon