Book Image

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

By : Lee Allen
Book Image

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

By: Lee Allen

Overview of this book

The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business's true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company. Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.
Table of Contents (18 chapters)
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
About the Author
About the Reviewers


In this chapter, we focused on all that is necessary to prepare and plan for a successful penetration test. We discussed the differences between penetration testing and vulnerability assessments.

The steps involved with proper scoping were detailed, as were the necessary steps to ensure all information has been gathered prior to testing. One thing to remember is that proper scoping and planning is just as important as ensuring you test against the latest and greatest vulnerabilities.

We have also discussed the installation of VirtualBox and BackTrack and have provided the instructions necessary to not only install BackTrack from the ISO, but also how to keep it updated. In addition to this, we have also provided instructions on how to install OpenOffice on BackTrack.

Last but not least, we have discussed two very powerful tools that allow you to perform data collections and that offer reporting features. MagicTree, which is a powerhouse of data collection and analysis, and Dradis, which is incredible in its ability to allow for centralized data collection and sharing.

In the next chapter, we learn about various reconnaissance techniques and why they are needed. Some of these include effective use of Internet search engines to locate company and employee data, manipulating and reading metadata from various file types, and fully exploiting the power of DNS to make the task of penetration testing easier.