Building Virtual Pentesting Labs for Advanced Penetration Testing, 2nd Edition
- Length: 524 pages
- Edition: 2nd Revised edition
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2016-08-30
- ISBN-10: B01JLBMC8G
- Sales Rank: #1256312 (See Top 100 Books)
Key Features
- Learn a systematic process for professional security and penetration testing
- Explore and build intricate architectures that allow you to emulate an enterprise network
- Examine and perform research to identify the latest vulnerabilities and, build a lab and test them!
- Learn methods to bypass common enterprise defenses and leverage them to test the most secure environments.
Book Description
In this book you will be introduced to a proven professional security and penetration testing methodology that has trained thousands of professional testers. Your experience from reading this book will prepare you for participation in professional security testing teams, both as a red team and a blue team member. Within the book you will learn how to take advantage of the power of virtualisation to build a multi-layer enterprise architecture and then deploy targets to test inside it. Additionally, you will learn a systematic process for discovering vulnerabilities and then a way to test these on your own private network. By practising the techniques throughout the book, you will be able to hone and enhance your skills in professional security and penetration testing.
Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you the process of how to build your own labs and a proven process to test these labs that is currently used in Industry by global penetration testing teams. You will start with an introduction to professional security testing and deciding where pen testing fits; then you will be introduced to proven leading Industry testing methodologies.
Once the introduction has completed, you will start building the machines; once you have built them you will learn how to build and test layered architectures. After you have mastered the layers you will plan specific attacks based on the platforms you are going up against. The book will show you a process for discovering new vulnerabilities for systems and networks, and how to apply these to your developed range and discover what the vulnerability means to your potential clients.
Building Virtual Pentesting Labs for Advanced Penetration Testing uses extensive labs and illustrations to take you from the beginning (building and attacking an enterprise architecture) to methods to bypass and avoid common enterprise architecture defences.
What you will learn
- Proven security testing and penetration testing techniques
- How to build multi-layered complex architectures to test the latest network designs
- Applying a professional testing methodology
- Determining whether there are filters between you and the target and how to penetrate them
- How to deploy and then find weaknesses in common firewall architectures.
- Advanced techniques to deploy against hardened environments
- Methods to circumvent endpoint protection controls
About the Author
Kevin Cardwell currently works as a freelance consultant and provides consulting services for companies throughout the world. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman and developed the team to man the first Commercial Security Operations Center there. He has worked extensively with banks and financial institutions throughout Middle East, Africa, Europe, and the UK. He currently provides consultancy to Commercial companies, governments, major banks, and financial institutions across the globe. He is author of Backtrack: Testing Wireless Network Security, Building Virtual Pen Testing Lab for Advanced Penetration Testing First Edition, and Advanced Penetration Testing of Highly Secured Environments 2nd Edition.
Table of Contents
Chapter 1. Introducing Penetration Testing
Chapter 2. Choosing the Virtual Environment
Chapter 3. Planning a Range
Chapter 4. Identifying Range Architectures
Chapter 5. Identifying a Methodology
Chapter 6. Creating an External Attack Architecture
Chapter 7. Assessment of Devices
Chapter 8. Architecting an IDS/IPS Range
Chapter 9. Assessment of Web Servers and Web Applications
Chapter 10. Testing Flat and Internal Networks
Chapter 11. Testing Servers
Chapter 12. Exploring Client-Side Attack Vectors
Chapter 13. Building a Complete Cyber Range