Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide. Learn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide with this book and - Eлектронна книга - Lee Allen - Cучасна освітня платформа

Категорії

Деталі електронної книги

Увійти, Якщо вас цікавить зміст видання.

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide. Learn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide with this book and

Lee Allen

Eлектронна книга

The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business's true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company. Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
- Table of Contents
- Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
  - Support files, eBooks, discount offers and more
    - Why Subscribe?
    - Free Access for Packt account holders
- Preface
  - What this book covers
  - What you need for this book
  - Who this book is for
  - Conventions
  - Reader feedback
  - Customer support
    - Errata
    - Piracy
    - Questions
- 1. Planning and Scoping for a Successful Penetration Test
  - Introduction to advanced penetration testing
    - Vulnerability assessments
    - Penetration testing
    - Advanced penetration testing
  - Before testing begins
    - Determining scope
    - Setting limits nothing lasts forever
      - Rules of engagement documentation
  - Planning for action
    - Installing VirtualBox
    - Installing your BackTrack virtual machine
      - Preparing the virtual guest machine for BackTrack
      - Installing BackTrack on the virtual disk image
  - Exploring BackTrack
    - - Logging in
      - Changing the default password
      - Updating the applications and operating system
  - Installing OpenOffice
  - Effectively manage your test results
    - Introduction to MagicTree
      - Starting MagicTree
      - Adding nodes
      - Data collection
      - Report generation
  - Introduction to the Dradis Framework
    - Exporting a project template
    - Importing a project template
    - Preparing sample data for import
      - Importing your Nmap data
    - Exporting data into HTML
    - Dradis Category field
      - Changing the default HTML template
  - Summary
- 2. Advanced Reconnaissance Techniques
  - Introduction to reconnaissance
    - Reconnaissance workflow
  - DNS recon
    - Nslookup its there when you need it
      - Default output
      - Changing nameservers
      - Creating an automation script
      - What did we learn?
    - Domain Information Groper (Dig)
      - Default output
      - Zone transfers using Dig
      - Advanced features of Dig
        
        Shortening the output
        
        Listing the bind version
        
        Reverse DNS lookup using Dig
        
        Multiple commands
        
        Tracing the path
        
        Batching with dig
    - DNS brute forcing with fierce
      - Default command usage
      - Creating a custom wordlist
  - Gathering and validating domain and IP information
    - Gathering information with whois
      - Specifying which registrar to use
      - Where in the world is this IP?
      - Defensive measures
  - Using search engines to do your job for you
    - SHODAN
      - Filters
      - Understanding banners
        
        HTTP banners
      - Finding specific assets
    - Finding people (and their documents) on the web
      - Google hacking database
        
        Google filters
      - Metagoofil
    - Searching the Internet for clues
    - Metadata collection
      - Extracting metadata from photos using exiftool
  - Summary
- 3. Enumeration: Choosing Your Targets Wisely
  - Adding another virtual machine to our lab
    - Configuring and testing our Vlab_1 clients
      - BackTrack Manual ifconfig
      - Ubuntu Manual ifconfig
      - Verifying connectivity
      - Maintaining IP settings after reboot
  - Nmap getting to know you
    - Commonly seen Nmap scan types and options
    - Basic scans warming up
    - Other Nmap techniques
      - Remaining stealthy
        
        Taking your time
        
        Trying different scan types
        
        SYN scan
        
        Null scan
        
        ACK scan
        
        Conclusion
      - Shifting blame the zombies did it!
      - IDS rules, how to avoid them
      - Using decoys
    - Adding custom Nmap scripts to your arsenal
      - How to decide if a script is right for you
      - Adding a new script to the database
  - SNMP: A goldmine of information just waiting to be discovered
    - SNMPEnum
    - SNMPCheck
    - When the SNMP community string is NOT "public"
  - Creating network baselines with scanPBNJ
    - Setting up MySQL for PBNJ
      - Starting MySQL
      - Preparing the PBNJ database
    - First scan
    - Reviewing the data
  - Enumeration avoidance techniques
    - Naming conventions
    - Port knocking
    - Intrusion detection and avoidance systems
    - Trigger points
    - SNMP lockdown
  - Summary
- 4. Remote Exploitation
  - Exploitation Why bother?
  - Target practice Adding a Kioptrix virtual machine
  - Manual exploitation
    - Enumerating services
      - Quick scan with Unicornscan
    - Full scan with Nmap
    - Banner grabbing with Netcat and Ncat
      - Banner grabbing with Netcat
      - Banner grabbing with Ncat
      - Banner grabbing with smbclient
    - Searching Exploit-DB
    - Exploit-DB at hand
      - Compiling the code
      - Compiling the proof of concept code
      - Troubleshooting the code
        
        What are all of these ^M characters and why will they not go away?
        
        Broken strings The reunion
    - Running the exploit
  - Getting files to and from victim machines
    - Installing and starting a TFTP server on BackTrack 5
    - Installing and configuring pure-ftpd
    - Starting pure-ftpd
  - Passwords: Something you know
    - Cracking the hash
    - Brute forcing passwords
    - THC Hydra
  - Metasploit learn it and love it
    - Updating the Metasploit framework
    - Databases and Metasploit
      - Installing PostgreSQL on BackTrack 5
      - Verifying database connectivity
      - Performing an Nmap scan from within Metasploit
      - Using auxiliary modules
    - Using Metasploit to exploit Kioptrix
  - Summary
- 5. Web Application Exploitation
  - Practice makes perfect
    - Installing Kioptrix Level 3
    - Creating a Kioptrix VM Level 3 clone
    - Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
    - Installing and configuring pfSense
    - Preparing the virtual machine for pfSense
    - pfSense virtual machine persistence
    - Configuring the pfSense DHCP server
    - Starting the virtual lab
    - pfSense DHCP Permanent reservations
    - Installing HAProxy for load balancing
    - Adding Kioptrix3.com to the host file
  - Detecting load balancers
    - Quick reality check Load Balance Detector
      - So, what are we looking for anyhow?
  - Detecting Web Application Firewalls (WAF)
  - Taking on Level 3 Kioptrix
  - Web Application Attack and Audit Framework (w3af)
    - Using w3af GUI to save time
    - Scanning by using the w3af console
      - Using WebScarab as a HTTP proxy
  - Introduction to Mantra
  - Summary
- 6. Exploits and Client-Side Attacks
  - Buffer overflowsA refresher
    - "C"ing is believingCreate a vulnerable program
    - Turning ASLR on and off in BackTrack
    - Understanding the basics of buffer overflows
  - Introduction to fuzzing
  - Introducing vulnserver
  - Fuzzing tools included in BackTrck
    - Bruteforce Exploit Detector (BED)
    - SFUZZ: Simple fuzzer
  - Fast-Track
    - Updating Fast-Track
    - Client-side attacks with Fast-Track
  - Social Engineering Toolkit
  - Summary
- 7. Post-Exploitation
  - Rules of engagement
    - What is permitted?
    - Can you modify anything and everything?
    - Are you allowed to add persistence?
    - How is the data that is collected and stored handled by you and your team?
    - Employee data and personal information
  - Data gathering, network analysis, and pillaging
    - Linux
      - Important directories and files
      - Important commands
    - Putting this information to use
      - Enumeration
      - Exploitation
      - Were connected, now what?
      - Which tools are available on the remote system
      - Finding network information
      - Determine connections
      - Checking installed packages
      - Package repositories
      - Programs and services that run at startup
      - Searching for information
      - History files and logs
      - Configurations, settings, and other files
      - Users and credentials
      - Moving the files
    - Microsoft Windows post-exploitation
      - Important directories and files
      - Using Armitage for post-exploitation
      - Enumeration
      - Exploitation
      - Were connected, now what?
      - Networking details
      - Finding installed software and tools
  - Pivoting
  - Summary
- 8. Bypassing Firewalls and Avoiding Detection
  - Lab preparation
    - BackTrack guest machine
    - Ubuntu guest machine
    - pfSense guest machine configuration
      - pfSense network setup
      - WAN IP configuration
      - LAN IP configuration
    - Firewall configuration
  - Stealth scanning through the firewall
    - Finding the ports
      - Traceroute to find out if there is a firewall
      - Finding out if the firewall is blocking certain ports
        
        Hping
        
        Nmap firewalk script
  - Now you see me, now you don't Avoiding IDS
    - Canonicalization
    - Timing is everything
  - Blending in
  - Looking at traffic patterns
  - Cleaning up compromised hosts
    - Using a checklist
    - When to clean up
    - Local log files
  - Miscellaneous evasion techniques
    - Divide and conquer
    - Hiding out (on controlled units)
    - File integrity monitoring
    - Using common network management tools to do the deed
  - Summary
- 9. Data Collection Tools and Reporting
  - Record now Sort later
  - Old school The text editor method
    - Nano
    - VIM The power user's text editor of choice
    - NoteCase
  - Dradis framework for collaboration
    - Binding to an available interface other than 127.0.0.1
  - The report
  - Challenge to the reader
  - Summary
- 10. Setting Up Virtual Test Lab Environments
  - Why bother with setting up labs?
  - Keeping it simple
    - No-nonsense test example
    - Network segmentation and firewalls
      - Requirements
      - Setup
  - Adding complexity or emulating target environments
    - Configuring firewall1
      - Installing additional packages in pfSense
    - Firewall2 setup and configuration
    - Web1
    - DB1
    - App1
    - Admin1
  - Summary
- 11. Take the Challenge Putting It All Together
  - The scenario
  - The setup
    - NewAlts Research Labs' virtual network
    - Additional system modifications
      - Web server modifications
  - The challenge
  - The walkthrough
    - Defining the scope
    - Determining the "why"
      - So what is the "why" of this particular test?
    - Developing the Rules of Engagement document
    - Initial plan of attack
    - Enumeration and exploitation
  - Reporting
  - Summary
- Index

Назва: Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide. Learn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide with this book and
Автор: Lee Allen
Оригінальна назва: Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide. Learn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide with this book and ebook.
ISBN: 9781849517751, 9781849517751
Дата видання: 2012-05-16
Формат: Eлектронна книга
Ідентифікатор видання: e_3d2y
Видавець: Packt Publishing

Виберіть мову

Категорії

Деталі електронної книги