Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide


Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
eBook: $35.99
Formats: PDF, PacktLib, ePub and Mobi formats
$30.59
save 15%!
Print + free eBook + free PacktLib access to the book: $95.98    Print cover: $59.99
$59.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Reviews
Support
Sample Chapters
  • Learn how to perform an efficient, organized, and effective penetration test from start to finish
  • Gain hands-on penetration testing experience by building and testing a virtual lab environment that includes commonly found security measures such as IDS and firewalls
  • Take the challenge and perform a virtual penetration test against a fictional corporation from start to finish and then verify your results by walking through step-by-step solutions

Book Details

Language : English
Paperback : 414 pages [ 235mm x 191mm ]
Release Date : May 2012
ISBN : 1849517746
ISBN 13 : 9781849517744
Author(s) : Lee Allen
Topics and Technologies : All Books, Networking and Servers, Security and Testing, Open Source

Table of Contents

Preface
Chapter 1: Planning and Scoping for a Successful Penetration Test
Chapter 2: Advanced Reconnaissance Techniques
Chapter 3: Enumeration: Choosing Your Targets Wisely
Chapter 4: Remote Exploitation
Chapter 5: Web Application Exploitation
Chapter 6: Exploits and Client-Side Attacks
Chapter 7: Post-Exploitation
Chapter 8: Bypassing Firewalls and Avoiding Detection
Chapter 9: Data Collection Tools and Reporting
Chapter 10: Setting Up Virtual Test Lab Environments
Chapter 11: Take the Challenge – Putting It All Together
Index
  • Chapter 1: Planning and Scoping for a Successful Penetration Test
    • Introduction to advanced penetration testing
      • Vulnerability assessments
      • Penetration testing
      • Advanced penetration testing
    • Before testing begins
      • Determining scope
      • Setting limits — nothing lasts forever
        • Rules of engagement documentation
    • Planning for action
      • Installing VirtualBox
      • Installing your BackTrack virtual machine
        • Preparing the virtual guest machine for BackTrack
        • Installing BackTrack on the virtual disk image
    • Exploring BackTrack
      • Logging in
      • Changing the default password
      • Updating the applications and operating system
  • Installing OpenOffice
  • Effectively manage your test results
    • Introduction to MagicTree
      • Starting MagicTree
      • Adding nodes
      • Data collection
      • Report generation
  • Introduction to the Dradis Framework
    • Exporting a project template
    • Importing a project template
    • Preparing sample data for import
      • Importing your Nmap data
    • Exporting data into HTML
    • Dradis Category field
      • Changing the default HTML template
  • Summary
    • Chapter 2: Advanced Reconnaissance Techniques
      • Introduction to reconnaissance
        • Reconnaissance workflow
      • DNS recon
        • Nslookup — it's there when you need it
          • Default output
          • Changing nameservers
          • Creating an automation script
          • What did we learn?
        • Domain Information Groper (Dig)
          • Default output
          • Zone transfers using Dig
          • Advanced features of Dig
        • DNS brute forcing with fierce
          • Default command usage
          • Creating a custom wordlist
      • Gathering and validating domain and IP information
        • Gathering information with whois
          • Specifying which registrar to use
          • Where in the world is this IP?
          • Defensive measures
      • Using search engines to do your job for you
        • SHODAN
          • Filters
          • Understanding banners
          • Finding specific assets
        • Finding people (and their documents) on the web
          • Google hacking database
          • Metagoofil
        • Searching the Internet for clues
        • Metadata collection
          • Extracting metadata from photos using exiftool
      • Summary
      • Chapter 3: Enumeration: Choosing Your Targets Wisely
        • Adding another virtual machine to our lab
          • Configuring and testing our Vlab_1 clients
            • BackTrack – Manual ifconfig
            • Ubuntu – Manual ifconfig
            • Verifying connectivity
            • Maintaining IP settings after reboot
        • Nmap — getting to know you
          • Commonly seen Nmap scan types and options
          • Basic scans — warming up
          • Other Nmap techniques
            • Remaining stealthy
            • Shifting blame — the zombies did it!
            • IDS rules, how to avoid them
            • Using decoys
          • Adding custom Nmap scripts to your arsenal
            • How to decide if a script is right for you
            • Adding a new script to the database
        • SNMP: A goldmine of information just waiting to be discovered
          • SNMPEnum
          • SNMPCheck
          • When the SNMP community string is NOT "public"
        • Creating network baselines with scanPBNJ
          • Setting up MySQL for PBNJ
            • Starting MySQL
            • Preparing the PBNJ database
          • First scan
          • Reviewing the data
        • Enumeration avoidance techniques
          • Naming conventions
          • Port knocking
          • Intrusion detection and avoidance systems
          • Trigger points
          • SNMP lockdown
        • Summary
        • Chapter 4: Remote Exploitation
          • Exploitation – Why bother?
          • Target practice – Adding a Kioptrix virtual machine
          • Manual exploitation
            • Enumerating services
              • Quick scan with Unicornscan
            • Full scan with Nmap
            • Banner grabbing with Netcat and Ncat
              • Banner grabbing with Netcat
              • Banner grabbing with Ncat
              • Banner grabbing with smbclient
            • Searching Exploit-DB
            • Exploit-DB at hand
              • Compiling the code
              • Compiling the proof of concept code
              • Troubleshooting the code
            • Running the exploit
          • Getting files to and from victim machines
            • Installing and starting a TFTP server on BackTrack 5
            • Installing and configuring pure-ftpd
            • Starting pure-ftpd
          • Passwords: Something you know…
            • Cracking the hash
            • Brute forcing passwords
            • THC Hydra
          • Metasploit — learn it and love it
            • Updating the Metasploit framework
            • Databases and Metasploit
              • Installing PostgreSQL on BackTrack 5
              • Verifying database connectivity
              • Performing an Nmap scan from within Metasploit
              • Using auxiliary modules
            • Using Metasploit to exploit Kioptrix
          • Summary
          • Chapter 5: Web Application Exploitation
            • Practice makes perfect
              • Installing Kioptrix Level 3
              • Creating a Kioptrix VM Level 3 clone
              • Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
              • Installing and configuring pfSense
              • Preparing the virtual machine for pfSense
              • pfSense virtual machine persistence
              • Configuring the pfSense DHCP server
              • Starting the virtual lab
              • pfSense DHCP – Permanent reservations
              • Installing HAProxy for load balancing
              • Adding Kioptrix3.com to the host file
            • Detecting load balancers
              • Quick reality check – Load Balance Detector
                • So, what are we looking for anyhow?
            • Detecting Web Application Firewalls (WAF)
            • Taking on Level 3 – Kioptrix
            • Web Application Attack and Audit Framework (w3af)
              • Using w3af GUI to save time
              • Scanning by using the w3af console
                • Using WebScarab as a HTTP proxy
            • Introduction to Mantra
            • Summary
            • Chapter 6: Exploits and Client-Side Attacks
              • Buffer overflows—A refresher
                • "C"ing is believing—Create a vulnerable program
                • Turning ASLR on and off in BackTrack
                • Understanding the basics of buffer overflows
              • Introduction to fuzzing
              • Introducing vulnserver
              • Fuzzing tools included in BackTrack
                • Bruteforce Exploit Detector (BED)
                • SFUZZ: Simple fuzzer
              • Fast-Track
                • Updating Fast-Track
                • Client-side attacks with Fast-Track
              • Social Engineering Toolkit
              • Summary
              • Chapter 7: Post-Exploitation
                • Rules of engagement
                  • What is permitted?
                  • Can you modify anything and everything?
                  • Are you allowed to add persistence?
                  • How is the data that is collected and stored handled by you and your team?
                  • Employee data and personal information
                • Data gathering, network analysis, and pillaging
                  • Linux
                    • Important directories and files
                    • Important commands
                  • Putting this information to use
                    • Enumeration
                    • Exploitation
                    • Were connected, now what?
                    • Which tools are available on the remote system
                    • Finding network information
                    • Determine connections
                    • Checking installed packages
                    • Package repositories
                    • Programs and services that run at startup
                    • Searching for information
                    • History files and logs
                    • Configurations, settings, and other files
                    • Users and credentials
                    • Moving the files
                  • Microsoft Windows™ post-exploitation
                    • Important directories and files
                    • Using Armitage for post-exploitation
                    • Enumeration
                    • Exploitation
                    • Were connected, now what?
                    • Networking details
                    • Finding installed software and tools
                • Pivoting
                • Summary
                • Chapter 8: Bypassing Firewalls and Avoiding Detection
                  • Lab preparation
                    • BackTrack guest machine
                    • Ubuntu guest machine
                    • pfSense guest machine configuration
                      • pfSense network setup
                      • WAN IP configuration
                      • LAN IP configuration
                    • Firewall configuration
                  • Stealth scanning through the firewall
                    • Finding the ports
                      • Traceroute to find out if there is a firewall
                      • Finding out if the firewall is blocking certain ports
                  • Now you see me, now you don't — Avoiding IDS
                    • Canonicalization
                    • Timing is everything
                  • Blending in
                  • Looking at traffic patterns
                  • Cleaning up compromised hosts
                    • Using a checklist
                    • When to clean up
                    • Local log files
                  • Miscellaneous evasion techniques
                    • Divide and conquer
                    • Hiding out (on controlled units)
                    • File integrity monitoring
                    • Using common network management tools to do the deed
                  • Summary
                  • Chapter 9: Data Collection Tools and Reporting
                    • Record now — Sort later
                    • Old school — The text editor method
                      • Nano
                      • VIM — The power user's text editor of choice
                      • NoteCase
                    • Dradis framework for collaboration
                      • Binding to an available interface other than 127.0.0.1
                    • The report
                    • Challenge to the reader
                    • Summary
                    • Chapter 10: Setting Up Virtual Test Lab Environments
                      • Why bother with setting up labs?
                      • Keeping it simple
                        • No-nonsense test example
                        • Network segmentation and firewalls
                          • Requirements
                          • Setup
                      • Adding complexity or emulating target environments
                        • Configuring firewall1
                          • Installing additional packages in pfSense
                        • Firewall2 setup and configuration
                        • Web1
                        • DB1
                        • App1
                        • Admin1
                      • Summary
                      • Chapter 11: Take the Challenge – Putting It All Together
                        • The scenario
                        • The setup
                          • NewAlts Research Labs' virtual network
                          • Additional system modifications
                            • Web server modifications
                        • The challenge
                        • The walkthrough
                          • Defining the scope
                          • Determining the "why"
                            • So what is the "why" of this particular test?
                          • Developing the Rules of Engagement document
                          • Initial plan of attack
                          • Enumeration and exploitation
                        • Reporting
                        • Summary

                        Lee Allen

                        Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500. Among many other responsibilities, he performs security assessments and penetration testing. Lee is very passionate and driven about the subject of penetration testing and security research. His journey into the exciting world of security began back in the 80s while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5.25-inch diskettes. Throughout the years, he has continued his attempts at remaining up-to-date with the latest and greatest in the security industry and the community. He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years. His hobbies and obsessions include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, 3D Game development, and skiing.

                        Submit Errata

                        Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


                        Errata

                        - 3 submitted: last submission 14 Feb 2014

                        Errata type: Others | Page number: 31

                        Note: After a few moments, OpenOffice will open up the automatically generated report listing all open ports by host along with any findings you may have had." - If using KDE an error will be generated. Fortunately the report is still generated and can be found in the ~/magictree/tmp/ folder. More information about this error can be found at: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6486393

                         

                         

                        Errata type: Code | Page number: 50

                        for HOSTNAME in `cat DomainNames.txt``
                        Should be :  for HOSTNAME in `cat DomainNames.txt`

                         

                         

                        Errata type: Code | Page number: 81

                        #sudo apt-get install lamp-server
                        Should be: #sudo apt-get install lamp-server^

                         

                        Sample chapters

                        You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                        Frequently bought together

                        Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide +    Openswan: Building and Integrating Virtual Private Networks =
                        50% Off
                        the second eBook
                        Price for both: €39.15

                        Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                        What you will learn from this book

                        • Detailed step-by-step guidance on managing testing results and writing clearly organized and effective penetration testing reports
                        • Properly scope your penetration test to avoid catastrophe
                        • Understand in detail how the testing process works from start to finish, not just how to use specific tools
                        • Use advanced techniques to bypass security controls and remain hidden while testing
                        • Create a segmented virtual network with several targets, IDS and firewall
                        • Generate testing reports and statistics
                        • Advanced web application testing and exploitation
                        • Perform an efficient, organized, and effective penetration test from start to finish

                        In Detail

                        The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business’s true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company.

                        Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.

                        The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.

                        Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.

                        Approach

                        An intensive hands-on guide to perform professional penetration testing for highly-secured environments from start to finish. You will learn to provide penetration testing services to clients with mature security infrastructure. Understand how to perform each stage of the penetration test by gaining hands-on experience in performing attacks that mimic those seen in the wild. In the end, take the challenge and perform a virtual penetration test against a fictional corporation.

                        Who this book is for

                        If you are looking for guidance and detailed instructions on how to perform a penetration test from start to finish, are looking to build out your own penetration testing lab, or are looking to improve on your existing penetration testing skills, this book is for you. Although the books attempts to accommodate those that are still new to the penetration testing field, experienced testers should be able to gain knowledge and hands-on experience as well. The book does assume that you have some experience in web application testing and as such the chapter regarding this subject may require you to understand the basic concepts of web security. The reader should also be familiar with basic IT concepts, and commonly used protocols such as TCP/IP.

                        Code Download and Errata
                        Packt Anytime, Anywhere
                        Register Books
                        Print Upgrades
                        eBook Downloads
                        Video Support
                        Contact Us
                        Awards Voting Nominations Previous Winners
                        Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                        Resources
                        Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software