Free Sample
+ Collection
Code Files

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Progressing
Lee Allen

Learn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide with this book and ebook.
$35.99
$59.99
RRP $35.99
RRP $59.99
eBook
Print + eBook

Want this title & more?

$16.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781849517744
Paperback414 pages

About This Book

  • Learn how to perform an efficient, organized, and effective penetration test from start to finish
  • Gain hands-on penetration testing experience by building and testing a virtual lab environment that includes commonly found security measures such as IDS and firewalls
  • Take the challenge and perform a virtual penetration test against a fictional corporation from start to finish and then verify your results by walking through step-by-step solutions

Who This Book Is For

If you are looking for guidance and detailed instructions on how to perform a penetration test from start to finish, are looking to build out your own penetration testing lab, or are looking to improve on your existing penetration testing skills, this book is for you. Although the books attempts to accommodate those that are still new to the penetration testing field, experienced testers should be able to gain knowledge and hands-on experience as well. The book does assume that you have some experience in web application testing and as such the chapter regarding this subject may require you to understand the basic concepts of web security. The reader should also be familiar with basic IT concepts, and commonly used protocols such as TCP/IP.

Table of Contents

Chapter 1: Planning and Scoping for a Successful Penetration Test
Introduction to advanced penetration testing
Before testing begins
Planning for action
Exploring BackTrack
Installing OpenOffice
Effectively manage your test results
Introduction to the Dradis Framework
Summary
Chapter 2: Advanced Reconnaissance Techniques
Introduction to reconnaissance
DNS recon
Gathering and validating domain and IP information
Using search engines to do your job for you
Summary
Chapter 3: Enumeration: Choosing Your Targets Wisely
Adding another virtual machine to our lab
Nmap — getting to know you
SNMP: A goldmine of information just waiting to be discovered
Creating network baselines with scanPBNJ
Enumeration avoidance techniques
Summary
Chapter 4: Remote Exploitation
Exploitation – Why bother?
Target practice – Adding a Kioptrix virtual machine
Manual exploitation
Getting files to and from victim machines
Passwords: Something you know…
Metasploit — learn it and love it
Summary
Chapter 5: Web Application Exploitation
Practice makes perfect
Detecting load balancers
Detecting Web Application Firewalls (WAF)
Taking on Level 3 – Kioptrix
Web Application Attack and Audit Framework (w3af)
Introduction to Mantra
Summary
Chapter 6: Exploits and Client-Side Attacks
Buffer overflows—A refresher
Introduction to fuzzing
Introducing vulnserver
Fuzzing tools included in BackTrck
Fast-Track
Social Engineering Toolkit
Summary
Chapter 7: Post-Exploitation
Rules of engagement
Data gathering, network analysis, and pillaging
Pivoting
Summary
Chapter 8: Bypassing Firewalls and Avoiding Detection
Lab preparation
Stealth scanning through the firewall
Now you see me, now you don't — Avoiding IDS
Blending in
Looking at traffic patterns
Cleaning up compromised hosts
Miscellaneous evasion techniques
Summary
Chapter 9: Data Collection Tools and Reporting
Record now — Sort later
Old school — The text editor method
Dradis framework for collaboration
The report
Challenge to the reader
Summary
Chapter 10: Setting Up Virtual Test Lab Environments
Why bother with setting up labs?
Keeping it simple
Adding complexity or emulating target environments
Summary
Chapter 11: Take the Challenge – Putting It All Together
The scenario
The setup
The challenge
The walkthrough
Reporting
Summary

What You Will Learn

  • Detailed step-by-step guidance on managing testing results and writing clearly organized and effective penetration testing reports
  • Properly scope your penetration test to avoid catastrophe
  • Understand in detail how the testing process works from start to finish, not just how to use specific tools
  • Use advanced techniques to bypass security controls and remain hidden while testing
  • Create a segmented virtual network with several targets, IDS and firewall
  • Generate testing reports and statistics
  • Advanced web application testing and exploitation
  • Perform an efficient, organized, and effective penetration test from start to finish

In Detail

The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business’s true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company.

Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.

The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.

Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.

Authors

Read More