Free Sample
+ Collection
Code Files

Building Virtual Pentesting Labs for Advanced Penetration Testing

Progressing
Kevin Cardwell

Build intricate virtual architecture to practice any penetration testing technique virtually
$35.99
$59.99
RRP $35.99
RRP $59.99
eBook
Print + eBook

Want this title & more?

$16.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781783284771
Paperback430 pages

About This Book

  • Build and enhance your existing pentesting methods and skills
  • Get a solid methodology and approach to testing
  • Step-by-step tutorial helping you build complex virtual architecture

Who This Book Is For

If you are a penetration tester, security consultant, security test engineer, or analyst who wants to practice and perfect penetration testing skills by building virtual pentesting labs in varying industry scenarios, this is the book for you. This book is ideal if you want to build and enhance your existing pentesting methods and skills. Basic knowledge of network security features is expected along with web application testing experience.

Table of Contents

Chapter 1: Introducing Penetration Testing
Security testing
Abstract testing methodology
Myths and misconceptions of pen testing
Summary
Chapter 2: Choosing the Virtual Environment
Open source and free environments
Commercial environments
Image conversion
Converting from a physical to virtual environment
Summary
Chapter 3: Planning a Range
Planning
Identifying vulnerabilities
Summary
Chapter 4: Identifying Range Architecture
Building the machines
Selecting network connections
Choosing range components
Summary
Chapter 5: Identifying a Methodology
The OSSTMM
CHECK
NIST SP-800-115
Summary
Chapter 6: Creating an External Attack Architecture
Establishing layered architectures
Configuring firewall architectures
iptables
Summary
Chapter 7: Assessment of Devices
Assessing routers
Evaluating switches
Attacking the firewall
Identifying the firewall rules
Tricks to penetrate filters
Summary
Chapter 8: Architecting an IDS/IPS Range
Deploying a network-based IDS
Implementing the host-based IDS and endpoint security
Working with virtual switches
Evasion
Summary
Chapter 9: Assessment of Web Servers and Web Applications
Analyzing the OWASP Top Ten attacks
Identifying web application firewalls
Penetrating web application firewalls
Tools
Summary
Chapter 10: Testing Flat and Internal Networks
The role of Vulnerability Scanners
Dealing with host protection
Summary
Chapter 11: Attacking Servers
Common protocols and applications for servers
Database assessment
OS platform specifics
Summary
Chapter 12: Exploring Client-side Attack Vectors
Client-side attack methods
Pilfering data from the client
Using the client as a pivot point
Client-side exploitation
Binary payloads
Malicious PDF files
Bypassing antivirus and other protection tools
Obfuscation and encoding
Summary
Chapter 13: Building a Complete Cyber Range
Creating the layered architecture
Integrating decoys and honeypots
Attacking the cyber range
Recording the attack data for further training and analysis
Summary

What You Will Learn

  • Build routers, firewalls, and web servers to hone your pentesting skills
  • Deploy and then find the weaknesses in a firewall architecture
  • Construct a layered architecture and perform a systematic process and methodology to use for conducting an external test
  • Get introduced to several of the different security testing methodologies
  • Design monitored environments and evade them
  • Create complex architecture
  • Bypass antivirus and other protection
  • Practice methods of evasion against today's top defenses
  • Leverage the client configuration

In Detail

A penetration test, also known as pentest, is a method of assessing computer and network security by replicating an attack on a computer system or network from the outside world and internal threats. With the increase of advanced hackers and threats to our virtual world, pentesting is an absolute necessity.

Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you how to build your own labs and give you a proven process to test these labs; a process that is currently used in industry by global pentesting teams. You will also learn a systematic approach to professional security testing, building routers, firewalls, and web servers to hone your pentesting skills.

Authors

Read More