Advanced Penetration Testing for Highly-Secured Environments, Second Edition
Employ the most advanced pentesting techniques and tools to build highly-secured systems and environments
2. Auflage
Erschienen am 8. Juli 2025
428 Seiten
978-1-78439-202-4 (ISBN)
Beschreibung
No detailed description available for "Advanced Penetration Testing for Highly-Secured Environments, Second Edition".
Alle Preise
Weitere Details
Weitere Ausgaben
Person
Allen Lee :
Lee Allen is the associate director at Ohio State University. He specializes in information security, penetration testing, security research, task automation, risk management, data analysis, and 3D application development.Cardwell Kevin :
Kevin Cardwell is currently working as a freelance consultant and provides consulting services for companies throughout the world, and he also works as an advisor to numerous government entities within the USA, the Middle East, Africa, Asia, and the UK. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is the author of the Center for Advanced Security and Training (CAST), Advanced Network Defense, and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics courses. He has presented at the Black Hat USA, Hacker Halted, ISSA, and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyber Defense Summit in Oman and was the executive chairman of the Oil and Gas Cyber Defense Summit. He is the author of Building Virtual Pen testing Labs for Advanced Penetration Testing, 1st Edition, Advanced Penetration Testing for Highly Secured Environments, Second Edition, and Backtrack: Testing Wireless Network Security. He holds a bachelor of science degree in computer science from National University in California and a masters degree in software engineering from the Southern Methodist University (SMU) in Texas. He developed the strategy and training development plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and he developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe, and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks, and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman, and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016 as well as for the Oman Telephone Company. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices, as well as applications.
Lee Allen is the associate director at Ohio State University. He specializes in information security, penetration testing, security research, task automation, risk management, data analysis, and 3D application development.Cardwell Kevin :
Kevin Cardwell is currently working as a freelance consultant and provides consulting services for companies throughout the world, and he also works as an advisor to numerous government entities within the USA, the Middle East, Africa, Asia, and the UK. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is the author of the Center for Advanced Security and Training (CAST), Advanced Network Defense, and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics courses. He has presented at the Black Hat USA, Hacker Halted, ISSA, and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyber Defense Summit in Oman and was the executive chairman of the Oil and Gas Cyber Defense Summit. He is the author of Building Virtual Pen testing Labs for Advanced Penetration Testing, 1st Edition, Advanced Penetration Testing for Highly Secured Environments, Second Edition, and Backtrack: Testing Wireless Network Security. He holds a bachelor of science degree in computer science from National University in California and a masters degree in software engineering from the Southern Methodist University (SMU) in Texas. He developed the strategy and training development plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and he developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe, and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks, and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman, and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016 as well as for the Oman Telephone Company. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices, as well as applications.
Inhalt
- Cover
- Copyright
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Table of Contents
- Preface
- Chapter 1: Penetration Testing Essentials
- Methodology defined
- Example methodologies
- Penetration testing framework
- Penetration Testing Execution Standard
- Pre-engagement interactions
- Intelligence gathering
- Threat modeling
- Vulnerability analysis
- Exploitation
- Post exploitation
- Reporting
- Abstract methodology
- Final thoughts
- Summary
- Chapter 2: Preparing a Test Environment
- Introducing VMware Workstation
- Why VMware Workstation?
- Installing VMware Workstation
- Network design
- VMnet0
- VMnet1
- VMnet8
- Folders
- Understanding the default architecture
- Installing Kali Linux
- Creating the switches
- Putting it all together
- Installing Ubuntu LTS
- Installing Kioptrix
- Creating pfSense VM
- Summary
- Chapter 3: Assessment Planning
- Introducing advanced penetration testing
- Vulnerability assessments
- Penetration testing
- Advanced penetration testing
- Before testing begins
- Determining scope
- Setting limits - nothing lasts forever
- Rules of Engagement documentation
- Planning for action
- Configuring Kali
- Updating the applications and operating system
- Installing LibreOffice
- Effectively managing your test results
- Introduction to MagicTree
- Starting MagicTree
- Adding nodes
- Data collection
- Report generation
- Introduction to the Dradis framework
- Exporting a project template
- Importing a project template
- Preparing sample data for import
- Importing your Nmap data
- Exporting data into HTML
- Dradis Category field
- Changing the default HTML template
- Summary
- Chapter 4: Intelligence Gathering
- Introducing reconnaissance
- Reconnaissance workflow
- DNS recon
- nslookup - it's there when you need it
- Default output
- Changing nameservers
- Creating an automation script
- What did we learn?
- Domain information groper
- Default output
- Zone transfers using Dig
- Advanced features of Dig
- DNS brute-forcing with fierce
- Default command usage
- Creating a custom word list
- Gathering and validating domain and IP information
- Gathering information with Whois
- Specifying which registrar to use
- Where in the world is this IP?
- Defensive measures
- Using search engines to do your job for you
- Shodan
- Filters
- Understanding banners
- Finding specific assets
- Finding people (and their documents) on the Web
- Google hacking database
- Searching the Internet for clues
- Creating network baselines with scanPBNJ
- Metadata collection
- Extracting metadata from photos using exiftool
- Summary
- Chapter 5: Network Service Attacks
- Configuring and testing our lab clients
- Kali - manual ifconfig
- Ubuntu - manual ifconfig
- Verifying connectivity
- Maintaining IP settings after reboot
- Angry IP Scanner
- Nmap - getting to know you
- Commonly seen Nmap scan types and options
- Basic scans - warming up
- Other Nmap techniques
- Remaining stealthy
- Shifting blame - the zombies did it!
- IDS rules and how to avoid them
- Using decoys
- Adding custom Nmap scripts to your arsenal
- Deciding if a script is right for you
- Adding a new script to the database
- Zenmap - for those who want the GUI
- SNMP - a goldmine of information just waiting to be discovered
- When the SNMP community string is NOT "public
- Network baselines with ScanPBNJ
- Setting up MySQL for PBNJ
- Preparing the PBNJ database
- First scan
- Reviewing the data
- Enumeration avoidance techniques
- Naming conventions
- Port knocking
- Intrusion detection and avoidance systems
- Trigger points
- SNMP lockdown
- Reader challenge
- Summary
- Chapter 6: Exploitation
- Exploitation - why bother?
- Manual exploitation
- Enumerating services
- Quick scans with unicornscan
- Full scanning with Nmap
- Banner grabbing with Netcat and Ncat
- Banner grabbing with Netcat
- Banner grabbing with Ncat
- Banner grabbing with smbclient
- Searching Exploit-DB
- Exploit-DB at hand
- Compiling the code
- Compiling proof-of-concept code
- Troubleshooting the code
- Running the exploit
- Getting files to and from victim machines
- Starting a TFTP server on Kali
- Installing and configuring pure-ftpd
- Starting pure-ftpd
- Passwords - something you know.
- Cracking the hash
- Brute-forcing passwords
- Metasploit - learn it and love it
- Databases and Metasploit
- Performing an nmap scan from within Metasploit
- Using auxiliary modules
- Using Metasploit to exploit Kioptrix
- Reader challenge
- Summary
- Chapter 7: Web Application Attacks
- Practice makes perfect
- Creating a KioptrixVM Level 3 clone
- Installing and configuring Mutillidae on the Ubuntu virtual machine
- Configuring pfSense
- Configuring the pfSense DHCP server
- Starting the virtual lab
- pfSense DHCP - Permanent reservations
- Installing HAProxy for load balancing
- Adding Kioptrix3.com to the host file
- Detecting load balancers
- Quick reality check - Load Balance Detector
- So, what are we looking for anyhow?
- Detecting web application firewalls (WAF)
- Taking on Level 3 - Kioptrix
- Web Application Attack and Audit framework (w3af)
- Using w3af GUI to save configuration time
- Using a second tool for comparisons
- Scanning using the w3af console
- Using WebScarab as an HTTP proxy
- Introduction to browser plugin HackBar
- Reader challenge
- Summary
- Chapter 8: Exploitation Concepts
- Buffer overflows - a refresher
- Memory basics
- C"ing is believing - Create a vulnerable program
- Turning ASLR on and off in Kali
- Understanding the basics of buffer overflows
- 64-bit exploitation
- Introducing vulnserver
- Fuzzing tools included in Kali
- Bruteforce Exploit Detector (BED)
- sfuzz - Simple fuzzer
- Social Engineering Toolkit
- Fast-Track
- Reader challenge
- Summary
- Chapter 9: Post-Exploitation
- Rules of Engagement
- What is permitted?
- Can you modify anything and everything?
- Are you allowed to add persistence?
- How is the data that is collected and stored handled by you and your team?
- Employee data and personal information
- Data gathering, network analysis, and pillaging
- Linux
- Important directories and files
- Important commands
- Putting this information to use
- Enumeration
- Exploitation
- We are connected, now what?
- Which tools are available on the remote system?
- Finding network information
- Determine connections
- Checking installed packages
- Package repositories
- Programs and services that run at startup
- Searching for information
- History files and logs
- Configurations, settings, and other files
- Users and credentials
- Moving the files
- Microsoft WindowsT post-exploitation
- Important directories and files
- Using Armitage for post-exploitation
- Enumeration
- Exploitation
- We are connected, now what?
- Networking details
- Finding installed software and tools
- Pivoting
- Reader challenge
- Summary
- Chapter 10: Stealth Techniques
- Lab preparation
- Kali guest machine
- Ubuntu guest machine
- The pfSense guest machine configuration
- The pfSense network setup
- WAN IP configuration
- LAN IP configuration
- Firewall configuration
- Stealth scanning through the firewall
- Finding the ports
- Traceroute to find out if there is a firewall
- Finding out if the firewall is blocking certain ports
- Now you see me, now you don't - avoiding IDS
- Canonicalization
- Timing is everything
- Blending in
- PfSense SSH logs
- Looking at traffic patterns
- Cleaning up compromised hosts
- Using a checklist
- When to clean up
- Local log files
- Miscellaneous evasion techniques
- Divide and conquer
- Hiding out (on controlled units)
- File Integrity Monitoring (FIM)
- Using common network management tools to do the deed
- Reader challenge
- Summary
- Chapter 11: Data Gathering and Reporting
- Record now - sort later
- Old school - the text editor method
- Nano
- VIM -the power user's text editor of choice
- Gedit - Gnome text editor
- Dradis framework for collaboration
- Binding to an available interface other than 127.0.0.1
- The report
- Reader challenge
- Summary
- Chapter 12: Penetration Testing Challenge
- Firewall lab setup
- Installing additional packages in pfSense
- The scenario
- The virtual lab setup
- AspenMLC Research Labs' virtual network
- Additional system modifications
- Ubuntu 8.10 server modifications
- The challenge
- The walkthrough
- Defining the scope
- Determining the "why
- So what is the "why" of this particular test?
- Developing the Rules of Engagement document
- Initial plan of attack
- Enumeration and exploitation
- Reporting
- Summary
- Index
