Advanced Penetration Testing for Highly-Secured Environments - Second Edition

 
 
Packt Publishing Limited
  • 1. Auflage
  • |
  • erschienen am 29. März 2016
  • |
  • 428 Seiten
 
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
978-1-78439-202-4 (ISBN)
 
Employ the most advanced pentesting techniques and tools to build highly-secured systems and environmentsAbout This BookLearn how to build your own pentesting lab environment to practice advanced techniquesCustomize your own scripts, and learn methods to exploit 32-bit and 64-bit programsExplore a vast variety of stealth techniques to bypass a number of protections when penetration testingWho This Book Is ForThis book is for anyone who wants to improve their skills in penetration testing. As it follows a step-by-step approach, anyone from a novice to an experienced security tester can learn effective techniques to deal with highly secured environments.Whether you are brand new or a seasoned expert, this book will provide you with the skills you need to successfully create, customize, and plan an advanced penetration test.What You Will LearnA step-by-step methodology to identify and penetrate secured environmentsGet to know the process to test network services across enterprise architecture when defences are in placeGrasp different web application testing methods and how to identify web application protections that are deployedUnderstand a variety of concepts to exploit softwareGain proven post-exploitation techniques to exfiltrate data from the targetGet to grips with various stealth techniques to remain undetected and defeat the latest defencesBe the first to find out the latest methods to bypass firewallsFollow proven approaches to record and save the data from tests for analysisIn DetailThe defences continue to improve and become more and more common, but this book will provide you with a number or proven techniques to defeat the latest defences on the networks. The methods and techniques contained will provide you with a powerful arsenal of best practices to increase your penetration testing successes.The processes and methodology will provide you techniques that will enable you to be successful, and the step by step instructions of information gathering and intelligence will allow you to gather the required information on the targets you are testing. The exploitation and post-exploitation sections will supply you with the tools you would need to go as far as the scope of work will allow you. The challenges at the end of each chapter are designed to challenge you and provide real-world situations that will hone and perfect your penetration testing skills. You will start with a review of several well respected penetration testing methodologies, and following this you will learn a step-by-step methodology of professional security testing, including stealth, methods of evasion, and obfuscation to perform your tests and not be detected!The final challenge will allow you to create your own complex layered architecture with defences and protections in place, and provide the ultimate testing range for you to practice the methods shown throughout the book. The challenge is as close to an actual penetration test assignment as you can get!Style and approachThe book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and foot printing
  • Englisch
  • Birmingham
  • Überarbeitete Ausgabe
978-1-78439-202-4 (9781784392024)
1784392022 (1784392022)
weitere Ausgaben werden ermittelt
  • Cover
  • Copyright
  • Credits
  • About the Authors
  • About the Reviewer
  • www.PacktPub.com
  • Table of Contents
  • Preface
  • Chapter 1: Penetration Testing Essentials
  • Chapter 2: Preparing a Test Environment
  • Chapter 3: Assessment Planning
  • Chapter 4: Intelligence Gathering
  • Chapter 5: Network Service Attacks
  • Chapter 6: Exploitation
  • Chapter 7: Web Application Attacks
  • Chapter 8: Exploitation Concepts
  • Chapter 9: Post-Exploitation
  • Chapter 10: Stealth Techniques
  • Chapter 11: Data Gathering and Reporting
  • Chapter 12: Penetration Testing Challenge
  • Index
  • Methodology defined
  • Example methodologies
  • Abstract methodology
  • Summary
  • Introducing VMware Workstation
  • Installing VMware Workstation
  • Network design
  • Understanding the default architecture
  • Creating the switches
  • Putting it all together
  • Summary
  • Introducing advanced penetration testing
  • Before testing begins
  • Planning for action
  • Installing LibreOffice
  • Effectively managing your test results
  • Introduction to the Dradis framework
  • Summary
  • Introducing reconnaissance
  • DNS recon
  • Gathering and validating domain and IP information
  • Using search engines to do your job for you
  • Creating network baselines with scanPBNJ
  • Summary
  • Configuring and testing our lab clients
  • Angry IP Scanner
  • Nmap - getting to know you
  • SNMP - a goldmine of information just waiting to be discovered
  • Network baselines with ScanPBNJ
  • Enumeration avoidance techniques
  • Reader challenge
  • Summary
  • Exploitation - why bother?
  • Manual exploitation
  • Getting files to and from victim machines
  • Passwords - something you know.
  • Metasploit - learn it and love it
  • Reader challenge
  • Summary
  • Practice makes perfect
  • Configuring pfSense
  • Detecting load balancers
  • Detecting web application firewalls (WAF)
  • Taking on Level 3 - Kioptrix
  • Web Application Attack and Audit framework (w3af)
  • Introduction to browser plugin HackBar
  • Reader challenge
  • Summary
  • Buffer overflows - a refresher
  • 64-bit exploitation
  • Introducing vulnserver
  • Fuzzing tools included in Kali
  • Social Engineering Toolkit
  • Fast-Track
  • Reader challenge
  • Summary
  • Rules of Engagement
  • Data gathering, network analysis, and pillaging
  • Pivoting
  • Reader challenge
  • Summary
  • Lab preparation
  • Stealth scanning through the firewall
  • Now you see me, now you don't - avoiding IDS
  • Blending in
  • PfSense SSH logs
  • Looking at traffic patterns
  • Cleaning up compromised hosts
  • Miscellaneous evasion techniques
  • Reader challenge
  • Summary
  • Record now - sort later
  • Old school - the text editor method
  • Dradis framework for collaboration
  • The report
  • Reader challenge
  • Summary
  • Firewall lab setup
  • The scenario
  • The virtual lab setup
  • The challenge
  • The walkthrough
  • Reporting
  • Summary
  • Penetration testing framework
  • Penetration Testing Execution Standard
  • Pre-engagement interactions
  • Intelligence gathering
  • Threat modeling
  • Vulnerability analysis
  • Exploitation
  • Post exploitation
  • Reporting
  • Final thoughts
  • Why VMware Workstation?
  • VMnet0
  • VMnet1
  • VMnet8
  • Folders
  • Installing Kali Linux
  • Installing Ubuntu LTS
  • Installing Kioptrix
  • Creating pfSense VM
  • Vulnerability assessments
  • Penetration testing
  • Advanced penetration testing
  • Determining scope
  • Setting limits - nothing lasts forever
  • Configuring Kali
  • Introduction to MagicTree
  • Exporting a project template
  • Importing a project template
  • Preparing sample data for import
  • Exporting data into HTML
  • Dradis Category field
  • Reconnaissance workflow
  • nslookup - it's there when you need it
  • Domain information groper
  • DNS brute-forcing with fierce
  • Gathering information with Whois
  • Shodan
  • Finding people (and their documents) on the Web
  • Searching the Internet for clues
  • Metadata collection
  • Kali - manual ifconfig
  • Ubuntu - manual ifconfig
  • Verifying connectivity
  • Maintaining IP settings after reboot
  • Commonly seen Nmap scan types and options
  • Basic scans - warming up
  • Other Nmap techniques
  • Adding custom Nmap scripts to your arsenal
  • When the SNMP community string is NOT "public"
  • Setting up MySQL for PBNJ
  • Preparing the PBNJ database
  • First scan
  • Reviewing the data
  • Naming conventions
  • Port knocking
  • Intrusion detection and avoidance systems
  • Trigger points
  • SNMP lockdown
  • Enumerating services
  • Full scanning with Nmap
  • Banner grabbing with Netcat and Ncat
  • Searching Exploit-DB
  • Exploit-DB at hand
  • Running the exploit
  • Starting a TFTP server on Kali
  • Installing and configuring pure-ftpd
  • Starting pure-ftpd
  • Cracking the hash
  • Brute-forcing passwords
  • Databases and Metasploit
  • Performing an nmap scan from within Metasploit
  • Using Metasploit to exploit Kioptrix
  • Creating a KioptrixVM Level 3 clone
  • Installing and configuring Mutillidae on the Ubuntu virtual machine
  • Configuring the pfSense DHCP server
  • Starting the virtual lab
  • pfSense DHCP - Permanent reservations
  • Installing HAProxy for load balancing
  • Adding Kioptrix3.com to the host file
  • Quick reality check - Load Balance Detector
  • Using w3af GUI to save configuration time
  • Using a second tool for comparisons
  • Scanning using the w3af console
  • Memory basics
  • "C"ing is believing - Create a vulnerable program
  • Turning ASLR on and off in Kali
  • Understanding the basics of buffer overflows
  • Bruteforce Exploit Detector (BED)
  • sfuzz - Simple fuzzer
  • What is permitted?
  • Can you modify anything and everything?
  • Are you allowed to add persistence?
  • How is the data that is collected and stored handled by you and your team?
  • Employee data and personal information
  • Linux
  • Putting this information to use
  • Microsoft WindowsT post-exploitation
  • Kali guest machine
  • Ubuntu guest machine
  • The pfSense guest machine configuration
  • Firewall configuration
  • Finding the ports
  • Canonicalization
  • Timing is everything
  • Using a checklist
  • When to clean up
  • Local log files
  • Divide and conquer
  • Hiding out (on controlled units)
  • File Integrity Monitoring (FIM)
  • Using common network management tools to do the deed
  • Nano
  • VIM -the power user's text editor of choice
  • Gedit - Gnome text editor
  • Binding to an available interface other than 127.0.0.1
  • Installing additional packages in pfSense
  • AspenMLC Research Labs' virtual network
  • Additional system modifications
  • Defining the scope
  • Determining the "why"
  • Developing the Rules of Engagement document
  • Initial plan of attack
  • Enumeration and exploitation
  • Rules of Engagement documentation
  • Updating the applications and operating system
  • Starting MagicTree
  • Adding nodes
  • Data collection
  • Report generation
  • Importing your Nmap data
  • Changing the default HTML template
  • Default output
  • Changing nameservers
  • Creating an automation script
  • What did we learn?
  • Default output
  • Zone transfers using Dig
  • Advanced features of Dig
  • Default command usage
  • Creating a custom word list
  • Specifying which registrar to use
  • Where in the world is this IP?
  • Defensive measures
  • Filters
  • Understanding banners
  • Finding specific assets
  • Google hacking database
  • Extracting metadata from photos using exiftool
  • Remaining stealthy
  • Shifting blame - the zombies did it!
  • IDS rules and how to avoid them
  • Using decoys
  • Deciding if a script is right for you
  • Adding a new script to the database
  • Zenmap - for those who want the GUI
  • Quick scans with unicornscan
  • Banner grabbing with Netcat
  • Banner grabbing with Ncat
  • Banner grabbing with smbclient
  • Compiling the code
  • Compiling proof-of-concept code
  • Troubleshooting the code
  • Using auxiliary modules
  • So, what are we looking for anyhow?
  • Using WebScarab as an HTTP proxy
  • Important directories and files
  • Important commands
  • Enumeration
  • Exploitation
  • We are connected, now what?
  • Which tools are available on the remote system?
  • Finding network information
  • Determine connections
  • Checking installed packages
  • Package repositories
  • Programs and services that run at startup
  • Searching for information
  • History files and logs
  • Configurations, settings, and other files
  • Users and credentials
  • Moving the files
  • Important directories and files
  • Using Armitage for post-exploitation
  • Enumeration
  • Exploitation
  • We are connected, now what?
  • Networking details
  • Finding installed software and tools
  • The pfSense network setup
  • WAN IP configuration
  • LAN IP configuration
  • Traceroute to find out if there is a firewall
  • Finding out if the firewall is blocking certain ports
  • Ubuntu 8.10 server modifications
  • So what is the "why" of this particular test?

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

48,33 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung des WebShops erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok