Cargando…
Advanced penetration testing for highly-secured environments /
Employ the most advanced pentesting techniques and tools to build highly-secured systems and environmentsAbout This Book Learn how to build your own pentesting lab environment to practice advanced techniques Customize your own scripts, and learn methods to exploit 32-bit and 64-bit programs Explore...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Packt Publishing
2016.
|
| Edición: | Second edition. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover
- Copyright
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Table of Contents
- Preface
- Chapter 1: Penetration Testing Essentials
- Methodology defined
- Example methodologies
- Penetration testing framework
- Penetration Testing Execution Standard
- Pre-engagement interactions
- Intelligence gathering
- Threat modeling
- Vulnerability analysis
- Exploitation
- Post exploitation
- Reporting
- Abstract methodology
- Final thoughts
- Summary
- Chapter 2: Preparing a Test Environment
- Introducing VMware Workstation
- Why VMware Workstation?
- Installing VMware Workstation
- Network design
- VMnet0
- VMnet1
- VMnet8
- Folders
- Understanding the default architecture
- Installing Kali Linux
- Creating the switches
- Putting it all together
- Installing Ubuntu LTS
- Installing Kioptrix
- Creating pfSense VM
- Summary
- Chapter 3: Assessment Planning
- Introducing advanced penetration testing
- Vulnerability assessments
- Penetration testing
- Advanced penetration testing
- Before testing begins
- Determining scope
- Setting limits
- nothing lasts forever
- Rules of Engagement documentation
- Planning for action
- Configuring Kali
- Updating the applications and operating system
- Installing LibreOffice
- Effectively managing your test results
- Introduction to MagicTree
- Starting MagicTree
- Adding nodes
- Data collection
- Report generation
- Introduction to the Dradis framework
- Exporting a project template
- Importing a project template
- Preparing sample data for import
- Importing your Nmap data
- Exporting data into HTML
- Dradis Category field
- Changing the default HTML template
- Summary
- Chapter 4: Intelligence Gathering
- Introducing reconnaissance
- Reconnaissance workflow
- DNS recon
- nslookup
- it's there when you need it.
- Default output
- Changing nameservers
- Creating an automation script
- What did we learn?
- Domain information groper
- Default output
- Zone transfers using Dig
- Advanced features of Dig
- DNS brute-forcing with fierce
- Default command usage
- Creating a custom word list
- Gathering and validating domain and IP information
- Gathering information with Whois
- Specifying which registrar to use
- Where in the world is this IP?
- Defensive measures
- Using search engines to do your job for you
- Shodan
- Filters
- Understanding banners
- Finding specific assets
- Finding people (and their documents) on the Web
- Google hacking database
- Searching the Internet for clues
- Creating network baselines with scanPBNJ
- Metadata collection
- Extracting metadata from photos using exiftool
- Summary
- Chapter 5: Network Service Attacks
- Configuring and testing our lab clients
- Kali
- manual ifconfig
- Ubuntu
- manual ifconfig
- Verifying connectivity
- Maintaining IP settings after reboot
- Angry IP Scanner
- Nmap
- getting to know you
- Commonly seen Nmap scan types and options
- Basic scans
- warming up
- Other Nmap techniques
- Remaining stealthy
- Shifting blame
- the zombies did it!
- IDS rules and how to avoid them
- Using decoys
- Adding custom Nmap scripts to your arsenal
- Deciding if a script is right for you
- Adding a new script to the database
- Zenmap
- for those who want the GUI
- SNMP
- a goldmine of information just waiting to be discovered
- When the SNMP community string is NOT "public
- Network baselines with ScanPBNJ
- Setting up MySQL for PBNJ
- Preparing the PBNJ database
- First scan
- Reviewing the data
- Enumeration avoidance techniques
- Naming conventions
- Port knocking
- Intrusion detection and avoidance systems
- Trigger points
- SNMP lockdown
- Reader challenge.
- C"ing is believing
- Create a vulnerable program
- Turning ASLR on and off in Kali
- Understanding the basics of buffer overflows
- 64-bit exploitation
- Introducing vulnserver
- Fuzzing tools included in Kali
- Bruteforce Exploit Detector (BED)
- sfuzz
- Simple fuzzer
- Social Engineering Toolkit
- Fast-Track
- Reader challenge
- Summary
- Chapter 9: Post-Exploitation
- Rules of Engagement
- What is permitted?
- Can you modify anything and everything?
- Are you allowed to add persistence?
- How is the data that is collected and stored handled by you and your team?
- Employee data and personal information
- Data gathering, network analysis, and pillaging
- Linux
- Important directories and files
- Important commands
- Putting this information to use
- Enumeration
- Exploitation
- We are connected, now what?
- Which tools are available on the remote system?
- Finding network information
- Determine connections
- Checking installed packages
- Package repositories
- Programs and services that run at startup
- Searching for information
- History files and logs
- Configurations, settings, and other files
- Users and credentials
- Moving the files
- Microsoft Windows™ post-exploitation
- Important directories and files
- Using Armitage for post-exploitation
- Enumeration
- Exploitation
- We are connected, now what?
- Networking details
- Finding installed software and tools
- Pivoting
- Reader challenge
- Summary
- Chapter 10: Stealth Techniques
- Lab preparation
- Kali guest machine
- Ubuntu guest machine
- The pfSense guest machine configuration
- The pfSense network setup
- WAN IP configuration
- LAN IP configuration
- Firewall configuration
- Stealth scanning through the firewall
- Finding the ports
- Traceroute to find out if there is a firewall.
- Finding out if the firewall is blocking certain ports
- Now you see me, now you don't
- avoiding IDS
- Canonicalization
- Timing is everything
- Blending in
- PfSense SSH logs
- Looking at traffic patterns
- Cleaning up compromised hosts
- Using a checklist
- When to clean up
- Local log files
- Miscellaneous evasion techniques
- Divide and conquer
- Hiding out (on controlled units)
- File Integrity Monitoring (FIM)
- Using common network management tools to do the deed
- Reader challenge
- Summary
- Chapter 11: Data Gathering and Reporting
- Record now
- sort later
- Old school
- the text editor method
- Nano
- VIM -the power user's text editor of choice
- Gedit
- Gnome text editor
- Dradis framework for collaboration
- Binding to an available interface other than 127.0.0.1
- The report
- Reader challenge
- Summary
- Chapter 12: Penetration Testing Challenge
- Firewall lab setup
- Installing additional packages in pfSense
- The scenario
- The virtual lab setup
- AspenMLC Research Labs' virtual network
- Additional system modifications
- Ubuntu 8.10 server modifications
- The challenge
- The walkthrough
- Defining the scope
- Determining the "why
- So what is the "why" of this particular test?
- Developing the Rules of Engagement document
- Initial plan of attack
- Enumeration and exploitation
- Reporting
- Summary
- Index.