Cargando…
Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition.
Learn how to build complex virtual architectures that allow you to perform virtually any required testing methodology and perfect itAbout This Book Explore and build intricate architectures that allow you to emulate an enterprise network Test and enhance your security skills against complex and hard...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited
Aug. 2016.
|
| Edición: | 2nd ed. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover ; Credits; Copyright; About the Author; Acknowledgments; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Introducing Penetration Testing ; Security testing; Authentication; Authorization; Confidentiality; Integrity; Availability; Non-repudiation; An abstract testing methodology; Planning; Nonintrusive target search; Nslookup; Central Ops; The Wayback Machine; Shodan; Intrusive target search; Find live systems; Discover open ports; Discover services; Enumeration; Identify vulnerabilities; Exploitation; Data analysis; Reporting; Description.
- Analysis and exposureRecommendations; References; Myths and misconceptions about pen testing; Summary; Chapter 2: Choosing the Virtual Environment ; Open source and free environments; VMware Workstation Player; VirtualBox; Xen; Hyper-V; vSphere Hypervisor; Commercial environments; vSphere; XenServer; VMware Workstation Pro; Image conversion; Converting from a physical to a virtual environment; Summary; Chapter 3: Planning a Range ; Planning; What are we trying to accomplish?; By when do we have to accomplish it?; Identifying vulnerabilities; Vulnerability sites; Vendor sites; Summary.
- Chapter 4: Identifying Range Architectures Building the machines; Building new machines; Conversion; Cloning a virtual machine; Selecting network connections; The bridged setting; Network Address Translation; The host-only switch; The custom settings; Choosing range components; The attacker machine; Router; Firewall; Web server; Readers' challenge; Summary; Chapter 5: Identifying a Methodology ; The OSSTMM; The Posture Review; Logistics; Active detection verification; Visibility Audit; Access verification; Trust verification; Control verification; Process verification.
- Configuration verificationProperty validation; Segregation review; Exposure verification; Competitive intelligence scouting; Quarantine verification; Privileges audit; Survivability validation; Alert and log review; CHECK; NIST SP-800-115; The information security assessment methodology; Technical assessment techniques; Comparing tests and examinations; Testing viewpoints; Overt and covert; Penetration Testing Execution Standard (PTES); Offensive Security; Other methodologies; Customization; Readers' challenge; Summary; Chapter 6: Creating an External Attack Architecture.
- Configuring firewall architectures and establishing layered architecturesiptables; Testing; Adding a web server; Configuring the second layer; Setting the VLAN; Review pfSense; Deploying IDS; Intrusion Detection System (IDS); Readers' challenge; Summary; Chapter 7: Assessment of Devices ; Assessing routers; Router machine; Router scanning analysis; Verify our assumptions; Kali 2.0; iptables; Iptables network analysis; Evaluating switches; VLAN hopping attacks; GARP attacks; Layer two attack tool; Attacking the firewall; Tricks to penetrate filters; Readers' challenge; Summary.