Author: Kevin Cardwell
Pub Date: 2016
Size: 69 Mb
Learn how to build complex virtual architectures that allow you to perform virtually any required testing methodology and perfect it
In this book you will be introduced to a proven professional security and penetration testing methodology that has trained thousands of professional testers. Your experience from reading this book will prepare you for participation in professional security testing teams, both as a red team and a blue team member. Within the book you will learn how to take advantage of the power of virtualisation to build a multi-layer enterprise architecture and then deploy targets to test inside it. Additionally, you will learn a systematic process for discovering vulnerabilities and then a way to test these on your own private network. By practising the techniques throughout the book, you will be able to hone and enhance your skills in professional security and penetration testing.
Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you the process of how to build your own labs and a proven process to test these labs that is currently used in Industry by global penetration testing teams. You will start with an introduction to professional security testing and deciding where pen testing fits; then you will be introduced to proven leading Industry testing methodologies.
Once the introduction has completed, you will start building the machines; once you have built them you will learn how to build and test layered architectures. After you have mastered the layers you will plan specific attacks based on the platforms you are going up against. The book will show you a process for discovering new vulnerabilities for systems and networks, and how to apply these to your developed range and discover what the vulnerability means to your potential clients.
Building Virtual Pentesting Labs for Advanced Penetration Testing uses extensive labs and illustrations to take you from the beginning (building and attacking an enterprise architecture) to methods to bypass and avoid common enterprise architecture defences.
What you will learn
- Proven security testing and penetration testing techniques
- How to build multi-layered complex architectures to test the latest network designs
- Applying a professional testing methodology
- Determining whether there are filters between you and the target and how to penetrate them
- How to deploy and then find weaknesses in common firewall architectures.
- Advanced techniques to deploy against hardened environments
- Methods to circumvent endpoint protection controls
Table of Contents
1. Introducing Penetration Testing
2. Choosing the Virtual Environment
3. Planning a Range
4. Identifying Range Architectures
5. Identifying a Methodology
6. Creating an External Attack Architecture
7. Assessment of Devices
8. Architecting an IDS/IPS Range
9. Assessment of Web Servers and Web Applications
10. Testing Flat and Internal Networks
11. Testing Servers
12. Exploring Client-Side Attack Vectors
13. Building a Complete Cyber Range