PacktLib: Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

Planning and Scoping for a Successful Penetration Test

Introduction to advanced penetration testing

Before testing begins

Planning for action

Exploring BackTrack

Installing OpenOffice

Effectively manage your test results

Introduction to the Dradis Framework

Summary

Advanced Reconnaissance Techniques

Introduction to reconnaissance

DNS recon

Gathering and validating domain and IP information

Using search engines to do your job for you

Summary

Enumeration: Choosing Your Targets Wisely

Adding another virtual machine to our lab

Nmap — getting to know you

SNMP: A goldmine of information just waiting to be discovered

Creating network baselines with scanPBNJ

Enumeration avoidance techniques

Summary

Remote Exploitation

Exploitation – Why bother?

Target practice – Adding a Kioptrix virtual machine

Manual exploitation

Getting files to and from victim machines

Passwords: Something you know…

Metasploit — learn it and love it

Summary

Web Application Exploitation

Practice makes perfect

Detecting load balancers

Detecting Web Application Firewalls (WAF)

Taking on Level 3 – Kioptrix

Web Application Attack and Audit Framework (w3af)

Introduction to Mantra

Summary

Exploits and Client-Side Attacks

Buffer overflows—A refresher

Introduction to fuzzing

Introducing vulnserver

Fuzzing tools included in BackTrck

Fast-Track

Social Engineering Toolkit

Summary

Post-Exploitation

Rules of engagement

Data gathering, network analysis, and pillaging

Pivoting

Summary

Bypassing Firewalls and Avoiding Detection

Lab preparation

Stealth scanning through the firewall

Now you see me, now you don't — Avoiding IDS

Blending in

Looking at traffic patterns

Cleaning up compromised hosts

Miscellaneous evasion techniques

Summary

Data Collection Tools and Reporting

Record now — Sort later

Old school — The text editor method

Dradis framework for collaboration

The report

Challenge to the reader

Summary

Setting Up Virtual Test Lab Environments

Why bother with setting up labs?

Keeping it simple

Adding complexity or emulating target environments

Summary

Take the Challenge – Putting It All Together

The scenario

The setup

The challenge

The walkthrough

Reporting

Summary

Index