Advanced Penetration Testing for Highly Secured Environments 2nd Ed, (2012)

Overview

Below is an outline for the ebook "Advanced Penetration Testing for Highly Secured Environments 2nd Ed, (2012)". If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Security - Penetration Testing

If you are having issues logging in, please check the following help guide, HERE.

 

Outline

1. Penetration Testing Essentials
2. Methodology defined
3. Example methodologies
3.1.1. Penetration testing framework
3.1.2. Penetration Testing Execution Standard
3.1.3. Pre-engagement interactions
3.1.4. Intelligence gathering
3.1.5. Threat modeling
3.1.6. Vulnerability analysis
3.1.7. Exploitation
3.1.8. Post-exploitation
3.1.9. Reporting
4. Abstract methodology
5. Final thoughts
6. Summary
7. Preparing a Test Environment
8. Introducing VMware Workstation
8.1.1. Why VMware Workstation?
9. Installing VMware Workstation
10. Network design
10.1.1. VMnet0
10.1.2. VMnet1
10.1.3. VMnet8
10.1.4. Folders
11. Understanding the default architecture
11.1.1. Installing Kali Linux
12. Creating the switches
13. Putting it all together
13.1.1. Installing Ubuntu LTS
13.1.2. Installing Kioptrix
13.1.3. Creating pfSense VM
14. Summary
15. Assessment Planning
16. Introducing advanced penetration testing
16.1.1. Vulnerability assessments
16.1.2. Penetration testing
16.1.3. Advanced penetration testing
17. Before testing begins
17.1.1. Determining scope
17.1.2. Setting limits – nothing lasts forever
17.1.3. Rules of Engagement documentation
18. Planning for action
19. Configuring Kali
19.1.1. Updating the applications and operating system
20. Installing LibreOffice
21. Effectively managing your test results
22. Introduction to MagicTree
22.1.1. Starting MagicTree
22.1.2. Adding nodes
22.1.3. Data collection
22.1.4. Report generation
23. Introduction to the Dradis framework
23.1.1. Exporting a project template
23.1.2. Importing a project template
23.1.3. Preparing sample data for import
23.1.4. Importing your Nmap data
23.1.5. Exporting data into HTML
23.1.6. Dradis Category field
23.1.7. Changing the default HTML template
24. Summary
25. Intelligence Gathering
26. Introducing reconnaissance
26.1.1. Reconnaissance workflow
27. DNS recon
28. nslookup – it's there when you need it
28.1.1. Default output
28.1.2. Changing nameservers
28.1.3. Creating an automation script
28.1.4. What did we learn?
29. Domain information groper
29.1.1. Default output
29.1.2. Zone transfers using Dig
29.1.3. Advanced features of Dig
30. DNS brute-forcing with fierce
30.1.1. Default command usage
30.1.2. Creating a custom word list
31. Gathering and validating domain and IP information
32. Gathering information with Whois
32.1.1. Specifying which registrar to use
32.1.2. Where in the world is this IP?
32.1.3. Defensive measures
33. Using search engines to do your job for you
33.1.1. Shodan
33.1.2. Filters
33.1.3. Understanding banners
33.1.4. Finding specific assets
33.1.5. Finding people (and their documents) on the web
33.1.6. Google hacking database
33.1.7. Searching the Internet for clues
34. Creating network baselines with scanPBNJ
35. Metadata collection
35.1.1. Extracting metadata from photos using exiftool
35.1.2. Summary
36. Network Service Attacks
37. Configuring and testing our lab clients
37.1.1. Kali – manual ifconfig
37.1.2. Ubuntu – manual ifconfig
37.1.3. Verifying connectivity
37.1.4. Maintaining IP settings after reboot
38. Angry IP Scanner
39. Nmap – getting to know you
40. Commonly seen Nmap scan types and options
41. Basic scans – warming up
42. Other Nmap techniques
42.1.1. Remaining stealthy
42.1.2. Shifting blame – the zombies did it!
42.1.3. IDS rules and how to avoid them
42.1.4. Using decoys
43. Adding custom Nmap scripts to your arsenal
43.1.1. Deciding if a script is right for you
43.1.2. Adding a new script to the database
43.1.3. Zenmap – for those who want the GUI
44. SNMP – a goldmine of information just waiting to be discovered
44.1.1. When the SNMP community string is NOT "public"
45. Network baselines with scanPBNJ
45.1.1. Setting up MySQL for PBNJ
45.1.2. Preparing the PBNJ database
45.1.3. First scan
45.1.4. Reviewing the data
46. Enumeration avoidance techniques
46.1.1. Naming conventions
46.1.2. Port knocking
46.1.3. Intrusion detection and avoidance systems
46.1.4. Trigger points
46.1.5. SNMP lockdown
47. Reader challenge
48. Summary

49. Exploitation
50. Exploitation – why bother?
51. Manual exploitation
52. Enumerating services
52.1.1. Quick scans with unicornscan
53. Full scanning with Nmap
54. Banner grabbing with Netcat and Ncat
54.1.1. Banner grabbing with Netcat
54.1.2. Banner grabbing with Ncat
54.1.3. Banner grabbing with smbclient
55. Searching Exploit-DB
56. Exploit-DB at hand
56.1.1. Compiling the code
56.1.2. Compiling proof-of-concept code
56.1.3. Troubleshooting the code
57. Running the exploit
58. Getting files to and from victim machines
58.1.1. Starting a TFTP server on Kali
58.1.2. Installing and configuring pure-ftpd
58.1.3. Starting pure-ftpd
59. Passwords – something you know
59.1.1. Cracking the hash
59.1.2. Brute-forcing passwords
60. Metasploit – learn it and love it
60.1.1. Databases and Metasploit
60.1.2. Performing an nmap scan from within Metasploit
60.1.3. Using auxiliary modules
60.1.4. Using Metasploit to exploit Kioptrix
61. Reader challenge
62. Summary

63. Web Application Attacks
64. Practice makes perfect
64.1.1. Creating a KioptrixVM Level 3 clone
64.1.2. Installing and configuring Mutillidae on the Ubuntu virtual machine
65. Configuring pfSense
65.1.1. Configuring the pfSense DHCP server
65.1.2. Starting the virtual lab
65.1.3. pfSense DHCP – Permanent reservations
65.1.4. Installing HAProxy for load balancing
65.1.5. Adding Kioptrix3.com to the host file
66. Detecting load balancers
66.1.1. Quick reality check – Load Balance Detector
66.1.2. So, what are we looking for anyhow?
67. Detecting web application firewalls (WAF)
68. Taking on Level 3 – Kioptrix
69. Web Application Attack and Audit framework (w3af)
69.1.1. Using w3af GUI to save configuration time
69.1.2. Using a second tool for comparisons
69.1.3. Scanning using the w3af console
69.1.4. Using WebScarab as an HTTP proxy
70. Introduction to browser plugin HackBar
71. Reader challenge
72. Summary
73. Exploitation Concepts
74. Buffer overflows – a refresher
74.1.1. Memory basics
74.1.2. "C"ing is believing – Create a vulnerable program
74.1.3. Turning ASLR on and off in Kali
74.1.4. Understanding the basics of buffer overflows
75. 64-bit exploitation
76. Introducing vulnserver
77. Fuzzing tools included in Kali
77.1.1. Bruteforce Exploit Detector (BED)
77.1.2. sfuzz – Simple fuzzer
78. Social Engineering Toolkit
79. Fast-Track
80. Reader challenge
81. Summary
82. Post-Exploitation
83. Rules of Engagement
83.1.1. What is permitted?
83.1.2. Can you modify anything and everything?
83.1.3. Are you allowed to add persistence?
83.1.4. How is the data that is collected and stored handled by you and your team?
83.1.5. Employee data and personal information
84. Data gathering, network analysis, and pillaging
85. Linux
85.1.1. Important directories and files
85.1.2. Important commands
86. Putting this information to use
86.1.1. Enumeration
86.1.2. Exploitation
86.1.3. We are connected, now what?
86.1.4. Which tools are available on the remote system?
86.1.5. Finding network information
86.1.6. Determine connections
86.1.7. Checking installed packages
86.1.8. Package repositories
86.1.9. Programs and services that run at startup
86.1.10. Searching for information
86.1.11. History files and logs
86.1.12. Configurations, settings, and other files
86.1.13. Users and credentials
86.1.14. Moving the files
87. Microsoft Windows™ post-exploitation
87.1.1. Important directories and files
87.1.2. Using Armitage for post-exploitation
87.1.3. Enumeration
87.1.4. Exploitation
87.1.5. We are connected, now what?
87.1.6. Networking details
87.1.7. Finding installed software and tools
87.1.8. Pivoting
88. Reader challenge
89. Summary
90. Stealth Techniques
91. Lab preparation
91.1.1. Kali guest machine
91.1.2. Ubuntu guest machine
91.1.3. The pfSense guest machine configuration
91.1.4. The pfSense network setup
91.1.5. WAN IP configuration
91.1.6. LAN IP configuration
91.1.7. Firewall configuration
92. Stealth scanning through the firewall
92.1.1. Finding the ports
92.1.2. Traceroute to find out if there is a firewall
92.1.3. Finding out if the firewall is blocking certain ports
93. Now you see me, now you don't – avoiding IDS
93.1.1. Canonicalization
93.1.2. Timing is everything
94. Blending in
95. PfSense SSH logs
96. Looking at traffic patterns
97. Cleaning up compromised hosts
97.1.1. Using a checklist
97.1.2. When to clean up
97.1.3. Local log files
98. Miscellaneous evasion techniques
98.1.1. Divide and conquer
98.1.2. Hiding out (on controlled units)
98.1.3. File Integrity Monitoring (FIM)
98.1.4. Using common network management tools to do the deed
99. Reader challenge
100. Summary
101. Data Gathering and Reporting
102. Record now – sort later
103. Old school – the text editor method
103.1.1. Nano
103.1.2. VIM –the power user's text editor of choice
103.1.3. Gedit – Gnome text editor
104. Dradis framework for collaboration
104.1.1. Binding to an available interface other than 127.0.0.1
105. The report
106. Reader challenge
107. Summary

108. Penetration Testing Challenge
109. Firewall lab setup
109.1.1. Installing additional packages in pfSense
110. The scenario
111. The virtual lab setup
111.1.1. AspenMLC Research Labs' virtual network
111.1.2. Additional system modifications
111.1.3. Ubuntu 8.10 server modifications
112. The challenge
113. The walkthrough
113.1.1. Defining the scope
113.1.2. Determining the "why"
113.1.3. So what is the "why" of this particular test?
113.1.4. Developing the Rules of Engagement document
113.1.5. Initial plan of attack
113.1.6. Enumeration and exploitation
114. Reporting
115. Summary
116. Index

 

-----

Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.