更新时间:2021-07-16 11:42:46
coverpage
Building Virtual Pentesting Labs for Advanced Penetration Testing
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files eBooks discount offers and more
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Chapter 1. Introducing Penetration Testing
Security testing
Abstract testing methodology
Myths and misconceptions of pen testing
Summary
Chapter 2. Choosing the Virtual Environment
Open source and free environments
Commercial environments
Image conversion
Converting from a physical to virtual environment
Chapter 3. Planning a Range
Planning
Identifying vulnerabilities
Chapter 4. Identifying Range Architecture
Building the machines
Selecting network connections
Choosing range components
Chapter 5. Identifying a Methodology
The OSSTMM
CHECK
NIST SP-800-115
Chapter 6. Creating an External Attack Architecture
Establishing layered architectures
Configuring firewall architectures
iptables
Chapter 7. Assessment of Devices
Assessing routers
Evaluating switches
Attacking the firewall
Identifying the firewall rules
Tricks to penetrate filters
Chapter 8. Architecting an IDS/IPS Range
Deploying a network-based IDS
Implementing the host-based IDS and endpoint security
Working with virtual switches
Evasion
Chapter 9. Assessment of Web Servers and Web Applications
Analyzing the OWASP Top Ten attacks
Identifying web application firewalls
Penetrating web application firewalls
Tools
Chapter 10. Testing Flat and Internal Networks
The role of Vulnerability Scanners
Dealing with host protection
Chapter 11. Attacking Servers
Common protocols and applications for servers
Database assessment
OS platform specifics
Chapter 12. Exploring Client-side Attack Vectors
Client-side attack methods
Pilfering data from the client
Using the client as a pivot point
Client-side exploitation
Binary payloads
Malicious PDF files
Bypassing antivirus and other protection tools
Obfuscation and encoding
Chapter 13. Building a Complete Cyber Range
Creating the layered architecture
Integrating decoys and honeypots
Attacking the cyber range
Recording the attack data for further training and analysis
Index
