Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

1. Planning and Scoping for a Successful Penetration Test

• Introduction to advanced penetration testing
• Before testing begins
• Planning for action
• Exploring BackTrack
• Installing OpenOffice
• Effectively manage your test results
• Introduction to the Dradis Framework
• Summary

2. Advanced Reconnaissance Techniques FREE CHAPTER

• Introduction to reconnaissance
• DNS recon
• Gathering and validating domain and IP information
• Using search engines to do your job for you
• Summary

3. Enumeration: Choosing Your Targets Wisely

• Adding another virtual machine to our lab
• Nmap — getting to know you
• SNMP: A goldmine of information just waiting to be discovered
• Creating network baselines with scanPBNJ
• Enumeration avoidance techniques
• Summary

4. Remote Exploitation

• Exploitation – Why bother?
• Target practice – Adding a Kioptrix virtual machine
• Manual exploitation
• Getting files to and from victim machines
• Passwords: Something you know…
• Metasploit — learn it and love it
• Summary

5. Web Application Exploitation

• Practice makes perfect
• Detecting load balancers
• Detecting Web Application Firewalls (WAF)
• Taking on Level 3 – Kioptrix
• Web Application Attack and Audit Framework (w3af)
• Introduction to Mantra
• Summary

6. Exploits and Client-Side Attacks

• Buffer overflows—A refresher
• Introduction to fuzzing
• Introducing vulnserver
• Fuzzing tools included in BackTrck
• Fast-Track
• Social Engineering Toolkit
• Summary

7. Post-Exploitation

• Rules of engagement
• Data gathering, network analysis, and pillaging
• Pivoting
• Summary

8. Bypassing Firewalls and Avoiding Detection

• Lab preparation
• Stealth scanning through the firewall
• Now you see me, now you don't — Avoiding IDS
• Blending in
• Looking at traffic patterns
• Cleaning up compromised hosts
• Miscellaneous evasion techniques
• Summary

9. Data Collection Tools and Reporting

• Record now — Sort later
• Old school — The text editor method
• Dradis framework for collaboration
• The report
• Challenge to the reader
• Summary

10. Setting Up Virtual Test Lab Environments

• Why bother with setting up labs?
• Keeping it simple
• Adding complexity or emulating target environments
• Summary

11. Take the Challenge – Putting It All Together

• The scenario
• The setup
• The challenge
• The walkthrough
• Reporting
• Summary

Index