Advanced Penetration Testing for Highly：Secured Environments（Second Edition）

Summary

Reporting

The walkthrough

The challenge

The virtual lab setup

The scenario

Firewall lab setup

Chapter 12. Penetration Testing Challenge

Summary

Reader challenge

The report

Dradis framework for collaboration

Old school – the text editor method

Record now – sort later

Chapter 11. Data Gathering and Reporting

Summary

Reader challenge

Miscellaneous evasion techniques

Cleaning up compromised hosts

Looking at traffic patterns

PfSense SSH logs

Blending in

Now you see me now you don't – avoiding IDS

Stealth scanning through the firewall

Lab preparation

Chapter 10. Stealth Techniques

Summary

Reader challenge

Pivoting

Data gathering network analysis and pillaging

Rules of Engagement

Chapter 9. Post-Exploitation

Summary

Reader challenge

Fast-Track

Social Engineering Toolkit

Fuzzing tools included in Kali

Introducing vulnserver

64-bit exploitation

Buffer overflows – a refresher

Chapter 8. Exploitation Concepts

Summary

Reader challenge

Introduction to browser plugin HackBar

Web Application Attack and Audit framework (w3af)

Taking on Level 3 – Kioptrix

Detecting web application firewalls (WAF)

Detecting load balancers

Configuring pfSense

Practice makes perfect

Chapter 7. Web Application Attacks

Summary

Reader challenge

Metasploit – learn it and love it

Passwords – something you know…

Getting files to and from victim machines

Manual exploitation

Exploitation – why bother?

Chapter 6. Exploitation

Summary

Reader challenge

Enumeration avoidance techniques

Network baselines with scanPBNJ

SNMP – a goldmine of information just waiting to be discovered

Nmap – getting to know you

Angry IP Scanner

Configuring and testing our lab clients

Chapter 5. Network Service Attacks

Summary

Creating network baselines with scanPBNJ

Using search engines to do your job for you

Gathering and validating domain and IP information

DNS recon

Introducing reconnaissance

Chapter 4. Intelligence Gathering

Summary

Introduction to the Dradis framework

Effectively managing your test results

Installing LibreOffice

Planning for action

Before testing begins

Introducing advanced penetration testing

Chapter 3. Assessment Planning

Summary

Putting it all together

Creating the switches

Understanding the default architecture

Network design

Installing VMware Workstation

Introducing VMware Workstation

Chapter 2. Preparing a Test Environment

Summary

Abstract methodology

Example methodologies

Methodology defined

Chapter 1. Penetration Testing Essentials

Preface

www.PacktPub.com

About the Reviewer

About the Authors

Credits

版权信息

封面

封面

版权信息

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Preface

Chapter 1. Penetration Testing Essentials

Methodology defined

Example methodologies

Abstract methodology

Summary

Chapter 2. Preparing a Test Environment

Introducing VMware Workstation

Installing VMware Workstation

Network design

Understanding the default architecture

Creating the switches

Putting it all together

Summary

Chapter 3. Assessment Planning

Introducing advanced penetration testing

Before testing begins

Planning for action

Installing LibreOffice

Effectively managing your test results

Introduction to the Dradis framework

Summary

Chapter 4. Intelligence Gathering

Introducing reconnaissance

DNS recon

Gathering and validating domain and IP information

Using search engines to do your job for you

Creating network baselines with scanPBNJ

Summary

Chapter 5. Network Service Attacks

Configuring and testing our lab clients

Angry IP Scanner

Nmap – getting to know you

SNMP – a goldmine of information just waiting to be discovered

Network baselines with scanPBNJ

Enumeration avoidance techniques

Reader challenge

Summary

Chapter 6. Exploitation

Exploitation – why bother?

Manual exploitation

Getting files to and from victim machines

Passwords – something you know…

Metasploit – learn it and love it

Reader challenge

Summary

Chapter 7. Web Application Attacks

Practice makes perfect

Configuring pfSense

Detecting load balancers

Detecting web application firewalls (WAF)

Taking on Level 3 – Kioptrix

Web Application Attack and Audit framework (w3af)

Introduction to browser plugin HackBar

Reader challenge

Summary

Chapter 8. Exploitation Concepts

Buffer overflows – a refresher

64-bit exploitation

Introducing vulnserver

Fuzzing tools included in Kali

Social Engineering Toolkit

Fast-Track

Reader challenge

Summary

Chapter 9. Post-Exploitation

Rules of Engagement

Data gathering network analysis and pillaging

Pivoting

Reader challenge

Summary

Chapter 10. Stealth Techniques

Lab preparation

Stealth scanning through the firewall

Now you see me now you don't – avoiding IDS

Blending in

PfSense SSH logs

Looking at traffic patterns

Cleaning up compromised hosts

Miscellaneous evasion techniques

Reader challenge

Summary

Chapter 11. Data Gathering and Reporting

Record now – sort later

Old school – the text editor method

Dradis framework for collaboration

The report

Reader challenge

Summary

Chapter 12. Penetration Testing Challenge

Firewall lab setup

The scenario

The virtual lab setup

The challenge

The walkthrough

Reporting

Summary