You may have layers of security, popularly known as “Defense in Depth”, but are your security features setup properly? Are their configuration errors that a vulnerability scan will not find?
What information is being broadcast by your computers, company, or employees, that don’t show up in a software scan?
Many companies think that if they just run a vulnerability scan and it passes that they are good, but is this an accurate test of your network security?
Even if you have a secured environment how could you test this using the actual techniques that a hacker would use to see if your security is up to the challenge?
Enter “Advanced Penetration Testing for Highly Secured Environments: The Ultimate Security Guide” the latest book by Lee Allen and Packt Publishing.
From preparing the scope of a pentest, to learning the tools of pentesting, to installing and running a full mock pentest on a virtual lab, this book truly is the ultimate security guide!
Here is a quick overview of the main topics:
Learn about DNS data siphoning techniques, Shodan, and the Google Hacking Data Base. The chapter also covers numerous tools that can help with recovering network, computer, and user information. And sometimes even user documents.
This section includes a very good tutorial on Nmap scanning including using decoys and zombie hosts in your scans, and a look at gathering pertinent information from SNMP.
Exploitation covers installing Kioptrics (a purposefully vulnerable Linux install) and running attacks against it from the Backtrack system. In this chapter the user learns how to retrieve service information from the target system. Then searching the Exploit-DB database (online and in Backtrack) to find exploits against it, and once an exploit is found, compiling and using it in Backtrack.
This chapter then covers transferring data to and from the system and cracking passwords, and finally exploiting the machine with the Metasploit Framework.
Web App Exploitation
Covers creating a virtual lab by installing Kioptrics level 3, pfSense (firewall), HAProxy (load Balancer) and Irongeek’s Mutillidae (contains the OWASP top 10). The author covers detecting Load Balancers and WAP firewall and scanning with the Web Application Attack and Audit Framework (w3af). You also learn how to use WebScarab to record and analyze your pentest and are introduced to Mantra, the pentester’s Plug-In toolkit.
Client Side attacks
Client side attacks are covered including Buffer Overflows, fuzzing, using David Kennedy’s (ReL1K) Fast Track and the Social Engineering Toolkit.
This chapter explains data and service enumeration on the target system. This includes which files to try to recover, which logs to analyze, what processes and networking details to view on both Linux and Windows systems. And finally using the exploited machine to scan or gain access to other hosts via pivoting.
The book also covers bypassing firewalls, avoiding detection, data collection tools and reporting.
Okay, after you have learned all of this excellent information, what are you going to do with it? Why not put it to the test with the last two chapters where you build a full testing lab and then run through a mock penetration test using the lab and all the skills that you have learned from the book.
This book is packed full of excellent training and tutorials. The author masterfully walks you through each section with step by step instructions, including screenshots. It is easy to read and follow, for novice and expert alike. If you are new to pentesting or want to learn more about it, then this is the book for you.
I highly recommend this book.
Cross-posted from Cyber Arms