Professional penetration testing : creating and learning in a hacking lab /
Professional Penetration Testing: Creating and Learning in a Hacking Lab, Third Edition walks the reader through the entire process of setting up and running a pen test lab. Penetration testing-the act of testing a computer network to find security vulnerabilities before they are maliciously exploit...
| Main Author: | |
|---|---|
| Corporate Author: | |
| Format: | eBook |
| Language: | English |
| Published: |
Waltham, MA :
Syngress is an imprint of Elsevier,
2025.
|
| Edition: | Third edition. |
| Subjects: | |
| Online Access: | Connect to the full text of this electronic book |
Table of Contents:
- Front Cover
- Professional Penetration Testing: Creating and Learning in a Hacking Lab
- Copyright Page
- Contents
- About the author
- About the technical editor
- Preface
- Acknowledgments
- 1 Introduction
- Introduction
- About this edition
- Who is this book written for?
- Getting set up
- Professional penetration testing
- Online supporting materials
- Pentest.TV
- Vulnerable virtual machines
- Physical devices
- About the author
- Consultant versus in-house expert
- Principal consultant versus practice director
- Offensive versus defensive
- Remote versus in-office work
- Pentesting focus-application versus networking
- Freelance versus employed work
- Summary
- 2 Ethics and hacking
- Introduction
- Getting permission to hack
- Code of Ethics Canons-ISC2
- Why stay ethical?
- Black Hat hackers
- White Hat hackers
- Gray Hat hackers
- Ethical standards
- Certifications
- Respect for the public
- Respect for the certification
- Respect for my employer
- Respect for myself
- Contractor
- Employer
- Educational and institutional organizations
- Information Systems Security Association
- Internet Activities Board
- Institute of Electrical and Electronics Engineers
- Computer crime laws
- Types of Laws
- Civil law
- Criminal law
- Administrative/regulatory law
- Type of computer crimes and attacks
- US federal laws
- US state laws
- International laws
- Treaties
- Canada
- United Kingdom
- Australia
- Japan
- Safe Harbor and Directive 95/46/EC
- Contractual agreements
- Confidentiality agreement
- Company obligations
- Contractor obligations
- Auditing and monitoring
- Conflict management
- Summary
- References
- 3 Picking your pentesting focus
- Introduction
- Hacking domains
- Code penetration testing
- Static Application Security Testing.
- Dynamic Application Security Testing
- Interactive Application Security Testing
- Fuzz testing
- Injection testing
- Authentication and authorization testing
- Session management testing
- Data validation testing
- Cryptographic testing
- Error handling and logging testing
- Mobile application testing
- Internet of Things application testing
- Code review
- Reverse engineering
- Network penetration testing
- External
- Internal
- Wireless
- Network device
- Zero trust
- Cloud penetration testing
- Red Team assessments
- Physical penetration testing
- Security control bypass
- Surveillance and reconnaissance
- Alarm system testing
- Social engineering
- Security personnel and guard response
- Summary
- 4 Setting up your labs
- Introduction
- Targets in a pentest lab
- Virtual network pentest labs
- What is a virtual machine?
- Virtualization engine lab
- Docker pentest lab
- Cloud-based pentest lab
- Advanced hardware-based pentest lab
- Hardware considerations
- Routers
- Firewalls
- Intrusion detection system/intrusion prevention system
- Physical hardware lab
- Virtual hardware lab
- Subscription-based hacking lab
- Protecting the lab
- Protecting penetration test data
- Data encryption
- Data hashing
- Wireless lab data
- Configuring the lab network
- Summary
- 5 The Cyber Kill Chain
- Introduction
- Definitions
- Methodology
- Framework
- Playbooks
- Cyber Kill Chain methodology
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command &
- Control (C2)
- Actions on Objectives
- Security team responses
- Frameworks
- Playbooks
- Management of a pentest
- Project Management Body of Knowledge
- Introduction to Project Management Body of Knowledge
- Initiating Process group
- Planning Process group
- Executing Process group
- Closing Process group.
- Monitoring and Controlling Process group
- Project team members
- Roles and responsibilities
- Team champion
- Project manager
- Pentest engineers
- Project management
- Initiating stage
- Planning stage
- Executing Stage
- Monitoring and controlling
- Closing stage
- Formal project review
- Effort evaluation
- Identification of new projects
- Future project priority identification
- Solo pentesting
- Initiating stage
- Planning Process stage
- Executing stage
- Closing stage
- Monitoring and controlling
- Archiving data
- Should you keep data?
- Legal issues
- Findings and reports
- Securing documentation
- Access controls
- Archival methods
- Archival locations
- Destruction policies
- Cleaning up your lab
- Archiving lab data
- Proof of concepts
- Malware analysis
- Creating and using system images
- License issues
- Virtual machines
- "Ghost" images
- Creating a "Clean Shop"
- Sanitization methods
- Using hashes
- Change management controls
- Planning for your next pentest
- Risk management register
- Creating a risk management register
- Prioritization of risks and responses
- Knowledge database
- Creating a knowledge database
- Sanitization of findings
- Project management knowledge database
- After-action review
- Project assessments
- Team assessments
- Training proposals
- Summary
- References
- 6 Reconnaissance
- Introduction
- Mapping framework to methodology
- Intelligence Gathering
- Open Source Intelligence
- Covert Gathering
- Footprinting
- Identify Protection Mechanisms
- Threat Modeling
- Business Asset Analysis
- Business Process Analysis
- Threat Agents/Community Analysis
- Threat Capability Analysis
- Motivation Modeling
- News on Compromises
- Vulnerability Analysis
- Testing
- Validation
- Research
- Intelligence Gathering.
- Open Source Intelligence
- Corporate
- Individual
- Covert Gathering
- Corporate
- HUMINT
- Footprinting
- External Footprinting
- Passive reconnaissance
- Active footprinting
- Establish external target list
- Internal Footprinting
- Passive reconnaissance
- Identify customer internal ranges
- Vulnerability analysis
- Testing
- Active
- Nmap scripts
- Default login scans
- Vulnerability scanners
- Fuzzing
- Passive
- Validation
- Manual testing/protocol-specific
- Attack avenues
- Research
- Summary
- 7 Weaponization
- Introduction
- Mapping framework to methodology
- Countermeasures
- Antivirus
- Encoding
- Packing
- Encrypting
- Whitelist bypass/process injection/purely memory resident
- Human
- Data Execution Prevention
- Address Space Layout Randomization
- Web Application Firewall
- Approaches to exploitation
- Types of vulnerabilities
- Insecure Coding
- Misconfiguration
- Social
- Environmental
- Metasploit Framework
- Summary
- 8 Delivery
- Introduction
- Mapping framework to methodology
- Insecure coding
- Adjusting speed
- Adjusting packet size
- Misconfiguration
- Social
- Baiting
- Phishing
- Pretexting
- Environmental
- Hotplug attacks
- Implants
- Ingress tools
- Summary
- Reference
- 9 Exploitation
- Introduction
- Mapping framework to methodology
- Precision strike
- Fuzzing
- Traffic analysis
- Vulnerabilities
- Insecure coding
- FTP
- Simple Mail Transfer Protocol
- Server Message Block
- Network File Shares
- MySQL
- PostgreSQL
- SSH
- Virtual Network Computing
- Misconfiguration
- Remote password attacks
- Layer-2 attacks
- Summary
- 10 Installation
- Introduction
- Mapping framework to methodology
- Rule of engagement
- Protect the client
- Securing documentation
- Access controls
- Archival methods
- Protecting yourself.
- Persistent access
- Meterpreter
- Opening shell access
- Create account/service
- Summary
- 11 Command and Control
- Introduction
- Mapping framework to methodology
- Command line
- Windows
- Linux
- Local privilege attack
- Step 1-Transfer 8572.c file
- Step 2-Compile 8572.c file
- Step 3-Identify UDEV process ID
- Step 4-Create /tmp/run file
- Step 5-Launch the exploit
- Step 6-Connect as root to Metasploitable listener
- Meterpreter
- Windows
- Add user
- Local password attacks
- Dictionary attacks
- Special characters
- Word mangling
- Summary
- 12 Actions on Objectives
- Introduction
- Mapping framework to methodology
- Pillaging
- Installed programs
- Installed services
- Sensitive data
- Keylogging
- Screen capture
- Network traffic capture
- User information
- High value/profile targets
- Data exfiltration
- Mapping
- Testing
- Measuring
- Artificial intelligence
- Summary
- Reference
- 13 Targeting the network
- Introduction
- Wireless network protocols
- Wi-Fi Protected Access attack
- Wired Equivalent Privacy Attack
- Wi-Fi Protected Access Enterprise
- Simple Network Management Protocol
- Networking attacks
- Summary
- 14 Web application attack techniques
- Introduction
- Burp Suite
- OWASP
- Software Assurance Maturity Model
- Web Security Testing Framework
- Mobile Application Security
- OWASP Top 10
- Broken access control
- Cryptographic failures
- Injection
- Insecure design
- Security misconfiguration
- Vulnerable and outdated components
- Identification and authentication failures
- Software and Data Integrity Failures
- Security logging and monitoring failures
- Server-side request forgery
- Summary
- 15 Cloud testing
- Introduction
- Cloud pentesting labs
- IAM-Vulnerable
- Subscription services
- Cloud security review
- Cloud pentest
- Summary.