Cover -- Copyright -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: Introducing Penetration Testing -- Security testing -- Authentication -- Authorization -- Confidentiality -- Integrity -- Availability -- Non-repudiation -- Abstract testing methodology -- Planning -- Nonintrusive target search -- Intrusive target search -- Data analysis -- Reporting -- Myths and misconceptions of pen testing -- Summary -- Chapter 2: Choosing the Virtual Environment -- Open source and free environments -- VMware Player -- VirtualBox -- Xen -- Hyper-V -- vSphere Hypervisor -- Commercial environments -- vSphere -- VMware Player Plus -- XenServer -- VMware Workstation -- Image conversion -- Converting from a physical to virtual environment -- Summary -- Chapter 3: Planning a Range -- Planning -- What are we trying to accomplish? -- By when do we have to accomplish it? -- Identifying vulnerabilities -- Vulnerability sites -- Vendor sites -- Summary -- Chapter 4: Identifying Range Architecture -- Building the machines -- Building new machines -- Conversion -- Cloning a virtual machine -- Selecting network connections -- The bridged setting -- Network Address Translation -- The host-only switch -- The custom settings -- Choosing range components -- The attacker machine -- Router -- Firewall -- Web server -- Summary -- Chapter 5: Identifying a Methodology -- The OSSTMM -- The Posture Review -- Logistics -- Active detection verification -- Visibility Audit -- Access verification -- Trust verification -- Control verification -- Process verification -- Configuration verification -- Property validation -- Segregation review -- Exposure verification -- Competitive intelligence scouting -- Quarantine verification -- Privileges audit -- Survivability validation -- Alert and log review -- CHECK.

NIST SP-800-115 -- The information security assessment methodology -- Technical assessment techniques -- Comparing tests and examinations -- Testing viewpoints -- Overt and covert -- Offensive Security -- Other methodologies -- Customization -- Summary -- Chapter 6: Creating an External Attack Architecture -- Establishing layered architectures -- Configuring firewall architectures -- iptables -- Deploying IDS/IPS and load balancers -- Intrusion Detection System (IDS) -- Intrusion Prevention System (IPS) -- Load balancers -- Integrating web application firewalls -- Summary -- Chapter 7: Assessment of Devices -- Assessing routers -- Evaluating switches -- MAC attacks -- VLAN hopping attacks -- GARP attacks -- Attacking the firewall -- Identifying the firewall rules -- Tricks to penetrate filters -- Summary -- Chapter 8: Architecting an IDS/IPS Range -- Deploying a network-based IDS -- Implementing the host-based IDS and endpoint security -- Working with virtual switches -- Evasion -- Determining thresholds -- Stress testing -- Shell code obfuscation -- Summary -- Chapter 9: Assessment of Web Servers and Web Applications -- Analyzing the OWASP Top Ten attacks -- Injection flaws -- Broken authentication and session management -- Cross-Site Scripting -- Insecure direct object references -- Security misconfiguration -- Sensitive data exposure -- Missing function-level access control -- Cross-Site Request Forgery -- Using known vulnerable components -- Invalidated redirects and forwards -- Identifying web application firewalls -- Penetrating web application firewalls -- Tools -- Summary -- Chapter 10: Testing Flat and Internal Networks -- The role of Vulnerability Scanners -- Microsoft Baseline Security Analyzer -- Open Vulnerability Assessment Language -- Scanning without credentials -- Nessus -- Scanning with credentials -- Dealing with host protection.

User Account Control -- The host firewall -- Endpoint protection -- Enhanced Mitigation Experience Toolkit -- Summary -- Chapter 11: Attacking Servers -- Common protocols and applications for servers -- Web -- File Transfer Protocol -- Protocol research -- Secure Shell -- Mail -- Database assessment -- MSSQL -- MySQL -- Oracle -- OS platform specifics -- Windows legacy -- Windows Server 2008 and 2012 -- Unix -- Linux -- MAC -- Summary -- Chapter 12: Exploring Client-side Attack Vectors -- Client-side attack methods -- Bait -- Lure -- Pilfering data from the client -- Using the client as a pivot point -- Pivoting -- Proxy exploitation -- Leveraging the client configuration -- Client-side exploitation -- Binary payloads -- Malicious PDF files -- Bypassing antivirus and other protection tools -- Obfuscation and encoding -- Summary -- Chapter 13: Building a Complete Cyber Range -- Creating the layered architecture -- Architecting the switching -- Segmenting the architecture -- Integrating decoys and honeypots -- Attacking the cyber range -- Recording the attack data for further training and analysis -- Summary -- Index.