Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition

Kevin Cardwell

  • 出版商: Packt Publishing
  • 出版日期: 2016-08-31
  • 售價: $2,540
  • 貴賓價: 9.5$2,413
  • 語言: 英文
  • 頁數: 524
  • 裝訂: Paperback
  • ISBN: 1785883496
  • ISBN-13: 9781785883491
  • 相關分類: Penetration-test
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Key Features

  • Learn a systematic process for professional security and penetration testing
  • Explore and build intricate architectures that allow you to emulate an enterprise network
  • Examine and perform research to identify the latest vulnerabilities and, build a lab and test them!
  • Learn methods to bypass common enterprise defenses and leverage them to test the most secure environments.

Book Description

In this book you will be introduced to a proven professional security and penetration testing methodology that has trained thousands of professional testers. Your experience from reading this book will prepare you for participation in professional security testing teams, both as a red team and a blue team member. Within the book you will learn how to take advantage of the power of virtualisation to build a multi-layer enterprise architecture and then deploy targets to test inside it. Additionally, you will learn a systematic process for discovering vulnerabilities and then a way to test these on your own private network. By practising the techniques throughout the book, you will be able to hone and enhance your skills in professional security and penetration testing.

Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you the process of how to build your own labs and a proven process to test these labs that is currently used in Industry by global penetration testing teams. You will start with an introduction to professional security testing and deciding where pen testing fits; then you will be introduced to proven leading Industry testing methodologies.

Once the introduction has completed, you will start building the machines; once you have built them you will learn how to build and test layered architectures. After you have mastered the layers you will plan specific attacks based on the platforms you are going up against. The book will show you a process for discovering new vulnerabilities for systems and networks, and how to apply these to your developed range and discover what the vulnerability means to your potential clients.

Building Virtual Pentesting Labs for Advanced Penetration Testing uses extensive labs and illustrations to take you from the beginning (building and attacking an enterprise architecture) to methods to bypass and avoid common enterprise architecture defences.

What you will learn

  • Proven security testing and penetration testing techniques
  • How to build multi-layered complex architectures to test the latest network designs
  • Applying a professional testing methodology
  • Determining whether there are filters between you and the target and how to penetrate them
  • How to deploy and then find weaknesses in common firewall architectures.
  • Advanced techniques to deploy against hardened environments
  • Methods to circumvent endpoint protection controls

About the Author

Kevin Cardwell currently works as a freelance consultant and provides consulting services for companies throughout the world. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman and developed the team to man the first Commercial Security Operations Center there. He has worked extensively with banks and financial institutions throughout Middle East, Africa, Europe, and the UK. He currently provides consultancy to Commercial companies, governments, major banks, and financial institutions across the globe. He is author of Backtrack: Testing Wireless Network Security, Building Virtual Pen Testing Lab for Advanced Penetration Testing First Edition, and Advanced Penetration Testing of Highly Secured Environments 2nd Edition.

商品描述(中文翻譯)

主要特點

  • 學習專業安全和滲透測試的系統化流程
  • 探索並構建複雜的架構,使您能夠模擬企業網絡
  • 研究並進行研究,以識別最新的漏洞,並構建實驗室進行測試!
  • 學習繞過常見的企業防禦措施的方法,並利用它們來測試最安全的環境。

書籍描述

在本書中,您將介紹一種經過驗證的專業安全和滲透測試方法論,該方法論已培訓了成千上萬的專業測試人員。閱讀本書的經驗將使您為參與專業安全測試團隊做好準備,無論是作為紅隊還是藍隊成員。在本書中,您將學習如何利用虛擬化的威力構建多層企業架構,然後部署目標以在其中進行測試。此外,您還將學習一種系統化的發現漏洞的過程,然後在自己的私有網絡上進行測試。通過在整本書中實踐這些技術,您將能夠磨練和提升您在專業安全和滲透測試方面的技能。

《建立虛擬滲透測試實驗室進行高級滲透測試》將教您如何建立自己的實驗室以及目前全球滲透測試團隊在業界使用的測試這些實驗室的驗證過程。您將從專業安全測試的介紹和決定滲透測試的位置開始;然後,您將介紹經過驗證的領先行業測試方法論。

一旦介紹完成,您將開始構建機器;一旦構建完成,您將學習如何構建和測試分層架構。在掌握了這些層次之後,您將根據您所面對的平台計劃具體的攻擊。本書將向您展示一種發現系統和網絡新漏洞的過程,以及如何將其應用於您開發的範圍並發現該漏洞對潛在客戶意味著什麼。

《建立虛擬滲透測試實驗室進行高級滲透測試》使用廣泛的實驗室和插圖,從一開始(構建和攻擊企業架構)到繞過和避免常見的企業架構防禦方法。

您將學到什麼

  • 經過驗證的安全測試和滲透測試技術
  • 如何構建多層複雜架構以測試最新的網絡設計
  • 應用專業測試方法論
  • 確定您和目標之間是否存在過濾器,以及如何滲透它們
  • 如何部署並找出常見防火牆架構的弱點。
  • 對抗強化環境的高級技術
  • 繞過端點保護控制的方法

關於作者

Kevin Cardwell目前擔任自由顧問,為世界各地的公司提供咨詢服務。他為阿曼國家首個政府CERT(電腦緊急響應小組)制定了戰略和培訓發展計劃,並組建了該國首個商業安全運營中心的團隊。他在中東、非洲、歐洲和英國的銀行和金融機構方面有豐富的工作經驗。他目前為全球的商業公司、政府、主要銀行和金融機構提供咨詢服務。他是《Backtrack: Testing Wireless Network Security》、《Building Virtual Pen Testing Lab for Advanced Penetration Testing First Edition》和《Advanced Penetration Testing of Highly Secured Environments 2nd Edition》的作者。