Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Anglais) Broché – 16 mai 2012
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Biographie de l'auteur
Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500. Amongst many other responsibilities, he performs security assessments and penetration testing.
Lee is very passionate and driven about the subject of penetration testing and security research. His journey into the exciting world of security began back in the 80's while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5 ¼ inch floppy disks. Throughout the years, he has continued his attempts at remaining up to date with the latest and greatest in the security industry and the community. He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years. His hobbies include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, and skiing.
He lives in Ohio with wife Kellie and their 6 children Heather, Kristina, Natalie, Mason, Alyssa, and Seth.
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.
Détails sur le produit
En savoir plus sur l'auteur
Commentaires en ligne
Commentaires client les plus utiles sur Amazon.com (beta)
As with most books, Chapter One is usually pretty boring. What you need, why you need it, and how to do basic setup and configuration. Nothing to see here.
Chapter Two goes into the information gathering phase of the pentest. The author covers tools like nslookup, dig, whois, and touches briefly on DNS bruteforcing with fierce. Following up with SHODAN, metagoofil, and some basic Google hacking.
Chapter Three goes into back to revisit material covered in Chapter One and you get into some basics like nmapping and some SNMP discovery methodologies .
Chapter Four gets into exploitation. You setup and configure a Kioptrix VM and begin your information gathering and then proceeding to exploitation. You'll find a vulnerability, search exploit DB, and finally get to building the exploit and firing it against the target. Once you get access, it's all about moving files back to your machine and performing further exploitation techniques--like moving the /etc/passwd and /etc/shadow files and cracking the hashes, as well as a brief introduction to Hydra.
Chapter Five goes into web exploitation. You'll configure another Kioptrix VM along with pfSense an go into exploitation using w3af. A basic understanding of SQLi is recommended here and the author assumes you have a good foundation (this is an advanced book, after all)
Chapter 6 goes into client side exploitation, particularly fuzzing and buffer overflows. You'll create and identify applications vulnerable to buffer overflows as well as using some baked-in fuzzing tools in BT5 to assist, as well as detecting/enabling/disabling ASLR This chapter also touches on SET and FastTrack, although not in great depth.
Chapter Seven goes into post-exploitation and doesn't really contain any earth-shattering material. What it does provide is some great cheat-sheets on where to go and what to look for on the compromised system according to the OS.
Chapter Eight goes into bypassing firewalls and avoiding detection by an IDS. I was disappointed that the author didn't chose to use a open-source IDS/IPS in this chapter--there are a lot of good options out there--Snort, AlienVault, SecurityOnion, BroIDS, etc that would've been handy in the lab setup. Snort and AlienVault detected my activity in this chapter.
Chapter Nine goes into tools for reporting and analysis. The basic premise is that if your customer can't read and understand your report, you've wasted their time. Pretty charts and graphs. The boring part of the engagement.
Chapters Ten and Eleven are more in-depth about configuring your virtual lab and setting up scenarios where you attempt to attack and pass through multiple configurations of firewalls and servers.
All in all, this was a good book that had some great content. There were a few grammatical errors, but for the most part the examples provided were spot on and easily to replicate in a lab environment. Recommend for anyone looking to move into an intermediate pentesting arena.
What is it about?
It is about penetration testing as a whole. If you did something like the OSCP course then this book covers most of the course's topics. It goes through the general pentest topics i.e. enumeration, exploitation, web attacks, client-side attacks, post exploitation, bypassing firewall. However it does it a very precise and descriptive way. It is more like a huge tutorial (or guide as the title says) then a theoretical book. It describes everything what one has to do to try everything out. To be precise it describes how to build your own virtual pentest lab, with every resources linked and everything is illustrated with screenshots and terminal output snippets. I think it is really useful that if you follow the book you can try out everything in your own test environment.
Another important topic it covers is all the other tasks related to penetration testing which is usually not mentioned. Such as planning the pentest, communicating with the customer, managing your own work, managing all your data and writing the report. I like that it talks about penetration testing as a profession which has requirements and outputs and not as just fun and play.
It also introduces quite a few tools that are used during the examples, I think everybody will see something new.
I think the people who can benefit the most, are those who decided to become penetration testers. As the book describes everything from the very beginning I assume that it targets the beginner pentesters. Still it goes into topics which could be too much for people who just wanna get an introduction. But if you are not a pentester yet but you have decided to become one then this is a very good resource to start with.
I've already mentioned the most of it but I wanna structure the information a bit.
* Penetration testing as a whole. Well described planning, reporting etc..
* Covers the most of the network pentest.
* Builds a virtual pentest lab.
* Very descriptive, well written and easy to follow.
* Full of examples that can be tried in the lab.
* Not that advanced(see later).
* Some topics are not detailed enough, for instance you won't be able to write your first buffer overflow exploit based on the book.
* The Web application exploits part is not that detailed.
* Sometimes it's more about tools then about the technique.
The only thing about this book that I cannot digest is it's title. It says 'Advance' and 'Ultimate', both are quite strong words. When I say advanced penetration testing then I mean something like what average pentesters don't know. It implies that you can still learn something new even if you are not a beginner. From this point of view I don't think it is too advanced. There are some topics which are advanced but it is definitely for beginners in the network pentest.
With the 'ultimate' I just don't know what makes a security guide ultimate.
Still it's a good book and if you feel that you are in the target audience then it is a good choice.
I found Chapter 1, Planning and Scoping for a Successful Penetration Test very informative, but incomplete. It was incomplete because it referenced a website "pentest-standard dot org" which is incomplete while there are better sites out there that have excellent penetration testing frameworks. An example is vulnerabilityassessment dot co dot uk.
The rest of the chapters were very general. For example, Chapter 2 and Chapter 3 have information that you would do better reading from insecure dot org. OSSTMM, and vulnerabilityassessment dot co dot uk. Chapter 5, Web Application Exploitation was really disappointing because it only highlighted how to install the tools and Mutillidae. However, the author never delved into how you would exploit web application, other than how to detect if there is a load balancer and/or WAF.
I learned something from Chapter 6. I have known about SET, but never really got around to playing around with it. This book gave a really great overview of the tool, such that I found myself interested in learning about it. Chapter 7, Post Exploitation was also a very good chapter. It highlighted tools to use to locate and gather information from exploited hosts.
Overally, I think the ebook is great for those who are starting out. It provides a step by step process of how to setup the labs and what tools to use. However, for those who have been doing pen testing for a while, this book is lacking in terms of being an "Ultimate Guide". I think this was a great start by the author and this ebook can be improved by expanding some chapters, such as Web Application Exploitation.
Although my prepared book series is "Hacking Exposed" series (Current edition: Hacking Exposed version: 7: Network Security Secrets & Solutions, Seventh Edition) - I would like to recommended this book for beginner IT staff that like to obtain a "Fast Track" for the Penetration Testing world.
One on the main reason for this recommendation is the good "How To" guides, that allow a quick lab setup & a quick learning of Penetration Testing basics.
However, I found the following limitation that each reader should be aware to it: First, the book is base mainly the Back Track (5 R1) toolkit. Second, the book doesn't go deeper on "Windows" Penetration Testing, so the main focus in the NIX world. Third, the book doesn't go deeper cover "Smart Phones" Penetration Testing.
So my conclusion is simple: if you are in the first steps to the Penetration Testing world, the book can be a good start point. Otherwise, consider the other alternatives in the market.
I know you're probably thinking, "what another book on pen testing?, whatever...", but I think that this one picks up where the others have left off or left out. I'm not going to go chapter by chapter but highlight areas that I think are great to read and with methods to use. So away we go!
It's quite refreshing that it is assumed the reader is somewhat technical and doesn't need to be fully hand held through the lab setup process so not a lot is wasted on setting up your VMs or debating what flavor is the best. It can also be said that the information is also great for getting the noob up and running. The one part that I really appreciated reading was on setting up BackTrack and the snippets of commands used to get it up and running, installed, and updated (for all us noobs it shortens the amount of time spent in the forums, but doesn't alleviate the need to "TRY HARDER!!").
This book is also great in introducing tools that I hadn't had much exposure to and the thought of using Magic Tree as a means to help create your report is great! I know that we've all muddled through results trying to ensure that our text files are somewhat organized. Having Magic Tree help to collect your information and then format into a report is invaluable. I also like that Dradis is introduced as a means to gather all of you information into one place that can be shared. This would be very helpful when working on a team test.
One thing that I've enjoyed through the book is the use of the Metasploit framework and the Social Engineering (SET) Toolkit. I know that Metasploit has been covered in-depth within other books but I think it's the presentation of use and updating that makes it really refreshing! I also really like that a small part of SET is discussed and walked through. Those two tools have become di rigueur in the pen tester's bag of tricks! Even though it's not deep it gives enough for the reader to get started down the path.
One chapter that I haven't really seen anywhere else is on Post Exploitation. To read about and try some of the methods in the chapter has been fun. More so it has the old brain-housing group really thinking about how to positively perform post exploitation that gives the customer or client a solid feel for what can be had in their environment.
Something else that I've really enjoyed seeing is that there are progressively harder challenges through the use of Kioptrix. The reader has the chance to start at level one and move up to more advanced techniques, which the user can use to practice against. Reminds me a lot of Web Goat in that you have progressively harder challenges and to get through.
There are so many good qualities to this book that I've enjoyed that I would recommend this to my friends and colleagues, even if it were only for a reference. The pacing of the read and the examples were good enough to keep me from saying "WTF how did he set that up?" and actually kept me engaged in the content. If you're in the market for a good book that is not only a great primer on the subject but also an excellent reference, this is one I would recommend considering.