Security testing
Abstract testing methodology
Myths and misconceptions of pen testing
Summary
Chapter 2: Choosing the Virtual Environment
Open source and free environments
Commercial environments
Image conversion
Converting from a physical to virtual environment
Summary
Chapter 3: Planning a Range
Planning
Identifying vulnerabilities
Summary
Chapter 4: Identifying Range Architecture
Building the machines
Selecting network connections
Choosing range components
Summary
Chapter 5: Identifying a Methodology
The OSSTMM
CHECK
NIST SP-800-115
Summary
Chapter 6: Creating an External Attack Architecture
Establishing layered architectures
Configuring firewall architectures
iptables
Summary
Chapter 7: Assessment of Devices
Assessing routers
Evaluating switches
Attacking the firewall
Identifying the firewall rules
Tricks to penetrate filters
Summary
Chapter 8: Architecting an IDS/IPS Range
Deploying a network-based IDS
Implementing the host-based IDS and endpoint security
Working with virtual switches
Evasion
Summary
Chapter 9: Assessment of Web Servers and Web Applications
Analyzing the OWASP Top Ten attacks
Identifying web application firewalls
Penetrating web application firewalls
Tools
Summary
Chapter 10: Testing Flat and Internal Networks
The role of Vulnerability Scanners
Dealing with host protection
Summary
Chapter 11: Attacking Servers
Common protocols and applications for servers
Database assessment
OS platform specifics
Summary
Chapter 12: Exploring Client-side Attack Vectors
Client-side attack methods
Pilfering data from the client
Using the client as a pivot point
Client-side exploitation
Binary payloads
Malicious PDF files
Bypassing antivirus and other protection tools
Obfuscation and encoding
Summary
Chapter 13: Building a Complete Cyber Range
Creating the layered architecture
Integrating decoys and honeypots
Index