What this book covers

Chapter 1, Introducing Penetration Testing, provides an introduction to what pentesting is and an explanation that pentesting is a component of professional security testing, and it is a validation of vulnerabilities. This means "exploitation", and in most cases, in a contracted pentest, the client does not have a clear understanding of this.

Chapter 2, Choosing the Virtual Environment, discusses the different virtual environment platforms there are to choose from. We also look at most of the main virtual technology platforms that exist.

Chapter 3, Planning a Range, explains what is required to plan a test environment. We also discuss the process of searching and finding vulnerabilities to test and creating a lab environment to test a type of vulnerability.

Chapter 4, Identifying Range Architecture, defines the composition of the range and the process of creating the network structure. Following this, a number of different components are introduced and then connected to the structure.

Chapter 5, Identifying a Methodology, explores a sample group of a number of testing methodologies. The format and steps of this sample set will be presented so that as a tester, you can make a comparison and adapt a methodology.

Chapter 6, Creating an External Attack Architecture, builds a layered architecture and performs a systematic process and methodology for conducting an external test. Additionally, you will learn how to deploy protection measures and carry out testing to see how effective the protection measures are.

Chapter 7, Assessment of Devices, presents the challenges of testing devices. This section includes the techniques for testing weak filtering as well as the methods of penetrating the various defenses when possible.

Chapter 8, Architecting an IDS/IPS Range, investigates the deployment of the Snort IDS and a number of host-based security protections. Once deployed, a number of evasion techniques are explored to evade the IDS.

Chapter 9, Assessment of Web Servers and Web Applications, explores the installation of web servers and applications. You will follow a testing strategy to evaluate the servers and their applications.

Chapter 10, Testing Flat and Internal Networks, explores the process for testing flat and internal networks. The use of vulnerability scanners is explored and scanning with or without credentials is compared.

Chapter 11, Attacking Servers, identifies the methods we use to attack services and servers. The most common attack vector we will see is the web applications that are running on a web server.

Chapter 12, Exploring Client-side Attack Vectors, presents the main vectors of attack against the network, and that is from the client side. You will explore the methods that can be used to trick a client into accessing a malicious site.

Chapter 13, Building a Complete Cyber Range, is where you put all of the concepts together and create a range for testing. Throughout the chapter, you will deploy decoys and practice against them.