What do you think?
Rate this book
Building Virtual Pentesting Labs for Advanced Penetration Testing
Build intricate virtual architecture to practice any penetration testing technique virtually If you are a penetration tester, security consultant, security test engineer, or analyst who wants to practice and perfect penetration testing skills by building virtual pentesting labs in varying industry scenarios, this is the book for you. This book is ideal if you want to build and enhance your existing pentesting methods and skills. Basic knowledge of network security features is expected along with web application testing experience. A penetration test, also known as pentest, is a method of assessing computer and network security by replicating an attack on a computer system or network from the outside world and internal threats. With the increase of advanced hackers and threats to our virtual world, pentesting is an absolute necessity. Building Virtual Pentesting Labs for Advanced Penetration Testing will teach you how to build your own labs and give you a proven process to test these labs; a process that is currently used in industry by global pentesting teams. You will also learn a systematic approach to professional security testing, building routers, firewalls, and web servers to hone your pentesting skills.
430 pages, Paperback
First published January 1, 2014
20 people are currently reading
55 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
August 23, 2014
An excellent book for pentesters, sysadmins and network operators. Moreover, if you're interested in security, be warned this book will stimulate such interest to a further level.
The book reviews what security testing is (I totally agree with the author's statement) and how to develop it (ch.1). A few common standard pentesting methodologies, including OSSTMM and NIST (ch.5), are also discussed with enough detail to understand how to approach the building of a virtual pentesting lab.
The author deals with virtual software products available, from no cost solutions (open source and free) to commercial ones. He also discusses image conversion, even physical-2-virtual, making the chapter 2 the most complete up-to-date description of virtualization types and products available.
How to define our virtual lab components and connections, and design it accordingly is masterfully approached (ch.3&4). It provides helpful links to resourceful sites, and develops a base architecture that is then extended as we further advance though the rest of the book. All along the book, the author provides shares his experience with many hints, which is so great!
From chapter 6 to 8, networking is extensively reviewed and different ways to introduce several network components to our virtual architecture are presented (including firewalls and IDS). Those chapters again are excellent as the aim of the book is to build a virtual lab similar to a real-world environment we could find during a pentest.
Web servers, web applications and web application firewalls (WAF) are also discussed in the book. But remember it's not a book about how-to-pentesting, so do not expect long descriptions of web attacks (you should already know how to pentest a web app, shouldn't you?). The good news are that instructions on how to deploy (and test with nmap and wafw00f) WAF in your lab are given, so you can have a better understanding on how to approach real scenarios.
Next three chapters review vuln scanning, host protection, server attacking and client-side vectors. Though they are not covered in detail (that's not a how-to-pentest book), it's good to read the experienced author's point-of-view.
The final chapter puts all above components together. Being the goal of building such a virtual pentesting lab to practice our skills, I feel the book covers building the lab so masterfully, and reveals some hints in attacking it, so the author accomplishes the book's title.
Experienced guidance, clear descriptions, plenty of hints. A must read for security and security-concerned professionals. Thanks Mr.Cardwell for such a great book and inspiration!
The book reviews what security testing is (I totally agree with the author's statement) and how to develop it (ch.1). A few common standard pentesting methodologies, including OSSTMM and NIST (ch.5), are also discussed with enough detail to understand how to approach the building of a virtual pentesting lab.
The author deals with virtual software products available, from no cost solutions (open source and free) to commercial ones. He also discusses image conversion, even physical-2-virtual, making the chapter 2 the most complete up-to-date description of virtualization types and products available.
How to define our virtual lab components and connections, and design it accordingly is masterfully approached (ch.3&4). It provides helpful links to resourceful sites, and develops a base architecture that is then extended as we further advance though the rest of the book. All along the book, the author provides shares his experience with many hints, which is so great!
From chapter 6 to 8, networking is extensively reviewed and different ways to introduce several network components to our virtual architecture are presented (including firewalls and IDS). Those chapters again are excellent as the aim of the book is to build a virtual lab similar to a real-world environment we could find during a pentest.
Web servers, web applications and web application firewalls (WAF) are also discussed in the book. But remember it's not a book about how-to-pentesting, so do not expect long descriptions of web attacks (you should already know how to pentest a web app, shouldn't you?). The good news are that instructions on how to deploy (and test with nmap and wafw00f) WAF in your lab are given, so you can have a better understanding on how to approach real scenarios.
Next three chapters review vuln scanning, host protection, server attacking and client-side vectors. Though they are not covered in detail (that's not a how-to-pentest book), it's good to read the experienced author's point-of-view.
The final chapter puts all above components together. Being the goal of building such a virtual pentesting lab to practice our skills, I feel the book covers building the lab so masterfully, and reveals some hints in attacking it, so the author accomplishes the book's title.
Experienced guidance, clear descriptions, plenty of hints. A must read for security and security-concerned professionals. Thanks Mr.Cardwell for such a great book and inspiration!
September 16, 2014
Building Virtual Pentesting Labs for Advanced Penetration Testing
Publisher Link: http://bit.ly/1p9Wgtl
I really appreciate the use of Open Source Software, I’ve read quite a few pentesting books and this book goes right to the top of the list. Setting up the environments can be challenging at first, but I’d recommend building a few ISO images of the entire workbench you create so you can recover and damage it as many times as you like. Metasploit was probably one of my favorite exploitation software packages, building the payload is pretty cool but once you learn what the meanings of everything are, you get a false sense of security and then realize just how insecure you’re information (data) is.
The range of attacks in this book are pretty good, and each is covered even though I’d love to have an entire book on each of the topics this book did a wonderful job of covering each topic. One of the most important things you’ll take away from this book is not only what types of attacks exists, but how to avoid them and “UPDATE your system often.” I appreciate how everything is categorized and laid out in an easily digestible format. I highly recommend this book if you’re wanting to learn about security in the IT world, even if you’re a home user it’s important to protect your family from cyber crimes and attacks. This book delivered!
Publisher Link: http://bit.ly/1p9Wgtl
I really appreciate the use of Open Source Software, I’ve read quite a few pentesting books and this book goes right to the top of the list. Setting up the environments can be challenging at first, but I’d recommend building a few ISO images of the entire workbench you create so you can recover and damage it as many times as you like. Metasploit was probably one of my favorite exploitation software packages, building the payload is pretty cool but once you learn what the meanings of everything are, you get a false sense of security and then realize just how insecure you’re information (data) is.
The range of attacks in this book are pretty good, and each is covered even though I’d love to have an entire book on each of the topics this book did a wonderful job of covering each topic. One of the most important things you’ll take away from this book is not only what types of attacks exists, but how to avoid them and “UPDATE your system often.” I appreciate how everything is categorized and laid out in an easily digestible format. I highly recommend this book if you’re wanting to learn about security in the IT world, even if you’re a home user it’s important to protect your family from cyber crimes and attacks. This book delivered!
March 19, 2024
2014 book,
There are tips such as having 2 network cards configured on every VM, with all machines connecting to a single test-switch (Flat-Network-Testing First), and the other card connecting to the actual layered network (built incrementally); or having a single IDS-VM only with many network cards (sensor per network segment) in order to save RAM.
I would have liked more such test-lab management or testing-efficiency things, that is, the framework, not just the rather obvious parts and their penetration. Large parts of the book consist of menu walkthroughs for specific server software to be installed on VMs, and an assessment or penetration example to get you the idea (primarily Nmap+Wireshark and metasploit).
All together, you'll end up setting up a dmz'd IP network with router, webapp, IDS etc.
Maybe that's exactly what you would expect from such books, and imho the book is good at that. The introductory book parts on scoping, prof. testing-methodologies (NIST SP-800-115, OSSTMM, ...), vuln. sites (how to use/read) are informative, too.
The examples in the book use VMware, everything else is sufficient too. 3-4 of 5 Stars
There are tips such as having 2 network cards configured on every VM, with all machines connecting to a single test-switch (Flat-Network-Testing First), and the other card connecting to the actual layered network (built incrementally); or having a single IDS-VM only with many network cards (sensor per network segment) in order to save RAM.
I would have liked more such test-lab management or testing-efficiency things, that is, the framework, not just the rather obvious parts and their penetration. Large parts of the book consist of menu walkthroughs for specific server software to be installed on VMs, and an assessment or penetration example to get you the idea (primarily Nmap+Wireshark and metasploit).
All together, you'll end up setting up a dmz'd IP network with router, webapp, IDS etc.
Maybe that's exactly what you would expect from such books, and imho the book is good at that. The introductory book parts on scoping, prof. testing-methodologies (NIST SP-800-115, OSSTMM, ...), vuln. sites (how to use/read) are informative, too.
The examples in the book use VMware, everything else is sufficient too. 3-4 of 5 Stars
September 10, 2016
El libro cumple el objetivo principal de enseñarte a crear laboratorios virtuales, también incluye algunas técnicas de ataques
Displaying 1 - 4 of 4 reviews