Advanced Penetration Testing for Highly-Secured Environments Second Edition Employ the most advanced pentesting techniques and tools to build highly-secured systems and environments Lee Allen Kevin Cardwell BIRMINGHAM - MUMBAI Advanced Penetration Testing for Highly-Secured Environments Second Edition Copyright © 2016 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: May 2012 Second edition: March 2016 Production reference: 1210316 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78439-581-0 www.packtpub.com Credits Authors Project Coordinator Lee Allen Nidhi Joshi Kevin Cardwell Proofreader Safis Editing Reviewer S Boominathan Indexer Rekha Nair Commissioning Editor Kartikey Pandey Graphics Jason Monteiro Acquisition Editor Subho Gupta Production Coordinator Aparna Bhagat Content Development Editor Mayur Pawanikar Cover Work Aparna Bhagat Technical Editor Murtaza Tinwala Copy Editor Charlotte Carneiro About the Authors Lee Allen is currently the vulnerability management program lead for one of the Fortune 500. Among many other responsibilities, he performs security assessments and penetration testing. Lee is very passionate and driven about the subject of penetration testing and security research. His journey into the exciting world of security began back in the 80s, while visiting BBSs with his trusty Commodore 64 and a room carpeted with 5 ¼-inch floppy disks. Over the years, he has continued his attempts at remaining up to date with the latest and greatest in the security industry and the community. He has several industry certifications, including OSWP, and has been working in the IT industry for over 15 years. His hobbies include validating and reviewing proof-of-concept exploit code, programming, security research, attending security conferences, discussing technology, writing, and skiing. He lives in Ohio with his wife, Kellie, and their 6 children, Heather, Kristina, Natalie, Mason, Alyssa, and Seth. Kevin Cardwell currently works as a freelance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities in the USA, Middle East, Africa, Asia and the UK. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He is a technical editor of the Learning Tree course, Penetration Testing Techniques and Computer Forensics. He has presented at the Black Hat USA, Hacker Halted, ISSA, and TakeDownCon conferences, as well as many others. He has chaired the cybercrime and cyber defense summit in Oman and was the executive chairman of the oil and gas cyber defense summit. He is the author of Building Virtual Pentesting Labs for Advanced Penetration Testing and Backtrack – Testing Wireless Network Security. He holds a BS in computer science from National University in California and an MS in software engineering from the Southern Methodist University (SMU) in Texas. He developed the strategy and training development plan for the first Government CERT in the country of Oman, which was recently rated as the top CERT in the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority and developed the team to man the first Commercial Security Operations Center in Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe, and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to commercial companies, governments, federal agencies, major banks, and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman, and the Central Bank of Oman. He designed and implemented the custom security baseline for the existing Oman Airport Management Company (OAMC) airports and the two new airports opening in 2016. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices, and other applications as well. About the Reviewer S Boominathan is a highly professional security expert with 4 plus years of experience in the field of information security, malware analysis, vulnerability assessment, and network and wireless pentesting. He is currently working with a bellwether of an Indian-based MNC company and is privileged to be doing so. He possesses certifications and knowledge in N+, CCNA, CCSA, CEHV8, CHFIV4, QCP (QualysGuard certified professional), and wireless pentesting expert. I would like to thank my parents, Sundaram and Valli, my wife, Uthira, and my brother, Sriram, for helping throughout this book. I would like to thank the author and Packt Publishing for providing me with the opportunity to review this book. www.PacktPub.com eBooks, discount offers, and more Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. TM https://www2.packtpub.com/books/subscription/packtlib Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books. Why subscribe? • Fully searchable across every book published by Packt • Copy and paste, print, and bookmark content • On demand and accessible via a web browser This book is dedicated to Loredana and her support during the many hours required for research. Without her support, this book would not have been possible. Kevin Cardwell