Table Of ContentAdvanced Penetration Testing
for Highly-Secured Environments
Second Edition
Employ the most advanced pentesting techniques and
tools to build highly-secured systems and environments
Lee Allen
Kevin Cardwell
BIRMINGHAM - MUMBAI
Advanced Penetration Testing for Highly-Secured
Environments
Second Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, without the prior written
permission of the publisher, except in the case of brief quotations embedded in
critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy
of the information presented. However, the information contained in this book is
sold without warranty, either express or implied. Neither the authors, nor Packt
Publishing, and its dealers and distributors will be held liable for any damages
caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: May 2012
Second edition: March 2016
Production reference: 1210316
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78439-581-0
www.packtpub.com
Credits
Authors Project Coordinator
Lee Allen Nidhi Joshi
Kevin Cardwell
Proofreader
Safis Editing
Reviewer
S Boominathan
Indexer
Rekha Nair
Commissioning Editor
Kartikey Pandey
Graphics
Jason Monteiro
Acquisition Editor
Subho Gupta
Production Coordinator
Aparna Bhagat
Content Development Editor
Mayur Pawanikar
Cover Work
Aparna Bhagat
Technical Editor
Murtaza Tinwala
Copy Editor
Charlotte Carneiro
About the Authors
Lee Allen is currently the vulnerability management program lead for one of the
Fortune 500. Among many other responsibilities, he performs security assessments
and penetration testing.
Lee is very passionate and driven about the subject of penetration testing and
security research. His journey into the exciting world of security began back in the
80s, while visiting BBSs with his trusty Commodore 64 and a room carpeted with
5 ¼-inch floppy disks. Over the years, he has continued his attempts at remaining
up to date with the latest and greatest in the security industry and the community.
He has several industry certifications, including OSWP, and has been working in
the IT industry for over 15 years. His hobbies include validating and reviewing
proof-of-concept exploit code, programming, security research, attending security
conferences, discussing technology, writing, and skiing.
He lives in Ohio with his wife, Kellie, and their 6 children, Heather, Kristina, Natalie,
Mason, Alyssa, and Seth.
Kevin Cardwell currently works as a freelance consultant and provides consulting
services for companies throughout the world, and as an advisor to numerous
government entities in the USA, Middle East, Africa, Asia and the UK. He is an
instructor, technical editor, and author for computer forensics and hacking courses.
He is the author of the Center for Advanced Security and Training (CAST) Advanced
Network Defense and Advanced Penetration Testing courses. He is a technical
editor of the Learning Tree course, Penetration Testing Techniques and Computer
Forensics. He has presented at the Black Hat USA, Hacker Halted, ISSA, and
TakeDownCon conferences, as well as many others. He has chaired the cybercrime
and cyber defense summit in Oman and was the executive chairman of the oil and
gas cyber defense summit. He is the author of Building Virtual Pentesting Labs for
Advanced Penetration Testing and Backtrack – Testing Wireless Network Security. He
holds a BS in computer science from National University in California and an MS
in software engineering from the Southern Methodist University (SMU) in Texas.
He developed the strategy and training development plan for the first Government
CERT in the country of Oman, which was recently rated as the top CERT in the
Middle East. He serves as a professional training consultant to the Oman Information
Technology Authority and developed the team to man the first Commercial Security
Operations Center in Oman. He has worked extensively with banks and financial
institutions throughout the Middle East, Europe, and the UK in the planning of a
robust and secure architecture and implementing requirements to meet compliance.
He currently provides consultancy to commercial companies, governments, federal
agencies, major banks, and financial institutions throughout the globe. Some of his
recent consulting projects include the Muscat Securities Market (MSM), Petroleum
Development Oman, and the Central Bank of Oman. He designed and implemented
the custom security baseline for the existing Oman Airport Management Company
(OAMC) airports and the two new airports opening in 2016. He created custom
security baselines for all of the Microsoft Operating Systems, Cisco devices, and
other applications as well.
About the Reviewer
S Boominathan is a highly professional security expert with 4 plus years of
experience in the field of information security, malware analysis, vulnerability
assessment, and network and wireless pentesting. He is currently working with
a bellwether of an Indian-based MNC company and is privileged to be doing so.
He possesses certifications and knowledge in N+, CCNA, CCSA, CEHV8, CHFIV4,
QCP (QualysGuard certified professional), and wireless pentesting expert.
I would like to thank my parents, Sundaram and Valli, my wife,
Uthira, and my brother, Sriram, for helping throughout this book. I
would like to thank the author and Packt Publishing for providing
me with the opportunity to review this book.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF
and ePub files available? You can upgrade to the eBook version at www.PacktPub.com
and as a print book customer, you are entitled to a discount on the eBook copy. Get in
touch with us at customercare@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles,
sign up for a range of free newsletters and receive exclusive discounts and offers
on Packt books and eBooks.
TM
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital
book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
• Fully searchable across every book published by Packt
• Copy and paste, print, and bookmark content
• On demand and accessible via a web browser
This book is dedicated to Loredana and her support during the many hours required
for research. Without her support, this book would not have been possible.
Kevin Cardwell
