In this chapter, we will identify the methods we use to attack clients. Unlike our servers, the client does not provide services; therefore, it is not a simple task to get the client to wait for us to attack it. Instead, we will use techniques to get the client to come to us. In this chapter, we will discuss the following topics:
Client-side attack methods
Pilfering data from the client
Using the client as a pivot point
Client-side exploitation
Binary payloads
Malicious PDF files
Bypassing antivirus and other protection tools
Obfuscation and encoding
This chapter will provide us with information about the ways we can target clients. We will explore the different methods of attacking a client. We will also explore how this is currently the main attack vector that we will present after the testing we do today. We have the advantage of knowing that the client is going to click on a link or a file in most cases. It is this action that will provide us with...