So now we're seeing two distinct countermeasures that work together to make the lives of the bad guys more difficult. We're taking away the predictability necessary to find the soft spots of the vulnerable program when loaded in memory, and we're filing down the areas of memory where execution is allowed to the bare minimum. In other words, DEP/NX and ASLR take a big and stationary target and turn it into a tiny moving target. Hopefully, the hacker in you is already brainstorming the security assumptions of these protection mechanisms. Think of it this way: we're setting certain regions of memory as non-executable, but this is a program; there are instructions that have to be executed. We're randomizing address space so that it's hard to predict where to find certain structures, but there's a flow of execution. There has to be a way to find everything needed to get the job done. Return-oriented programming takes advantage of this reality. Let's take...
Hands-On Penetration Testing on Windows
By :
Hands-On Penetration Testing on Windows
By:
Overview of this book
Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offices to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients.
In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode.
We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits.
By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.
Table of Contents (25 chapters)
Title Page
Dedication
Packt Upsell
Contributors
Preface
Free Chapter
Bypassing Network Access Control
Sniffing and Spoofing
Windows Passwords on the Network
Advanced Network Attacks
Cryptography and the Penetration Tester
Advanced Exploitation with Metasploit
Stack and Heap Memory Management
Windows Kernel Security
Weaponizing Python
Windows Shellcoding
Bypassing Protections with ROP
Fuzzing Techniques
Going Beyond the Foothold
Taking PowerShell to the Next Level
Escalating Privileges
Maintaining Access
Tips and Tricks
Assessment
Other Books You May Enjoy
Index
Customer Reviews