Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Background and Mission Briefing

The target in this particular misadventure was a military computer network in the UK. This network had no Internet connectivity and was segregated physically from other computer infrastructure in the building. There were a limited number of terminals and these could only be accessed by an officer with both security credentials and a smartcard.

Tricky.

Getting access to the network was one problem, liberating the data was something else entirely. There was no way that I was prepared to conduct a physical penetration test against an army base (the amusing anecdote below spells out why, in no uncertain terms) and there was no way we could hack secure military infrastructure from the Internet. There may have been some other access ports somewhere or some other kind of adjacent network connectivity, but nothing we were going to get access to in any measurable kind of time frame, and we certainly didn't have any kind of network specifications to work with...