Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Command and Control Part VII: Advanced Autonomous Data Exfiltration

There will be times during missions when you need to attack high-security environments where traditional means of established Command and Control will be neither appropriate nor viable. I mean the use of some form of discrete interactive session management or backdoor. As described in the payload delivery section, it is sometimes not possible to deploy attack packages via traditional means. Recovering data once a payload has been delivered can be even more challenging. However, even though a target network may be locked down to an intimidating degree, there will always be points of egress. Your job as an attacker in these circumstances is twofold:

  • Build a payload with a highly specific mission to execute. As discussed, this is not about establishing C2 infrastructure but hunting for specific types of files or grabbing keystrokes or gathering intelligence on target personnel and so forth.
  • Provide the payload with sufficient...