Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Exercises

  1. The code in the Microsoft Outlook email data exfiltration example is not as stealthy as it could be. What function could be added to make it stealthier? Hint, compile the code and see how it behaves.
  2. In this chapter, we touched on SPF, as it is the most commonly used technology for protection against mail spoofing. Another technology is called DMARC, which is built on top of SPF (as well as DKIM). Investigate this technology and its implications for mail spoofing.
  3. The examples given for data exfiltration is this chapter are by no means complete. Consider other possibilities and how they might be implemented. What other devices exist on a network that could be quickly discovered and subverted to get data out?