Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Payload Delivery Part VIII: Miscellaneous Rich Web Content

We've talked about Java applets and touched on Adobe Flash as attack vectors. However, as Oracle has expressed a desire to replace applets in their current form and as the browser makers have lost all patience with Adobe over their complete lack of secure coding practices, neither of these technologies are going to be around forever. Their successors are already in active deployment and are suitable for use in APT modeling attacks. Although they are very different from each other technologically, the way they offer content to the user is (visually) not all that dissimilar, so it makes sense to talk about the two together.

Java Web Start

JWS applications don't run inside the browser but are generally deployed through the browser interface. From a software development perspective, this has several advantages, but mainly it allows much more refined memory management and indeed the allocation of much more memory than would...