Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Exercises

  1. Explore the various means of deploying rich content in a web browser and how these tools and technologies can be subverted to deliver attacks (both technological and social engineering based). There are many to choose from. To start with, download the free demo of Mulitmedia Fusion. Note how quickly complex content can be created using this software as well as the diverse environments it can deploy to.
  2. Explore network protocols that are essential to the internal functioning of a network such as ARP, ICMP, RIP, and OSPF. How could these be used to carry data covertly? Start with ARP, which allows broadcast communication. This is handy, as we've seen in this chapter, but also could be used to carry data between two IP addresses on a network without the use of a broadcast.
  3. Study the concept of leader election and how it can be leveraged in creating autonomous C2 environments. This can go well beyond the control of simple C2 agents in one target network and can be used in...