Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
Title Page
End User License Agreement

Audio and Video Eavesdropping

This final section is not in-depth enough to be classified as payload deployment or C2 management in its own right, but as we've talked a little about Android devices in this chapter, I wanted to include it. As an avenue of attack, it's nascent and will only become more relevant. Assuming that a C2 agent has been successfully deployed to a target endpoint, capturing audio and video is trivial and can be achieved through a number of native or third-party APIs. However, when attacking mobile devices or tablets, this can be more troublesome. It is certainly possible to create apps that, when installed and given certain permissions, can be remotely triggered through push notifications and the microphone and camera turned on and their contents streamed.

However, whether developing for iOS or Android, apps have to go through a review process before being allowed in either the App Store or Google Play and the use of certain APIs in apps that manifestly...