Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Notes on Payload Persistence

In the previous chapter I discussed, albeit briefly, the idea of persistence—that is the payload being able to survive reboots. There are numerous ways to do this, and now that we're dealing with multiple operating systems the problem multiplies. The method described in Chapter 1 will work but it's not very stealthy. Now that you're upping your game, it seems like a good time to revisit the concept with some better suggestions.

Microsoft Windows

There are plenty of ways to autostart code in Windows that go beyond the obvious and the most common:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft included several keys that were originally intended only for testing but which never got removed; you can execute code from there in the same way:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

or

HKLM\Software\Wow6432Node\Windows NT\CurrentVersion\Image File Execution Options

When using the Registry...