Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.

Related Content you might be interested in

Current Title:

Small book image
Advanced Penetration Testing
Wil Allsopp
Mar, 2017 | 288 pages
No titles found
Table of Contents (13 chapters)
Free Chapter
1
Cover
Cover
2
Title Page
Title Page
3
Introduction
Introduction
Coming Full Circle
Advanced Persistent Threat (APT)
Next Generation Technology
“Hackers”
Forget Everything You Think You Know About Penetration Testing
How This Book Is Organized
4
Chapter 1: Medical Records (In)security
Chapter 1: Medical Records (In)security
An Introduction to Simulating Advanced Persistent Threat
Background and Mission Briefing
Payload Delivery Part 1: Learning How to Use the VBA Macro
Command and Control Part 1: Basics and Essentials
The Attack
Summary
Exercises
5
Chapter 2: Stealing Research
Chapter 2: Stealing Research
Background and Mission Briefing
Payload Delivery Part 2: Using the Java Applet for Payload Delivery
Notes on Payload Persistence
Command and Control Part 2: Advanced Attack Management
The Attack
Summary
Exercises
6
Chapter 3: Twenty-First Century Heist
Chapter 3: Twenty-First Century Heist
What Might Work?
Nothing Is Secure
Organizational Politics
APT Modeling versus Traditional Penetration Testing
Background and Mission Briefing
Command and Control Part III: Advanced Channels and Data Exfiltration
Payload Delivery Part III: Physical Media
The Attack
Summary
Exercises
7
Chapter 4: Pharma Karma
Chapter 4: Pharma Karma
Background and Mission Briefing
Payload Delivery Part IV: Client-Side Exploits 1
Command and Control Part IV: Metasploit Integration
The Attack
Summary
Exercises
8
Chapter 5: Guns and Ammo
Chapter 5: Guns and Ammo
Background and Mission Briefing
Payload Delivery Part V: Simulating a Ransomware Attack
Command and Control Part V: Creating a Covert C2 Solution
New Strategies in Stealth and Deployment
The Attack
Summary
Exercises
9
Chapter 6: Criminal Intelligence
Chapter 6: Criminal Intelligence
Payload Delivery Part VI: Deploying with HTA
Privilege Escalation in Microsoft Windows
Command and Control Part VI: The Creeper Box
The Attack
Summary
Exercises
10
Chapter 7: War Games
Chapter 7: War Games
Background and Mission Briefing
Payload Delivery Part VII: USB Shotgun Attack
Command and Control Part VII: Advanced Autonomous Data Exfiltration
The Attack
Summary
Exercises
11
Chapter 8: Hack Journalists
Chapter 8: Hack Journalists
Briefing
Advanced Concepts in Social Engineering
C2 Part VIII: Experimental Concepts in Command and Control
Payload Delivery Part VIII: Miscellaneous Rich Web Content
The Attack
Summary
Exercises
12
Chapter 9: Northern Exposure
Chapter 9: Northern Exposure
Overview
Operating Systems
North Korean Public IP Space
The North Korean Telephone System
Approved Mobile Devices
The “Walled Garden”: The Kwangmyong Intranet
Audio and Video Eavesdropping
Summary
Exercises
13
End User License Agreement
End User License Agreement

Command and Control Part 2: Advanced Attack Management

The C2 infrastructure described in Chapter 1 is not fit for anything other than illustrating concepts. Its lack of a proper out-of-band management channel and the ability to handle only one target host at a time are severe, crippling limitations. The always-on SSH connection is also inelegant and lacks stealth.

Adding Stealth and Multiple System Management

In this section, you will add considerable new functionality to make your C2 stealthier, more intelligent, and easier to manage. What is needed for now is the following:

  • Beaconing—When the payload is delivered and installed, it should periodically call home (your C2 server) for orders rather than immediately establishing an SSH connection and reverse tunnel.
  • Pre-configured command set—An established set of instructions that can be passed to the payload for tasking when it calls home.
  • Tunnel management—The C2 server needs to be able to handle multiple simultaneous...
Previous Section
End of Section 5
Next Section