Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Chapter 3
Twenty-First Century Heist

This chapter is based on a consulting engagement I performed a couple of years ago for a large international bank. They had never conducted this kind of pen test before, but I'd done a lot of other testing for them in the past so we had a sit-down to talk about what would be a good approach.

A bank has money. It's kind of the motherlode. Money is not only the asset to be protected but the resource that makes that protection possible. Banks prioritize security at every step, in a way that other organizations simply cannot: every build change in any technology, be it a web or mobile application, is reviewed both as a penetration test and a line-by-line code review. Every IP of every external connection is subjected to penetration testing once a year.