Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

The Attack

You have the upgraded C2 and a physical package deployed to several bank HQs addressed to the targets using the correct building codes, conventions, and other nomenclature. It's a well-planned attack and someone will bite. In the meantime, what should you attack when you gain access? Payment systems seem like an obvious answer but being able to gain access to payment systems and being able to put your hands on the money are two very different things. An attacker might get away with it once, but any amount of money that would make such a risk viable would trigger auditing and certainly result in invoking the so-called two-tap principle where another set of eyes would have to confirm funds transfer. You'd have to be very confident in your understanding of the systems in question, have compromised multiple users, and be able to control the flow of information to a certain extent. The keys to the kingdom are not the payment systems, but the change control mechanisms.

...