Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Summary

The CISO got his scary presentation and the budget increase he wanted but in the long term it's unlikely the exercise dramatically increased the security posture of the organization. You can prioritize security, you can throw gobs of money at it, but the bottom line is that you still have to be able to do business. If you need people to come into your buildings and do work on a regular basis, there needs to be a fluid way to allow this to happen that also considers the security implications. In this instance, that failed.

The takeaway here is that the obvious systems to attack are not necessarily the right ones. As noted above, as pen testers we could probably subvert the payment systems themselves but it would be hard to go from there to physically removing money from the bank (as impressive a demo as that would be). In this instance, we chose to hit the change control systems because they were more vulnerable and would allow an attacker much more flexibility in controlling...