Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

The Attack

The client provided a standard corporate Windows 7 imaged workstation, although we could also plug our own kit into their network. The first order of business was to compromise the workstation itself—what we learned here would tell us a lot about how the company handled information security in general. There is also the potential to acquire administration credentials that may be useful elsewhere.

The Hard Disk Firewall Fail

The workstations are running a modified kernel to prevent unauthorized processes from writing to the disk. This technology is easy to bypass and it's the first thing we need to get around before we can attack the workstation in earnest.

The HDF doesn't stop us from running code; it only prevents disk writes by unauthorized processes. Therefore our attack will need to migrate to another authorized process in order to get around this. Having write access to the hard drive will make privilege escalation attacks much easier (see Figure 4.10...