Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
Title Page
End User License Agreement

Payload Delivery Part V: Simulating a Ransomware Attack

Ransomware is currently the scourge of the Internet and it is a problem that will likely only get worse. Given that only basic programming skills are required to execute such an attack (as well as the wide availability of third-party crypto libraries), it is actually surprising that this type of malware has been so late to emerge and mature. Now that it has, it is virtually inevitable that your organization will be hit at some point.

What Is Ransomware?

Ransomware is software that, when deployed to a compromised host, encrypts files (or in some cases the entire local storage space) and demands payment for data recovery in the form of a password or decryption key, depending on the nature of the malware. Usually ransomware is delivered through exploit kits that target vulnerabilities in client side software, with Adobe Flash being far and away the most popular target due to its almost universal deployment and terrible history of security...