Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Command and Control Part V: Creating a Covert C2 Solution

The necessity to communicate over the Internet is the weak link in any command and control infrastructure. Even if the C2 is distributed over multiple servers, there is the inherent fragility that comes from needing to talk to IP addresses that could be blocked at a border router if the network team considers the traffic suspicious or if the C2 servers are added to threat databases such as the Open Threat Exchange, which can automatically update security appliances with addresses of “known-bad.” Another issue is that once a C2 server has been identified, it is at risk of being physically decommissioned and seized by law enforcement. Fortunately, there is a solution to both of these problems.

Introducing the Onion Router

If you're reading this, you've likely encountered the Onion Router (Tor) in one form or another or at least have an inkling of what it is. To summarize, Tor is primarily used to anonymize...