Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
Title Page
End User License Agreement

The Attack

Misrepresenting oneself is at the core of a successful APT, whether modeled or otherwise. The easiest and safest way to do this is by telephone. Telephones are a technology that people trust (at least more than email) because they believe they are infallible. Telephone technologies such as Caller ID and SMS can be easily compromised to make the receiver believe they are receiving a call or a text from whomever the attacker wants. This way, instructions (or demands) can be made of a target in a convincing manner. The importance of acquiring company telephony directories should now be clear. Such an attack can be combined with a mass mail to determine who has an “Out of Office” vacation message set on their email account. Therefore, when (for example) a spoofed SMS message is sent, there is a minimal chance of the actual owner of that number seeing any replies that might be sent by SMS or email.

Spoofing Caller ID and SMS Messages

In this instance, I was able to...