Chapter 10. Exploiting Remote Access Communications

In Chapter 9, Reconnaissance and Exploitation of Web-based Applications, we applied the kill chain methodology against web-based applications. We reviewed reconnaissance, vulnerability scanning, and exploitation methodologies that are particular to websites and other applications. We also reviewed the unique tools that are required for assessing web-based applications, especially client-side proxies and post-exploitation tools such as web shells.

In this chapter, we'll focus on compromising the remote access communications to the devices and applications that have proliferated over the Internet.

Attackers are taking advantage of the pervasiveness of these remote access communications to achieve the following goals:

  • Exploit pre-existing communication channels to gain direct remote access to target systems
  • Intercept communications
  • Deny authenticated users access to regular communications and force them to use insecure channels...