Chapter 11. Client-side Exploitation

The greatest challenge for an attacker or an effective penetration tester is to bypass a target's security controls to achieve a compromise. This can be difficult when targeting systems located on a network because the attacker usually needs to bypass firewalls, proxies, intrusion detection systems, and other elements of a defense-in-depth architecture.

A successful workaround strategy is to directly target the client-side applications. The user initiates the interaction with the client application, allowing attackers to take advantage of the existing trust that exists between the user and the application. The use of social engineering methodologies will enhance the success of client-side attacks.

Client-side attacks target systems that typically lack the security controls (especially, firewalls and intrusion detection systems) found on enterprise systems. If these attacks are successful and persistent communication is established, the client...