Chapter 5. Taking Action - Intrude and Exploit
Now that we have found our way into the target environment and begun to collect information in Chapter 4, Explore the Target - Recon and Weaponize we'll certainly have some attack vectors to try as we progress further along the Penetration Testing Kill Chain. Preparation in the Recon and Weaponize phases provides us with a detailed footprint of the environment, its users, and the applications running within the network. In Sun Tzu's book The Art of War , he wisely states:
"So in war, the way is to avoid what is strong, and strike at what is weak."
More often than not, our targets will all but announce their weaknesses to us in recon activities. These soft points are what we need to now probe and exploit. We should also take note of the stronger segments and characteristics of the environment. More experienced attackers will avoid these perceived strengths, and we should encourage our customers to avoid them as well and focus on the weaknesses...