Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hands-On Penetration Testing on Windows
  • Table Of Contents Toc
Hands-On Penetration Testing on Windows

Hands-On Penetration Testing on Windows

By : Phil Bramwell
5 (3)
Buy this Book
close
close
Hands-On Penetration Testing on Windows

Hands-On Penetration Testing on Windows

5 (3)
By: Phil Bramwell
Buy this Book

Overview of this book

Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offices to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients. In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode. We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits. By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.
Table of Contents (19 chapters)
close
close
close
Lock Free Chapter
1
Bypassing Network Access Control
chevron up
Icon
Bypassing Network Access Control
Icon
Technical requirements
Icon
Bypassing MAC filtering – considerations for the physical assessor
Icon
Design weaknesses – exploiting weak authentication mechanisms
Icon
Bypassing validation checks
Icon
Breaking out of jail – masquerading the stack
Icon
Summary
Icon
Questions
Icon
Further reading
2
Sniffing and Spoofing
Icon
Sniffing and Spoofing
Icon
Technical requirements
Icon
Advanced Wireshark – going beyond simple captures
Icon
Advanced Ettercap – the man-in-the-middle Swiss Army Knife
Icon
Ettercap filters – fine-tuning your analysis
Icon
Getting better – spoofing with BetterCAP
Icon
Summary
Icon
Questions
Icon
Further reading
3
Windows Passwords on the Network
Icon
Windows Passwords on the Network
Icon
Technical requirements
Icon
Understanding Windows passwords
Icon
Capturing Windows passwords on the network
Icon
Let it rip – cracking Windows hashes
Icon
Summary
Icon
Questions
Icon
Further reading
4
Advanced Network Attacks
Icon
Advanced Network Attacks
Icon
Technical requirements
Icon
Binary injection with BetterCAP proxy modules
Icon
HTTP downgrading attacks with sslstrip
Icon
The evil upgrade – attacking software update mechanisms
Icon
IPv6 for hackers
Icon
Summary
Icon
Questions
Icon
Further reading
5
Cryptography and the Penetration Tester
Icon
Cryptography and the Penetration Tester
Icon
Technical requirements
Icon
Flipping the bit – integrity attacks against CBC algorithms
Icon
Sneaking your data in – hash length extension attacks
Icon
Busting the padding oracle with PadBuster
Icon
Summary
Icon
Questions
Icon
Further reading
6
Advanced Exploitation with Metasploit
Icon
Advanced Exploitation with Metasploit
Icon
Technical requirements
Icon
How to get it right the first time – generating payloads
Icon
Modules – the bread and butter of Metasploit
Icon
Efficiency and attack organization with Armitage
Icon
Social engineering attacks with Metasploit payloads
Icon
Summary
Icon
Questions
Icon
Further reading
7
Stack and Heap Memory Management
Icon
Stack and Heap Memory Management
Icon
Technical requirements
Icon
An introduction to debugging
Icon
Stack smack – introducing buffer overflows
Icon
Introducing shellcoding
Icon
Summary
Icon
Questions
Icon
Further Reading
8
Windows Kernel Security
Icon
Windows Kernel Security
Icon
Technical requirements
Icon
Kernel fundamentals – understanding how kernel attacks work
Icon
Pointing out the problem – pointer issues
Icon
Practical kernel attacks with Kali
Icon
Summary
Icon
Questions
Icon
Further reading
9
Weaponizing Python
Icon
Weaponizing Python
Icon
Technical requirements
Icon
Incorporating Python into your work
Icon
Python network analysis
Icon
Antimalware evasion in Python
Icon
Python and Scapy – a classy pair
Icon
Summary
Icon
Questions
Icon
Further reading
10
Windows Shellcoding
Icon
Windows Shellcoding
Icon
Technical requirements
Icon
Taking out the guesswork – heap spraying
Icon
Understanding Metasploit shellcode delivery
Icon
Injection with Backdoor Factory
Icon
Summary
Icon
Questions
Icon
Further reading
11
Bypassing Protections with ROP
Icon
Bypassing Protections with ROP
Icon
Technical requirements
Icon
DEP and ASLR – the intentional and the unavoidable
Icon
Introducing return-oriented programming
Icon
Getting hands-on with the return-to-PLT attack
Icon
Summary
Icon
Questions
Icon
Further reading
12
Fuzzing Techniques
Icon
Fuzzing Techniques
Icon
Technical requirements
Icon
Network fuzzing – mutation fuzzing with Taof proxying
Icon
Hands-on fuzzing with Kali and Python
Icon
Fuzzy registers – the low-level perspective
Icon
Summary
Icon
Questions
Icon
Further reading
13
Going Beyond the Foothold
Icon
Going Beyond the Foothold
Icon
Technical requirements
Icon
Gathering goodies – enumeration with post modules
Icon
Network pivoting with Metasploit
Icon
Escalating your pivot – passing attacks down the line
Icon
Summary
Icon
Questions
Icon
Further reading
14
Taking PowerShell to the Next Level
Icon
Taking PowerShell to the Next Level
Icon
Technical requirements
Icon
Power to the shell – PowerShell fundamentals
Icon
Post-exploitation with PowerShell
Icon
Offensive PowerShell – introducing the Empire framework
Icon
Summary
Icon
Questions
Icon
Further reading
15
Escalating Privileges
Icon
Escalating Privileges
Icon
Technical requirements
Icon
Climb the ladder with Armitage
Icon
When the easy way fails—local exploits
Icon
Escalation with WMIC and PS Empire
Icon
Dancing in the shadows – looting domain controllers with vssadmin
Icon
Summary
Icon
Questions
Icon
Further reading
16
Maintaining Access
Icon
Maintaining Access
Icon
Technical requirements
Icon
Persistence with Metasploit and PowerShell Empire
Icon
Hack tunnels – netcat backdoors on the fly
Icon
Maintaining access with PowerSploit
Icon
Summary
Icon
Questions
Icon
Further reading
17
Tips and Tricks
Icon
Tips and Tricks
Icon
Getting familiar with VMware Workstation
Icon
Building your attack lab
Icon
Network configuration tricks
Icon
Further reading
18
Assessment
Icon
Assessment
Icon
Chapter 1: Bypassing Network Access Control
Icon
Chapter 2: Sniffing and Spoofing
Icon
Chapter 3: Windows Passwords on the Network
Icon
Chapter 4: Advanced Network Attacks
Icon
Chapter 5: Cryptography and the Penetration Tester
Icon
Chapter 6: Advanced Exploitation with Metasploit
Icon
Chapter 7: Stack and Heap Memory Management
Icon
Chapter 8: Windows Kernel Security
Icon
Chapter 9: Weaponizing Python
Icon
Chapter 10: Windows Shellcoding
Icon
Chapter 11: Bypassing Protections with ROP
Icon
Chapter 12: Fuzzing Techniques
Icon
Chapter 13: Going Beyond the Foothold
Icon
Chapter 14: Taking PowerShell to the Next Level
Icon
Chapter 15: Escalating Privileges
Icon
Chapter 16: Maintaining Access
19
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Bypassing Network Access Control

The network is the first thing we think about when we imagine computers getting hacked. It's the pen tester's playground. It's both the first step and the final frontier of compromising a computer. It's also what makes the compromise of a single computer effectively the compromise of an entire building full of computers. It's fitting, then, that we begin our journey with a discussion about compromising the network and using its own power and weaknesses to inform the pen test.

The first step is getting on the network in the first place, and there are human, architectural, and protocol factors that make the mere presence of an attacker on the network potentially devastating. For this reason, defenders often deploy network access control (NAC) systems. The intent of these systems is to detect and/or prevent an intrusion on the network by identifying and authenticating devices on the network. In this chapter, we will review some of the methods employed by NACs and demonstrate practical methods of bypassing these controls.

The following topics will be covered in this chapter:

  • Bypassing NACs with physical access to clone an authorized device
  • Captive portal methods and their weaknesses
  • Policy checks for new devices
  • Masquerading the stack of an authorized device
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Hands-On Penetration Testing on Windows
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon