Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell


In this section, we will see how we can protect ourselves from the attacks we explained in this chapter. Now, if we think about it for a second: How could the attacker reach our internal host to begin with? Well, we rely on a social engineering attack along with a client-side attack to make it happen. The main key defense here is to start by securing people as they are the weakest points in the whole system. So you've got to start securing your staff on a regular basis with some management enforcement. Next, you should never rely on antivirus software, a sandbox, or VMware, as modern malware has built-in mechanisms to protect itself from being detected. Also, you should stay away from any suspicious software, especially cracked files. Before you install any software,if it was a legitimate software, verify file integrity using MD5 or the sha1 algorithm. If possible, use Data Leaking Prevention (DLP) to detect any file transfer on the endpoint or in the network transit path. Also, as a best practice, you can install something called Host-Based Intrusion Detection System (HIDS) to collect the operating system logs and notice any modification that is happening on the operating system logs. If possible, create a whitelist, and limit which process is allowed to run on the operating system. During the security awareness session, always inform nontechnical people to report any phishing email or suspicious files to the network security team or to the security operator or analyst.