CHF43.00
Download est disponible immédiatement
Build a better defense against motivated, organized, professional attacks
Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data--even from organizations without a direct Internet connection--this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.
Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level--and this book shows you how to defend your high security network.
Use targeted social engineering pretexts to create the initial compromise
Leave a command and control structure in place for long-term access
Escalate privilege and breach networks, operating systems, and trust structures
Infiltrate further using harvested credentials while expanding control
Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.
Auteur
Wil Allsopp is an IT security expert with 20 years experience, specializing in red team engagements, penetration testing, vulnerability assessment, security audits, secure source code review, social engineering, and advanced persistent threats. He has performed ethical hacking and penetration testing for numerous Fortune 100 companies.
Résumé
Build a better defense against motivated, organized, professional attacks Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating dataeven from organizations without a direct Internet connectionthis guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.
Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex leveland this book shows you how to defend your high security network.
Contenu
Foreword xxiii
Introduction xxvii
Chapter 1 Medical Records (In)security 1
An Introduction to Simulating Advanced Persistent Threat 2
Background and Mission Briefi ng 2
Payload Delivery Part 1: Learning How to Use the VBA Macro 5
How NOT to Stage a VBA Attack 6
Examining the VBA Code 11
Avoid Using Shellcode 11
Automatic Code Execution 13
Using a VBA/VBS Dual Stager 13
Keep Code Generic Whenever Possible 14
Code Obfuscation 15
Enticing Users 16
Command and Control Part 1: Basics and Essentials 19
The Attack 23
Bypassing Authentication 23
Summary 27
Exercises 28
Chapter 2 Stealing Research 29
Background and Mission Briefi ng 30
Payload Delivery Part 2: Using the
Java Applet for Payload Delivery 31
Java Code Signing for Fun and Profit 32
Writing a Java Applet Stager 36
Create a Convincing Pretext 39
Signing the Stager 40
Notes on Payload Persistence 41
Microsoft Windows 41
Linux 42
OSX 45
Command and Control Part 2: Advanced Attack Management 45
Adding Stealth and Multiple System Management 45
Implementing a Command Structure 47
Building a Management Interface 48
The Attack 49
Situational Awareness 50
Using AD to Gather Intelligence 50
Analyzing AD Output 51
Attack Against Vulnerable Secondary System 52
Credential Reuse Against Primary Target System 53
Summary 54
Exercises 55
Chapter 3 Twenty-First Century Heist 57
What Might Work? 57
Nothing Is Secure 58
Organizational Politics 58
APT Modeling versus Traditional Penetration Testing 59
Background and Mission Briefi ng 59
Command and Control Part III: Advanced Channels and Data Exfi ltration 60
Notes on Intrusion Detection and the Security Operations Center 64
The SOC Team 65
How the SOC Works 65
SOC Reaction Time and Disruption 66
IDS Evasion 67
False Positives 67
Payload Delivery Part III: Physical Media 68
A Whole New Kind of Social Engineering 68
Target Location Profi ling 69
Gathering Targets 69
The Attack 72
Summary 75
Exercises 75
Chapter 4 Pharma Karma 77
Background and Mission Briefi ng 78
Payload Delivery Part IV: Client-Side Exploits 1 79
The Curse That Is Flash 79
At Least You Can Live Without It 81
Memory Corruption Bugs: Dos and Don'ts 81
Reeling in the Target 83
Command and Control Part IV: Metasploit Integration 86
Metasploit Integration Basics 86
Server Confi guration 86
Black Hats/White Hats 87
What Have I Said About AV? 88
Pivoting 89
The Attack 89
The Hard Disk Firewall Fail 90
Metasploit Demonstration 90
Under the Hood 91
The Benefits of Admin 92
Typical Subnet Cloning 96
Recovering Passwords 96
Making a Shopping List 99
Summary 101
Exercises 101
Chapter 5 Guns and Ammo 103
Background and Mission Briefing 104
Payload Delivery Part V: Simulating a Ransomware Attack 106
What Is Ransomware? 106
Why Simulate a Ransomware Attack? 107
A Model for Ransomware Simulation 107
Asymmetric Cryptography 108
Remote Key Generation 109
Targeting Files 110
Requesting the Ransom 111
Maintainin…