Advanced Penetration Testing - Hacking the World's Most Secure Networks

Read more

Build a better defense against motivated, organized, professional attacks
 
Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data--even from organizations without a direct Internet connection--this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.
 
Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level--and this book shows you how to defend your high security network.
* Use targeted social engineering pretexts to create the initial compromise
* Leave a command and control structure in place for long-term access
* Escalate privilege and breach networks, operating systems, and trust structures
* Infiltrate further using harvested credentials while expanding control
 
Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.

List of contents

Foreword xxiii
 
Introduction xxvii
 
Chapter 1 Medical Records (In)security 1
 
An Introduction to Simulating Advanced Persistent Threat 2
 
Background and Mission Briefi ng 2
 
Payload Delivery Part 1: Learning How to Use the VBA Macro 5
 
How NOT to Stage a VBA Attack 6
 
Examining the VBA Code 11
 
Avoid Using Shellcode 11
 
Automatic Code Execution 13
 
Using a VBA/VBS Dual Stager 13
 
Keep Code Generic Whenever Possible 14
 
Code Obfuscation 15
 
Enticing Users 16
 
Command and Control Part 1: Basics and Essentials 19
 
The Attack 23
 
Bypassing Authentication 23
 
Summary 27
 
Exercises 28
 
Chapter 2 Stealing Research 29
 
Background and Mission Briefi ng 30
 
Payload Delivery Part 2: Using the
 
Java Applet for Payload Delivery 31
 
Java Code Signing for Fun and Profit 32
 
Writing a Java Applet Stager 36
 
Create a Convincing Pretext 39
 
Signing the Stager 40
 
Notes on Payload Persistence 41
 
Microsoft Windows 41
 
Linux 42
 
OSX 45
 
Command and Control Part 2: Advanced Attack Management 45
 
Adding Stealth and Multiple System Management 45
 
Implementing a Command Structure 47
 
Building a Management Interface 48
 
The Attack 49
 
Situational Awareness 50
 
Using AD to Gather Intelligence 50
 
Analyzing AD Output 51
 
Attack Against Vulnerable Secondary System 52
 
Credential Reuse Against Primary Target System 53
 
Summary 54
 
Exercises 55
 
Chapter 3 Twenty-First Century Heist 57
 
What Might Work? 57
 
Nothing Is Secure 58
 
Organizational Politics 58
 
APT Modeling versus Traditional Penetration Testing 59
 
Background and Mission Briefi ng 59
 
Command and Control Part III: Advanced Channels and Data Exfi ltration 60
 
Notes on Intrusion Detection and the Security Operations Center 64
 
The SOC Team 65
 
How the SOC Works 65
 
SOC Reaction Time and Disruption 66
 
IDS Evasion 67
 
False Positives 67
 
Payload Delivery Part III: Physical Media 68
 
A Whole New Kind of Social Engineering 68
 
Target Location Profi ling 69
 
Gathering Targets 69
 
The Attack 72
 
Summary 75
 
Exercises 75
 
Chapter 4 Pharma Karma 77
 
Background and Mission Briefi ng 78
 
Payload Delivery Part IV: Client-Side Exploits 1 79
 
The Curse That Is Flash 79
 
At Least You Can Live Without It 81
 
Memory Corruption Bugs: Dos and Don'ts 81
 
Reeling in the Target 83
 
Command and Control Part IV: Metasploit Integration 86
 
Metasploit Integration Basics 86
 
Server Confi guration 86
 
Black Hats/White Hats 87
 
What Have I Said About AV? 88
 
Pivoting 89
 
The Attack 89
 
The Hard Disk Firewall Fail 90
 
Metasploit Demonstration 90
 
Under the Hood 91
 
The Benefits of Admin 92
 
Typical Subnet Cloning 96
 
Recovering Passwords 96
 
Making a Shopping List 99
 
Summary 101
 
Exercises 101
 
Chapter 5 Guns and Ammo 103
 
Background and Mission Briefing 104
 
Payload Delivery Part V: Simulating a Ransomware Attack 106
 
What Is Ransomware? 106
 
Why Simulate a Ransomware Attack? 107
 
A Model for Ransomware Simulation 107
 
Asymmetric Cryptogra

About the author

Wil Allsopp is an IT security expert with 20 years experience, specializing in red team engagements, penetration testing, vulnerability assessment, security audits, secure source code review, social engineering, and advanced persistent threats. He has performed ethical hacking and penetration testing for numerous Fortune 100 companies.

Summary

Build a better defense against motivated, organized, professional attacks Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation.