最新章節

• Summary
• Hiding evidence of the attack
• Exfiltration from PowerShell
• Using the Data Exfiltration Toolkit (DET)
• Exfiltration of data using ICMP
• Exfiltration of data using the DNS protocol

• Summary 更新時間：2021-07-02 21:05:14
• Hiding evidence of the attack
• Exfiltration from PowerShell
• Using the Data Exfiltration Toolkit (DET)
• Exfiltration of data using ICMP
• Exfiltration of data using the DNS protocol
• Using existing system services (Telnet RDP and VNC)
• Exfiltration of data
• Persistence using social media and Gmail
• Creating a standalone persistent agent with Metasploit
• Using the persistence script
• Maintaining persistence with the Metasploit framework
• Using schtasks to configure a persistent task
• Employing Netcat as a persistent agent
• Using persistent agents
• Command and Control
• Summary
• Compromising Kerberos – the golden ticket attack
• Escalating access rights in Active Directory
• SMB relay attacks
• Responder
• Password sniffers
• Credential harvesting and escalation attacks
• PowerShell's Empire tool
• DLL injection
• Escalating from administrator to system
• Local system escalation
• Overview of common escalation methodology
• Privilege Escalation
• Summary
• Using Proxychains
• Pivoting and port forwarding
• Lateral movement using services
• WMIC
• PsExec WMIC and other tools
• Compromising domain trusts and shares
• Horizontal escalation and lateral movement
• Veil-Pillage
• Post-exploitation tools (MSF the Veil-Pillage framework scripts)
• Creating additional accounts
• Finding and taking sensitive data – pillaging the target
• Conducting a rapid reconnaissance of a compromised system
• Activities on the compromised local system
• Action on the Objective
• Summary
• Crafting a Windows-specific exploit
• Identifying a vulnerability using fuzzing
• Developing a Windows exploit
• Adding the exploits that are written using Metasploit Framework as a base
• Compiling C files
• Compiling and using exploits
• Locating and verifying publicly available exploits
• Using public exploits
• Exploiting multiple targets with Armitage
• Exploiting multiple targets using Metasploit Framework resource files
• Single targets using a reverse shell with a PowerShell attack vector
• Single targets using a simple reverse shell
• Exploiting targets using Metasploit Framework
• Database setup and configuration
• Modules
• Interfaces
• Framework – base
• Framework – core
• REX
• Libraries
• The Metasploit framework
• Exploitation
• Summary
• Auditing and logging
• Communications security
• System security
• Encryption
• Access and authorization
• Other Windows-specific operating system controls
• User Account Control (UAC)
• Enhanced Migration Experience Toolkit (EMET)
• Bypassing Windows-specific operating system controls
• Defeating application whitelisting
• Outbound to inbound
• Bypassing URL filtering mechanisms
• Inbound to outbound
• Tunneling past client-side firewalls using SSH
• Bypassing application-level controls
• Using Shellter
• Using the Veil framework
• Bypassing antivirus using different frameworks
• Detecting HoneyPot
• Bypassing isolation
• Post-admission NAC
• Adding exceptions
• Preventing remediation
• Disabling endpoint security
• Quarantine rules
• Exceptions
• Identifying the rules
• Adding new elements
• Pre-admission NAC
• Bypassing Network Access Control (NAC)
• Bypassing Security Controls
• Summary
• Using BeEF as a tunneling proxy
• Integrating BeEF and Metasploit attacks
• Understanding the BeEF browser
• Configuring BeEF
• The Browser Exploitation Framework (BeEF)
• The Cross-Site Scripting Framework (XSSF)
• Attacking systems using Windows PowerShell
• Conducting attacks using VBScript
• Attacking a system using hostile scripts
• Backdooring executable files
• Client-Side Exploitation
• Summary
• Identifying default user accounts
• Performing offline PSK cracking
• Capturing pre-shared keys
• Fingerprinting the VPN gateway
• Scanning for VPN gateways
• Attacking an IPSec virtual private network
• Denial-of-service attacks against SSL
• Using sslstrip to conduct a man-in-the-middle attack
• Reconnaissance of SSL connections
• Introduction to Testssl
• Padding Oracle On Demanded Legacy Encryption (POODLE)
• Logjam attack
• Insecure TLS renegotiation
• Heartbleed
• Factoring Attack on RSA-EXPORT Keys (FREAK)
• Compression Ratio Info-leak Made Easy (CRIME)
• Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH)
• Browser Exploit Against SSL and TLS (BEAST)
• Weaknesses and vulnerabilities in the SSL protocol
• Attacking Secure Sockets Layer (SSL)
• Compromising remote access protocols (VNC)
• Compromising secure shell
• Compromising Remote Desktop Protocol (RDP)
• Exploiting vulnerabilities in communication protocols
• Attacking Remote Access
• Summary
• Maintaining access with web shells
• Injection attacks against databases
• OS command injection using commix
• Brute-forcing access credentials
• Application-specific attacks
• Web-service-specific vulnerability scanners
• Web crawling and directory brute-force attacks
• Extending the functionality of web browsers
• Burp Proxy
• Client-side proxies
• Mirroring a website from the command line
• Fingerprinting a web application and CMS
• Detection of web application firewall and load balancers
• Conducting reconnaissance of websites
• Hackers mindmap
• Methodology
• Reconnaissance and Exploitation of Web-Based Applications
• Summary
• Working with Ghost Phisher
• Compromising enterprise implementations of WPA/WPA2
• DoS attacks against wireless communications
• Attacking wireless routers with Reaver
• Brute-force attacks
• Attacking WPA and WPA2
• Bypassing MAC address authentication and open authentication
• Bypassing a hidden SSID
• Kismet
• Wireless reconnaissance
• Configuring Kali for wireless attacks
• Wireless Attacks
• Summary
• Launching a phishing attack
• Setting up a phishing campaign with Phishing Frenzy
• Spear phishing attack
• Escalating an attack using DNS redirection
• Hiding executables and obfuscating the attacker's URL
• HTA attack
• Using the PowerShell alphanumeric shellcode injection attack
• Using a website attack vector – the tabnabbing attack method
• Using a website attack vector – the credential harvester attack method
• The Social Engineering Toolkit (SET)
• Microcomputer-based attack agents
• Creating a rogue physical device
• Attacking system memory with Inception
• Sticky Keys
• Samdump2 and chntpw
• Physical attacks at the console
• Physical attacks
• Voice-based
• Computer-based attacks
• Methodology and attack methods
• Physical Security and Social Engineering
• Summary
• Threat modeling
• Specialized scanners
• Customizing OpenVAS
• The OpenVAS network vulnerability scanner
• Vulnerability scanners for mobile applications
• Customizing Nikto and Vega
• Introduction to Nikto and Vega
• Web application vulnerability scanners
• Customizing NSE scripts
• Introduction to LUA scripting
• Vulnerability scanning with nmap
• Local and online vulnerability databases
• Vulnerability nomenclature
• Vulnerability Assessment
• Summary
• An example to configure SPARTA
• Using comprehensive tools (SPARTA)
• Reconnaissance of active directory domain servers
• Locating network shares
• Windows account information via Server Message Block (SMB) sessions
• Taking advantage of SNMP
• Using scripts to combine Masscan and nmap scans
• Ping sweep
• ARP broadcasting
• Native MS Windows commands
• Identification and enumeration of internal network hosts
• DHCP information
• Large-scale scanning
• Determining active services
• Fingerprinting the operating system
• Writing your own port scanner using netcat
• Port scanning
• Port operating system and service discovery
• Live host discovery
• Enumerating hosts
• IDS/IPS identification
• Mapping beyond the firewall
• Identifying the external network infrastructure
• Mapping the route to the target
• Using IPv6 - specific tools
• IPv6
• IPv4
• The recon-ng framework
• Employing comprehensive reconnaissance applications
• The whois command
• DNS reconnaissance and route mapping
• Using proxies with anonymity networks
• Modifying packet parameters
• Adjusting the source IP stack and tool identification settings
• Stealth scanning strategies
• Active Reconnaissance of External and Internal Networks
• Summary
• Extracting words from Twitter using Twofi
• Using CeWL to map a website
• Creating custom word lists for cracking passwords
• Profiling users for password lists
• Threat intelligence
• Security breaches
• Dark Web
• Defensive OSINT
• Using scripts to automatically gather OSINT data
• DataDump sites
• Using dork script to query Google
• Google Hacking Database
• Shodan and censys.io
• Obtaining user information
• Gathering usernames and email addresses
• Scraping
• Google caches
• CaseFile
• Maltego
• Offensive OSINT
• OSINT
• Basic principles of reconnaissance
• Open Source Intelligence and Passive Reconnaissance
• Summary
• Managing collaborative penetration testing using Faraday
• Mutillidae
• Metasploitable3
• Installing defined targets
• Setting up a virtual network with Active Directory
• Building a verification lab
• Using Bash scripts to customize Kali
• Sharing folders with the host operating system
• Speeding up Kali operations
• Adding a non-root user
• Resetting the root password
• Configuring and customizing Kali
• Organizing Kali
• Installing Kali to the cloud – creating an AWS instance
• Installing to a Docker appliance
• VirtualBox
• VMware Workstation Player
• Installing Kali into a virtual machine
• Using Kali from a portable device
• Installing and updating Kali
• Introduction to Kali Linux – history and purpose
• The testing methodology
• Classical failures of vulnerability scanning penetration testing and red team exercises
• Conceptual overview of security testing
• Goal-Based Penetration Testing
• Questions
• Piracy
• Errata
• Downloading the color images of this book
• Downloading the example code
• Customer support
• Reader feedback
• Conventions
• Who this book is for
• What you need for this book
• What this book covers
• Preface
• Customer Feedback
• Why subscribe?
• www.PacktPub.com
• About the Reviewer
• About the Author
• Credits
• Title Page
• coverpage

• coverpage
• Title Page
• Credits
• About the Author
• About the Reviewer
• www.PacktPub.com
• Why subscribe?
• Customer Feedback
• Preface
• What this book covers
• What you need for this book
• Who this book is for
• Conventions
• Reader feedback
• Customer support
• Downloading the example code
• Downloading the color images of this book
• Errata
• Piracy
• Questions
• Goal-Based Penetration Testing
• Conceptual overview of security testing
• Classical failures of vulnerability scanning penetration testing and red team exercises
• The testing methodology
• Introduction to Kali Linux – history and purpose
• Installing and updating Kali
• Using Kali from a portable device
• Installing Kali into a virtual machine
• VMware Workstation Player
• VirtualBox
• Installing to a Docker appliance
• Installing Kali to the cloud – creating an AWS instance
• Organizing Kali
• Configuring and customizing Kali
• Resetting the root password
• Adding a non-root user
• Speeding up Kali operations
• Sharing folders with the host operating system
• Using Bash scripts to customize Kali
• Building a verification lab
• Setting up a virtual network with Active Directory
• Installing defined targets
• Metasploitable3
• Mutillidae
• Managing collaborative penetration testing using Faraday
• Summary
• Open Source Intelligence and Passive Reconnaissance
• Basic principles of reconnaissance
• OSINT
• Offensive OSINT
• Maltego
• CaseFile
• Google caches
• Scraping
• Gathering usernames and email addresses
• Obtaining user information
• Shodan and censys.io
• Google Hacking Database
• Using dork script to query Google
• DataDump sites
• Using scripts to automatically gather OSINT data
• Defensive OSINT
• Dark Web
• Security breaches
• Threat intelligence
• Profiling users for password lists
• Creating custom word lists for cracking passwords
• Using CeWL to map a website
• Extracting words from Twitter using Twofi
• Summary
• Active Reconnaissance of External and Internal Networks
• Stealth scanning strategies
• Adjusting the source IP stack and tool identification settings
• Modifying packet parameters
• Using proxies with anonymity networks
• DNS reconnaissance and route mapping
• The whois command
• Employing comprehensive reconnaissance applications
• The recon-ng framework
• IPv4
• IPv6
• Using IPv6 - specific tools
• Mapping the route to the target
• Identifying the external network infrastructure
• Mapping beyond the firewall
• IDS/IPS identification
• Enumerating hosts
• Live host discovery
• Port operating system and service discovery
• Port scanning
• Writing your own port scanner using netcat
• Fingerprinting the operating system
• Determining active services
• Large-scale scanning
• DHCP information
• Identification and enumeration of internal network hosts
• Native MS Windows commands
• ARP broadcasting
• Ping sweep
• Using scripts to combine Masscan and nmap scans
• Taking advantage of SNMP
• Windows account information via Server Message Block (SMB) sessions
• Locating network shares
• Reconnaissance of active directory domain servers
• Using comprehensive tools (SPARTA)
• An example to configure SPARTA
• Summary
• Vulnerability Assessment
• Vulnerability nomenclature
• Local and online vulnerability databases
• Vulnerability scanning with nmap
• Introduction to LUA scripting
• Customizing NSE scripts
• Web application vulnerability scanners
• Introduction to Nikto and Vega
• Customizing Nikto and Vega
• Vulnerability scanners for mobile applications
• The OpenVAS network vulnerability scanner
• Customizing OpenVAS
• Specialized scanners
• Threat modeling
• Summary
• Physical Security and Social Engineering
• Methodology and attack methods
• Computer-based attacks
• Voice-based
• Physical attacks
• Physical attacks at the console
• Samdump2 and chntpw
• Sticky Keys
• Attacking system memory with Inception
• Creating a rogue physical device
• Microcomputer-based attack agents
• The Social Engineering Toolkit (SET)
• Using a website attack vector – the credential harvester attack method
• Using a website attack vector – the tabnabbing attack method
• Using the PowerShell alphanumeric shellcode injection attack
• HTA attack
• Hiding executables and obfuscating the attacker's URL
• Escalating an attack using DNS redirection
• Spear phishing attack
• Setting up a phishing campaign with Phishing Frenzy
• Launching a phishing attack
• Summary
• Wireless Attacks
• Configuring Kali for wireless attacks
• Wireless reconnaissance
• Kismet
• Bypassing a hidden SSID
• Bypassing MAC address authentication and open authentication
• Attacking WPA and WPA2
• Brute-force attacks
• Attacking wireless routers with Reaver
• DoS attacks against wireless communications
• Compromising enterprise implementations of WPA/WPA2
• Working with Ghost Phisher
• Summary
• Reconnaissance and Exploitation of Web-Based Applications
• Methodology
• Hackers mindmap
• Conducting reconnaissance of websites
• Detection of web application firewall and load balancers
• Fingerprinting a web application and CMS
• Mirroring a website from the command line
• Client-side proxies
• Burp Proxy
• Extending the functionality of web browsers
• Web crawling and directory brute-force attacks
• Web-service-specific vulnerability scanners
• Application-specific attacks
• Brute-forcing access credentials
• OS command injection using commix
• Injection attacks against databases
• Maintaining access with web shells
• Summary
• Attacking Remote Access
• Exploiting vulnerabilities in communication protocols
• Compromising Remote Desktop Protocol (RDP)
• Compromising secure shell
• Compromising remote access protocols (VNC)
• Attacking Secure Sockets Layer (SSL)
• Weaknesses and vulnerabilities in the SSL protocol
• Browser Exploit Against SSL and TLS (BEAST)
• Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH)
• Compression Ratio Info-leak Made Easy (CRIME)
• Factoring Attack on RSA-EXPORT Keys (FREAK)
• Heartbleed
• Insecure TLS renegotiation
• Logjam attack
• Padding Oracle On Demanded Legacy Encryption (POODLE)
• Introduction to Testssl
• Reconnaissance of SSL connections
• Using sslstrip to conduct a man-in-the-middle attack
• Denial-of-service attacks against SSL
• Attacking an IPSec virtual private network
• Scanning for VPN gateways
• Fingerprinting the VPN gateway
• Capturing pre-shared keys
• Performing offline PSK cracking
• Identifying default user accounts
• Summary
• Client-Side Exploitation
• Backdooring executable files
• Attacking a system using hostile scripts
• Conducting attacks using VBScript
• Attacking systems using Windows PowerShell
• The Cross-Site Scripting Framework (XSSF)
• The Browser Exploitation Framework (BeEF)
• Configuring BeEF
• Understanding the BeEF browser
• Integrating BeEF and Metasploit attacks
• Using BeEF as a tunneling proxy
• Summary
• Bypassing Security Controls
• Bypassing Network Access Control (NAC)
• Pre-admission NAC
• Adding new elements
• Identifying the rules
• Exceptions
• Quarantine rules
• Disabling endpoint security
• Preventing remediation
• Adding exceptions
• Post-admission NAC
• Bypassing isolation
• Detecting HoneyPot
• Bypassing antivirus using different frameworks
• Using the Veil framework
• Using Shellter
• Bypassing application-level controls
• Tunneling past client-side firewalls using SSH
• Inbound to outbound
• Bypassing URL filtering mechanisms
• Outbound to inbound
• Defeating application whitelisting
• Bypassing Windows-specific operating system controls
• Enhanced Migration Experience Toolkit (EMET)
• User Account Control (UAC)
• Other Windows-specific operating system controls
• Access and authorization
• Encryption
• System security
• Communications security
• Auditing and logging
• Summary
• Exploitation
• The Metasploit framework
• Libraries
• REX
• Framework – core
• Framework – base
• Interfaces
• Modules
• Database setup and configuration
• Exploiting targets using Metasploit Framework
• Single targets using a simple reverse shell
• Single targets using a reverse shell with a PowerShell attack vector
• Exploiting multiple targets using Metasploit Framework resource files
• Exploiting multiple targets with Armitage
• Using public exploits
• Locating and verifying publicly available exploits
• Compiling and using exploits
• Compiling C files
• Adding the exploits that are written using Metasploit Framework as a base
• Developing a Windows exploit
• Identifying a vulnerability using fuzzing
• Crafting a Windows-specific exploit
• Summary
• Action on the Objective
• Activities on the compromised local system
• Conducting a rapid reconnaissance of a compromised system
• Finding and taking sensitive data – pillaging the target
• Creating additional accounts
• Post-exploitation tools (MSF the Veil-Pillage framework scripts)
• Veil-Pillage
• Horizontal escalation and lateral movement
• Compromising domain trusts and shares
• PsExec WMIC and other tools
• WMIC
• Lateral movement using services
• Pivoting and port forwarding
• Using Proxychains
• Summary
• Privilege Escalation
• Overview of common escalation methodology
• Local system escalation
• Escalating from administrator to system
• DLL injection
• PowerShell's Empire tool
• Credential harvesting and escalation attacks
• Password sniffers
• Responder
• SMB relay attacks
• Escalating access rights in Active Directory
• Compromising Kerberos – the golden ticket attack
• Summary
• Command and Control
• Using persistent agents
• Employing Netcat as a persistent agent
• Using schtasks to configure a persistent task
• Maintaining persistence with the Metasploit framework
• Using the persistence script
• Creating a standalone persistent agent with Metasploit
• Persistence using social media and Gmail
• Exfiltration of data
• Using existing system services (Telnet RDP and VNC)
• Exfiltration of data using the DNS protocol
• Exfiltration of data using ICMP
• Using the Data Exfiltration Toolkit (DET)
• Exfiltration from PowerShell
• Hiding evidence of the attack
• Summary 更新時間：2021-07-02 21:05:14