{"product_id":"advanced-penetration-testing-isbn-9781119367680","title":"Advanced Penetration Testing","description":"\u003cb\u003eBuild a better defense against motivated, organized, professional attacks\u003c\/b\u003e \u003cp\u003e\u003ci\u003eAdvanced Penetration Testing: Hacking the World's Most Secure Networks\u003c\/i\u003e takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.\u003c\/p\u003e \u003cp\u003eTypical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eUse targeted social engineering pretexts to create the initial compromise\u003c\/li\u003e \u003cli\u003eLeave a command and control structure in place for long-term access\u003c\/li\u003e \u003cli\u003eEscalate privilege and breach networks, operating systems, and trust structures\u003c\/li\u003e \u003cli\u003eInfiltrate further using harvested credentials while expanding control\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eToday's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. \u003ci\u003eAdvanced Penetration Testing\u003c\/i\u003e goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.\u003c\/p\u003e Foreword xxiii \u003cp\u003eIntroduction xxvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Medical Records (In)security 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAn Introduction to Simulating Advanced Persistent Threat 2\u003c\/p\u003e \u003cp\u003eBackground and Mission Briefi ng 2\u003c\/p\u003e \u003cp\u003ePayload Delivery Part 1: Learning How to Use the VBA Macro 5\u003c\/p\u003e \u003cp\u003eHow NOT to Stage a VBA Attack 6\u003c\/p\u003e \u003cp\u003eExamining the VBA Code 11\u003c\/p\u003e \u003cp\u003eAvoid Using Shellcode 11\u003c\/p\u003e \u003cp\u003eAutomatic Code Execution 13\u003c\/p\u003e \u003cp\u003eUsing a VBA\/VBS Dual Stager 13\u003c\/p\u003e \u003cp\u003eKeep Code Generic Whenever Possible 14\u003c\/p\u003e \u003cp\u003eCode Obfuscation 15\u003c\/p\u003e \u003cp\u003eEnticing Users 16\u003c\/p\u003e \u003cp\u003eCommand and Control Part 1: Basics and Essentials 19\u003c\/p\u003e \u003cp\u003eThe Attack 23\u003c\/p\u003e \u003cp\u003eBypassing Authentication 23\u003c\/p\u003e \u003cp\u003eSummary 27\u003c\/p\u003e \u003cp\u003eExercises 28\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Stealing Research 29\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBackground and Mission Briefi ng 30\u003c\/p\u003e \u003cp\u003ePayload Delivery Part 2: Using the\u003c\/p\u003e \u003cp\u003eJava Applet for Payload Delivery 31\u003c\/p\u003e \u003cp\u003eJava Code Signing for Fun and Profit 32\u003c\/p\u003e \u003cp\u003eWriting a Java Applet Stager 36\u003c\/p\u003e \u003cp\u003eCreate a Convincing Pretext 39\u003c\/p\u003e \u003cp\u003eSigning the Stager 40\u003c\/p\u003e \u003cp\u003eNotes on Payload Persistence 41\u003c\/p\u003e \u003cp\u003eMicrosoft Windows 41\u003c\/p\u003e \u003cp\u003eLinux 42\u003c\/p\u003e \u003cp\u003eOSX 45\u003c\/p\u003e \u003cp\u003eCommand and Control Part 2: Advanced Attack Management 45\u003c\/p\u003e \u003cp\u003eAdding Stealth and Multiple System Management 45\u003c\/p\u003e \u003cp\u003eImplementing a Command Structure 47\u003c\/p\u003e \u003cp\u003eBuilding a Management Interface 48\u003c\/p\u003e \u003cp\u003eThe Attack 49\u003c\/p\u003e \u003cp\u003eSituational Awareness 50\u003c\/p\u003e \u003cp\u003eUsing AD to Gather Intelligence 50\u003c\/p\u003e \u003cp\u003eAnalyzing AD Output 51\u003c\/p\u003e \u003cp\u003eAttack Against Vulnerable Secondary System 52\u003c\/p\u003e \u003cp\u003eCredential Reuse Against Primary Target System 53\u003c\/p\u003e \u003cp\u003eSummary 54\u003c\/p\u003e \u003cp\u003eExercises 55\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Twenty-First Century Heist 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Might Work? 57\u003c\/p\u003e \u003cp\u003eNothing Is Secure 58\u003c\/p\u003e \u003cp\u003eOrganizational Politics 58\u003c\/p\u003e \u003cp\u003eAPT Modeling versus Traditional Penetration Testing 59\u003c\/p\u003e \u003cp\u003eBackground and Mission Briefi ng 59\u003c\/p\u003e \u003cp\u003eCommand and Control Part III: Advanced Channels and Data Exfi ltration 60\u003c\/p\u003e \u003cp\u003eNotes on Intrusion Detection and the Security Operations Center 64\u003c\/p\u003e \u003cp\u003eThe SOC Team 65\u003c\/p\u003e \u003cp\u003eHow the SOC Works 65\u003c\/p\u003e \u003cp\u003eSOC Reaction Time and Disruption 66\u003c\/p\u003e \u003cp\u003eIDS Evasion 67\u003c\/p\u003e \u003cp\u003eFalse Positives 67\u003c\/p\u003e \u003cp\u003ePayload Delivery Part III: Physical Media 68\u003c\/p\u003e \u003cp\u003eA Whole New Kind of Social Engineering 68\u003c\/p\u003e \u003cp\u003eTarget Location Profi ling 69\u003c\/p\u003e \u003cp\u003eGathering Targets 69\u003c\/p\u003e \u003cp\u003eThe Attack 72\u003c\/p\u003e \u003cp\u003eSummary 75\u003c\/p\u003e \u003cp\u003eExercises 75\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Pharma Karma 77\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBackground and Mission Briefi ng 78\u003c\/p\u003e \u003cp\u003ePayload Delivery Part IV: Client-Side Exploits 1 79\u003c\/p\u003e \u003cp\u003eThe Curse That Is Flash 79\u003c\/p\u003e \u003cp\u003eAt Least You Can Live Without It 81\u003c\/p\u003e \u003cp\u003eMemory Corruption Bugs: Dos and Don’ts 81\u003c\/p\u003e \u003cp\u003eReeling in the Target 83\u003c\/p\u003e \u003cp\u003eCommand and Control Part IV: Metasploit Integration 86\u003c\/p\u003e \u003cp\u003eMetasploit Integration Basics 86\u003c\/p\u003e \u003cp\u003eServer Confi guration 86\u003c\/p\u003e \u003cp\u003eBlack Hats\/White Hats 87\u003c\/p\u003e \u003cp\u003eWhat Have I Said About AV? 88\u003c\/p\u003e \u003cp\u003ePivoting 89\u003c\/p\u003e \u003cp\u003eThe Attack 89\u003c\/p\u003e \u003cp\u003eThe Hard Disk Firewall Fail 90\u003c\/p\u003e \u003cp\u003eMetasploit Demonstration 90\u003c\/p\u003e \u003cp\u003eUnder the Hood 91\u003c\/p\u003e \u003cp\u003eThe Benefits of Admin 92\u003c\/p\u003e \u003cp\u003eTypical Subnet Cloning 96\u003c\/p\u003e \u003cp\u003eRecovering Passwords 96\u003c\/p\u003e \u003cp\u003eMaking a Shopping List 99\u003c\/p\u003e \u003cp\u003eSummary 101\u003c\/p\u003e \u003cp\u003eExercises 101\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Guns and Ammo 103\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBackground and Mission Briefing 104\u003c\/p\u003e \u003cp\u003ePayload Delivery Part V: Simulating a Ransomware Attack 106\u003c\/p\u003e \u003cp\u003eWhat Is Ransomware? 106\u003c\/p\u003e \u003cp\u003eWhy Simulate a Ransomware Attack? 107\u003c\/p\u003e \u003cp\u003eA Model for Ransomware Simulation 107\u003c\/p\u003e \u003cp\u003eAsymmetric Cryptography 108\u003c\/p\u003e \u003cp\u003eRemote Key Generation 109\u003c\/p\u003e \u003cp\u003eTargeting Files 110\u003c\/p\u003e \u003cp\u003eRequesting the Ransom 111\u003c\/p\u003e \u003cp\u003eMaintaining C2 111\u003c\/p\u003e \u003cp\u003eFinal Thoughts 112\u003c\/p\u003e \u003cp\u003eCommand and Control Part V: Creating a Covert C2 Solution 112\u003c\/p\u003e \u003cp\u003eIntroducing the Onion Router 112\u003c\/p\u003e \u003cp\u003eThe Torrc File 113\u003c\/p\u003e \u003cp\u003eConfiguring a C2 Agent to Use the Tor Network 115\u003c\/p\u003e \u003cp\u003eBridges 115\u003c\/p\u003e \u003cp\u003eNew Strategies in Stealth and Deployment 116\u003c\/p\u003e \u003cp\u003eVBA Redux: Alternative Command-Line Attack Vectors 116\u003c\/p\u003e \u003cp\u003ePowerShell 117\u003c\/p\u003e \u003cp\u003eFTP 117\u003c\/p\u003e \u003cp\u003eWindows Scripting Host (WSH) 118\u003c\/p\u003e \u003cp\u003eBITSadmin 118\u003c\/p\u003e \u003cp\u003eSimple Payload Obfuscation 119\u003c\/p\u003e \u003cp\u003eAlternative Strategies in Antivirus Evasion 121\u003c\/p\u003e \u003cp\u003eThe Attack 125\u003c\/p\u003e \u003cp\u003eGun Design Engineer Answers Your Questions 126\u003c\/p\u003e \u003cp\u003eIdentifying the Players 127\u003c\/p\u003e \u003cp\u003eSmart(er) VBA Document Deployment 128\u003c\/p\u003e \u003cp\u003eEmail and Saved Passwords 131\u003c\/p\u003e \u003cp\u003eKeyloggers and Cookies 132\u003c\/p\u003e \u003cp\u003eBringing It All Together 133\u003c\/p\u003e \u003cp\u003eSummary 134\u003c\/p\u003e \u003cp\u003eExercises 135\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Criminal Intelligence 137\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePayload Delivery Part VI: Deploying with HTA 138\u003c\/p\u003e \u003cp\u003eMalware Detection 140\u003c\/p\u003e \u003cp\u003ePrivilege Escalation in Microsoft Windows 141\u003c\/p\u003e \u003cp\u003eEscalating Privileges with Local Exploits 143\u003c\/p\u003e \u003cp\u003eExploiting Automated OS Installations 147\u003c\/p\u003e \u003cp\u003eExploiting the Task Scheduler 147\u003c\/p\u003e \u003cp\u003eExploiting Vulnerable Services 149\u003c\/p\u003e \u003cp\u003eHijacking DLLs 151\u003c\/p\u003e \u003cp\u003eMining the Windows Registry 154\u003c\/p\u003e \u003cp\u003eCommand and Control Part VI: The Creeper Box 155\u003c\/p\u003e \u003cp\u003eCreeper Box Specifi cation 155\u003c\/p\u003e \u003cp\u003eIntroducing the Raspberry Pi and Its Components 156\u003c\/p\u003e \u003cp\u003eGPIO 157\u003c\/p\u003e \u003cp\u003eChoosing an OS 157\u003c\/p\u003e \u003cp\u003eConfiguring Full-Disk Encryption 158\u003c\/p\u003e \u003cp\u003eA Word on Stealth 163\u003c\/p\u003e \u003cp\u003eConfiguring Out-of-Band Command and Control Using 3G\/4G 164\u003c\/p\u003e \u003cp\u003eCreating a Transparent Bridge 168\u003c\/p\u003e \u003cp\u003eUsing a Pi as a Wireless AP to Provision Access by Remote\u003c\/p\u003e \u003cp\u003eKeyloggers 169\u003c\/p\u003e \u003cp\u003eThe Attack 171\u003c\/p\u003e \u003cp\u003eSpoofing Caller ID and SMS Messages 172\u003c\/p\u003e \u003cp\u003eSummary 174\u003c\/p\u003e \u003cp\u003eExercises 174\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 War Games 175\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBackground and Mission Briefi ng 176\u003c\/p\u003e \u003cp\u003ePayload Delivery Part VII: USB Shotgun Attack 178\u003c\/p\u003e \u003cp\u003eUSB Media 178\u003c\/p\u003e \u003cp\u003eA Little Social Engineering 179\u003c\/p\u003e \u003cp\u003eCommand and Control Part VII: Advanced Autonomous Data Exfiltration 180\u003c\/p\u003e \u003cp\u003eWhat We Mean When We Talk About “Autonomy” 180\u003c\/p\u003e \u003cp\u003eMeans of Egress 181\u003c\/p\u003e \u003cp\u003eThe Attack 185\u003c\/p\u003e \u003cp\u003eConstructing a Payload to Attack a Classified Network 187\u003c\/p\u003e \u003cp\u003eStealthy 3G\/4G Software Install 188\u003c\/p\u003e \u003cp\u003eAttacking the Target and Deploying the Payload 189\u003c\/p\u003e \u003cp\u003eEfficient “Burst-Rate” Data Exfiltration 190\u003c\/p\u003e \u003cp\u003eSummary 191\u003c\/p\u003e \u003cp\u003eExercises 191\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Hack Journalists 193\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBriefing 193\u003c\/p\u003e \u003cp\u003eAdvanced Concepts in Social Engineering 194\u003c\/p\u003e \u003cp\u003eCold Reading 194\u003c\/p\u003e \u003cp\u003eC2 Part VIII: Experimental Concepts in Command and Control 199\u003c\/p\u003e \u003cp\u003eScenario 1: C2 Server Guided Agent Management 199\u003c\/p\u003e \u003cp\u003eScenario 2: Semi-Autonomous C2 Agent Management 202\u003c\/p\u003e \u003cp\u003ePayload Delivery Part VIII: Miscellaneous Rich Web Content 205\u003c\/p\u003e \u003cp\u003eJava Web Start 205\u003c\/p\u003e \u003cp\u003eAdobe AIR 206\u003c\/p\u003e \u003cp\u003eA Word on HTML5 207\u003c\/p\u003e \u003cp\u003eThe Attack 207\u003c\/p\u003e \u003cp\u003eSummary 211\u003c\/p\u003e \u003cp\u003eExercises 211\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Northern Exposure 213\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview 214\u003c\/p\u003e \u003cp\u003eOperating Systems 214\u003c\/p\u003e \u003cp\u003eRed Star Desktop 3.0 215\u003c\/p\u003e \u003cp\u003eRed Star Server 3.0 219\u003c\/p\u003e \u003cp\u003eNorth Korean Public IP Space 221\u003c\/p\u003e \u003cp\u003eThe North Korean Telephone System 224\u003c\/p\u003e \u003cp\u003eApproved Mobile Devices 228\u003c\/p\u003e \u003cp\u003eThe “Walled Garden”: The Kwangmyong Intranet 230\u003c\/p\u003e \u003cp\u003eAudio and Video Eavesdropping 231\u003c\/p\u003e \u003cp\u003eSummary 233\u003c\/p\u003e \u003cp\u003eExercises 234\u003c\/p\u003e \u003cp\u003eIndex 235\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eWil Allsopp\u003c\/b\u003e is an IT security expert with 20 years experience, specializing in red team engagements, penetration testing, vulnerability assessment, security audits, secure source code review, social engineering, and advanced persistent threats. He has performed ethical hacking and penetration testing for numerous Fortune 100 companies.    \u003c\/p\u003e\u003cp\u003e\u003cb\u003eHOW TO ESTABLISH AN IMPENETRABLE LINE OF DEFENSE USING EVERYTHING IN THE PROFESSIONAL HACKER'S BAG OF TRICKS\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eTypical penetration testing is highly formulaic and involves little more than time-limited network and application security audits. If they are to have any hope of defending their assets against attacks by today's highly motivated professional hackers, high-value targets will have to do a better job of hardening their IT infrastructures. And that can only be achieved by security analysts and engineers fully versed in the professional hacker's manual of dirty tricks and penetration techniques. \u003c\/p\u003e\u003cp\u003eWritten by a top security expert who has performed hacking and penetration testing for Fortune 100 companies worldwide, \u003ci\u003eAdvanced Penetration Testing: Hacking the World's Most Secure Networks\u003c\/i\u003e schools you in advanced techniques for targeting and compromising high-security environments that aren't taught in any certification prep or covered by common defense scanners. Author Wil Allsopp goes well beyond Kali linux and Metasploit to provide a complex, highly realistic attack simulation. Taking a multidisciplinary approach combining social engineering, programming, and vulnerability exploits, he teaches you how to:  \u003c\/p\u003e\u003cul\u003e \u003cli\u003eDiscover \u003cb\u003eand create attack vectors\u003c\/b\u003e\n\u003c\/li\u003e \u003cli\u003eMove unseen \u003cb\u003ethrough a target enterprise and reconnoiter networks, operating systems, and test structures\u003c\/b\u003e\n\u003c\/li\u003e \u003cli\u003eEmploy social engineering \u003cb\u003estrategies to create an initial compromise\u003c\/b\u003e\n\u003c\/li\u003e \u003cli\u003eEstablish a beachhead \u003cb\u003eand leave a robust command-and-control structure in place\u003c\/b\u003e\n\u003c\/li\u003e \u003cli\u003eUse advanced data exfiltration techniques\u003cb\u003e—even against targets without direct Internet connections\u003c\/b\u003e\n\u003c\/li\u003e \u003cli\u003eUtilize advanced methods \u003cb\u003efor escalating privilege\u003c\/b\u003e\n\u003c\/li\u003e \u003cli\u003eInfiltrate deep into networks \u003cb\u003eand operating systems using harvested credentials\u003c\/b\u003e\n\u003c\/li\u003e \u003cli\u003eCreate custom code using \u003cb\u003eVBA, Windows\u003csup\u003e®\u003c\/sup\u003e Scripting Host, C, Java\u003csup\u003e®\u003c\/sup\u003e, JavaScript\u003csup\u003e®\u003c\/sup\u003e, Flash, and more\u003c\/b\u003e\n\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47988669153509,"sku":"NP9781119367680","price":52.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119367680.jpg?v=1761781194","url":"https:\/\/k12savings.com\/es\/products\/advanced-penetration-testing-isbn-9781119367680","provider":"K12savings","version":"1.0","type":"link"}