Hands-On Penetration Testing on Windows
上QQ阅读APP看书,第一时间看更新

What this book covers

Chapter 1, Bypassing Network Access Control, focuses on getting a foothold in the network. Network Access Control systems, or NACs, rely on certain detection technology – this chapter will review them and how they work at a low level.

Chapter 2, Sniffing and Spoofing, will discuss advanced Wireshark techniques to give the reader practical experience in low-level traffic analysis. The reader will then learn applied network-spoofing attacks, focusing on layer-2 poisoning attacks and DNS spoofing.

Chapter 3, Windows Passwords on the Network, demonstrates advanced Windows password attacks. The chapter reviews how Windows passwords are carried over the network and then provides practical demonstrations of capturing, understanding, and cracking Windows passwords to gain access. 

Chapter 4, Advanced Network Attacks, ties together the network-hacking portion with coverage of advanced concepts. We cover software-update hijacking, SSL stripping, and routers. A discussion of IPv6 is included along with practical demonstrations of using Kali to attack IPv6 implementations.

Chapter 5, Cryptography and the Penetration Tester, discusses cryptographic system implementations and practical attacks against them. Attacking message integrity via bit-flipping is demonstrated against the AES implementation of cipher block chaining. We also look at length-extension attacks and run through a demonstration of how they work. Another demonstration of an attack against confidentiality will be given with a padding-oracle attack using Kali.

Chapter 6, Advanced Exploitation with Metasploit, will take the reader to the next level with the standard attack framework in every pen tester's toolkit: Metasploit. The finer points of exploits in Metasploit are discussed, including working with the payload generator, metamodules, and building custom modules. Attacks will be demonstrated while organizing them with Metasploit's task automation features.

Chapter 7, Stack and Heap – Memory Management, guides the reader through understanding memory management for practical application to pen testing. An introduction to stack overflow attacks is demonstrated step by step. The reader will use a debugger to develop exploitation opportunity from finding software bugs.

Chapter 8, Windows Kernel Security, guides the reader through understanding and attacking the other side of the Windows virtual address space: the kernel. The reader will understand the fundamentals of kernel exploitation, including context switching and the use of the scheduler to inform race condition attacks, and vulnerabilities that the hacker seeks to exploit, including pointer issues, such as NULL pointer dereferencing and corrupted pointers.

Chapter 9, Weaponizing Python, is a crash course in Python to bring the reader to a level of understanding that will facilitate pen testing tasks with Python modules. Some of the techniques covered that can be transformed into pen testing tools include network analysis with Python and Scapy.

Chapter 10Windows Shellcoding, will step through stack-protection mechanisms of the Windows OS and demonstrate practical bypass methods. We demonstrate heap spraying with step-by-step explanations, as well as exploit creation.

Chapter 11Bypassing Protections with ROP, will guide the reader through understanding Windows memory protection mechanisms and bypassing them with Return-Oriented Programming (ROP). The mechanisms discussed are Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). The reader will understand the core assembly mechanisms that allow ROP to work, building on knowledge of memory management from other chapters.

Chapter 12Fuzzing Techniques, guides the reader through practical fuzzing techniques. The reader will understand the core principle and will be able to understand what's happening at a low memory-management level. The reader will have hands-on experience with trial and error fuzzing applications. From there, we will move on to more advanced fuzzing techniques, such as protocol fuzzing.

Chapter 13Going Beyond the Foothold, explores the post-exploitation modules of Metasploit. The Windows post modules are introduced and practically demonstrated so the reader will know how to capture keystrokes from a compromised Windows host, scan the network for new targets, and learn and exploit trust relationships to complete the pivot. We then cover enumeration on the compromised Windows host to inform post-exploitation efforts.

Chapter 14Taking PowerShell to the Next Level, guides the reader through PowerShell fundamentals with hands-on examples, and then moves on to offensive PowerShell techniques. Post-exploitation with the PowerShell Empire framework on Kali is explained and demonstrated in practical hands-on examples.

Chapter 15Escalating Privileges, steps through Metasploit and PS Empire techniques while analyzing the core mechanisms, including duplication of tokens and named pipe impersonation. The reader will review local exploit options, a method for attacking Active Directory credentials on a domain controller, and a technique that leverages the Windows Management Instrumentation Command line (WMIC).

Chapter 16Maintaining Access, guides the reader through a series of hands-on demonstrations of access maintenance via backdoors using tools such as Netcat. Metasploit, PS Empire, and PowerSploit persistence abilities are also discussed and demonstrated. 

Chapter 17Tips and Tricks, provides a brief discussion of virtualization on Windows to assist the reader in setting up a hacking lab with some hints on advanced virtual network configuration.