Advanced Penetration Testing: Hacking the World's Most Secure Networks

This is an in-depth guide to targeting and compromising high security environments. It will cover discovering and creating attack vectors, moving unseen through a target enterprise, establishing robust command and control, a 'shopping list' and exfiltrating data - even from organizations without a direct connection to the Internet. It goes beyond the basic game of low-level hackers attacking systems with a list of known vulnerabilities and the defenders preventing those hacks but running an equally well-known list of defensive scans. These techniques are not taught in any certification test preparation course instead they are the techniques being used by professional hackers and nation-states that organizations need to develop new skills to defend.

The book covers:

• Creating an initial compromise including the social engineering pretext methods used in targeted attacks
• Establishing a beachhead in a compromised system leaving a command and control structure in place for long term access
• The best most reliable methods for escalating privilege
• Performing internal reconnaissance on networks, operating systems, and trust structures
• Expanding the control structure using harvested credentials to infiltrate additional portions of the target organization IT infrastructure

Custom coding examples are showing using VBA (an old but reliable method), Windows Scripting Host, C, Java, JavaScript, Flash, and more. You'll also see how to use standard libraries to simplify the task of hopping between operating systems with your attack and how to use scanning tools such as MetaSpolit to your benefit to bypass common defensive measures.