Throughout this chapter, we identified a number of considerations when we perform client-side penetration testing; as we have mentioned throughout the chapter, we have barely scratched the surface on this:
- Review the information encoding of our payloads, attempt a number of different techniques, and see if you can improve on reducing the number of products that detected your code. Once you have done this, research the latest information on bypassing antivirus software, and see if any of these can improve your evasion. Finally, research the Veil framework at https://www.veil-framework.comand experiment with the different methods that are contained there to see if you can achieve a better score than that of the encoding methods in Metasploit.
- For this second challenge, explore the methods that we use in the chapter for the PowerShell scripting, and explore the latest information contained at http://www.powershellempire.com and experiment with the different methods of the tool. Concentrate on the extraction of information. Deploy the code on multiple versions of Windows and document the results. Remember to annotate what works and what does not work for your future engagements.
- For this third challenge, review all of the possible risks from detection technologies, and explore how you can bypass them. Be sure to document your findings and save them.
This challenge will allow you to explore the obstacles that we continue to face with the deployment of a number of items that we are more than likely going to encounter in our testing. Have fun with it!
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.