In this chapter, we discussed client-side attacks, and this continues to be the method of choice as vendors improve their security. We can still use the other methods we discussed throughout the book; as time passes, server-side attacks become less effective. However, as we have said throughout, you have to test for all possibilities, and that is why we have a systematic process to follow. We started the chapter with looking at the concept of lure and bait with respect to getting a client to come to us.

Following the discussion of lure and bait, we looked at the pilfering of data, that is, what we can extract from the client once we have a shell. We used a number of enumeration tools that are available in Metasploit to accomplish this.

Following this, we looked at the powerful technique of establishing a pivot point from a client, and then we carried out our attack against machines that we cannot access without the first compromised machine.

Finally, we closed the chapter and looked at bypassing detection by antivirus and other signature-based detection products. We created a PowerShell payload using the Empire tool and compromised machines.

We successfully evaded detection with the PowerShell payload that we created. This concludes the chapter.

In the next chapter, we will look at creating a complete architecture and putting all the concepts of this book together.