We have noticed a significant increase in using microcomputers and USB based devices in RTE/penetration testing. These are mainly used due to their compactness, they can be hidden anywhere in the network and also can run almost anything that a full fledged laptop can. In this section, we will explore the most commonly used devices, the Raspberry Pi and Malduino USB.
Microcomputer or USB-based attack agents
by Robert Beggs, Vijay Kumar Velu
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
- Title Page
- Copyright and Credits
- Dedication
- About Packt
- Contributors
- Preface
- Goal-Based Penetration Testing
- Conceptual overview of security testing
- Misconceptions of vulnerability scanning, penetration testing, and red team exercises
- Objective-based penetration testing
- The testing methodology
- Introduction to Kali Linux – features
- Installing and updating Kali Linux
- Organizing Kali Linux
- Configuring and customizing Kali Linux
- Resetting the root password
- Adding a non-root user
- Configuring network services and secure communications
- Adjusting network proxy settings
- Accessing the secure shell
- Speeding up Kali operations
- Sharing folders with the host operating system
- Using Bash scripts to customize Kali
- Building a verification lab
- Managing collaborative penetration testing using Faraday
- Summary
- Open Source Intelligence and Passive Reconnaissance
- Active Reconnaissance of External and Internal Networks
- Stealth scanning strategies
- DNS reconnaissance and route mapping
- Employing comprehensive reconnaissance applications
- Identifying the external network infrastructure
- Mapping beyond the firewall
- IDS/IPS identification
- Enumerating hosts
- Port, operating system, and service discovery
- Writing your own port scanner using netcat
- Large-scale scanning
- DHCP information
- Identification and enumeration of internal network hosts
- Native MS Windows commands
- ARP broadcasting
- Ping sweep
- Using scripts to combine masscan and nmap scans
- Taking advantage of SNMP
- Windows account information via SMB (Server Message Block) sessions
- Locating network shares
- Reconnaissance of active directory domain servers
- Using comprehensive tools (SPARTA)
- An example to configure SPARTA
- Summary
- Vulnerability Assessment
- Vulnerability nomenclature
- Local and online vulnerability databases
- Vulnerability scanning with Nmap
- Web application vulnerability scanners
- Vulnerability scanners for mobile applications
- The OpenVAS network vulnerability scanner
- Commercial vulnerability scanners
- Specialized scanners
- Threat modeling
- Summary
- Advanced Social Engineering and Physical Security
- Methodology and attack methods
- Physical attacks at the console
- Creating a rogue physical device
- The Social Engineering Toolkit (SET)
- Hiding executables and obfuscating the attacker's URL
- Escalating an attack using DNS redirection
- Launching a phishing attack
- Using bulk transfer as a mode of phishing
- Summary
- Wireless Attacks
- Configuring Kali for wireless attacks
- Wireless reconnaissance
- Bypassing a hidden SSID
- Bypassing the MAC address authentication and open authentication
- Attacking WPA and WPA2
- Denial-of-service (DoS) attacks against wireless communications
- Compromising enterprise implementations of WPA/WPA2
- Working with Ghost Phisher
- Summary
- Exploiting Web-Based Applications
- Client-Side Exploitation
- Bypassing Security Controls
- Exploitation
- Action on the Objective and Lateral Movement
- Privilege Escalation
- Overview of the common escalation methodology
- Escalating from domain user to system administrator
- Local system escalation
- Escalating from administrator to system
- Credential harvesting and escalation attacks
- Escalating access rights in Active Directory
- Compromising Kerberos – the golden-ticket attack
- Summary
- Command and Control
- Persistence
- Using persistent agents
- Domain fronting
- Exfiltration of data
- Hiding evidence of an attack
- Summary
- Embedded Devices and RFID Hacking
- Other Books You May Enjoy
Microcomputer or USB-based attack agents
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.