In this chapter, we took a deep dive into a systematic process for overcoming security controls set by organizations as part of their internal protection. We focused on different types of NAC bypass mechanisms, how to establish a connection to the external world using tunneling anbypassing the firewalls, and also learned about every level of network, application, and operating system controls to ensure that our exploits can successfully reach the target system. Additionally, we have reviewed how to bypass antivirus detection by utilizing Veil-Evasion and Shellter. We also saw how different Windows operating system security controls such as UAC, application whitelisting, and other Active Directory-specific controls put in place can be easily circumvented using the Metasploit framework.

In the next chapter, we will examine various means of exploiting systems, including both public exploits, exploit frameworks such as the Metasploit framework, Empire PowerShell project and craft Windows-based exploits.