- Heap spraying.
- js_be is big-endian byte ordering; js_le is little-endian.
- unescape()
- windbg -p 4566 /g
- False; da will display the memory location with ASCII encoding.
- False; code caves are composed of null bytes.
- --xp_mode allows our patched executable to run in Windows XP; BDF default behavior is to crash on XP systems due to the potential use of XP for sandboxing.
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- Bypassing Network Access Control
- Sniffing and Spoofing
- Windows Passwords on the Network
- Advanced Network Attacks
- Cryptography and the Penetration Tester
- Advanced Exploitation with Metasploit
- Stack and Heap Memory Management
- Windows Kernel Security
- Weaponizing Python
- Windows Shellcoding
- Technical requirements
- Taking out the guesswork – heap spraying
- Memory allocation – stack versus heap
- Shellcode whac-a-mole – heap spraying fundamentals
- Shellcode generation for the Java vulnerability
- Creating the malicious website to exploit Java
- Debugging Internet Explorer with WinDbg
- Examining memory after spraying the heap
- Fine-tuning your attack and getting a shell
- Understanding Metasploit shellcode delivery
- Injection with Backdoor Factory
- Summary
- Questions
- Further reading
- Bypassing Protections with ROP
- Technical requirements
- DEP and ASLR – the intentional and the unavoidable
- Introducing return-oriented programming
- Getting hands-on with the return-to-PLT attack
- Summary
- Questions
- Further reading
- Fuzzing Techniques
- Going Beyond the Foothold
- Taking PowerShell to the Next Level
- Escalating Privileges
- Maintaining Access
- Technical requirements
- Persistence with Metasploit and PowerShell Empire
- Creating a payload for Metasploit persister
- Configuring the Metasploit persistence module and firing away
- Verifying your persistent Meterpreter backdoor
- Not to be outdone – persistence in PS Empire
- Elevating the security context of our Empire agent
- Creating a WMI subscription for stealthy persistence of your agent
- Verifying agent persistence
- Hack tunnels – netcat backdoors on the fly
- Maintaining access with PowerSploit
- Summary
- Questions
- Further reading
- Tips and Tricks
- Assessment
- Chapter 1: Bypassing Network Access Control
- Chapter 2: Sniffing and Spoofing
- Chapter 3: Windows Passwords on the Network
- Chapter 4: Advanced Network Attacks
- Chapter 5: Cryptography and the Penetration Tester
- Chapter 6: Advanced Exploitation with Metasploit
- Chapter 7: Stack and Heap Memory Management
- Chapter 8: Windows Kernel Security
- Chapter 9: Weaponizing Python
- Chapter 10: Windows Shellcoding
- Chapter 11: Bypassing Protections with ROP
- Chapter 12: Fuzzing Techniques
- Chapter 13: Going Beyond the Foothold
- Chapter 14: Taking PowerShell to the Next Level
- Chapter 15: Escalating Privileges
- Chapter 16: Maintaining Access
- Other Books You May Enjoy
Chapter 10: Windows Shellcoding
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.