- Software-based and hardware-based.
- libc is the C standard library.
- As long as you'd like; you can define 5 or 100 bytes with the --depth flag in MSFrop and ROPgadget.
- ASLR.
- The PLT converts function calls to absolute destination addresses; the GOT converts address calculations to absolute destinations.
- Open gdb [binary] and disassemble main() with disas, then look for the system@plt call.
- The > operator packs the binary data as big-endian; x86 processors are little-endian.
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- Bypassing Network Access Control
- Sniffing and Spoofing
- Windows Passwords on the Network
- Advanced Network Attacks
- Cryptography and the Penetration Tester
- Advanced Exploitation with Metasploit
- Stack and Heap Memory Management
- Windows Kernel Security
- Weaponizing Python
- Windows Shellcoding
- Technical requirements
- Taking out the guesswork – heap spraying
- Memory allocation – stack versus heap
- Shellcode whac-a-mole – heap spraying fundamentals
- Shellcode generation for the Java vulnerability
- Creating the malicious website to exploit Java
- Debugging Internet Explorer with WinDbg
- Examining memory after spraying the heap
- Fine-tuning your attack and getting a shell
- Understanding Metasploit shellcode delivery
- Injection with Backdoor Factory
- Summary
- Questions
- Further reading
- Bypassing Protections with ROP
- Technical requirements
- DEP and ASLR – the intentional and the unavoidable
- Introducing return-oriented programming
- Getting hands-on with the return-to-PLT attack
- Summary
- Questions
- Further reading
- Fuzzing Techniques
- Going Beyond the Foothold
- Taking PowerShell to the Next Level
- Escalating Privileges
- Maintaining Access
- Technical requirements
- Persistence with Metasploit and PowerShell Empire
- Creating a payload for Metasploit persister
- Configuring the Metasploit persistence module and firing away
- Verifying your persistent Meterpreter backdoor
- Not to be outdone – persistence in PS Empire
- Elevating the security context of our Empire agent
- Creating a WMI subscription for stealthy persistence of your agent
- Verifying agent persistence
- Hack tunnels – netcat backdoors on the fly
- Maintaining access with PowerSploit
- Summary
- Questions
- Further reading
- Tips and Tricks
- Assessment
- Chapter 1: Bypassing Network Access Control
- Chapter 2: Sniffing and Spoofing
- Chapter 3: Windows Passwords on the Network
- Chapter 4: Advanced Network Attacks
- Chapter 5: Cryptography and the Penetration Tester
- Chapter 6: Advanced Exploitation with Metasploit
- Chapter 7: Stack and Heap Memory Management
- Chapter 8: Windows Kernel Security
- Chapter 9: Weaponizing Python
- Chapter 10: Windows Shellcoding
- Chapter 11: Bypassing Protections with ROP
- Chapter 12: Fuzzing Techniques
- Chapter 13: Going Beyond the Foothold
- Chapter 14: Taking PowerShell to the Next Level
- Chapter 15: Escalating Privileges
- Chapter 16: Maintaining Access
- Other Books You May Enjoy
Chapter 11: Bypassing Protections with ROP
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.