In the previous chapter, we started by learning how to gain access to victim machines using server-side attacks. We will now move on to client-side attacks, discussing what they are, and how a tool called Veil can be used to generate an undetectable backdoor. We will also discuss payloads. Once we have a brief idea about payloads, we will generate a backdoor through which we will implement client-side attacks on our own system, enabling us to listen to connections. Finally, we will look at how to implement backdoors in real time, as well as techniques we can use to protect our system from such attacks.

In this chapter, we will cover the following topics:

• Client-side attacks
• Installing Veil
• Payloads overview
• Generating a Veil backdoor
• Listening for connections
• Testing the backdoor
• Fake bdm1 updates
• Client-side attacks using the bdm2 BDFProxy
• Protection against delivery methods