2018 was an excellent year for most advanced next-generation antivirus and Endpoint Detection and Response (EDR) tools due to the various types of security incidents, especially the sophisticated malwares. Having said that, most of the time when testers get root or internal network access, they think they are done with the test, assuming that they have the knowledge and toolset to completely compromise the network or enterprise.

One of the neglected aspects during a penetration test activity is bypassing security controls to assess the target organization's prevention and detection techniques. In all penetration testing activities, penetration testers or attackers need to understand, what renders the exploit ineffective while performing an active attack on the target network /system and bypassing the security controls that are set by the target organization becomes crucial as part of the kill chain methodology. In this chapter, we will review the different types of security controls in place, identify a systematic process for overcoming these controls, and demonstrate this using the tools from the Kali toolset.

In this chapter, you will learn about the following:

• Bypassing network access control
• Bypassing antivirus (AV) using different frameworks
• Bypassing application-level controls
• Bypassing Windows-specific operation system security controls