Hands-On Penetration Testing on Windows

More Information
Learn
  • Get to know advanced pen testing techniques with Kali Linux
  • Gain an understanding of Kali Linux tools and methods from behind the scenes
  • See how to use Kali Linux at an advanced level
  • Understand the exploitation of Windows kernel drivers
  • Understand advanced Windows concepts and protections, and how to bypass them using Kali Linux
  • Discover Windows exploitation techniques, such as stack and heap overflows and kernel exploitation, through coding principles
About

Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offi ces to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients.

In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode.

We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits.

By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.

Features
  • Identify the vulnerabilities in your system using Kali Linux 2018.02
  • Discover the art of exploiting Windows kernel drivers
  • Get to know several bypassing techniques to gain control of your Windows environment
Page Count 452
Course Length 13 hours 33 minutes
ISBN 9781788295666
Date Of Publication 29 Jul 2018
Technical requirements
Bypassing MAC filtering – considerations for the physical assessor
Design weaknesses – exploiting weak authentication mechanisms
Bypassing validation checks
Breaking out of jail – masquerading the stack
Summary
Questions
Further reading
Technical requirements
Advanced Wireshark – going beyond simple captures
Advanced Ettercap – the man-in-the-middle Swiss Army Knife
Ettercap filters – fine-tuning your analysis
Getting better – spoofing with BetterCAP
Summary
Questions
Further reading
Technical requirements
Flipping the bit – integrity attacks against CBC algorithms
Sneaking your data in – hash length extension attacks
Busting the padding oracle with PadBuster
Summary
Questions
Further reading
Technical requirements
Kernel fundamentals – understanding how kernel attacks work
Pointing out the problem – pointer issues
Practical kernel attacks with Kali
Summary
Questions
Further reading
Technical requirements
Network fuzzing – mutation fuzzing with Taof proxying
Hands-on fuzzing with Kali and Python
Fuzzy registers – the low-level perspective
Summary
Questions
Further reading
Technical requirements
Gathering goodies – enumeration with post modules
Network pivoting with Metasploit
Escalating your pivot – passing attacks down the line
Summary
Questions
Further reading
Technical requirements
Power to the shell – PowerShell fundamentals
Post-exploitation with PowerShell
Offensive PowerShell – introducing the Empire framework
Summary
Questions
Further reading
Technical requirements
Climb the ladder with Armitage
When the easy way fails—local exploits
Escalation with WMIC and PS Empire
Dancing in the shadows – looting domain controllers with vssadmin
Summary
Questions
Further reading

Authors

Phil Bramwell

Phil Bramwell acquired the Certified Ethical Hacker and Certified Expert Penetration Tester certifications at the age of 21. His professional experience includes Common Criteria design reviews and testing, network security consulting, penetration testing, and PCI-DSS compliance auditing for banks, universities, and governments. He later acquired the CISSP and Metasploit Pro Certified Specialist credentials. Today, he is a cybersecurity and cryptocurrency consultant and works as a cybersecurity analyst specializing in malware detection and analysis.