Description

Book Synopsis
Build a better defense against motivated, organized, professional attacks

Advanced Penetration Testing: Hacking the World''s Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating dataeven from organizations without a direct Internet connectionthis guide contains the crucial techniques that provide a more accurate picture of your system''s defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scannin

Table of Contents
Foreword xxiii

Introduction xxvii

Chapter 1 Medical Records (In)security 1

An Introduction to Simulating Advanced Persistent Threat 2

Background and Mission Briefi ng 2

Payload Delivery Part 1: Learning How to Use the VBA Macro 5

How NOT to Stage a VBA Attack 6

Examining the VBA Code 11

Avoid Using Shellcode 11

Automatic Code Execution 13

Using a VBA/VBS Dual Stager 13

Keep Code Generic Whenever Possible 14

Code Obfuscation 15

Enticing Users 16

Command and Control Part 1: Basics and Essentials 19

The Attack 23

Bypassing Authentication 23

Summary 27

Exercises 28

Chapter 2 Stealing Research 29

Background and Mission Briefi ng 30

Payload Delivery Part 2: Using the

Java Applet for Payload Delivery 31

Java Code Signing for Fun and Profit 32

Writing a Java Applet Stager 36

Create a Convincing Pretext 39

Signing the Stager 40

Notes on Payload Persistence 41

Microsoft Windows 41

Linux 42

OSX 45

Command and Control Part 2: Advanced Attack Management 45

Adding Stealth and Multiple System Management 45

Implementing a Command Structure 47

Building a Management Interface 48

The Attack 49

Situational Awareness 50

Using AD to Gather Intelligence 50

Analyzing AD Output 51

Attack Against Vulnerable Secondary System 52

Credential Reuse Against Primary Target System 53

Summary 54

Exercises 55

Chapter 3 Twenty-First Century Heist 57

What Might Work? 57

Nothing Is Secure 58

Organizational Politics 58

APT Modeling versus Traditional Penetration Testing 59

Background and Mission Briefi ng 59

Command and Control Part III: Advanced Channels and Data Exfi ltration 60

Notes on Intrusion Detection and the Security Operations Center 64

The SOC Team 65

How the SOC Works 65

SOC Reaction Time and Disruption 66

IDS Evasion 67

False Positives 67

Payload Delivery Part III: Physical Media 68

A Whole New Kind of Social Engineering 68

Target Location Profi ling 69

Gathering Targets 69

The Attack 72

Summary 75

Exercises 75

Chapter 4 Pharma Karma 77

Background and Mission Briefi ng 78

Payload Delivery Part IV: Client-Side Exploits 1 79

The Curse That Is Flash 79

At Least You Can Live Without It 81

Memory Corruption Bugs: Dos and Don’ts 81

Reeling in the Target 83

Command and Control Part IV: Metasploit Integration 86

Metasploit Integration Basics 86

Server Confi guration 86

Black Hats/White Hats 87

What Have I Said About AV? 88

Pivoting 89

The Attack 89

The Hard Disk Firewall Fail 90

Metasploit Demonstration 90

Under the Hood 91

The Benefits of Admin 92

Typical Subnet Cloning 96

Recovering Passwords 96

Making a Shopping List 99

Summary 101

Exercises 101

Chapter 5 Guns and Ammo 103

Background and Mission Briefing 104

Payload Delivery Part V: Simulating a Ransomware Attack 106

What Is Ransomware? 106

Why Simulate a Ransomware Attack? 107

A Model for Ransomware Simulation 107

Asymmetric Cryptography 108

Remote Key Generation 109

Targeting Files 110

Requesting the Ransom 111

Maintaining C2 111

Final Thoughts 112

Command and Control Part V: Creating a Covert C2 Solution 112

Introducing the Onion Router 112

The Torrc File 113

Configuring a C2 Agent to Use the Tor Network 115

Bridges 115

New Strategies in Stealth and Deployment 116

VBA Redux: Alternative Command-Line Attack Vectors 116

PowerShell 117

FTP 117

Windows Scripting Host (WSH) 118

BITSadmin 118

Simple Payload Obfuscation 119

Alternative Strategies in Antivirus Evasion 121

The Attack 125

Gun Design Engineer Answers Your Questions 126

Identifying the Players 127

Smart(er) VBA Document Deployment 128

Email and Saved Passwords 131

Keyloggers and Cookies 132

Bringing It All Together 133

Summary 134

Exercises 135

Chapter 6 Criminal Intelligence 137

Payload Delivery Part VI: Deploying with HTA 138

Malware Detection 140

Privilege Escalation in Microsoft Windows 141

Escalating Privileges with Local Exploits 143

Exploiting Automated OS Installations 147

Exploiting the Task Scheduler 147

Exploiting Vulnerable Services 149

Hijacking DLLs 151

Mining the Windows Registry 154

Command and Control Part VI: The Creeper Box 155

Creeper Box Specifi cation 155

Introducing the Raspberry Pi and Its Components 156

GPIO 157

Choosing an OS 157

Configuring Full-Disk Encryption 158

A Word on Stealth 163

Configuring Out-of-Band Command and Control Using 3G/4G 164

Creating a Transparent Bridge 168

Using a Pi as a Wireless AP to Provision Access by Remote

Keyloggers 169

The Attack 171

Spoofing Caller ID and SMS Messages 172

Summary 174

Exercises 174

Chapter 7 War Games 175

Background and Mission Briefi ng 176

Payload Delivery Part VII: USB Shotgun Attack 178

USB Media 178

A Little Social Engineering 179

Command and Control Part VII: Advanced Autonomous Data Exfiltration 180

What We Mean When We Talk About “Autonomy” 180

Means of Egress 181

The Attack 185

Constructing a Payload to Attack a Classified Network 187

Stealthy 3G/4G Software Install 188

Attacking the Target and Deploying the Payload 189

Efficient “Burst-Rate” Data Exfiltration 190

Summary 191

Exercises 191

Chapter 8 Hack Journalists 193

Briefing 193

Advanced Concepts in Social Engineering 194

Cold Reading 194

C2 Part VIII: Experimental Concepts in Command and Control 199

Scenario 1: C2 Server Guided Agent Management 199

Scenario 2: Semi-Autonomous C2 Agent Management 202

Payload Delivery Part VIII: Miscellaneous Rich Web Content 205

Java Web Start 205

Adobe AIR 206

A Word on HTML5 207

The Attack 207

Summary 211

Exercises 211

Chapter 9 Northern Exposure 213

Overview 214

Operating Systems 214

Red Star Desktop 3.0 215

Red Star Server 3.0 219

North Korean Public IP Space 221

The North Korean Telephone System 224

Approved Mobile Devices 228

The “Walled Garden”: The Kwangmyong Intranet 230

Audio and Video Eavesdropping 231

Summary 233

Exercises 234

Index 235

Advanced Penetration Testing

Product form

£29.25

Includes FREE delivery

RRP £39.00 – you save £9.75 (25%)

Order before 4pm today for delivery by Mon 19 Jan 2026.

A Paperback / softback by Wil Allsopp

15 in stock


    View other formats and editions of Advanced Penetration Testing by Wil Allsopp

    Publisher: John Wiley & Sons Inc
    Publication Date: 14/04/2017
    ISBN13: 9781119367680, 978-1119367680
    ISBN10: 1119367689
    Also in:
    Computing Computer networking and communications

    Description

    Book Synopsis
    Build a better defense against motivated, organized, professional attacks

    Advanced Penetration Testing: Hacking the World''s Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating dataeven from organizations without a direct Internet connectionthis guide contains the crucial techniques that provide a more accurate picture of your system''s defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scannin

    Table of Contents
    Foreword xxiii

    Introduction xxvii

    Chapter 1 Medical Records (In)security 1

    An Introduction to Simulating Advanced Persistent Threat 2

    Background and Mission Briefi ng 2

    Payload Delivery Part 1: Learning How to Use the VBA Macro 5

    How NOT to Stage a VBA Attack 6

    Examining the VBA Code 11

    Avoid Using Shellcode 11

    Automatic Code Execution 13

    Using a VBA/VBS Dual Stager 13

    Keep Code Generic Whenever Possible 14

    Code Obfuscation 15

    Enticing Users 16

    Command and Control Part 1: Basics and Essentials 19

    The Attack 23

    Bypassing Authentication 23

    Summary 27

    Exercises 28

    Chapter 2 Stealing Research 29

    Background and Mission Briefi ng 30

    Payload Delivery Part 2: Using the

    Java Applet for Payload Delivery 31

    Java Code Signing for Fun and Profit 32

    Writing a Java Applet Stager 36

    Create a Convincing Pretext 39

    Signing the Stager 40

    Notes on Payload Persistence 41

    Microsoft Windows 41

    Linux 42

    OSX 45

    Command and Control Part 2: Advanced Attack Management 45

    Adding Stealth and Multiple System Management 45

    Implementing a Command Structure 47

    Building a Management Interface 48

    The Attack 49

    Situational Awareness 50

    Using AD to Gather Intelligence 50

    Analyzing AD Output 51

    Attack Against Vulnerable Secondary System 52

    Credential Reuse Against Primary Target System 53

    Summary 54

    Exercises 55

    Chapter 3 Twenty-First Century Heist 57

    What Might Work? 57

    Nothing Is Secure 58

    Organizational Politics 58

    APT Modeling versus Traditional Penetration Testing 59

    Background and Mission Briefi ng 59

    Command and Control Part III: Advanced Channels and Data Exfi ltration 60

    Notes on Intrusion Detection and the Security Operations Center 64

    The SOC Team 65

    How the SOC Works 65

    SOC Reaction Time and Disruption 66

    IDS Evasion 67

    False Positives 67

    Payload Delivery Part III: Physical Media 68

    A Whole New Kind of Social Engineering 68

    Target Location Profi ling 69

    Gathering Targets 69

    The Attack 72

    Summary 75

    Exercises 75

    Chapter 4 Pharma Karma 77

    Background and Mission Briefi ng 78

    Payload Delivery Part IV: Client-Side Exploits 1 79

    The Curse That Is Flash 79

    At Least You Can Live Without It 81

    Memory Corruption Bugs: Dos and Don’ts 81

    Reeling in the Target 83

    Command and Control Part IV: Metasploit Integration 86

    Metasploit Integration Basics 86

    Server Confi guration 86

    Black Hats/White Hats 87

    What Have I Said About AV? 88

    Pivoting 89

    The Attack 89

    The Hard Disk Firewall Fail 90

    Metasploit Demonstration 90

    Under the Hood 91

    The Benefits of Admin 92

    Typical Subnet Cloning 96

    Recovering Passwords 96

    Making a Shopping List 99

    Summary 101

    Exercises 101

    Chapter 5 Guns and Ammo 103

    Background and Mission Briefing 104

    Payload Delivery Part V: Simulating a Ransomware Attack 106

    What Is Ransomware? 106

    Why Simulate a Ransomware Attack? 107

    A Model for Ransomware Simulation 107

    Asymmetric Cryptography 108

    Remote Key Generation 109

    Targeting Files 110

    Requesting the Ransom 111

    Maintaining C2 111

    Final Thoughts 112

    Command and Control Part V: Creating a Covert C2 Solution 112

    Introducing the Onion Router 112

    The Torrc File 113

    Configuring a C2 Agent to Use the Tor Network 115

    Bridges 115

    New Strategies in Stealth and Deployment 116

    VBA Redux: Alternative Command-Line Attack Vectors 116

    PowerShell 117

    FTP 117

    Windows Scripting Host (WSH) 118

    BITSadmin 118

    Simple Payload Obfuscation 119

    Alternative Strategies in Antivirus Evasion 121

    The Attack 125

    Gun Design Engineer Answers Your Questions 126

    Identifying the Players 127

    Smart(er) VBA Document Deployment 128

    Email and Saved Passwords 131

    Keyloggers and Cookies 132

    Bringing It All Together 133

    Summary 134

    Exercises 135

    Chapter 6 Criminal Intelligence 137

    Payload Delivery Part VI: Deploying with HTA 138

    Malware Detection 140

    Privilege Escalation in Microsoft Windows 141

    Escalating Privileges with Local Exploits 143

    Exploiting Automated OS Installations 147

    Exploiting the Task Scheduler 147

    Exploiting Vulnerable Services 149

    Hijacking DLLs 151

    Mining the Windows Registry 154

    Command and Control Part VI: The Creeper Box 155

    Creeper Box Specifi cation 155

    Introducing the Raspberry Pi and Its Components 156

    GPIO 157

    Choosing an OS 157

    Configuring Full-Disk Encryption 158

    A Word on Stealth 163

    Configuring Out-of-Band Command and Control Using 3G/4G 164

    Creating a Transparent Bridge 168

    Using a Pi as a Wireless AP to Provision Access by Remote

    Keyloggers 169

    The Attack 171

    Spoofing Caller ID and SMS Messages 172

    Summary 174

    Exercises 174

    Chapter 7 War Games 175

    Background and Mission Briefi ng 176

    Payload Delivery Part VII: USB Shotgun Attack 178

    USB Media 178

    A Little Social Engineering 179

    Command and Control Part VII: Advanced Autonomous Data Exfiltration 180

    What We Mean When We Talk About “Autonomy” 180

    Means of Egress 181

    The Attack 185

    Constructing a Payload to Attack a Classified Network 187

    Stealthy 3G/4G Software Install 188

    Attacking the Target and Deploying the Payload 189

    Efficient “Burst-Rate” Data Exfiltration 190

    Summary 191

    Exercises 191

    Chapter 8 Hack Journalists 193

    Briefing 193

    Advanced Concepts in Social Engineering 194

    Cold Reading 194

    C2 Part VIII: Experimental Concepts in Command and Control 199

    Scenario 1: C2 Server Guided Agent Management 199

    Scenario 2: Semi-Autonomous C2 Agent Management 202

    Payload Delivery Part VIII: Miscellaneous Rich Web Content 205

    Java Web Start 205

    Adobe AIR 206

    A Word on HTML5 207

    The Attack 207

    Summary 211

    Exercises 211

    Chapter 9 Northern Exposure 213

    Overview 214

    Operating Systems 214

    Red Star Desktop 3.0 215

    Red Star Server 3.0 219

    North Korean Public IP Space 221

    The North Korean Telephone System 224

    Approved Mobile Devices 228

    The “Walled Garden”: The Kwangmyong Intranet 230

    Audio and Video Eavesdropping 231

    Summary 233

    Exercises 234

    Index 235

    Recently viewed products

    © 2026 Book Curl

      • American Express
      • Apple Pay
      • Diners Club
      • Discover
      • Google Pay
      • Maestro
      • Mastercard
      • PayPal
      • Shop Pay
      • Union Pay
      • Visa

      Login

      Forgot your password?

      Don't have an account yet?
      Create account