| The exploit or compromise phase – This is the point when a particular |
| exploit is successfully applied, allowing attackers to reach their objective. |
| The compromise may have occurred in a single phase (for example, a known |
| operating system vulnerability was exploited using a buffer overflow), |
| or it may have been a multiphase compromise (for example, an attacker |
| physically accessed premises to steal a corporate phone book. The names |
| were used to create lists for brute force attacks against a portal logon. In |
| addition, e-mails were sent to all employees to click on an embedded link to |
| download a crafted PDF file that compromised their computers.). Multiphase |
| attacks are the norm when a malicious attacker targets a specific enterprise. |
| Post exploit: action on the objective – This is frequently, and incorrectly, |
| referred to as the "exfiltration phase" because there is a focus on perceiving |
| attacks solely as a route to steal sensitive data (such as login information, |
| personal information, and financial information); it is common for an attacker |
| to have a different objective. For example, a business may wish to cause a |
| denial of service in their competitor's network to drive customers to their |
| own website. Therefore, this phase must focus on the many possible actions |
| of an attacker. |
| One of the most common exploit activity occurs when, the attackers |
| attempt to improve their access privileges to the highest possible level |
| (vertical escalation), and to compromise as many accounts as possible |
| (horizontal escalation). |
| Post exploit: persistence – If there is value in compromising a network or |
| system, then that value can likely be increased if there is persistent access. |
| This allows attackers to maintain communications with a compromised |
| system. From a defender's point of view, this is the part of the kill chain that |
| is usually the easiest to detect. |
| Kill chains are metamodels of an attacker's behavior when they attempt to compromise |
| a network or a particular data system. As a metamodel, it can incorporate any |
| proprietary or commercial penetration testing methodology. Unlike the methodologies, |
| however, it ensures a strategic-level focus on how an attacker approaches the network. |
| This focus on the attacker's activities will guide the layout and content of this book |
| This book is divided into two parts. In Part 1, The Attacker's Kill Chain, we will follow |
| the steps of a kill chain, analyzing each phase in detail. In Part 2, The Delivery Phase, |
| we will focus on the delivery phase and some of the available methodologies to |
| understand how attacks take place, and how this knowledge can be used to secure |
| a network. |
| Chapter 1, Starting with Kali Linux, introduces the reader to the fundamentals of Kali |
| Linux, and its optimal configuration to support penetration testing. |
| Chapter 2, Identifying the Target – Passive Reconnaissance, provides a background on |
| how to gather information about a target using publicly available sources, and the |
| tools that can simplify the reconnaissance and information management. |
| Chapter 3, Active Reconnaissance and Vulnerability Scanning, introduces the reader to |
| stealthy approaches that can be used to gain information about the target, especially |
| the information that identifies vulnerabilities, which could be exploited. |
| Chapter 4, Exploit, demonstrates the methodologies that can be used to find and |
| execute exploits that allow a system to be compromised by an attacker. |
| Chapter 5, Post Exploit – Action on the Objective, describes how attackers can |
| escalate their privileges to achieve their objective for compromising the system, |
| including theft of data, altering data, launching additional attacks, or creating a |
| denial of service. |
| Chapter 6, Post Exploit – Persistence, provides a background on how to configure |
| a compromised system so that the attacker can return at will and continue |
| post-exploit activities. |
| Chapter 7, Physical Attacks and Social Engineering, demonstrates why being able to |
| physically access a system or interact with the humans who manage it provides |
| the most successful route to exploitation. |
| Chapter 8, Exploiting Wireless Communications, demonstrates how to take advantage |
| of common wireless connections to access data networks and isolated systems. |
| Chapter 9, Reconnaissance and Exploitation of Web-based Applications, provides a |
| brief overview of one of the most complex delivery phases to secure: web-based |
| applications that are exposed to the public Internet. |
| Chapter 10, Exploiting Remote Access Communications, provides an increasingly |
| important route into systems as more and more organizations adopt distributed |
| and work-from-home models that rely on remote access communications that are |
| themselves vulnerable to attack. |
| Chapter 11, Client-side Exploitation, focuses on attacks against applications on the |
| end-user's systems, which are frequently not protected to the same degree as the |
| organization's primary network. |
| Appendix, Installing Kali Linux, provides an overview of how to install Kali Linux, |
| and how to employ a whole-disk encryption to avoid an intercept of confidential |
| testing data. |
| In order to practice the material presented in this book, you will need virtualization |
| tools such as VMware or VirtualBox. |
| You will need to download and configure the Kali Linux operating system and its |
| suite of tools. To ensure that it is up-to-date and that you have all of the tools, you |
| will need access to an Internet connection. |
| Sadly, not all of the tools on the Kali Linux system will be addressed since there are |
| too many of them. The focus of this book is not to inundate the reader with all of |
| the tools and options, but to provide an approach for testing that will give them the |
| opportunity to learn and incorporate new tools as their experiences and knowledge |
| change over time. |
| Although most of the examples from this book focus on Microsoft Windows, the |
| methodology and most of the tools are transferrable to other operating systems |
| such as Linux and the other flavors of Unix. |
| Finally, this book applies Kali to complete the attacker's kill chain against target |
| systems. You will need a target operating system. Many of the examples in the book |
| use Microsoft Windows XP. Although it is deprecated as of April 2014, it provides |
| a "baseline" of standard behavior for many of the tools. If you know how to apply |
| the methodology to one operating system, you can apply it to more recent operating |
| systems such as Windows 7 and Windows 8. |
| This book is intended for people who want to know more about data security. |
| In particular, it targets people who want to understand why they use a particular |
| tool when they do, as opposed to those people who throw as many tools as possible |
| at a system to see if an exploit will happen. My goal is for the readers to develop their |
| own method and approach to effective penetration testing, which will allow them to |
| experiment and learn as they progress. I believe that this approach is the only effective |
| way to understand how malicious people attack data systems, and therefore, the only |
| way to understand how to mediate vulnerabilities before they can be exploited. |
| If you are a security professional, penetration tester, or just have an interest in the |
| security of complex data environments, this book is for you. |
| Although we have taken every care to ensure the accuracy of our content, mistakes |
| do happen. If you find a mistake in one of our books—maybe a mistake in the text or |
| the code—we would be grateful if you would report this to us. By doing so, you can |
| save other readers from frustration and help us improve subsequent versions of this |
| book. If you find any errata, please report them by visiting http:www.packtpub. |
| com submit-errata, selecting your book, clicking on the errata submission form link, |
| and entering the details of your errata. Once your errata are verified, your submission |
| will be accepted and the errata will be uploaded on our website, or added to any list of |
| existing errata, under the Errata section of that title. Any existing errata can be viewed |
| by selecting your title from http:www.packtpub.comsupport. |
Комментарии