▶Book Description
Windows has always been the go-to platform for users around the globe to perform administration and ad hoc tasks, in settings that range from small offices to global enterprises, and this massive footprint makes securing Windows a unique challenge. This book will enable you to distinguish yourself to your clients.
In this book, you'll learn advanced techniques to attack Windows environments from the indispensable toolkit that is Kali Linux. We'll work through core network hacking concepts and advanced Windows exploitation techniques, such as stack and heap overflows, precision heap spraying, and kernel exploitation, using coding principles that allow you to leverage powerful Python scripts and shellcode.
We'll wrap up with post-exploitation strategies that enable you to go deeper and keep your access. Finally, we'll introduce kernel hacking fundamentals and fuzzing testing, so you can discover vulnerabilities and write custom exploits.
By the end of this book, you'll be well-versed in identifying vulnerabilities within the Windows OS and developing the desired solutions for them.
▶What You Will Learn
⦁ Get to know advanced pen testing techniques with Kali Linux
⦁ Gain an understanding of Kali Linux tools and methods from behind the scenes
⦁ See how to use Kali Linux at an advanced level
⦁ Understand the exploitation of Windows kernel drivers
⦁ Understand advanced Windows concepts and protections, and how to bypass them using Kali Linux
⦁ Discover Windows exploitation techniques, such as stack and heap overflows and kernel exploitation, through coding principles
▶Key Features
⦁ Identify the vulnerabilities in your system using Kali Linux 2018.02
⦁ Discover the art of exploiting Windows kernel drivers
⦁ Get to know several bypassing techniques to gain control of your Windows environment
▶Who This Book Is For
This book is for penetration testers, ethical hackers, and individuals breaking into the pentesting role after demonstrating an advanced skill in boot camps. Prior experience with Windows exploitation, Kali Linux, and some Windows debugging tools is necessary
▶What this book covers
⦁ Chapter 1, Bypassing Network Access Control, focuses on getting a foothold in the network. Network Access Control systems, or NACs, rely on certain detection technology –. this chapter will review them and how they work at a low level.
⦁ Chapter 2, Sniffing and Spoofing, will discuss advanced Wireshark techniques to give the reader practical experience in low-level traffic analysis. The reader will then learn applied network-spoofing attacks, focusing on layer-2 poisoning attacks and DNS spoofing.
⦁ Chapter 3, Windows Passwords on the Network, demonstrates advanced Windows password attacks. The chapter reviews how Windows passwords are carried over the network and then provides practical demonstrations of capturing, understanding, and cracking Windows passwords to gain access.
⦁ Chapter 4, Advanced Network Attacks, ties together the network-hacking portion with coverage of advanced concepts. We cover software-update hijacking, SSL stripping, and routers. A discussion of IPv6 is included along with practical demonstrations of using Kali to attack IPv6 implementations.
⦁ Chapter 5, Cryptography and the Penetration Tester, discusses cryptographic system implementations and practical attacks against them. Attacking message integrity via bitflipping is demonstrated against the AES implementation of cipher block chaining. We also look at length-extension attacks and run through a demonstration of how they work. Another demonstration of an attack against confidentiality will be given with a paddingoracle attack using Kali.
⦁ Chapter 6, Advanced Exploitation with Metasploit, will take the reader to the next level with the standard attack framework in every pen tester's toolkit: Metasploit. The finer points of exploits in Metasploit are discussed, including working with the payload generator, metamodules, and building custom modules. Attacks will be demonstrated while organizing them with Metasploit's task automation features.
⦁ Chapter 7, Stack and Heap –. Memory Management, guides the reader through understanding memory management for practical application to pen testing. An introduction to stack overflow attacks is demonstrated step by step. The reader will use a debugger to develop exploitation opportunity from finding software bugs.
⦁ Chapter 8, Windows Kernel Security, guides the reader through understanding and attacking the other side of the Windows virtual address space: the kernel. The reader will understand the fundamentals of kernel exploitation, including context switching and the use of the scheduler to inform race condition attacks, and vulnerabilities that the hacker seeks to exploit, including pointer issues, such as NULL pointer dereferencing and corrupted pointers.
⦁ Chapter 9, Weaponizing Python, is a crash course in Python to bring the reader to a level of understanding that will facilitate pen testing tasks with Python modules. Some of the techniques covered that can be transformed into pen testing tools include network analysis with Python and Scapy.
⦁ Chapter 10, Windows Shellcoding, will step through stack-protection mechanisms of the Windows OS and demonstrate practical bypass methods. We demonstrate heap spraying with step-by-step explanations, as well as exploit creation.
⦁ Chapter 11, Bypassing Protections with ROP, will guide the reader through understanding Windows memory protection mechanisms and bypassing them with Return-Oriented Programming (ROP). The mechanisms discussed are Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). The reader will understand the core assembly mechanisms that allow ROP to work, building on knowledge of memory management from other chapters.
⦁ Chapter 12, Fuzzing Techniques, guides the reader through practical fuzzing techniques. The reader will understand the core principle and will be able to understand what's happening at a low memory-management level. The reader will have hands-on experience with trial and error fuzzing applications. From there, we will move on to more advanced fuzzing techniques, such as protocol fuzzing.
⦁ Chapter 13, Going Beyond the Foothold, explores the post-exploitation modules of Metasploit. The Windows post modules are introduced and practically demonstrated so the reader will know how to capture keystrokes from a compromised Windows host, scan the network for new targets, and learn and exploit trust relationships to complete the pivot. We then cover enumeration on the compromised Windows host to inform post-exploitation efforts.
⦁ Chapter 14, Taking PowerShell to the Next Level, guides the reader through PowerShell fundamentals with hands-on examples, and then moves on to offensive PowerShell techniques. Post-exploitation with the PowerShell Empire framework on Kali is explained and demonstrated in practical hands-on examples.
⦁ Chapter 15, Escalating Privileges, steps through Metasploit and PS Empire techniques while analyzing the core mechanisms, including duplication of tokens and named pipe impersonation. The reader will review local exploit options, a method for attacking Active Directory credentials on a domain controller, and a technique that leverages the Windows Management Instrumentation Command line (WMIC).
⦁ Chapter 16, Maintaining Access, guides the reader through a series of hands-on demonstrations of access maintenance via backdoors using tools such as Netcat. Metasploit, PS Empire, and PowerSploit persistence abilities are also discussed and demonstrated.
⦁ Chapter 17, Tips and Tricks, provides a brief discussion of virtualization on Windows to assist the reader in setting up a hacking lab with some hints on advanced virtual network configuration.
