The Hacker Playbook 3 Practical Guide To Penetration Testing.pdf

(8875 KB) Pobierz

THE

HACKER

PLAYBOOK

Practical Guide to

Penetration Testing

Red Team Edition

Peter Kim

under United States Copyright Act of 1976, no part of this publication may be

reproduced or distributed in any form or by any means, or stored in a database or

retrieval system, without the prior written permission of the author.

ISBN-13: 978-1980901754

Book design and production by Peter Kim, Secure Planet LLC

Cover design by Ann Le

Edited by Kristen Kim

Publisher: Secure Planet LLC

Published: 1st May 2018

Dedication

To my wife Kristen, our new baby boy, our dog Dexter, and our families.

Thank you for all of your support and patience,

even when you had no clue what I was talking about.

Contents

Preface

Notes and Disclaimer

Introduction

Penetration Testing Teams vs Red Teams

Summary

1 Pregame - The Setup

Assumed Breach Exercises

Setting Up Your Campaign

Setting Up Your External Servers

Tools of the Trade

Metasploit Framework

Cobalt Strike

PowerShell Empire

dnscat2

p0wnedShell

Pupy Shell

PoshC2

Merlin

Nishang

Conclusion

2 Before the Snap - Red Team Recon

Monitoring an Environment

Regular Nmap Diffing

Web Screenshots

Cloud Scanning

Network/Service Search Engines

Manually Parsing SSL Certificates

Subdomain Discovery

Github

Cloud

Emails

Additional Open Source Resources

Conclusion

3 The Throw - Web Application Exploitation

Bug Bounty Programs:

Web Attacks Introduction - Cyber Space Kittens

The Red Team Web Application Attacks

Chat Support Systems Lab

Cyber Space Kittens: Chat Support Systems

Setting Up Your Web Application Hacking Machine

Analyzing a Web Application

Web Discovery

Cross-Site Scripting XSS

Blind XSS

DOM Based XSS

Advanced XSS in NodeJS

XSS to Compromise

NoSQL Injections

Deserialization Attacks

Template Engine Attacks - Template Injections

JavaScript and Remote Code Execution

Server Side Request Forgery (SSRF)

XML eXternal Entities (XXE)

Advanced XXE - Out Of Band (XXE-OOB)

Conclusion

4 The Drive - Compromising the Network

Finding Credentials from Outside the Network

Advanced Lab

Moving Through the Network

Setting Up the Environment - Lab Network

On the Network with No Credentials

Responder

Better Responder (MultiRelay.py)

PowerShell Responder

User Enumeration Without Credentials

Scanning the Network with CrackMapExec (CME)

After Compromising Your Initial Host

Privilege Escalation

Privilege Escalation Lab

Pulling Clear Text Credentials from Memory

Getting Passwords from the Windows Credential Store and Browsers

Getting Local Creds and Information from OSX

Living Off of the Land in a Windows Domain Environment

Service Principal Names

Querying Active Directory

Bloodhound/Sharphound

Moving Laterally - Migrating Processes

Moving Laterally Off Your Initial Host

Lateral Movement with DCOM

Pass-the-Hash

Gaining Credentials from Service Accounts

Dumping the Domain Controller Hashes

Lateral Movement via RDP over the VPS

Pivoting in Linux

Privilege Escalation

Plik z chomika:

kufel_007

Inne pliki z tego folderu:

The IoT Hacker’s A Practical Guide to Hacking the Internet of Things.pdf (18975 KB)
security-cissp-all-in-one-exam-guide-6th-edition.pdf (60183 KB)
ethical-hacking-a-hands-on-introduction-to-breaking-in.pdf (8872 KB)
Mastering Reverse Engineering Re-engineer your ethical hacking skills by Reginald Wong.pdf (14578 KB)
Black-Hat-Go_Go-Programming-For-Hackers-and-Pentesters.pdf (23456 KB)

The Hacker Playbook 3 Practical Guide To Penetration Testing.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: