Penetration Test - Survey the Target(10)
Common Attack Techniques
Common Attack Techniques
- Some Windows exploits can be run in Linux
- Cross-compiling code
- Compile exploit for another OS
- https://www.hackingtutorials.org/exploit-tutorials/mingw-w64-how-to-compile-windows-exploits-on-kali-linux/
Changing exploit code can change the fingerprint of the exploit/
- Exploit modification
- May need to modify for success of evasion
- Exploit chaining
- Compromise one device/system to gain access to another
- Proof-of-concept development
- Exploit development
- Social engineering
- Help me
- Urgent
- Deceptive
- Credential brute forcing
- Brute force attacks can be time intensive
- Enlightened Attacks
- Dictionary
- Passwords are normally stored in a hash.
- Hash value - text encrypted using a hash function.
- Rainbow table
- Dictionary
QUICK REVIEW
- Some exploits may need "tweaking" to work in your tests
- Be able to recognize exploit chaining
- Many exploits involve some social engineering
- Credential attacks are time consuming and are rarely carried out as pure brute force attacks.
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。