Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On Penetration Testing on Windows Unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis

Product type Paperback

Published in Jul 2018

Publisher Packt

ISBN-13 9781788295666

Length 452 pages

Edition 1st Edition

Languages

PowerShell

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Phil Bramwell

View More author details

Table of Contents (19) Chapters

1. Bypassing Network Access Control

2. Sniffing and Spoofing FREE CHAPTER

3. Windows Passwords on the Network

4. Advanced Network Attacks

5. Cryptography and the Penetration Tester

6. Advanced Exploitation with Metasploit

7. Stack and Heap Memory Management

8. Windows Kernel Security

9. Weaponizing Python

10. Windows Shellcoding

11. Bypassing Protections with ROP

12. Fuzzing Techniques

13. Going Beyond the Foothold

14. Taking PowerShell to the Next Level

15. Escalating Privileges

16. Maintaining Access

17. Tips and Tricks

18. Assessment

19. Other Books You May Enjoy

Leave a review - let other readers know what you think

Summary

In this chapter, we explored some basic cryptography attacks. We started with cipher block chaining bit-flipping and learned how to modify the initialization vector in a predictable fashion. Once this was demonstrated, we leveraged the information to compromise the lab server. We then explored hash length extension attacks, exploiting flaws in message verification methods by leveraging the core compression functionality of the hash algorithm to produce an attacking hash that will pass verification. To prepare for this demonstration, we installed a powerful web and database server stack on Kali to host a vulnerable web app for legal study and testing in our home lab. We exploited the same lab environment in the final section on padding oracle attacks, which built upon the core knowledge introduced earlier in the book.

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Phil Bramwell

Phil Bramwell, CISSP has been tinkering with gadgets since he was a kid in the 1980s. After obtaining the Certified Ethical Hacker and Certified Expert Penetration Tester certifications in 2004 and a Bachelors of Applied Science in Computer Security from Davenport University in 2007, Phil was a security engineer and consultant who conducted Common Criteria, FIPS, and PCI-DSS assessments, GDPR consulting for a firm in the UK, and social engineering and penetration testing for banks, governments, and universities throughout the USA. After specializing in antimalware analysis and security operations, Phil is now a penetration tester for a Fortune 100 automobile manufacturer. Phil is based in the Metro Detroit area.

See other products by Phil Bramwell