You're reading from Cybersecurity Attacks ‚Äì Red Team Strategies A practical guide to building a penetration testing program having homefield advantage

Product type Paperback

Published in Mar 2020

Publisher Packt

ISBN-13 9781838828868

Length 524 pages

Edition 1st Edition

Tools

Neo4j

Concepts

Cybersecurity

Author (1):

Johann Rehberger

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Embracing the Red

2. Chapter 1: Establishing an Offensive Security Program FREE CHAPTER

3. Chapter 2: Managing an Offensive Security Team

4. Chapter 3: Measuring an Offensive Security Program

5. Chapter 4: Progressive Red Teaming Operations

6. Section 2: Tactics and Techniques

7. Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases

8. Chapter 6: Building a Comprehensive Knowledge Graph

9. Chapter 7: Hunting for Credentials

10. Chapter 8: Advanced Credential Hunting

11. Chapter 9: Powerful Automation

12. Chapter 10: Protecting the Pen Tester

13. Chapter 11: Traps, Deceptions, and Honeypots

14. Chapter 12: Blue Team Tactics for the Red Team

15. Assessments

16. Another Book You May Enjoy

Leave a review - let other readers know what you think

Understanding COM automation on Windows

Since learning about Windows in the late 90s, I have been fascinated by the automation and binary sharing technologies that Microsoft has created. At onepoint, ActiveX was a powerful piece of technology – although it wasn't so great for security.

The technology that enables these scenarios is called COM. It's a binary interoperability technology. You can write code in C++ and the exposed functionality can then be invoked by any other technology or scripting language that supports COM. This includes languages such as C#, Python, or PowerShell, besides others.

On Windows, a lot of things are implemented as COM objects underneath the surface. HTML rendering (Internet Explorer), Word, Excel, and even the .NET runtime is a COM object. This means that if you have a language that can create and invoke methods on a COM object, you can host the .NET runtime in your own applications. Do you want to run some VBScript? Well, there...