Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Python for Offensive PenTest

You're reading from   Python for Offensive PenTest A practical guide to ethical hacking and penetration testing using Python

Arrow left icon
Product type Paperback
Published in Apr 2018
Publisher Packt
ISBN-13 9781788838979
Length 176 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Hussam Khrais Hussam Khrais
Author Profile Icon Hussam Khrais
Hussam Khrais
Arrow right icon
View More author details
Toc

Table of Contents (8) Chapters Close

Preface 1. Warming up – Your First Antivirus-Free Persistence Shell 2. Advanced Scriptable Shell FREE CHAPTER 3. Password Hacking 4. Catch Me If You Can! 5. Miscellaneous Fun in Windows 6. Abuse of Cryptography by Malware 7. Other Books You May Enjoy

Countermeasures

In this section, we will see how we can protect ourselves from the attacks we explained in this chapter. Now, if we think about it for a second: How could the attacker reach our internal host to begin with? Well, we rely on a social engineering attack along with a client-side attack to make it happen. The main key defense here is to start by securing people as they are the weakest points in the whole system. So you've got to start securing your staff on a regular basis with some management enforcement. Next, you should never rely on antivirus software, a sandbox, or VMware, as modern malware has built-in mechanisms to protect itself from being detected. Also, you should stay away from any suspicious software, especially cracked files. Before you install any software,if it was a legitimate software, verify file integrity using MD5 or the sha1 algorithm. If possible, use Data Leaking Prevention (DLP) to detect any file transfer on the endpoint or in the network transit path. Also, as a best practice, you can install something called Host-Based Intrusion Detection System (HIDS) to collect the operating system logs and notice any modification that is happening on the operating system logs. If possible, create a whitelist, and limit which process is allowed to run on the operating system. During the security awareness session, always inform nontechnical people to report any phishing email or suspicious files to the network security team or to the security operator or analyst.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime