In this chapter, we took a deep dive into systematic processes for overcoming security controls set by organizations as part of their internal protection. We focused on different types of Network Access Control bypass mechanisms, how to establish a connection to the external world using tunneling, bypassing firewalls, and also learned – on every level of network, application, and operating system controls – how to ensure that our exploits successfully reach the target system. Additionally, we reviewed how to bypass antivirus detection by utilizing veil-evasion and Shellter tools. We also saw how different Windows operating system security controls, such as EMET, UAC, application whitelisting, and other active directory specific controls put in place, can easily be circumvented using the Metasploit framework.
In the next chapter, we will examine various means...
