Often, when testers gain root or internal network access, they are finished with testing (assuming they have the knowledge and toolset to completely compromise the network or enterprise). One of the neglected aspects of penetration testing is bypassing security controls to assess the target organization's prevention and detection techniques. In all penetration testing activities, penetration testers, or attackers, need to understand what renders an exploit ineffective when performing an active attack on the target network or system, bypassing the security controls that are set by the target organization; this is crucial as part of the kill-chain methodology. In this chapter, we will review the different types of security controls in place, identify...
Bypassing Security Controls
"The only thing that stands between you and outrageous success is continuous progress"