Gaining access
It is in this phase that pen testers try to get a foothold into the company's internal network. Nowadays, spear-phishing seems to a very common and effective way of accomplishing this. A well-crafted spear-phishing campaign can be launched against the company and create a convincing scenario based on the information gathered during the reconnaissance phase.
Gaining access can also include using exploits/credentials on a remote service to log into a system and then execute a payload.
Metasploit and PowerShell Empire can aid in this as they both create payloads, also known as stagers. Once the stager is executed on the target, it runs in memory. This style leaves very little forensic evidence behind. The other case is pushing a binary to the remote system and executing the binary via the command line, which can be equally effective. This approach is faster and doesn't rely on an internet download to be successful.
- 網(wǎng)絡(luò)安全保障能力研究
- 零信任網(wǎng)絡(luò):在不可信網(wǎng)絡(luò)中構(gòu)建安全系統(tǒng)
- 大型互聯(lián)網(wǎng)企業(yè)安全架構(gòu)
- 計(jì)算機(jī)病毒分析與防范大全(第3版)
- Enterprise Cloud Security and Governance
- 數(shù)字安全藍(lán)皮書(shū):本質(zhì)屬性與重要特征
- Preventing Digital Extortion
- 代碼審計(jì):企業(yè)級(jí)Web代碼安全架構(gòu)
- API攻防:Web API安全指南
- Testing and Securing Android Studio Applications
- 局域網(wǎng)交換機(jī)安全
- 從0到1:CTFer成長(zhǎng)之路
- 物聯(lián)網(wǎng)安全滲透測(cè)試技術(shù)
- 云計(jì)算安全技術(shù)與應(yīng)用
- 隱私保護(hù)機(jī)器學(xué)習(xí)