Attack Simulation Techniques and Tools&#8212Known Exploits





Summary

You now have a grasp of known exploits and vulnerabilities on par with a typical attacker. Your vision of how things should get locked down and protected should be getting molded based on what you have just been exposed to. This chapter was intense in that it brought about the convergence of many of the skills and tools you were exposed to earlier in the book. You should now be able to independently research an attack pattern for a given target by using the information others have discovered and published. To recap a bit, you were exposed to the following:

  • Two examples of manually researching and carrying out attacks

  • One example of carrying out an attack via MetaSploit

  • Areas of focus for documentation purposes

  • Some excellent resources for future reference

  • Some commercial tools that operate in the exploit space

By now you have gathered a lot of data for your particular targets. You have attacked the web server and the application manually and with automated tools. You have put the target through the ringer with known and documented exploits that could have been on either the web server or application level, or both, for that matter. The next chapter focuses on attacks on Web services and so it only really applies to targets that operate with Web services technology. If a given target does not, Chapter 9 is next on your path to a complete pen testing effort, which means that it is time to analyze the vulnerabilities discovered and verified and then document them for presentation to the target entity. To some this means the fun work is over, but in a professional endeavor this next step is critical because you now have the burden of documenting proof for all of your claims. Eventually that proof will go to those to whom it means the most.

Previous Section
Next Section


 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows