Advanced Penetration Testing
eBook - ePub

Advanced Penetration Testing

Hacking the World's Most Secure Networks

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Advanced Penetration Testing

Hacking the World's Most Secure Networks

Book details
Book preview
Table of contents
Citations

About This Book

Build a better defense against motivated, organized, professional attacks

Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.

Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network.

  • Use targeted social engineering pretexts to create the initial compromise
  • Leave a command and control structure in place for long-term access
  • Escalate privilege and breach networks, operating systems, and trust structures
  • Infiltrate further using harvested credentials while expanding control

Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Advanced Penetration Testing by Wil Allsopp in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2017
ISBN
9781119367666
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Chapter 1
Medical Records (In)security

This first chapter shows how the simplest of attacks can be used to compromise the most secure data, which makes it a logical place to start, particularly as the security of medical data has long been an issue that's keeping the CIOs of hospitals awake at night.

THE “KANE” INCIDENT

The theft or even alteration of patient data had been a looming menace long before Dutchman “Kane” compromised Washington University's Medical Center in 2000. The hospital at the time believed they had successfully detected and cut off the attack, a belief they were rudely disabused of six months later when Kane shared the data he'd taken with Security Focus journalist Kevin Poulsen, who subsequently published an article describing the attack and its consequences. This quickly became global news. Kane was able to stay hidden in the Medical Center networks by allowing his victims to believe they had expelled him. He did this by leaving easily discoverable BO2K Remote Access Trojans (a tool developed by the hacker group, “Cult of the Dead Cow” and popular around the turn of the century) on several of the compromised servers while his own command and control infrastructure was somewhat more discrete. The entire episode is well documented online and I suggest you read up on it, as it is both an excellent example of an early modern APT and a textbook case of how not to deal with an intrusion—procedurally and publicly.
See the original article at http://www.securityfocus.com/news/122

An Introduction to Simulating Advanced Persistent Threat

APT threat modeling is a specific branch of penetration testing where attacks tend to be focused on end users to gain initial network compromise rather than attacking external systems such as web applications or Internet-facing network infrastructure. As an exercise, it tends to be carried out in two main paradigms—preventative, that is, as part of a penetration testing initiative, or postmortem, in order to supplement a post-incident forensics response to understand how an intruder could have obtained access. The vast majority are of the former. APT engagements can be carried out as short-term exercises lasting a couple of weeks or over a long period of time, billed at an hour a day for several months. There are differences of opinion as to which strategy is more effective (and of course it depends on the nature of the target). On one hand a longer period of time allows the modeling to mimic a real-world attack more accurately, but on the other, clients tend to want regular updates when testing is performed in this manner and it tends to defeat the purpose of the test when you get cut off at every hurdle. Different approaches will be examined throughout this book.

Background and Mission Briefing

A hospital in London had been compromised by parties unknown.
That was the sum total of what I knew when I arrived at the red brick campus to discuss the compromise and recommend next actions. After introductions and the usual bad machine coffee that generally accompanies such meetings, we got to the heart of the matter. Our host cryptically said that there was “an anomaly in the prescription medication records system.” I wasn't sure what to make of that, “Was it a Nurse Jackie thing?” I asked. I was rewarded with a look that said “You're not funny and I don't watch Showtime.” She continued, “We discovered that a number of fake patient records had been created that were subsequently used to obtain controlled medications.”
Yes. I'd certainly characterize that as an anomaly.
We discussed the attack and the patient record system further—its pros and cons—and with grim inevitability, it transpired that the attacks had occurred following a drive to move the data to the cloud. The hospital had implemented a turnkey solution from a company called Pharmattix. This was a system that was being rolled out in hospitals across the country to streamline healthcare provision in a cost-effective subscription model.
In essence, the technology looked like Figure 1.1.
Schematic for Pharmattix network flow.
Figure 1.1: Pharmattix network flow
The system had four classes of users (see Figure 1.2):
Schematic for User roles.
Figure 1.2: User roles
  • The MD prescribing the medications
  • The pharmacy dispensing the medications
  • The patients themselves
  • The administrative backend for any other miscellaneous tasks
It's always good to find out what the vendor themselves have to say so that you know what functionality the software provides.

PHARMATTIX MARKETING MATERIAL

We increase the accessibility and the productivity of your practice.
We can provide a professional website with medical information and various forms offering your patients extra service without additional financial overhead. We can deliver all the functionality of your current medical records system and can import your records and deliver a working solution, many times within one working day.
Our full service makes it easy for you as a doctor to maintain your website. Your Pharmattix Doctor Online solution offers a website that allows you to inform patients and can offer additional services, while saving time.
Make your practice and patient management easier with e-consultation and integration with your HIS!
For your website capabilities:
  • Own management environment • Individual pages as team route, appointments, etc. • Hours • NHG Patient Leaflets and letters • MS Office integration • Medical information • Passenger and vaccination information • Various forms (registration, repeat prescriptions, questions) • e-consultation • Online web calendar • A link to the website with your GP Information System (HIS) • Free helpdesk support
  • E-Consultation and HIS integration: Want to communicate over a secure environment with your patients? Through an e-consultation you can. You can increase the accessibility of your practice without losing control. It is also possible to link your HIS to the practice site, allowing patients to make online appointments and request repeat medication. Without the intervention of the assistant!
To learn more, please feel free to contact us!
My goal as a penetration tester will be to target one of the hospital employees in order to subvert the patient records system. It makes sense to target the MDs themselves, as their role in the system permits them to add patients and prescribe medications, which is in essence exactly what we want to do. We know from tech literature that it integrates with MS Office and, given the open nature of the environment we will be attacking, that sounds like an excellent place to start.

WHEN BRUCE SCHNEIER TALKS, IT'S A GOOD IDEA TO LISTEN

“Two-factor authentication isn't our savior. It won't defend against phishing. It's not going to prevent identity theft. It's not going to secure online accounts from fraudulent transactions. It solves the security problems we had 10 years ago, not the security problems we have today.”
Bruce Schneier
Each user role used two-factor authentication; that is to say...

Table of contents

  1. Cover
  2. Title Page
  3. Introduction
  4. Chapter 1: Medical Records (In)security
  5. Chapter 2: Stealing Research
  6. Chapter 3: Twenty-First Century Heist
  7. Chapter 4: Pharma Karma
  8. Chapter 5: Guns and Ammo
  9. Chapter 6: Criminal Intelligence
  10. Chapter 7: War Games
  11. Chapter 8: Hack Journalists
  12. Chapter 9: Northern Exposure
  13. End User License Agreement