The Art of Exploitation 

@binarymist 

Effective Attack Techniques for Common Vulnerabilities 

Effective Attack Techniques for Common Vulnerabilities Password Stealing 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

C/- psmsf, PowerSploit & Nishang 

No content

PowerSploit Persistence Techniques: ● PermanentWMI ● ScheduledTask ● Registry At stages: ● AtLogon ● AtStartup ● OnIdle ● Daily ● Hourly ● Specified Time 

Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents 

Countermeasures Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents XSS 

Countermeasures Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents ● NIDS ● AV ● Know Origin 

How the process of Exploitation & Mitigation can & Should fit within Each & Every Sprint 

Red Team 

Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting & Reporting 

Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting & Reporting 

Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting & Reporting 

https://github.com/phage-nz/threatcrawler 

Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting & Reporting 

Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting & Reporting 

Red Team 

Red Team -> Blue Team 

Pen testing @ go live -> within each Sprint 

The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Definition of Done Cheapest Place to Deal with Defects Establish a Security Champion Hand-crafted Penetration Testing Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Security Focussed TDD Security Regression Testing 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Hand-crafted Penetration Testing Security Regression Testing Cheapest Place to Deal with Defects 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Hand-crafted Penetration Testing Security Regression Testing Cheapest Place to Deal with Defects 

5: Identify Risks? This is madness! How can we do that? 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Establish a Security Champion 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Security Regression Testing Hand-crafted Penetration Testing 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Pair Programming 

No content

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Code Review 

Code Review, Static & Dynamic Analysis 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Techniques for Asserting Discipline 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Techniques for Asserting Discipline Static Type Checking DbC https://blog.binarymist.net/2010/10/11/lsp-dbc-and-nets-support/ 

The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Definition of Done Cheapest Place to Deal with Defects Establish a Security Champion Hand-crafted Penetration Testing Consuming Free and Open Source Evil Test Conditions Security Focussed TDD Security Regression Testing Pair Programming Code Review Techniques for Asserting Discipline R isk 

The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Definition of Done Cheapest Place to Deal with Defects Establish a Security Champion Hand-crafted Penetration Testing Consuming Free and Open Source Evil Test Conditions Security Focussed TDD Security Regression Testing Pair Programming Code Review Techniques for Asserting Discipline C ounterm easure 

Consuming Free and Open Source curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash - sudo apt-get install -y nodejs R isk 

Consuming Free and Open Source ● Npm-outdated ● Npm-check ● David ● RetireJS ● NSP ● Snyk Tooling 

The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Definition of Done Establish a Security Champion Hand-crafted Penetration Testing Security Focussed TDD Security Regression Testing Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects 

5: Identify 

5: Identify Risks? Given When Then There are no items in the shopping cart Customer clicks “Purchase” button for a book which is in stock 1 x book is added to shopping cart. Book is held - preventing selling it twice. “ Customer clicks “Purchase” button for a book which is not in stock Dialog with “Out of stock” message is displayed and offering customer option of putting book on back order. 

5: Identify Risks? Given When Then There are no items in the shopping cart User tries to downgrade TLS and the HSTS header is not sent by the server User should be redirected (response 301 status code) to th HTTPS site from the server “ User tries to downgrade TLS and the HSTS header is sent by the server User should be redirected to the HTTP site from the browser (no HTTP traffic for sslstrip to tamper with 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Evil Test Conditions 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Security Focussed TDD 

Definition of Done The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing 

Requirements or design defect found via Product Backlog Item (PBI) collaboration Length of Feedback Cycle Cost Requirements or design defect found in Test Conditions Workshop Programming or design defect found via Pair Programming Programming defect found via Continuous Integration Programming or design defect found via Test Driven Development (T(B)DD) Requirements or design defect found via Stakeholder Participation Defect found via pair Developer Testing Defect found via Independent Review Requirements defect found via traditional Acceptance Testing Programming or design defect found via Pair Review Design defect found via traditional System Testing Programming defect found via traditional System Testing Security defect found via traditional external Penetration Testing 

Requirements or design defect found via Product Backlog Item (PBI) collaboration Length of Feedback Cycle Cost Requirements or design defect found in Test Conditions Workshop Programming or design defect found via Pair Programming Programming defect found via Continuous Integration Programming or design defect found via Test Driven Development (T(B)DD) Requirements or design defect found via Stakeholder Participation Defect found via pair Developer Testing Defect found via Independent Review Requirements defect found via traditional Acceptance Testing Programming or design defect found via Pair Review Design defect found via traditional System Testing Programming defect found via traditional System Testing Security defect found via Security Test Driven Development (STDD) or regression testing 

5: Identify Risks? OK I’m starting to get it But what now? 

Definition of Done The Sprint Security Regression Testing Sprint Planning Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Zap-Api & NodeGoat 

https://leanpub.com/holistic-infosec-for-web-developers https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API 

5: Identify Risks? IoT PhysicalPeople Mobile Cloud VPS Network Web App Network 2: Identify Risks 3: Countermeasures 4: What risks does solution cause? 5: Costs and Trade-offs 1: Asset Identification 

Product Backlog Sprint Backlog Product Backlog items pulled into Sprint to form Increment Forecast 3: Countermeasures 

@binarymist https://leanpub.com/holistic-infosec-for-web-developers https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API