O'Reilly logo

Advanced Penetration Testing by Wil Allsopp

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8Hack Journalists

In this chapter I want to talk about social engineering—we've talked about it a little throughout the book but now that we're nearing the end I, want to add some depth. Rather than replicate what I've written about in the past, I'd like to discuss a new framework to approach social engineering using what stage mediums and other performers call cold reading.

Additionally, I'll introduce some emerging and extant technologies that are useful when looking for more creative ways to deliver a payload.

Finally, I'll introduce some advanced concepts in C2 agent management that will be vital to understand in an environment where you need to manage a number of agents without utilizing too much of the target's bandwidth.

Briefing

The penultimate target in this book is a major international magazine publishing house. The major concerns coming from management were that the editorial and development process were sloppy from a security perspective and that could lead to an attacker being able to modify publications prior to going to print (this attack could be motiveless mischief or something targeted by activists, and it would be equally expensive to rectify).

This publishing house, like many others, used Adobe Creative Suite tooling for virtually every part of the development process—InDesign for layout, Photoshop for imaging, etc. Again, like a lot of such businesses, they were very much an Apple house and all their people used Macs. Handy information to have. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required