Chapter 10. Client-Side Exploitation
The vulnerabilities weâve studied so far have been low-hanging fruit, and all have come up on real engagements. Itâs common on penetration tests to find vulnerable services listening on ports, unchanged default passwords, misconfigured web servers, and so on.
However, clients who put a lot of time and effort into their security posture may be free from these kinds of vulnerabilities. They may have all security patches in place; they may periodically audit passwords and remove any that can be easily guessed or cracked. They may control user roles: Regular users may not have administrative rights on their workstations, and any software that is installed is investigated and maintained by the security staff. ...
Get Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
