book

Python for Cybersecurity

by Howard E. Poston, III

March 2022

Intermediate to advanced

240 pages

5h 13m

English

Wiley

Read now

Unlock full access

How This Book Is OrganizedTools You Will NeedFrom Here
Active ScanningSearch Open Technical DatabasesSummarySuggested Exercises
Valid AccountsReplication Through Removable MediaSummarySuggested Exercises
Windows Management InstrumentationScheduled Task/JobSummarySuggested Exercises
Boot or Logon Autostart ExecutionHijack Execution FlowSummarySuggested Exercises
Boot or Logon Initialization ScriptsHijack Execution FlowSummarySuggested Exercises
Impair DefensesHide ArtifactsSummarySuggested Exercises
Credentials from Password StoresNetwork SniffingSummarySuggested Exercises

Account DiscoveryFile and Directory DiscoverySummarySuggested Exercises
Remote ServicesUse Alternative Authentication MaterialSummarySuggested Exercises
Clipboard DataEmail CollectionSummarySuggested Exercises
Encrypted ChannelProtocol TunnelingSummarySuggested Exercises
Alternative ProtocolsNon-Application Layer ProtocolsSummarySuggested Exercises
Data Encrypted for ImpactAccount Access RemovalSummarySuggested Exercises
Acknowledgments

Content preview from Python for Cybersecurity

CHAPTER 9Moving Laterally

The MITRE ATT&CK stages to date have largely been focused on gaining an initial foothold on a target system and collecting the information available from it. In this chapter, we start looking at how to expand this foothold and move laterally through the target network to achieve our overall goals.

Lateral Movement is one of the smallest tactics of the MITRE ATT&CK framework. As shown in Figure 9.1, it has nine techniques and a total of 18 subtechniques.

Snapshot of MITRE ATT&CK: Lateral Movement — Figure 9.1: MITRE ATT&CK: Lateral Movement

In this chapter, we will focus on the Remote Services and Use Alternate Authentication Material techniques. More specifically, we'll look at how we can use Python to take advantage of network file shares on Windows and to steal web session cookies from browsers.

The code sample archive for this chapter can be found at https://www.wiley.com/go/pythonforcybersecurity and contains the following sample code files:

RemoteServices.py
DetectSMB.py
WebSessionCookieHijack.py
CreateFakeCookie.py
DetectDecoyCookies.py

Remote Services

Several different remote services exist to provide users and administrators with remote access to their systems. Some of these services are designed to remotely control a computer, such as RDP and SSH. Others are designed to provide access to certain features or files.

Windows network shares are designed to provide remote access to ...