Table of Contents
Chapter 1:The Evolution of Penetration Testing, Red Teaming, and Bug Bounties.. . . . . . . 1
Into the Abyss.. . . . . . . 1
Industry Overview. . . . . . . 5
The Early Days and Evolution of Penetration Testing.. . . 7
The Rise of Red Teaming. . . . . . 9
The Emergence of Bug Bounty Programs.. . . . 10
The Convergence of Penetration Testing, Red Teaming, and Bug Bounties.. 11
The Future of Penetration Testing, Red Teaming, and Bug Bounties. . 12
The Increasing Use of AI and ML in Penetration Testing,
Red Teaming, and Bug Bounties.. . . . . 13
Test Your Skills. . . . . . . 15
Chapter 2 Introduction to Red Teaming.. . . . . 17
What Is Red Teaming?. . . . . . 17
The Importance of Red Teaming. . . . . 18
Red Team Frameworks and Methodologies.. . . . 20
Red Team Engagements.. . . . . . 22
Red Team Challenges.. . . . . . 26
References. . . . . . . 28
Test Your Skills. . . . . . . 30
Chapter 3 Red Team Infrastructure.. . . . . . 33
An Overview of Red Team Infrastructure.. . . . 34
Command and Control.. . . . . . 34
Test Your Skills. . . . . . . 60
Chapter 4 Modern Red Team Methodology and Tools.. . . . 63
Planning.. . . . . . . 64
Reconnaissance. . . . . . . 65
Initial Access.. . . . . . . 81
Persistence.. . . . . . . 96
Lateral Movement. . . . . . . 97
Post-Exploitation. . . . . . . 105
Reporting.. . . . . . . 105
Test Your Skills. . . . . . . 107
Chapter 5 Social Engineering and Physical Assessments. . . 109
Phone Pretexting: Lets Dial into Your Target. . . . 110
Spear Phishing: Time to Reel In Your Target.. . . . 115
Infrastructure.. . . . . . . 116
Formulating Your Email or Instant Message. . . . 128
Execution.. . . . . . . 130
Can You Hear Us from the Inside?. . . . . 131
Test Your Skills. . . . . . . 144
Chapter 6 Advanced Post-Exploitation Techniques.. . . . 147
An Overview of Post-Exploitation. . . . . 148
How to Maintain Access, Use Persistence Mechanisms, and
Create Backdoors.. . . . . . 152
Command and Control (C2) and Covert Channels.. . . 180
How to Perform Lateral Movement. . . . . 186
Legitimate Utilities and Living Off the Land.. . . . 189
Post-Exploitation Privilege Escalation. . . . . 197
Test Your Skills. . . . . . . 202
Chapter 7 Active Directory and Linux Environments.. . . . 207
Active Directory Fundamentals. . . . . 208
Microsoft Entra ID and Azure.. . . . . 223
Active Directory Attack Techniques. . . . . 229
Advanced Linux Environment Attack Techniques. . . 267
Test Your Skills. . . . . . . 277
Chapter 8 The Future of Red Teaming Beyond the AI Revolution.. . 281
Understanding the Current State of AI in Red Teaming.. . . 282
Creating AI-Powered Offensive Security Tools.. . . . 283
Examining Fine-Tuned Uncensored AI Models.. . . . 297
Understanding Retrieval-Augmented Generation (RAG) for Red Teaming.. 299
Red Teaming AI and Autonomous Systems. . . . 313
Keeping Pace with Rapidly Evolving Technologies. . . 322
Test Your Skills. . . . . . . 324
Chapter 9 Introduction to Bug Bounty and Effective Reconnaissance. . 327
Understanding Bug Bounty Programs.. . . . 328
Exploring Effective Reconnaisance.. . . . . 336
Performing Active Reconnaissance. . . . . 377
Understanding the Art of Performing Vulnerability Scans.. . . 396
Performing Web Application and API Recon. . . . 401
Communicating Your Findings and Creating Effective
Bug Bounty Reports.. . . . . . 407
Test Your Skills. . . . . . . 410
Exercises.. . . . . . . 412
Chapter 10 Hacking Modern Web Applications and APIs. . . . 415
Overview of Web Application-Based Attacks, the OWASP
Top 10 for Web Applications, and OWASP Top 10 for LLM Applications. 416
Building Your Own Web Application Lab.. . . . 429
Understanding Business Logic Flaws.. . . . . 430
Understanding Injection-Based Vulnerabilities. . . . 432
Exploiting Authentication-Based Vulnerabilities. . . . 451
Exploiting Authorization-Based Vulnerabilities. . . . 461
Understanding Cross-Site Scripting (XSS) Vulnerabilities.. . . 463
Understanding Cross-Site Request Forgery and Server-Side
Request Forgery Attacks.. . . . . . 472
Understanding Clickjacking.. . . . . 480
Exploiting Security Misconfigurations. . . . . 480
Exploiting File Inclusion Vulnerabilities. . . . 482
Exploiting Insecure Code Practices. . . . . 484
Using Additional Web Application Hacking Tools. . . 488
Test Your Skills. . . . . . . 493
Chapter 11 Automating a Bug Hunt and Leveraging the Power of AI.. . 497
Traditional Bug Hunting Methods. . . . . 498
AI-Powered Automation in Bug Hunting.. . . . 500
AI Model Training, Fine-Tuning, and RAG for Bug Bounties. . . 516
Challenges of Using AI for Bug Bounty Hunting. . . . 521
Test Your Skills. . . . . . . 523
Appendix Answers to Multiple-Choice Questions.. . . . . 527
9780138363611, TOC, 2/18/2025