PREVIEW: Best of 2022

Dear PenTest Readers,

We would like to present you with a special edition, composed with the highlights of the articles published in our monthly magazine issues in 2022. If you’re looking for the synthesis of the write-ups that received the best reviews among our readers - here it is!

In “Best of 2022” you will read the top-notch articles on the most relevant topics in the recent months. All of this practical knowledge, presented by the experts in their areas, will still be very helpful in 2023.

Inside you will read about Android Pentesting, Windows Privilege Escalation, WiFi Pentesting tools, internal penetration tests, online games vulnerabilities, cloud security, OT/ICS cybersecurity monitoring, and much more!

This is certainly a condensed compendium of practical cybersecurity tools, techniques, tips, and tricks. Covering a really wide range of topics, every reader is going to be provided with some real treat here.

---

Table of Contents

---

Android Application Pentest

by Gabrielle Botbol

Mobile pentesting is part of the pentester's testing routine. However, it is not widely documented. In the life of a pentester, at one time or another, we have to conduct mobile pentests because the needs are getting bigger. This article deals with an essential part: how to do a setup to test Android applications. I will also present the process of pentesting an Android application and give some practical examples.

---

ETW vs Sysmon Against C2 Servers

by Damon Mohammedbeger

I made some C# codes/tools, which are Open-source in GitHub, and in this article, I want to talk about them one by one and my experience about them for detection against some techniques also against some C2 server. In this article, I do not want to talk about ETW C# Codes or C# programming but I will show you some pictures of research and some test results, so if you’re a Blue-Teamer, you can see how these codes worked for detection and if you are a pentester or a Red-Teamer, you can see, as a pentester you can always make something hopefully useful for the other side, in this case, the Blue-Team side, which is kind of Purple Teaming.

---

WiFi Pentesting with Airodump-ng

by Juan Morales

The purpose of this article is to demonstrate different forms of Wi-Fi network attacks (with permission of course!) using none other than the Aircrack Suite. We will cover a slew of different attacks and capabilities of the Aircrack Suite. For the purposes of demonstration, I will be using an Alfa AWUS036ACH Wi-Fi USB adaptor though you can use any compatible wireless network adaptor that supports monitor and AP modes as well as packet injection. Without further ado, let’s go ahead and demonstrate how we can test different Wi-Fi standards.

---

Understanding Microsoft Office Trusted Locations Workflow and How It Can Be Exploited

by Adam Maraziti

Ronald Reagan once said, “Trust, but verify”. That holds true even for Cybersecurity. We are long past the days of relying on software companies to implement default settings with a security first focus. It is on organizations to review administrative guides, default settings and various best practices to securely configure new and existing software. Even then, some built-in functionality cannot be changed and organizations are forced to get creative with solutions to mitigate the associated risks. Usually, this is more of an issue when a larger software company determines that a security concern is not great enough to warrant a patch or a change in functionality because the product, in most cases, is widely used in the industry, or it is working as intended (as determined by the software company). One such company is Microsoft and its suite of Office products. This article will speak about some advanced topics, however, the user should have enough information within the article to understand the core concepts utilized. The goal is to provide some information on the product, the functionality of the product, an in-depth look at how the software steps through the process, and how this is exploited, including a unique attack chain, and finally, some best practices an organization can utilize to prevent it.

---

Play to Earn or Insecure to Play?

by Marlon Fabiano of CySource

With regards to De-Fi, which enables the delivery of financial services without the need for any intermediary, Dapp enables the creation of decentralized applications based on the blockchain. Taking advantage of this freedom, "NFT games" grew in the shadow of these concepts since anyone could create a game without the need for subject matter experts, such as software development, infrastructure, or even security professionals. But from a security point of view, what does this mean?

---

Cybersecurity Compliance on Cloud

by Almu Gómez Sánchez-Paulete

In a cloud-based architecture with Microsoft Azure, we have multiple tools that will help us in this process (Azure Role Based Access Control, Azure Group Administration, Azure Blueprints...). In this first article, we will talk about Azure Policies and how they can help us monitor the compliance of our infrastructure.

---

Wide-area Packet Capture with PacketStreamer [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]

by Owen Garrett, Deepfence

PacketStreamer is an open source project from Deepfence. It performs distributed packet capture (tcpdump-like) and aggregates the pcap data in a single pcap file. PacketStreamer supports a wide range of environments, including Kubernetes nodes, Docker hosts, Fargate instances and, of course, virtual and bare-metal servers.

---

Building Intuition into Monitoring for OT/ICS Security

by Danielle Jablanski

The current state of Operational Technology and Industrial Control Systems cybersecurity is turning a corner. From decades of admiring hypothetical scenarios, to realizing the significance of very real threats and vulnerabilities that exist across critical infrastructure all over the globe. Recent revelations from Industroyer2 and INCONTROLLER teach us that you can only alert on and potentially catch what you know how to look for in these environments when it comes to Threat Intelligence capabilities.

---

Windows Privilege Escalation: The Concepts of Hijacking Execution Flow

by Jill Kamperides

This article will cover four similar, but different, techniques for escalating privileges on Windows systems. Each technique, at its core, has to do with permissions loopholes and basic program execution, and is more about operating system logic than any intense technical exploitation.

---

Introduction to Internal Penetration Tests

by Dimitris Pallis

On-site visits would require your own dedicated space and access to the client's network through wired ethernet or wireless connection. After that, you would only have to confirm you are assigned with an IP address and you're ready to go. Other measures could be required such as whitelisting your computer's MAC address, but those details should be handled during the scoping process and you'll know beforehand; if you don't, just ask the project manager who will confirm with the client. Most of the time, the client agrees to a remote internal assessment. This could be achieved by providing them with a virtual machine, which the client spins up on their internal network and provides you with the IP address. This machine could include a local Nessus installation and other tools such as Responder and Crackmapexec. Finally, one could use the X2Go client tool to connect to that virtual machine through SSH.