For many years I have been using GNU/Linux, both for personal computing as well as system administration of servers. While I do enjoy exploit/privilege escalation on *nix machines, I have a much harder time on Windows since I lack the in-depth system knowledge to do so. I’ve looked at books about “Windows Pentesting”, but most of the time it explains how to use metasploit etc etc, which isn’t really the type of knowledge I feel I need.
In order to enumerate a system for privilege escalation (and to a slightly lesser extent for getting a foothold etc…) it seems knowledge of the architecture is required, the way the system has been configured… Does anyone have good books/resources to become more knowledgeable on these? I feel in order to do a good enumeration someone needs to have at least solid basics of the system/app that is being investigated, otherwise it just becomes script kiddie pretty quick.
These are good to cover the possibilities, but I still feel like I’m missing the in-depth how and why on these. I feel like I need to find the right 1000-page book to read so that in my head Windows is less mystical than it currently is lol.
Yes I did. It was incredibly demanding. It did bring a lot of background knowledge that is impossible to remember and needs to be organized in flowcharts/cheatsheets/procedures/whatever.
just remember buying a hard cover or soft cover is not always necessary when researchers offer up real world red team payloads like this and ways to expand
I am not against buying books I own allot I love books
but when it comes to the ever changing world of security I will stick to good old red team blogs etc
Thanks and sure I agree there will always be a need for cheatsheets and blog posts on exploits and vulnerabilities discovered, which is the most important, of course. Having some background in some technology doesn’t really make you an expert at the security side of it. However, not having any background into something can be an issue too, especially if exploits need to be customized etc … It can also make your life easier and help you spot vulnerabilities without having to do as much guessing work. That’s just my personal experience and why I think you have certain positions advertised as “Pentester with an application developer background” or “XYZ with a network engineering background.” etc… Broad/Specific knowledge really helps to “feel a box” as well.