ABSTRACT
This chapter presents various client side exploitation techniques that can be used in a penetration test. Client side exploits are useful in the cases where the victim is behind a router, Nat or firewall, or anything not directly reachable to hacker. The chapter discusses the some of the client side exploitation methods: E-mails leading to malicious attachments, E-mails leading to malicious links, compromising client side update and malware loaded on USB sticks. It discusses creating a custom executable and sending it to the victim and talks about some of the PDF attacks. PDF hacking and PDF reconnaissance are most of the times ignored by penetration testers, even those at an advanced level. The language of PDF is very descriptive, which gives us a wide variety of attack surface. Lots of penetration testers are unaware of the power of PDFs and their effectiveness in penetration tests.
