Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Kali Linux for Advanced Penetration Testing
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

By : Vijay Kumar Velu, Robert Beggs
4.4 (8)
Buy this Book
close
close
Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

4.4 (8)
By: Vijay Kumar Velu, Robert Beggs
Buy this Book

Overview of this book

This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters. To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices. Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices.
Table of Contents (16 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Goal-Based Penetration Testing
chevron up
Goal-Based Penetration Testing
Conceptual overview of security testing
Misconceptions of vulnerability scanning, penetration testing, and red team exercises
Objective-based penetration testing
The testing methodology
Introduction to Kali Linux – features
Installing and updating Kali Linux
Organizing Kali Linux
Building a verification lab
Managing collaborative penetration testing using Faraday
Summary
2
Open Source Intelligence and Passive Reconnaissance
Open Source Intelligence and Passive Reconnaissance
Basic principles of reconnaissance
Google Hacking Database
Creating custom wordlists for cracking passwords
Summary
3
Active Reconnaissance of External and Internal Networks
Active Reconnaissance of External and Internal Networks
Stealth scanning strategies
DNS reconnaissance and route mapping
Employing comprehensive reconnaissance applications
Identifying the external network infrastructure
Mapping beyond the firewall
IDS/IPS identification
Enumerating hosts
Port, operating system, and service discovery
Writing your own port scanner using netcat
Large-scale scanning
Summary
4
Vulnerability Assessment
Vulnerability Assessment
Vulnerability nomenclature
Local and online vulnerability databases
Vulnerability scanning with Nmap
Web application vulnerability scanners
Vulnerability scanners for mobile applications
The OpenVAS network vulnerability scanner
Commercial vulnerability scanners
Specialized scanners
Threat modeling
Summary
5
Advanced Social Engineering and Physical Security
Advanced Social Engineering and Physical Security
Methodology and attack methods
Physical attacks at the console
Creating a rogue physical device
The Social Engineering Toolkit (SET)
Hiding executables and obfuscating the attacker's URL
Escalating an attack using DNS redirection
Launching a phishing attack
Using bulk transfer as a mode of phishing
Summary
6
Wireless Attacks
Wireless Attacks
Configuring Kali for wireless attacks
Wireless reconnaissance
Bypassing a hidden SSID
Bypassing the MAC address authentication and open authentication
Attacking WPA and WPA2
Denial-of-service (DoS) attacks against wireless communications
Compromising enterprise implementations of WPA/WPA2
Working with Ghost Phisher
Summary
7
Exploiting Web-Based Applications
Exploiting Web-Based Applications
Web application hacking methodology
The hacker's mind map
Reconnaissance of web apps
Client-side proxies
Application-specific attacks
Summary
8
Client-Side Exploitation
Client-Side Exploitation
Backdooring executable files
Attacking a system using hostile scripts
The Cross-Site Scripting framework
The Browser Exploitation Framework (BeEF)
Understanding BeEF Browser
Summary
9
Bypassing Security Controls
Bypassing Security Controls
Bypassing Network Access Control (NAC)
Bypassing the antivirus with files
Going fileless and evading antivirus
Bypassing application-level controls
Bypassing Windows operating system controls
Summary
10
Exploitation
Exploitation
The Metasploit Framework
Exploiting targets using MSF
Exploiting multiple targets using MSF resource files
Exploiting multiple targets with Armitage
Using public exploits
Developing a Windows exploit
Summary
11
Action on the Objective and Lateral Movement
Action on the Objective and Lateral Movement
Activities on the compromised local system
Horizontal escalation and lateral movement
Summary
12
Privilege Escalation
Privilege Escalation
Overview of the common escalation methodology
Escalating from domain user to system administrator
Local system escalation
Escalating from administrator to system
Credential harvesting and escalation attacks
Escalating access rights in Active Directory
Compromising Kerberos – the golden-ticket attack
Summary
13
Command and Control
Command and Control
Persistence
Using persistent agents
Domain fronting
Exfiltration of data
Hiding evidence of an attack
Summary
14
Embedded Devices and RFID Hacking
Embedded Devices and RFID Hacking
Embedded systems and hardware architecture
Firmware unpacking and updating
Introduction to RouterSploit Framework
UART
Cloning RFID using Chameleon Mini
Summary
15
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Introduction to Kali Linux – features

Kali Linux (Kali) is the successor to the BackTrack penetration testing platform that is generally regarded as the de facto standard package of tools used to facilitate penetration testing to secure data and voice networks. It was developed by Mati Aharoni and Devon Kearns of Offensive Security. 

In 2018, Kali had four major releases—as of December 2018. The Kali 2018.1 release was on Feb 6 2018 with kernel 4.14.13 and Gnome 3.26.2. The Kali 2018.2 rolling release was on April 30 2018 with Kernel 4.15 that beats the Spectre and meltdown vulnerabilities on x64 and x86 machines, and Kali 2018.3 on August 21 2018 just after the Hacker summer camp. This brings the kernel version to 4.17.0 with minimal addition to the kernel and the final release Kali 2018.4 for the year was on Oct 29 2018 with an experimental Raspberry Pi 3 image that supports 64 bit mode and updated packages of other tools.

Some features of the latest Kali include the following:

  • Over 500 advanced penetration testing, data forensics, and defensive tools are included. The majority of the tools are eliminated and replaced by similar tools. They provide extensive wireless support with multiple hardware and kernel patches to permit the packet injection required by some wireless attacks.
  • Support for multiple desktop environments such as KDE, GNOME3, Xfce, MATE, e17, lxde, and i3wm.
  • By default, Kali Linux has Debian-compliant tools that are synchronized with the Debian repositories at least four times daily, making it easier to update packages and apply security fixes.
  • There are secure Development Environment and GPG signed packages and repositories.
  • There's support for ISO customization, allowing users to build their own versions of customized Kali with a limited set of tools, to make it lightweight. The bootstrap function also performs enterprise-wide network installs that can be automated using pre-seed files.
  • Since ARM-based systems have become more prevalent and less expensive, the support for ARMEL and ARMHF in Kali to be installed on devices such as rk3306 mk/ss808, Raspberry Pi, ODROID U2/X2, Samsung Chromebook, EfikaMX, Beaglebone Black, CuBox, and Galaxy Note 10.1 was introduced.
  • Kali always remains an open source project that is free. Most importantly, it is well supported by an active online community.

Role of Kali in red team tactics

While pentesters can prefer any type of operating system to perform their desired activity, usage of Kali Linux saves significant time and prevents the need to search for packages that aren't typically available for other operating systems. Some of the advantages that are not noticed with Kali during a red team are the following:

  • One single source to attack various platforms
  • Quick to add sources and install packages and supporting libraries (especially those that are not available for Windows)
  • Possible to install even the RPM packages with the usage of alien

The purpose of Kali Linux is to secure things and bundle all of the tools to provide a single platform for penetration testers.

End of Section 6
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY