Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Kali Linux for Advanced Penetration Testing
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

By : Vijay Kumar Velu, Robert Beggs
4.4 (8)
Buy this Book
close
close
Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

4.4 (8)
By: Vijay Kumar Velu, Robert Beggs
Buy this Book

Overview of this book

This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters. To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices. Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices.
Table of Contents (16 chapters)
close
close
close
Preface
chevron up
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Icon
Disclaimer
Free Chapter
1
Goal-Based Penetration Testing
Icon
Goal-Based Penetration Testing
Icon
Conceptual overview of security testing
Icon
Misconceptions of vulnerability scanning, penetration testing, and red team exercises
Icon
Objective-based penetration testing
Icon
The testing methodology
Icon
Introduction to Kali Linux – features
Icon
Installing and updating Kali Linux
Icon
Organizing Kali Linux
Icon
Building a verification lab
Icon
Managing collaborative penetration testing using Faraday
Icon
Summary
2
Open Source Intelligence and Passive Reconnaissance
Icon
Open Source Intelligence and Passive Reconnaissance
Icon
Basic principles of reconnaissance
Icon
Google Hacking Database
Icon
Creating custom wordlists for cracking passwords
Icon
Summary
3
Active Reconnaissance of External and Internal Networks
Icon
Active Reconnaissance of External and Internal Networks
Icon
Stealth scanning strategies
Icon
DNS reconnaissance and route mapping
Icon
Employing comprehensive reconnaissance applications
Icon
Identifying the external network infrastructure
Icon
Mapping beyond the firewall
Icon
IDS/IPS identification
Icon
Enumerating hosts
Icon
Port, operating system, and service discovery
Icon
Writing your own port scanner using netcat
Icon
Large-scale scanning
Icon
Summary
4
Vulnerability Assessment
Icon
Vulnerability Assessment
Icon
Vulnerability nomenclature
Icon
Local and online vulnerability databases
Icon
Vulnerability scanning with Nmap
Icon
Web application vulnerability scanners
Icon
Vulnerability scanners for mobile applications
Icon
The OpenVAS network vulnerability scanner
Icon
Commercial vulnerability scanners
Icon
Specialized scanners
Icon
Threat modeling
Icon
Summary
5
Advanced Social Engineering and Physical Security
Icon
Advanced Social Engineering and Physical Security
Icon
Methodology and attack methods
Icon
Physical attacks at the console
Icon
Creating a rogue physical device
Icon
The Social Engineering Toolkit (SET)
Icon
Hiding executables and obfuscating the attacker's URL
Icon
Escalating an attack using DNS redirection
Icon
Launching a phishing attack
Icon
Using bulk transfer as a mode of phishing
Icon
Summary
6
Wireless Attacks
Icon
Wireless Attacks
Icon
Configuring Kali for wireless attacks
Icon
Wireless reconnaissance
Icon
Bypassing a hidden SSID
Icon
Bypassing the MAC address authentication and open authentication
Icon
Attacking WPA and WPA2
Icon
Denial-of-service (DoS) attacks against wireless communications
Icon
Compromising enterprise implementations of WPA/WPA2
Icon
Working with Ghost Phisher
Icon
Summary
7
Exploiting Web-Based Applications
Icon
Exploiting Web-Based Applications
Icon
Web application hacking methodology
Icon
The hacker's mind map
Icon
Reconnaissance of web apps
Icon
Client-side proxies
Icon
Application-specific attacks
Icon
Summary
8
Client-Side Exploitation
Icon
Client-Side Exploitation
Icon
Backdooring executable files
Icon
Attacking a system using hostile scripts
Icon
The Cross-Site Scripting framework
Icon
The Browser Exploitation Framework (BeEF)
Icon
Understanding BeEF Browser
Icon
Summary
9
Bypassing Security Controls
Icon
Bypassing Security Controls
Icon
Bypassing Network Access Control (NAC)
Icon
Bypassing the antivirus with files
Icon
Going fileless and evading antivirus
Icon
Bypassing application-level controls
Icon
Bypassing Windows operating system controls
Icon
Summary
10
Exploitation
Icon
Exploitation
Icon
The Metasploit Framework
Icon
Exploiting targets using MSF
Icon
Exploiting multiple targets using MSF resource files
Icon
Exploiting multiple targets with Armitage
Icon
Using public exploits
Icon
Developing a Windows exploit
Icon
Summary
11
Action on the Objective and Lateral Movement
Icon
Action on the Objective and Lateral Movement
Icon
Activities on the compromised local system
Icon
Horizontal escalation and lateral movement
Icon
Summary
12
Privilege Escalation
Icon
Privilege Escalation
Icon
Overview of the common escalation methodology
Icon
Escalating from domain user to system administrator
Icon
Local system escalation
Icon
Escalating from administrator to system
Icon
Credential harvesting and escalation attacks
Icon
Escalating access rights in Active Directory
Icon
Compromising Kerberos – the golden-ticket attack
Icon
Summary
13
Command and Control
Icon
Command and Control
Icon
Persistence
Icon
Using persistent agents
Icon
Domain fronting
Icon
Exfiltration of data
Icon
Hiding evidence of an attack
Icon
Summary
14
Embedded Devices and RFID Hacking
Icon
Embedded Devices and RFID Hacking
Icon
Embedded systems and hardware architecture
Icon
Firmware unpacking and updating
Icon
Introduction to RouterSploit Framework
Icon
UART
Icon
Cloning RFID using Chameleon Mini
Icon
Summary
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

To get the most out of this book

In order to practice the material presented in this book, you will need virtualization tools such as VMware or VirtualBox.

You will need to download and configure the Kali Linux operating system and its suite of tools. To ensure that it is up to date and that you have all of the tools, you will need an internet connection.

Sadly, not all of the tools on the Kali Linux system will be addressed, since there are just too many of them. The focus of this book is not to overwhelm you with all of the tools and options, but to provide an approach for testing that will give you the opportunity to learn and incorporate new tools as your experiences and knowledge increases over time.

Although most of the examples from this book focus on Microsoft Windows, the methodology and most of the tools are transferable to other operating systems, such as Linux and the other flavors of Unix.

Finally, this book applies Kali to complete the attacker's kill-chain against target systems. For this, you will need a target operating system. Many of the examples in the book use Microsoft Windows 7 and Windows 2008 R2.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

  1. Log in or register at www.packt.com.
  2. Select the SUPPORT tab.
  3. Click on Code Downloads & Errata.
  4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR/7-Zip for Windows
  • Zipeg/iZip/UnRarX for Mac
  • 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Mastering-Kali-Linux-for-Advanced-Penetration-Testing-Third-Edition. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "For example, we have used the netcat command."

A block of code is set as follows:

<!DOCTYPE foo [ <!ENTITY Variable "hello" > ]><somexml><message>&Variable;</message></somexml>

Any command-line input or output is written as follows:

chmod 600 privatekey.pem
ssh -i privatekey.pem ec2-user@amazon-dns-ip

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Right-click on the folder and select the Sharing tab. From this menu, select Share."

Warnings or important notes appear like this.
Tips and tricks appear like this.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY