Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux 2018: Assuring Security by Penetration Testing
  • Table Of Contents Toc
  • Feedback & Rating feedback
Kali Linux 2018: Assuring Security by Penetration Testing

Kali Linux 2018: Assuring Security by Penetration Testing

By : Shiva V. N. Parasram, Alex Samm, Boodoo, Gerard Johansen, Allen, Heriyanto, Ali
5 (1)
Buy this Book
close
close
Kali Linux 2018: Assuring Security by Penetration Testing

Kali Linux 2018: Assuring Security by Penetration Testing

5 (1)
By: Shiva V. N. Parasram, Alex Samm, Boodoo, Gerard Johansen, Allen, Heriyanto, Ali

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply the appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in successful penetration testing project engagement. This fourth edition of Kali Linux 2018: Assuring Security by Penetration Testing starts with the installation of Kali Linux. You will be able to create a full test environment to safely practice scanning, vulnerability assessment, and exploitation. You’ll explore the essentials of penetration testing by collecting relevant data on the target network with the use of several footprinting and discovery tools. As you make your way through the chapters, you’ll focus on specific hosts and services via scanning and run vulnerability scans to discover various risks and threats within the target, which can then be exploited. In the concluding chapters, you’ll apply techniques to exploit target systems in order to gain access and find a way to maintain that access. You’ll also discover techniques and tools for assessing and attacking devices that are not physically connected to the network, including wireless networks. By the end of this book, you will be able to use NetHunter, the mobile version of Kali Linux, and write a detailed report based on your findings.
Table of Contents (17 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Installing and Configuring Kali Linux
Installing and Configuring Kali Linux
Technical requirements
Kali Linux tool categories
Downloading Kali Linux
Using Kali Linux
Configuring the virtual machine
Updating Kali Linux
Setting up Kali Linux AMI on Amazon AWS Cloud
Summary
Questions
Further reading
2
Setting Up Your Test Lab
Setting Up Your Test Lab
Technical requirements
Physical or virtual?
Setting up a Windows environment in a VM
Installing vulnerable servers
Installing additional tools in Kali Linux
Network services in Kali Linux
Additional labs and resources
Summary
Questions
Further reading
3
Penetration Testing Methodology
Penetration Testing Methodology
Technical requirements
Penetration testing methodology
General penetration testing framework
Summary
4
Footprinting and Information Gathering
chevron up
Footprinting and Information Gathering
Open Source Intelligence
Using public resources
Querying the domain registration information
Analyzing the DNS records
Getting network routing information
Utilizing the search engine
Google Hacking Database (GHDB)
Metagoofil
Automated footprinting and information gathering tools
Summary
Questions
Further reading
5
Scanning and Evasion Techniques
Scanning and Evasion Techniques
Technical requirements
Starting off with target discovery
Identifying the target machine
OS fingerprinting
Introducing port scanning
Understanding TCP/IP protocol
Understanding TCP and UDP message formats
The network scanner
Scanning with Netdiscover
Automated scanning with Striker
Anonymity using Nipe
Summary
Questions
Further Reading
6
Vulnerability Scanning
Vulnerability Scanning
Technical requirements
Types of vulnerabilities
Vulnerability taxonomy
Automated vulnerability scanning
Summary
Questions
Further reading
7
Social Engineering
Social Engineering
Technical requirements
Modeling human psychology
Attack process
Attack methods
Social Engineering Toolkit
Summary
8
Target Exploitation
Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Writing exploit modules
Summary
9
Privilege Escalation and Maintaining Access
Privilege Escalation and Maintaining Access
Technical requirements
Privilege-escalation
Password-attack tools
Maintaining access
Summary
10
Web Application Testing
Web Application Testing
Technical requirements
Web analysis
Cross-Site Scripting
SQL injection
Command-execution, directory-traversal, and file-inclusion
Summary
Further reading
11
Wireless Penetration Testing
Wireless Penetration Testing
Technical requirements
Wireless networking
Wireless network reconnaissance
Wireless testing tools
Post cracking
Sniffing wireless traffic
Summary
12
Mobile Penetration Testing with Kali NetHunter
Mobile Penetration Testing with Kali NetHunter
Technical requirements
Kali NetHunter
Installing Kali NetHunter
NetHunter icons
NetHunter tools
Third-party Android applications
Wireless attacks
HID attacks
Summary
Questions
Further reading
13
PCI DSS Scanning and Penetration Testing
PCI DSS Scanning and Penetration Testing
PCI DSS v3.2.1 requirement 11.3
Scoping the PCI DSS penetration test
Tools for executing the PCI DSS penetration test
Summary
Questions
Further reading
14
Tools for Penetration Testing Reporting
Tools for Penetration Testing Reporting
Technical requirements
Documentation and results verification
Types of reports
Network penetration testing report
Using the Dradis framework for penetration testing reporting
Penetration testing reporting tools
Summary
Questions
Further reading
15
Assessments
Assessments
Chapter 1 – Assessment answers
Chapter 2 – Assessment answers
Chapter 4 – Assessment answers
Chapter 5 – Assessment answers
Chapter 6 – Assessment answers
Chapter 12 – Assessment answers
Chapter 13 – Assessment answers
Chapter 14 – Assessment answers
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Open Source Intelligence

One of the key terms often associated with information gathering is Open Source Intelligence (OSINT). Military and intelligence organizations divide their intelligence sources into a variety of types. True espionage, involving interaction between spies, is often referred to as Human Intelligence (HUMINT). The capturing of radio signals with the intent of cracking the encryption is called Signals Intelligence (SIGINT). While the penetration tester is not likely to interface with either of these, the information gathering stage is OSINT. OSINT is information derived from sources that have no security controls preventing their disclosure. They are often public records or information that target organizations share as part of their daily operations.

For this information to be of use to the penetration tester, they need specific knowledge and tools to find...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 2
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY