Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Learn Kali Linux 2019
  • Toc
  • feedback
Learn Kali Linux 2019

Learn Kali Linux 2019

By : Joshua Crumbaugh, Glen D. Singh
4.6 (13)
close
Learn Kali Linux 2019

Learn Kali Linux 2019

4.6 (13)
By: Joshua Crumbaugh, Glen D. Singh

Overview of this book

The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects. Through real-world examples, you’ll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you’ll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you’ll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You’ll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment. By the end of this book, you’ll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity.
Table of Contents (22 chapters)
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Section 1: Kali Linux Basics
Section 1: Kali Linux Basics
2
Introduction to Hacking
Introduction to Hacking
Who is a hacker?
Exploring important terminology
Penetration testing phases
Penetration testing methodologies
Penetration testing approaches
Types of penetration testing
Hacking phases
Summary
Questions
Further reading
3
Setting Up Kali - Part 1
Setting Up Kali - Part 1
Technical requirements
Lab overview
Building our lab
Summary
Questions
Further reading
4
Setting Up Kali - Part 2
Setting Up Kali - Part 2
Technical requirements
Installing Windows as a VM
Installing Ubuntu 8.10
Troubleshooting Kali Linux
Summary
Further reading
5
Getting Comfortable with Kali Linux 2019
Getting Comfortable with Kali Linux 2019
Technical requirements
Understanding Kali Linux
What's new in Kali Linux 2019?
Basics of Kali Linux
Summary
Questions
Further reading
6
Section 2: Reconnaissance
Section 2: Reconnaissance
7
Passive Information Gathering
Passive Information Gathering
Technical requirements
Reconnaissance and footprinting
Understanding passive information gathering
Understanding OSINT
Using the top OSINT tools
Identifying target technology and security controls
Finding data leaks in cloud resources
Understanding Google hacking and search operators
Leveraging whois and copying websites with HTTrack
Finding subdomains using Sublist3r
Summary
Questions
Further reading
8
Active Information Gathering
Active Information Gathering
Technical requirements
Understanding active information gathering
DNS interrogation
Scanning
Nmap
NSE scripts
Zenmap
Hping3
SMB, LDAP enumeration, and null sessions
User enumeration through noisy authentication controls
Web footprints and enumeration with EyeWitness
Metasploit auxiliary modules
Summary
Questions
Further reading
9
Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019
Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019
10
Working with Vulnerability Scanners
Working with Vulnerability Scanners
Technical requirements
Nessus and its policies
Scanning with Nessus
Exporting Nessus results
Analyzing Nessus results
Using web application scanners
Summary
Questions
Further reading
11
Understanding Network Penetration Testing
Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Understanding the MAC address
Connecting a wireless adapter to Kali Linux
Managing and monitoring wireless modes
Summary
Questions
Further reading
12
Network Penetration Testing - Pre-Connection Attacks
Network Penetration Testing - Pre-Connection Attacks
Technical requirements
Getting started with packet sniffing using airodump-ng
Targeted packet sniffing using airodump-ng
Deauthenticating clients on a wireless network
Creating a rogue AP/evil twin
Performing a password spraying attack
Setting up watering hole attacks
Exploiting weak encryption to steal credentials
Summary
Questions
Further reading
13
Network Penetration Testing - Gaining Access
Network Penetration Testing - Gaining Access
Technical requirements
Gaining access
WEP cracking
WPA cracking
Securing your network from the aforementioned attacks
Configuring wireless security settings to secure your network
Exploiting vulnerable perimeter systems with Metasploit
Penetration testing Citrix and RDP-based remote access systems
Plugging PWN boxes and other tools directly into a network
Bypassing NAC
Summary
Questions
Further reading
14
Network Penetration Testing - Post-Connection Attacks
Network Penetration Testing - Post-Connection Attacks
Technical requirements
Gathering information
MITM attacks
Session hijacking
DHCP attacks
Exploiting LLMNR and NetBIOS-NS
WPAD protocol attacks
Wireshark
Escalating privileges
Lateral movement tactics
PowerShell tradecraft
Launching a VLAN hopping attack
Summary
Questions
Further reading
15
Network Penetration Testing - Detection and Security
Network Penetration Testing - Detection and Security
Technical requirements
Using Wireshark to understand ARP
Detecting ARP poisoning attacks
Detecting suspicious activity
MITM remediation techniques
Summary
Questions
Further reading
16
Client-Side Attacks - Social Engineering
Client-Side Attacks - Social Engineering
Technical requirements
Basics of social engineering
Types of social engineering
Defending against social engineering
Recon for social engineering (doxing)
Planning for each type of social engineering attack
Social engineering tools
Summary
Questions
Further reading
17
Performing Website Penetration Testing
Performing Website Penetration Testing
Technical requirements
Information gathering
Cryptography
File upload and file inclusion vulnerabilities
Exploiting file upload vulnerabilities
Exploiting code execution vulnerabilities
Exploiting LFI vulnerabilities
Preventing vulnerabilities
Summary
Questions
Further reading
18
Website Penetration Testing - Gaining Access
Website Penetration Testing - Gaining Access
Technical requirements
Exploring the dangers of SQL injection
SQL injection vulnerabilities and exploitation
Cross-Site Scripting vulnerabilities
Discovering vulnerabilities automatically
Summary
Questions
Further reading
19
Best Practices
Best Practices
Technical requirements
Guidelines for penetration testers
Web application security blueprints and checklists
Summary
Questions
Further reading
20
Assessments
Assessments
Chapter 1: Introduction to Hacking
Chapter 2: Setting Up Kali - Part
Chapter 4: Getting Comfortable with Kali Linux 2019
Chapter 5: Passive Information Gathering
Chapter 6: Active Information Gathering
Chapter 7: Working with Vulnerability Scanners
Chapter 8: Understanding Network Penetration Testing
Chapter 9: Network Penetration Testing - Pre-Connection Attacks
Chapter 10: Network Penetration Testing - Gaining Access
Chapter 11: Network Penetration Testing - Post-Connection Attacks
Chapter 12: Network Penetration Testing - Detection and Security
Chapter 13: Client-Side Attacks - Social Engineering
Chapter 14: Performing Website Penetration Testing
Chapter 15: Website Penetration Testing - Gaining Access
Chapter 16: Best Practices
21
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

What this book covers

Chapter 1, Introduction to Hacking, introduces various types of threat actors and penetration testing methodologies and approaches.

Chapter 2, Setting Up Kali - Part 1, introduces you to virtualization concepts, how to build your own penetration testing lab, how to install Kali Linux, and vulnerable target machines.

Chapter 3, Setting Up Kali - Part 2, focuses on installing and configuring Windows and Ubuntu operating systems and troubleshooting Kali Linux.

Chapter 4, Getting Comfortable with Kali Linux 2019, teaches you about Kali Linux, its features, and commands to enable you to perform various tasks.

Chapter 5, Passive Information Gathering, examines the passive ways to gather information pertaining to the target from Open Source Intelligence (OSINT), which means we will gather information about the target from publicly available resources.

Chapter 6, Active Information Gathering, explains the active ways of gathering information using DNS interrogation, scanning, and enumeration techniques.

Chapter 7, Working with Vulnerability Scanners, explores various network and web vulnerability scanner tools, including Nessus, Nikto, WPScan, and Burp Suite.

Chapter 8, Understanding Network Penetration Testing, covers some basic concepts of wireless penetration testing.

Chapter 9, Network Penetration Testing - Pre-Connection Attacks, explores a wireless hacking tool, aircrack-ng, the basic concept of deauthentication attacks, and how to create fake access points.

Chapter 10, Network Penetration Testing - Gaining Access, covers the basics of gaining access, and how to crack WEP and WPA encryption using dictionary and brute force attacks.

Chapter 11, Network Penetration Testing - Post-Connection Attacks, explores information gathering, how to perform man-in-the-middle attacks, sniffing using Wireshark, elevating privileges, and lateral movement on a network.

Chapter 12, Network Penetration Testing - Detection and Security, explains how to detect an ARP poisoning attack and suspicious activities using Wireshark and packet analysis.

Chapter 13, Client-Side Attacks - Social Engineering, explains various types of social engineering attacks and how to defend against them, while also covering how to create a phishing Facebook page and mitigation techniques.

Chapter 14, Performing Website Penetration Testing, covers the basics of web application penetration testing. Readers will learn about common web-based vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).

Chapter 15, Website Penetration Testing - Gaining Access, explains how to bypass logins using a SQL injection attack, while also providing you with an explanation of reflected and store XSS attacks and how to perform client-side attacks using BeEF.

Chapter 16, Best Practices, provides guidelines for penetration testers and the web application security blueprint to ensure that, after completing this book, the reader has a wealth of knowledge and is able to adapt to good practices in the industry.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete