Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • The Ultimate Kali Linux Book
  • Toc
  • feedback
The Ultimate Kali Linux Book

The Ultimate Kali Linux Book

By : Glen D. Singh
4.1 (27)
close
The Ultimate Kali Linux Book

The Ultimate Kali Linux Book

4.1 (27)
By: Glen D. Singh

Overview of this book

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks. This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment. By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.
Table of Contents (23 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Share Your Thoughts
1
Section 1: Getting Started with Penetration Testing
Section 1: Getting Started with Penetration Testing
Free Chapter
2
Chapter 1: Introduction to Ethical Hacking
chevron up
Chapter 1: Introduction to Ethical Hacking
Identifying threat actors and their intent
Understanding what matters to threat actors
Discovering cybersecurity terminologies
Exploring the need for penetration testing and its phases
Understanding penetration testing approaches
Exploring hacking phases
Understanding the Cyber Kill Chain framework
Summary
Further reading
3
Chapter 2: Building a Penetration Testing Lab
Chapter 2: Building a Penetration Testing Lab
Technical requirements
Understanding the lab overview and its technologies
Setting up a hypervisor and virtually isolated networks
Setting up and working with Kali Linux
Deploying Metasploitable 2 as a target system
Implementing Metasploitable 3 using Vagrant
Setting up vulnerability web application systems
Summary
Further reading
4
Chapter 3: Setting Up for Advanced Hacking Techniques
Chapter 3: Setting Up for Advanced Hacking Techniques
Technical requirements
Building an AD red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
5
Section 2: Reconnaissance and Network Penetration Testing
Section 2: Reconnaissance and Network Penetration Testing
6
Chapter 4: Reconnaissance and Footprinting
Chapter 4: Reconnaissance and Footprinting
Technical requirements
Understanding the importance of reconnaissance
Understanding passive information gathering
Exploring open source intelligence
Using OSINT strategies to gather intelligence
Summary
Further reading
7
Chapter 5: Exploring Active Information Gathering
Chapter 5: Exploring Active Information Gathering
Technical requirements
Understanding active reconnaissance
Exploring Google hacking strategies
Exploring DNS reconnaissance
Enumerating subdomains
Profiling websites using EyeWitness
Exploring active scanning techniques
Enumerating common network services
Performing user enumeration through noisy authentication controls
Finding data leaks in the cloud
Summary
Further reading
8
Chapter 6: Performing Vulnerability Assessments
Chapter 6: Performing Vulnerability Assessments
Technical requirements
Nessus and its policies
Vulnerability discovery using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
9
Chapter 7: Understanding Network Penetration Testing
Chapter 7: Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and monitoring wireless modes
Summary
Further reading
10
Chapter 8: Performing Network Penetration Testing
Chapter 8: Performing Network Penetration Testing
Technical requirements
Discovering live systems
Profiling a target system
Exploring password-based attacks
Identifying and exploiting vulnerable services
Understanding watering hole attacks
Further reading
11
Section 3: Red Teaming Techniques
Section 3: Red Teaming Techniques
12
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Technical requirements
Post-exploitation using Meterpreter
Data encoding and exfiltration
Understanding MITM and packet sniffing attacks
Summary
Further reading
13
Chapter 10: Working with Active Directory Attacks
Chapter 10: Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
14
Chapter 11: Advanced Active Directory Attacks
Chapter 11: Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
15
Chapter 12: Delving into Command and Control Tactics
Chapter 12: Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
16
Chapter 13: Advanced Wireless Penetration Testing
Chapter 13: Advanced Wireless Penetration Testing
Technical requirements
Introduction to wireless networking
Performing wireless reconnaissance
Compromising WPA and WPA2 networks
Performing AP-less attacks
Exploiting enterprise wireless networks
Creating a Wi-Fi honeypot
Discovering WPA3 attacks
Securing your wireless network
Summary
Further reading
17
Section 4: Social Engineering and Web Application Attacks
Section 4: Social Engineering and Web Application Attacks
18
Chapter 14: Performing Client-Side Attacks – Social Engineering
Chapter 14: Performing Client-Side Attacks – Social Engineering
Technical requirements
Fundamentals of social engineering
Types of social engineering
Defending against social engineering
Planning for each type of social engineering attack
Exploring social engineering tools and techniques
Summary
Further reading
19
Chapter 15: Understanding Website Application Security
Chapter 15: Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
20
Chapter 16: Advanced Website Penetration Testing
Chapter 16: Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Understanding security logging and monitoring failures
Performing server-side request forgery
Automating SQL injection attacks
Understanding cross-site scripting
Performing client-side attacks
Summary
Further reading
21
Chapter 17: Best Practices for the Real World
Chapter 17: Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker's tool bag
Setting up remote access
Next steps ahead
Summary
Further reading
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Discovering cybersecurity terminologies

Throughout your journey in the exciting field of cybersecurity, you will be exposed to various jargon and terminologies that are commonly found in various literature, discussions, and learning resources. As an aspiring penetration tester, it's important you are aware of and understand various key terminologies and how they are related to penetration testing.

The following is a list of the most common terminologies within the cybersecurity industry:

  • Asset – Within the field of cybersecurity, we define an asset as anything that has value to an organization or person. Assets are systems within a network that can be interacted with and potentially expose the network or organization to weaknesses that could be exploited and give hackers a way to escalate their privileges from standard user access to administrator-/root-level access or gain remote access to the network. It is important to mention that assets are not and should not be limited to technical systems. Other forms of assets include humans, physical security controls, and even data that resides within the networks we aim to protect.

    Assets can be broken down into three categories:

    1. Tangible: These are physical things such as networking devices, computer systems, and appliances.
    2. Intangible: These are things that are not in a physical form, such as intellectual property, business plans, data, and records.
    3. People: These are the employees who drive the business or organization. Humans are one of the most vulnerable assets in the field of cybersecurity. Additionally, organizations need to protect their customers' data from being stolen by threat actors.

    As cybersecurity professionals, it's important to be able to identify assets and the potential threats that may cause harm to them.

  • Threat – In the context of cybersecurity, a threat is anything that has the potential to cause harm to a system, network, or person. Whether you're on the offensive or defensive side in cybersecurity, it's important to be able to identify threats. Many organizations around the world face various types of threats each day and their cybersecurity team works around the clock to ensure the organization's assets are safeguarded from threat actors and threats. One of the most exciting, but also overwhelming, aspects of cybersecurity is professionals within the industry always need to stay one step ahead of threat actors to quickly find security weaknesses in systems, networks, and applications, and implement countermeasures to mitigate any potential threats against those assets.

    All organizations have assets that need to be kept safe; an organization's systems, networks, and assets always contain some sort of security weakness that can be taken advantage of by a hacker. Next, we'll dive into understanding what a vulnerability is.

  • Vulnerability – A vulnerability is a weakness or security flaw that exists within technical, physical, or human systems that hackers can exploit in order to gain unauthorized access or control over systems within a network. Common vulnerabilities that exist within organizations include human error (the greatest of vulnerabilities on a global scale), misconfiguration of devices, using weak user credentials, poor programming practices, unpatched operating systems and outdated applications on host systems, using default configurations on systems, and so on.

    A threat actor will look for the lowest-hanging fruits such as the vulnerabilities that are the easiest to be taken advantage of. The same concept applies to penetration testing. During an engagement, the penetration tester will use various techniques and tools to discover vulnerabilities and will attempt to exploit the easy ones before moving to the more complex security flaws on a target system.

  • Exploit – An exploit is the thing, tool, or code that is used to take advantage of a vulnerability on a system. For example, take a hammer, a piece of wood, and a nail. The vulnerability is the soft, permeable nature of wood, and the exploit is the act of hammering the nail into the wood. Once a vulnerability is found on a system, the threat actor or penetration tester will either develop or search for an exploit that is able to take advantage of the security weakness. It's important to understand that the exploit should be tested on a system to ensure it has the potential to be successful when launched by the threat actor. Sometimes, an exploit may work on a system and may not work on another. Hence, seasoned penetration testers will ensure their exploits are tested and graded on their rate of success per vulnerability.
  • Risk – While it may seem like penetration testers are hired to simulate real-world cyber-attacks on a target organization, the goal of such engagements is much deeper than it seems. At the end of the penetration test, the cybersecurity professional will present all the vulnerabilities and possible solutions to help the organization mitigate and reduce the risk of a potential cyber-attack.

    What is risk? Risk is the potential impact that a vulnerability, threat, or asset presents to an organization calculated against all other vulnerabilities, threats, and assets. Evaluating risk helps to determine the likelihood of a specific issue causing a data breach that will cause harm to an organization's finances, reputation, or regulatory compliance. Reducing risk is critical for many organizations. There are many certifications, regulatory standards, and frameworks that are designed to help companies understand, identify, and reduce risks.

  • Zero-day – A zero-day attack is an exploit that is unknown to the world, including the vendor of the product, which means it is unpatched by the vendor. These attacks are commonly used in nation-state attacks, as well as by large criminal organizations. The discovery of a zero-day exploit can be very valuable to ethical hackers and penetration testers, and can earn them a bug bounty. These bounties are fees paid by vendors to security researchers that discover unknown vulnerabilities in their applications.

    Today, many organizations have established a bug bounty program, which allows interested persons who discover a vulnerability within a system of a vendor to report it. The person who reports the vulnerability, usually a zero-day flaw, is given a reward. However, there are hackers who intentionally attempt to exploit a system or network for some sort of personal gain; this is known as the hack value.

During this section, you have discovered various key terminologies that are commonly used within the cybersecurity industry. In the next section, you will explore the various phases of penetration testing.

End of Section 4
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete