Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • The Ultimate Kali Linux Book
  • Toc
  • feedback
The Ultimate Kali Linux Book

The Ultimate Kali Linux Book

By : Glen D. Singh
4.1 (27)
close
The Ultimate Kali Linux Book

The Ultimate Kali Linux Book

4.1 (27)
By: Glen D. Singh

Overview of this book

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks. This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment. By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.
Table of Contents (23 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Share Your Thoughts
1
Section 1: Getting Started with Penetration Testing
Section 1: Getting Started with Penetration Testing
Free Chapter
2
Chapter 1: Introduction to Ethical Hacking
Chapter 1: Introduction to Ethical Hacking
Identifying threat actors and their intent
Understanding what matters to threat actors
Discovering cybersecurity terminologies
Exploring the need for penetration testing and its phases
Understanding penetration testing approaches
Exploring hacking phases
Understanding the Cyber Kill Chain framework
Summary
Further reading
3
Chapter 2: Building a Penetration Testing Lab
Chapter 2: Building a Penetration Testing Lab
Technical requirements
Understanding the lab overview and its technologies
Setting up a hypervisor and virtually isolated networks
Setting up and working with Kali Linux
Deploying Metasploitable 2 as a target system
Implementing Metasploitable 3 using Vagrant
Setting up vulnerability web application systems
Summary
Further reading
4
Chapter 3: Setting Up for Advanced Hacking Techniques
Chapter 3: Setting Up for Advanced Hacking Techniques
Technical requirements
Building an AD red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
5
Section 2: Reconnaissance and Network Penetration Testing
Section 2: Reconnaissance and Network Penetration Testing
6
Chapter 4: Reconnaissance and Footprinting
Chapter 4: Reconnaissance and Footprinting
Technical requirements
Understanding the importance of reconnaissance
Understanding passive information gathering
Exploring open source intelligence
Using OSINT strategies to gather intelligence
Summary
Further reading
7
Chapter 5: Exploring Active Information Gathering
Chapter 5: Exploring Active Information Gathering
Technical requirements
Understanding active reconnaissance
Exploring Google hacking strategies
Exploring DNS reconnaissance
Enumerating subdomains
Profiling websites using EyeWitness
Exploring active scanning techniques
Enumerating common network services
Performing user enumeration through noisy authentication controls
Finding data leaks in the cloud
Summary
Further reading
8
Chapter 6: Performing Vulnerability Assessments
Chapter 6: Performing Vulnerability Assessments
Technical requirements
Nessus and its policies
Vulnerability discovery using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
9
Chapter 7: Understanding Network Penetration Testing
Chapter 7: Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and monitoring wireless modes
Summary
Further reading
10
Chapter 8: Performing Network Penetration Testing
Chapter 8: Performing Network Penetration Testing
Technical requirements
Discovering live systems
Profiling a target system
Exploring password-based attacks
Identifying and exploiting vulnerable services
Understanding watering hole attacks
Further reading
11
Section 3: Red Teaming Techniques
Section 3: Red Teaming Techniques
12
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Technical requirements
Post-exploitation using Meterpreter
Data encoding and exfiltration
Understanding MITM and packet sniffing attacks
Summary
Further reading
13
Chapter 10: Working with Active Directory Attacks
Chapter 10: Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
14
Chapter 11: Advanced Active Directory Attacks
Chapter 11: Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
15
Chapter 12: Delving into Command and Control Tactics
Chapter 12: Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
16
Chapter 13: Advanced Wireless Penetration Testing
Chapter 13: Advanced Wireless Penetration Testing
Technical requirements
Introduction to wireless networking
Performing wireless reconnaissance
Compromising WPA and WPA2 networks
Performing AP-less attacks
Exploiting enterprise wireless networks
Creating a Wi-Fi honeypot
Discovering WPA3 attacks
Securing your wireless network
Summary
Further reading
17
Section 4: Social Engineering and Web Application Attacks
Section 4: Social Engineering and Web Application Attacks
18
Chapter 14: Performing Client-Side Attacks – Social Engineering
Chapter 14: Performing Client-Side Attacks – Social Engineering
Technical requirements
Fundamentals of social engineering
Types of social engineering
Defending against social engineering
Planning for each type of social engineering attack
Exploring social engineering tools and techniques
Summary
Further reading
19
Chapter 15: Understanding Website Application Security
Chapter 15: Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
20
Chapter 16: Advanced Website Penetration Testing
chevron up
Chapter 16: Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Understanding security logging and monitoring failures
Performing server-side request forgery
Automating SQL injection attacks
Understanding cross-site scripting
Performing client-side attacks
Summary
Further reading
21
Chapter 17: Best Practices for the Real World
Chapter 17: Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker's tool bag
Setting up remote access
Next steps ahead
Summary
Further reading
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Performing server-side request forgery

Server-side request forgery (SSRF) is a security vulnerability that's found within web applications that allows a threat actor to retrieve resources from other systems on the network via the vulnerable web application. Imagine you're a threat actor and have discovered a vulnerable web application that allows you to proxy your attacks to other systems on the same network connection, allowing you to perform port scanning and file retrieval.

SSRF is possible when a web application does not validate and sanitize the user-supplied URL during the HTTP request messages. If a threat actor can perform SSRF on a web application that is accessible over the internet, the threat actor can leverage the security flaw and bypass the firewall, access control lists (ACLs), and other security controls implemented by the organization.

In the following lab exercise, you will discover the security risks involved when using a web application that allows...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 7
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete