Kali Linux CTF Blueprints


Kali Linux CTF Blueprints
eBook: $21.99
Formats: PDF, PacktLib, ePub and Mobi formats
$17.59
save 20%!
Print + free eBook + free PacktLib access to the book: $57.98    Print cover: $35.99
$28.79
save 50%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Put the skills of the experts to the test with these tough and customisable pentesting projects
  • Develop each challenge to suit your specific training, testing, or client engagement needs
  • Hone your skills, from wireless attacks to social engineering, without the need to access live systems

Book Details

Language : English
Paperback : 190 pages [ 235mm x 191mm ]
Release Date : July 2014
ISBN : 1783985984
ISBN 13 : 9781783985982
Author(s) : Cameron Buchanan
Topics and Technologies : All Books, Open Source


Table of Contents

Preface
Chapter 1: Microsoft Environments
Chapter 2: Linux Environments
Chapter 3: Wireless and Mobile
Chapter 4: Social Engineering
Chapter 5: Cryptographic Projects
Chapter 6: Red Teaming
Appendix
Index
  • Chapter 1: Microsoft Environments
    • Creating a vulnerable machine
      • Securing a machine
    • Creating a secure network
      • Basic requirements
      • Setting up a Linux network
      • Setting up a Windows network
    • Hosting vulnerabilities
    • Scenario 1 – warming Adobe ColdFusion
      • Setup
      • Variations
    • Scenario 2 – making a mess with MSSQL
      • Setup
      • Variations
    • Scenario 3 – trivializing TFTP
      • Vulnerabilities
    • Flag placement and design
      • Testing your flags
        • Making the flag too easy
        • Making your finding too hard
      • Alternate ideas
    • Post exploitation and pivoting
    • Exploitation guides
      • Scenario 1 – traverse the directories like it ain't no thing
      • Scenario 2 – your database is bad and you should feel bad
      • Scenario 3 – TFTP is holier than the Pope
    • Challenge modes
    • Summary
  • Chapter 2: Linux Environments
    • Differences between Linux and Microsoft
      • Setup
    • Scenario 1 – learn Samba and other dance forms
      • Setup
      • Configuration
      • Testing
      • Variations
        • Information disclosure
        • File upload
    • Scenario 2 – turning on a LAMP
      • Setup
      • The PHP
      • Variations
        • Out-of-date versions
        • Login bypass
        • SQL injection
        • Dangerous PHP
        • PHPMyAdmin
    • Scenario 3 – destructible distros
      • Setup
      • Variations
    • Scenario 4 – tearing it up with Telnet
      • Setup
      • Variations
        • Default credentials
        • Buffer overflows
    • Flag placement and design
    • Exploitation guides
      • Scenario 1 – smashing Samba
      • Scenario 2 – exploiting XAMPP
      • Scenario 3 – liking a privilege
      • Scenario 4 – tampering with Telnet
    • Summary
  • Chapter 3: Wireless and Mobile
    • Wireless environment setup
      • Software
      • Hardware
    • Scenario 1 – WEP, that's me done for the day
      • Code setup
      • Network setup
    • Scenario 2 – WPA-2
      • Setup
    • Scenario 3 – pick up the phone
      • Setup
      • Important things to remember
    • Exploitation guides
      • Scenario 1 – rescue the WEP key
      • Scenario 2 – potentiating partial passwords
      • Scenario 3.1 – be a geodude with geotagging
      • Scenario 3.2 – ghost in the machine or man in the middle
      • Scenario 3.3 – DNS spoof your friends for fun and profit
    • Summary
  • Chapter 4: Social Engineering
    • Scenario 1 – maxss your haxss
      • Code setup
    • Scenario 2 – social engineering: do no evil
      • Setup
      • Variations
    • Scenario 3 – hunting rabbits
      • Core principles
      • Potential avenues
      • Connecting methods
      • Creating an OSINT target
    • Scenario 4 – I am a Stegosaurus
      • Visual steganography
    • Exploitation guides
      • Scenario 1 – cookie theft for fun and profit
      • Scenario 2 – social engineering tips
      • Scenario 3 – exploitation guide
      • Scenario 4 – exploitation guide
    • Summary
  • Chapter 5: Cryptographic Projects
    • Crypto jargon
    • Scenario 1 – encode-ageddon
      • Generic encoding types
      • Random encoding types
    • Scenario 2 – encode + Python = merry hell
      • Setup
      • Substitution cipher variations
    • Scenario 3 – RC4, my god, what are you doing?
      • Setup
      • Implementations
    • Scenario 4 – Hishashin
      • Setup
      • Hashing variations
    • Scenario 5 – because Heartbleed didn't get enough publicity as it is
      • Setup
      • Variations
    • Exploitation guides
      • Scenario 1 – decode-alypse now
      • Scenario 2 – trans subs and other things that look awkward in your history
        • Automatic methods
      • Scenario 3 – was that a 1 or a 0 or a 1?
      • Scenario 4 – hash outside of Colorado
      • Scenario 5 – bleeding hearts
    • Summary
  • Chapter 6: Red Teaming
    • Chapter guide
    • Scoring systems
    • Setting scenarios
    • Reporting
      • Reporting example
      • Reporting explanation
    • CTF-style variations
      • DEFCON game
      • Physical components
      • Attack and defense
      • Jeopardy
    • Scenario 1 – ladders, why did it have to be ladders?
      • Network diagram
      • Brief
      • Setting up virtual machines
        • DMZ
        • missileman
        • secret1
        • secret2
        • secret3
      • Attack guide
      • Variations
      • Dummy devices
      • Combined OSINT trail
      • The missile base scenario summary
    • Scenario 2 – that's no network, it's a space station
      • Network diagram
      • Brief
      • Setting up a basic network
        • Attack of the clones
      • Customizing cloned VMs
        • Workstation1
        • Workstation2
        • Workstation3
        • Workstation4
        • Workstation5
      • Attack guide
      • Variations
      • The network base scenario summary
    • Summary
  • Appendix
    • Further reading
      • Recommended competitions
      • Existing vulnerable VMs

Cameron Buchanan

Cameron Buchanan is a penetration tester by trade and a writer in his spare time. He has performed penetration tests around the world for a variety of clients across many industries. Previously, he was a member of the RAF. He enjoys doing stupid things, such as trying to make things fly, getting electrocuted, and dunking himself in freezing cold water in his spare time. He is married and lives in London.

Sorry, we don't have any reviews for this title yet.

Code Downloads

Download the code and support files for this book.


Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Kali Linux CTF Blueprints +    NHibernate 3.0 Cookbook =
50% Off
the second eBook
Price for both: €25.85

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Set up vulnerable services for both Windows and Linux
  • Create dummy accounts for social engineering manipulation
  • Set up Heartbleed replication for vulnerable SSL servers
  • Develop full-size labs to challenge current and potential testers
  • Construct scenarios that can be applied to Capture the Flag style challenges
  • Add physical components to your scenarios and fire USB missile launchers at your opponents
  • Challenge your own projects with a best-practice exploit guide to each scenario

In Detail

As attackers develop more effective and complex ways to compromise computerized systems, penetration testing skills and tools are in high demand. A tester must have varied skills to combat these threats or fall behind. This book provides practical and customizable guides to set up a variety of exciting challenge projects that can then be tested with Kali Linux.

Learn how to create, customize, and exploit penetration testing scenarios and assault courses. Start by building flawed fortresses for Windows and Linux servers, allowing your testers to exploit common and not-so-common vulnerabilities to break down the gates and storm the walls. Mimic the human element with practical examples of social engineering projects. Facilitate vulnerable wireless and mobile installations and cryptographic weaknesses, and replicate the Heartbleed vulnerability. Finally, combine your skills and work to create a full red-team assessment environment that mimics the sort of corporate network encountered in the field.

Approach

Taking a highly practical approach and a playful tone, Kali Linux CTF Blueprints provides step-by-step guides to setting up vulnerabilities, in-depth guidance to exploiting them, and a variety of advice and ideas to build and customize your own challenges.

Who this book is for

If you are a penetration testing team leader or individual who wishes to challenge yourself or your friends in the creation of penetration testing assault courses, this is the book for you. The book assumes a basic level of penetration skills and familiarity with the Kali Linux operating system.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software