Your journey as an aspiring ethical hacker and penetration tester is only now beginning; you have gained some very amazing hands-on skills throughout the chapters of this book and have learned various techniques while developing the mindset of a penetration tester. Furthermore, you have learned how to use the most popular penetration-testing Linux distribution, Kali Linux, to simulate various real-world cyber attacks to discover and exploit various security vulnerabilities on systems and networks.

While you have learned a lot, there are a few guidelines and tips I would like to share with you before concluding this book. During the course of this chapter, you will learn about various guidelines that should be followed by all penetration testers, the importance of creating a checklist for penetration testing, some cool hacker's gadgets, how to set up remote access to securely access your penetration tester's machine over the...

To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirements:

• Kali Linux 2021.2: https://www.kali.org/get-kali/

Having the skill set of an ethical hacker and penetration tester, you need to be aware of the boundaries between ethical and criminal activities. Remember, performing any intrusive actions using a computing system or network to cause harm to another person, system, or organization is illegal by law. Therefore, penetration testers must follow a code of conduct to ensure they always remain on the ethical side of the law at all times.

Gaining written permission

Before performing a penetration test on a target organization, ensure that you have legal written permission from the organization. If additional permission is required from other authorities, please ensure that you acquire all the legal permission documents. Having legal, written permission is like having a get-out-of-jail-free card as a penetration tester. The tasks performed by a penetration tester involve simulating real-world cyberattacks on a target organization; this means actually...

When performing a penetration test on a system or network, a set of approved or recommended guidelines is used to ensure that the desired outcome is achieved. A penetrating testing methodology usually consists of the following phases:

1. Reconnaissance
2. Scanning and enumeration
3. Vulnerability assessment
4. Exploitation (gaining access)
5. Post-exploitation (maintaining access and pivoting)
6. Reporting

Following such a checklist ensures that the penetration tester completes all tasks for a phase before moving on to the next. In this book, you started with the information-gathering phase and gradually moved on from there. The early chapters covered the early phases of penetration testing and taught you how to obtain sensitive details about a target using various techniques and resources, while the later chapters covered using the information found to gain access to a target using various methods and tools, and establishing persistence...

Being in the field of ethical hacking and penetration testing won't feel complete without creating your very own hacker's tool bag with some very cool gadgets. Having physical tools and gadgets is not always mandatory, but they help when simulating various real-world cyberattacks.

The following is a WiFi Pineapple Nano by Hak5, which allows a penetration tester to perform wireless security testing on both personal and enterprise wireless networks:

Figure 17.1 – WiFi Pineapple Nano

This physical tool allows a penetration tester to attach a battery bank to support power to this handheld portal device, which can fit in your backpack or pocket. You can perform wireless reconnaissance on wireless networks, capture wireless security handshakes, create rogue wireless networks, and more.

Tip

More details on the WiFi Pineapple can be found at https://shop.hak5.org/products/wifi-pineapple.

The following...

As an aspiring penetration tester, you will be given the opportunity to visit your client's location to perform a penetration test on their network. This means you will need to have a dedicated computer for ethical hacking and penetration testing. The following are some of my personal recommendations for setting up your penetrating-testing machine:

• A laptop running a Microsoft Windows operating system that supports Remote Desktop. Keep in mind that Microsoft Windows is a personal choice of mine, but you are free to use any operating system of your personal preference. Ensure there is support for remote access across a network.
• Ensure the laptop supports BitLocker; store all confidential information within the BitLocker drive. If you're using an operating system other than Microsoft Windows, ensure there is support for data encryption.
• Ensure the laptop has a dedicated Graphics Processing Unit (GPU).
• Install Hashcat on the Windows...

Never stop learning – there's always something new to learn within the cybersecurity industry. If you want to further your learning and skills, take a look at the following online resources:

• TryHackMe: https://tryhackme.com/
• Hack The Box: https://www.hackthebox.com/
• RangeForce Community Edition: https://go.rangeforce.com/community-edition-registration

Both TryHackMe and Hack The Box are online platforms that help everyone, from beginners to seasoned professionals, to gain new skills in various fields of cybersecurity. Both platforms allow learners to complete challenges in a gamified environment to earn rewards. Participating and growing your profile on either platform can be used as part of your portfolio when applying for jobs within the cybersecurity industry. At the time of writing this chapter, RangeForce Community Edition is currently free for anyone to register and complete various cybersecurity blue team learning paths....

During the course of this chapter, you have learned about various guidelines that will help you to become a better ethical hacker and penetration tester, and you have also discovered some of the key components of creating a penetration testing checklist, some fun tools for creating a hacker's tool bag, and how to securely access your Kali Linux machine while performing penetration testing.

Lastly, I know the journey of preparing to be an ethical hacker and penetration tester isn't an easy one and there are many challenges along the path on the road to success. I would personally like to thank you very much for your support by purchasing a copy of my book and congratulations on making it to the end while acquiring all these amazing new skills in ethical hacking and penetration-testing techniques and strategies using Kali Linux. I do hope everything you have learned throughout this book has been informative for you and helpful in your journey to becoming super-awesome...

To learn more about the topics covered in this chapter, you can refer to the following links:

• Rules of engagement: https://hub.packtpub.com/penetration-testing-rules-of-engagement/
• Penetration testing methodologies: https://wiki.owasp.org/index.php/Penetration_testing_methodologies
• OWASP Testing Checklist: https://github.com/tanprathan/OWASP-Testing-Checklist
• CyberChef: https://gchq.github.io/CyberChef/
• PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
• Improve your learning with Skill Plans built especially for you
• Get a free eBook or video every month
• Fully searchable for easy access to vital information
• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.