Mastering Kali Linux for Advanced Penetration Testing

This book will make you an expert in Kali Linux penetration testing. It covers all the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. Full of real-world examples – an indispensable manual.

Mastering Kali Linux for Advanced Penetration Testing

Mastering
Robert W. Beggs

This book will make you an expert in Kali Linux penetration testing. It covers all the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. Full of real-world examples – an indispensable manual.
$32.99
$54.99
RRP $32.99
RRP $54.99
eBook
Print + eBook
$12.99 p/month

Want this title & more? Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.
Code Files
+ Collection
Free sample

Book Details

ISBN 139781782163121
Paperback356 pages

About This Book

  • Conduct realistic and effective security tests on your network
  • Demonstrate how key data systems are stealthily exploited, and learn how to identify attacks against your own systems
  • Use hands-on techniques to take advantage of Kali Linux, the open source framework of security tools

Who This Book Is For

If you are an IT professional or a security consultant who wants to maximize the success of your network testing using some of the advanced features of Kali Linux, then this book is for you. This book will teach you how to become an expert in the pre-engagement, management, and documentation of penetration testing by building on your understanding of Kali Linux and wireless concepts.

Table of Contents

Chapter 1: Starting with Kali Linux
Kali Linux
Configuring network services and secure communications
Updating Kali Linux
Configuring and customizing Kali Linux
Managing third-party applications
Effective management of penetration tests
Summary
Chapter 2: Identifying the Target – Passive Reconnaissance
Basic principles of reconnaissance
Open Source intelligence
DNS reconnaissance and route mapping
Obtaining user information
Profiling users for password lists
Summary
Chapter 3: Active Reconnaissance and Vulnerability Scanning
Stealth scanning strategies
Identifying the network infrastructure
Enumerating hosts
Port, operating system, and service discovery
Employing comprehensive reconnaissance applications
Vulnerability scanning
Summary
Chapter 4: Exploit
Threat modeling
Using online and local vulnerability resources
Exploiting multiple targets with Armitage
Bypassing IDs and antivirus detection
Summary
Chapter 5: Post Exploit – Action on the Objective
Bypassing Windows User Account Control
Conducting a rapid reconnaissance of a compromised system
Finding and taking sensitive data – pillaging the target
Creating additional accounts
Using Metasploit for post-exploit activities
Escalating user privileges on a compromised host
Replaying authentication tokens using incognito
Accessing new accounts with horizontal escalation
Covering your tracks
Summary
Chapter 6: Post Exploit – Persistence
Compromising the existing system and application files for remote access
Using persistent agents
Maintaining persistence with the Metasploit Framework
Creating a standalone persistent agent with Metasploit
Redirecting ports to bypass network controls
Summary
Chapter 7: Physical Attacks and Social Engineering
Social Engineering Toolkit
Using the PowerShell alphanumeric shellcode injection attack
Hiding executables and obfuscating the attacker's URL
Escalating an attack using DNS redirection
Physical access and hostile devices
Summary
Chapter 8: Exploiting Wireless Communications
Configuring Kali for wireless attacks
Wireless reconnaissance
Bypassing a Hidden Service Set Identifier
Bypassing the MAC address authentication
Compromising a WEP encryption
Attacking WPA and WPA2
Cloning an access point
Denial-of-service attacks
Summary
Chapter 9: Reconnaissance and Exploitation of Web-based Applications
Conducting reconnaissance of websites
Vulnerability scanners
Testing security with client-side proxies
Server exploits
Application-specific attacks
Maintaining access with web backdoors
Summary
Chapter 10: Exploiting Remote Access Communications
Exploiting operating system communication protocols
Exploiting third-party remote access applications
Attacking Secure Sockets Layer
Attacking an IPSec Virtual Private Network
Summary
Chapter 11: Client-side Exploitation
Attacking a system using hostile scripts
The Cross-Site Scripting Framework
The Brower Exploitation Framework – BeEF
A walkthrough of the BeEF browser
Summary

What You Will Learn

  • Employ the methods used by real hackers effectively, to ensure the most effective penetration testing of your network
  • Select and configure the most effective tools from Kali Linux to test network security
  • Employ stealth to avoid detection in the network being tested
  • Recognize when stealthy attacks are being used against your network
  • Exploit networks and data systems using wired and wireless networks as well as web services
  • Identify and download valuable data from target systems
  • Maintain access to compromised systems
  • Use social engineering to compromise the weakest part of the network—the end users

In Detail

Mastering Kali Linux for Advanced Penetration Testing will teach you the kill chain perspective in assessing network security—from selecting the most effective tools, to rapidly compromising network security, to highlighting the techniques used to avoid detection.

This book will take you, as a tester, through the reconnaissance, exploitation, and post-exploitation activities used by penetration testers and hackers. After learning the hands-on techniques to perform an effective and covert attack, specific routes to the target will be examined, including bypassing physical security. You will also get to grips with concepts such as social engineering, attacking wireless networks, web services, and remote access connections. Finally, you will focus on the most vulnerable part of the network—directly attacking the end user.

This book will provide all the practical knowledge needed to test your network's security using a proven hacker's methodology.

Authors

Table of Contents

Chapter 1: Starting with Kali Linux
Kali Linux
Configuring network services and secure communications
Updating Kali Linux
Configuring and customizing Kali Linux
Managing third-party applications
Effective management of penetration tests
Summary
Chapter 2: Identifying the Target – Passive Reconnaissance
Basic principles of reconnaissance
Open Source intelligence
DNS reconnaissance and route mapping
Obtaining user information
Profiling users for password lists
Summary
Chapter 3: Active Reconnaissance and Vulnerability Scanning
Stealth scanning strategies
Identifying the network infrastructure
Enumerating hosts
Port, operating system, and service discovery
Employing comprehensive reconnaissance applications
Vulnerability scanning
Summary
Chapter 4: Exploit
Threat modeling
Using online and local vulnerability resources
Exploiting multiple targets with Armitage
Bypassing IDs and antivirus detection
Summary
Chapter 5: Post Exploit – Action on the Objective
Bypassing Windows User Account Control
Conducting a rapid reconnaissance of a compromised system
Finding and taking sensitive data – pillaging the target
Creating additional accounts
Using Metasploit for post-exploit activities
Escalating user privileges on a compromised host
Replaying authentication tokens using incognito
Accessing new accounts with horizontal escalation
Covering your tracks
Summary
Chapter 6: Post Exploit – Persistence
Compromising the existing system and application files for remote access
Using persistent agents
Maintaining persistence with the Metasploit Framework
Creating a standalone persistent agent with Metasploit
Redirecting ports to bypass network controls
Summary
Chapter 7: Physical Attacks and Social Engineering
Social Engineering Toolkit
Using the PowerShell alphanumeric shellcode injection attack
Hiding executables and obfuscating the attacker's URL
Escalating an attack using DNS redirection
Physical access and hostile devices
Summary
Chapter 8: Exploiting Wireless Communications
Configuring Kali for wireless attacks
Wireless reconnaissance
Bypassing a Hidden Service Set Identifier
Bypassing the MAC address authentication
Compromising a WEP encryption
Attacking WPA and WPA2
Cloning an access point
Denial-of-service attacks
Summary
Chapter 9: Reconnaissance and Exploitation of Web-based Applications
Conducting reconnaissance of websites
Vulnerability scanners
Testing security with client-side proxies
Server exploits
Application-specific attacks
Maintaining access with web backdoors
Summary
Chapter 10: Exploiting Remote Access Communications
Exploiting operating system communication protocols
Exploiting third-party remote access applications
Attacking Secure Sockets Layer
Attacking an IPSec Virtual Private Network
Summary
Chapter 11: Client-side Exploitation
Attacking a system using hostile scripts
The Cross-Site Scripting Framework
The Brower Exploitation Framework – BeEF
A walkthrough of the BeEF browser
Summary

Book Details

ISBN 139781782163121
Paperback356 pages
Read More