Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Credits

Disclaimer

About the Authors

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Beginning with Kali Linux

A brief history of Kali Linux

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Configuring the virtual machine

Updating Kali Linux

Network services in Kali Linux

Installing a vulnerable server

Installing additional weapons

Summary

Penetration Testing Methodology

Types of penetration testing

Vulnerability assessment versus penetration testing

Security testing methodologies

General penetration testing framework

Information gathering

The ethics

Summary

Target Scoping

Gathering client requirements

Preparing the test plan

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

Information Gathering

Open Source Intelligence

Using public resources

Querying the domain registration information

Analyzing the DNS records

Getting network routing information

Utilizing the search engine

Metagoofil

Accessing leaked information

Summary

Target Discovery

Starting off with target discovery

Identifying the target machine

OS fingerprinting

Summary

Enumerating Target

Introducing port scanning

Understanding the TCP/IP protocol

Understanding the TCP and UDP message format

The network scanner

Unicornscan

Zenmap

Amap

SMB enumeration

SNMP enumeration

VPN enumeration

Summary

Vulnerability Mapping

Types of vulnerabilities

Vulnerability taxonomy

Automated vulnerability scanning

Network vulnerability scanning

Web application analysis

Fuzz analysis

Database assessment tools

Summary

Social Engineering

Modeling the human psychology

Attack process

Attack methods

Social Engineering Toolkit

Summary

Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Writing exploit modules

Summary

Privilege Escalation

Privilege escalation using a local exploit

Password attack tools

Network spoofing tools

Network sniffers

Summary

Maintaining Access

Using operating system backdoors

Working with tunneling tools

Creating web backdoors

Summary

Wireless Penetration Testing

Wireless networking

Wireless network recon

Wireless testing tools

Post cracking

Sniffing wireless traffic

Summary

Kali Nethunter

Installing Kali Nethunter

Nethunter icons

Nethunter tools

Third-party applications

Wireless attacks

HID attacks

Summary

Documentation and Reporting

Documentation and results verification

Types of reports

The executive report

The management report

The technical report

Network penetration testing report (sample contents)

Preparing your presentation

Post-testing procedures

Summary

Supplementary Tools

Reconnaissance tool

Web application tools

Network tool

Summary

Key Resources

Vulnerability disclosure and tracking

Paid incentive programs

Reverse engineering resources

Penetration testing learning resources

Exploit development learning resources

Penetration testing on a vulnerable environment

Online web application challenges

Virtual machines and ISO images

Network ports

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Defining business objectives

Based on the assessment requirements and the endorsement of services, it is vital to define the business objectives. This will ensure that the testing output benefits a business from multiple aspects. Each of these business objectives is focused and structured according to the assessment requirements and can provide a clear view of the industry achievement. We have formatted some general business objectives that can be used to align with any penetration testing assignment. However, they can also be redesigned according to the change in requirements. This process is important and may require a pentester to observe and understand the business motives while maintaining the minimum level of standards before, during, and after the test is completed. Business objectives are the main source to bring the management and technical team together in order to support a strong proposition and an idea of securing information systems. Based on the different kinds of security...

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

Defining business objectives