Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Credits

Disclaimer

About the Authors

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Beginning with Kali Linux

A brief history of Kali Linux

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Configuring the virtual machine

Updating Kali Linux

Network services in Kali Linux

Installing a vulnerable server

Installing additional weapons

Summary

Penetration Testing Methodology

Types of penetration testing

Vulnerability assessment versus penetration testing

Security testing methodologies

General penetration testing framework

Information gathering

The ethics

Summary

Target Scoping

Gathering client requirements

Preparing the test plan

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

Information Gathering

Open Source Intelligence

Using public resources

Querying the domain registration information

Analyzing the DNS records

Getting network routing information

Utilizing the search engine

Metagoofil

Accessing leaked information

Summary

Target Discovery

Starting off with target discovery

Identifying the target machine

OS fingerprinting

Summary

Enumerating Target

Introducing port scanning

Understanding the TCP/IP protocol

Understanding the TCP and UDP message format

The network scanner

Unicornscan

Zenmap

Amap

SMB enumeration

SNMP enumeration

VPN enumeration

Summary

Vulnerability Mapping

Types of vulnerabilities

Vulnerability taxonomy

Automated vulnerability scanning

Network vulnerability scanning

Web application analysis

Fuzz analysis

Database assessment tools

Summary

Social Engineering

Modeling the human psychology

Attack process

Attack methods

Social Engineering Toolkit

Summary

Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Writing exploit modules

Summary

Privilege Escalation

Privilege escalation using a local exploit

Password attack tools

Network spoofing tools

Network sniffers

Summary

Maintaining Access

Using operating system backdoors

Working with tunneling tools

Creating web backdoors

Summary

Wireless Penetration Testing

Wireless networking

Wireless network recon

Wireless testing tools

Post cracking

Sniffing wireless traffic

Summary

Kali Nethunter

Installing Kali Nethunter

Nethunter icons

Nethunter tools

Third-party applications

Wireless attacks

HID attacks

Summary

Documentation and Reporting

Documentation and results verification

Types of reports

The executive report

The management report

The technical report

Network penetration testing report (sample contents)

Preparing your presentation

Post-testing procedures

Summary

Supplementary Tools

Reconnaissance tool

Web application tools

Network tool

Summary

Key Resources

Vulnerability disclosure and tracking

Paid incentive programs

Reverse engineering resources

Penetration testing learning resources

Exploit development learning resources

Penetration testing on a vulnerable environment

Online web application challenges

Virtual machines and ISO images

Network ports

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Vulnerability and exploit repositories

For many years, a number of vulnerabilities have been reported in the public domain. Some of these were disclosed with the PoC exploit code to prove the feasibility and viability of a vulnerability found in the specific software or application. And, many still remain unaddressed. This competitive era of finding the publicly available exploits and vulnerability information makes it easier for penetration testers to quickly search and retrieve the best available exploit that may suit their target system environment. You can also port one type of exploit to another type (for example, Win32 architecture to Linux architecture) provided that you hold intermediate programming skills, and a clear understanding of OS-specific architecture. We have provided a combined set of online repositories that may help you to track down any vulnerability information, or its exploit, by searching through them.

Note

Not every single vulnerability found has been disclosed to...

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

Vulnerability and exploit repositories

Note