Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Credits

Disclaimer

About the Authors

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Beginning with Kali Linux

A brief history of Kali Linux

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Configuring the virtual machine

Updating Kali Linux

Network services in Kali Linux

Installing a vulnerable server

Installing additional weapons

Summary

Penetration Testing Methodology

Types of penetration testing

Vulnerability assessment versus penetration testing

Security testing methodologies

General penetration testing framework

Information gathering

The ethics

Summary

Target Scoping

Gathering client requirements

Preparing the test plan

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

Information Gathering

Open Source Intelligence

Using public resources

Querying the domain registration information

Analyzing the DNS records

Getting network routing information

Utilizing the search engine

Metagoofil

Accessing leaked information

Summary

Target Discovery

Starting off with target discovery

Identifying the target machine

OS fingerprinting

Summary

Enumerating Target

Introducing port scanning

Understanding the TCP/IP protocol

Understanding the TCP and UDP message format

The network scanner

Unicornscan

Zenmap

Amap

SMB enumeration

SNMP enumeration

VPN enumeration

Summary

Vulnerability Mapping

Types of vulnerabilities

Vulnerability taxonomy

Automated vulnerability scanning

Network vulnerability scanning

Web application analysis

Fuzz analysis

Database assessment tools

Summary

Social Engineering

Modeling the human psychology

Attack process

Attack methods

Social Engineering Toolkit

Summary

Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Writing exploit modules

Summary

Privilege Escalation

Privilege escalation using a local exploit

Password attack tools

Network spoofing tools

Network sniffers

Summary

Maintaining Access

Using operating system backdoors

Working with tunneling tools

Creating web backdoors

Summary

Wireless Penetration Testing

Wireless networking

Wireless network recon

Wireless testing tools

Post cracking

Sniffing wireless traffic

Summary

Kali Nethunter

Installing Kali Nethunter

Nethunter icons

Nethunter tools

Third-party applications

Wireless attacks

HID attacks

Summary

Documentation and Reporting

Documentation and results verification

Types of reports

The executive report

The management report

The technical report

Network penetration testing report (sample contents)

Preparing your presentation

Post-testing procedures

Summary

Supplementary Tools

Reconnaissance tool

Web application tools

Network tool

Summary

Key Resources

Vulnerability disclosure and tracking

Paid incentive programs

Reverse engineering resources

Penetration testing learning resources

Exploit development learning resources

Penetration testing on a vulnerable environment

Online web application challenges

Virtual machines and ISO images

Network ports

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Summary

In this chapter, we have explored some basic steps necessary to create a penetration testing report and discussed the core aspects of doing a presentation in front of the client. At first, we fully explained the methods of documenting your results from individual tools and suggested not to rely on single tools for your final results. As such, your experience and knowledge counts in verifying the test results before they are documented. Make sure to keep your skills updated and sufficient to manually verify the findings when needed. Afterwards, we shed light on creating different types of reports, with their documentation structures. These reports mainly focus on executive, managerial, and technical aspects of the security audit we carried out for our client. Additionally, we also provided a sample table of contents for a network-based penetration testing report to give you a basic idea for writing your own report. Thereafter, we discussed the value of live presentation and simulations...

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

Summary