Kali Linux 2 - Assuring Security by Penetration Testing

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buy this Book

Overview of this book

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Credits

Disclaimer

About the Authors

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Beginning with Kali Linux

A brief history of Kali Linux

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Configuring the virtual machine

Updating Kali Linux

Network services in Kali Linux

Installing a vulnerable server

Installing additional weapons

Summary

Penetration Testing Methodology

Types of penetration testing

Vulnerability assessment versus penetration testing

Security testing methodologies

General penetration testing framework

Information gathering

The ethics

Summary

Target Scoping

Gathering client requirements

Preparing the test plan

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

Information Gathering

Open Source Intelligence

Using public resources

Querying the domain registration information

Analyzing the DNS records

Getting network routing information

Utilizing the search engine

Metagoofil

Accessing leaked information

Summary

Target Discovery

Starting off with target discovery

Identifying the target machine

OS fingerprinting

Summary

Enumerating Target

Introducing port scanning

Understanding the TCP/IP protocol

Understanding the TCP and UDP message format

The network scanner

Unicornscan

Zenmap

Amap

SMB enumeration

SNMP enumeration

VPN enumeration

Summary

Vulnerability Mapping

Types of vulnerabilities

Vulnerability taxonomy

Automated vulnerability scanning

Network vulnerability scanning

Web application analysis

Fuzz analysis

Database assessment tools

Summary

Social Engineering

Modeling the human psychology

Attack process

Attack methods

Social Engineering Toolkit

Summary

Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Writing exploit modules

Summary

Privilege Escalation

Privilege escalation using a local exploit

Password attack tools

Network spoofing tools

Network sniffers

Summary

Maintaining Access

Using operating system backdoors

Working with tunneling tools

Creating web backdoors

Summary

Wireless Penetration Testing

Wireless networking

Wireless network recon

Wireless testing tools

Post cracking

Sniffing wireless traffic

Summary

Kali Nethunter

Installing Kali Nethunter

Nethunter icons

Nethunter tools

Third-party applications

Wireless attacks

HID attacks

Summary

Documentation and Reporting

Documentation and results verification

Types of reports

The executive report

The management report

The technical report

Network penetration testing report (sample contents)

Preparing your presentation

Post-testing procedures

Summary

Supplementary Tools

Reconnaissance tool

Web application tools

Network tool

Summary

Key Resources

Vulnerability disclosure and tracking

Paid incentive programs

Reverse engineering resources

Penetration testing learning resources

Exploit development learning resources

Penetration testing on a vulnerable environment

Online web application challenges

Virtual machines and ISO images

Network ports

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Information gathering

Once the scope is finalized, it is time to move into the reconnaissance phase. During this phase, a pentester uses a number of publicly available resources to learn more about his or her target. This information can be retrieved from Internet sources such as:

Forums
Bulletin boards
Newsgroups
Articles
Blogs
Social networks
Commercial or non-commercial websites

Additionally, the data can also be gathered through various search engines, such as Google, Yahoo!, MSN Bing, Baidu, and others. Moreover, an auditor can use the tools provided in Kali Linux to extract the network information about a target. These tools perform valuable data mining techniques to collect information through DNS servers, trace routes, the Whois database, e-mail addresses, phone numbers, personal information, and user accounts. As more information is gathered, the probability of conducting a successful penetration test is increased.

One area that is becoming more and more relevant is the use of the DarkWeb...

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By : Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

By: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Overview of this book

Related Content you might be interested in

Current Title:

Kali Linux 2 - Assuring Security by Penetration Testing - Third Edition

Information gathering