Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Kali Linux for Advanced Penetration Testing
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

By : Robert Beggs
4.4 (8)
Buy this Book
close
close
Mastering Kali Linux for Advanced Penetration Testing

Mastering Kali Linux for Advanced Penetration Testing

4.4 (8)
By: Robert Beggs
Buy this Book

Overview of this book

This book provides an overview of the kill chain approach to penetration testing, and then focuses on using Kali Linux to provide examples of how this methodology is applied in the real world. After describing the underlying concepts, step-by-step examples are provided that use selected tools to demonstrate the techniques.If you are an IT professional or a security consultant who wants to maximize the success of your network testing using some of the advanced features of Kali Linux, then this book is for you. This book will teach you how to become an expert in the pre-engagement, management, and documentation of penetration testing by building on your understanding of Kali Linux and wireless concepts.
Table of Contents (16 chapters)
close
close
close
Preface
chevron up
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Icon
Disclaimer
Lock Free Chapter
1
Goal-Based Penetration Testing
Icon
Goal-Based Penetration Testing
Icon
Conceptual overview of security testing
Icon
Misconceptions of vulnerability scanning, penetration testing, and red team exercises
Icon
Objective-based penetration testing
Icon
The testing methodology
Icon
Introduction to Kali Linux – features
Icon
Installing and updating Kali Linux
Icon
Organizing Kali Linux
Icon
Building a verification lab
Icon
Managing collaborative penetration testing using Faraday
Icon
Summary
2
Open Source Intelligence and Passive Reconnaissance
Icon
Open Source Intelligence and Passive Reconnaissance
Icon
Basic principles of reconnaissance
Icon
Google Hacking Database
Icon
Creating custom wordlists for cracking passwords
Icon
Summary
3
Active Reconnaissance of External and Internal Networks
Icon
Active Reconnaissance of External and Internal Networks
Icon
Stealth scanning strategies
Icon
DNS reconnaissance and route mapping
Icon
Employing comprehensive reconnaissance applications
Icon
Identifying the external network infrastructure
Icon
Mapping beyond the firewall
Icon
IDS/IPS identification
Icon
Enumerating hosts
Icon
Port, operating system, and service discovery
Icon
Writing your own port scanner using netcat
Icon
Large-scale scanning
Icon
Summary
4
Vulnerability Assessment
Icon
Vulnerability Assessment
Icon
Vulnerability nomenclature
Icon
Local and online vulnerability databases
Icon
Vulnerability scanning with Nmap
Icon
Web application vulnerability scanners
Icon
Vulnerability scanners for mobile applications
Icon
The OpenVAS network vulnerability scanner
Icon
Commercial vulnerability scanners
Icon
Specialized scanners
Icon
Threat modeling
Icon
Summary
5
Advanced Social Engineering and Physical Security
Icon
Advanced Social Engineering and Physical Security
Icon
Methodology and attack methods
Icon
Physical attacks at the console
Icon
Creating a rogue physical device
Icon
The Social Engineering Toolkit (SET)
Icon
Hiding executables and obfuscating the attacker's URL
Icon
Escalating an attack using DNS redirection
Icon
Launching a phishing attack
Icon
Using bulk transfer as a mode of phishing
Icon
Summary
6
Wireless Attacks
Icon
Wireless Attacks
Icon
Configuring Kali for wireless attacks
Icon
Wireless reconnaissance
Icon
Bypassing a hidden SSID
Icon
Bypassing the MAC address authentication and open authentication
Icon
Attacking WPA and WPA2
Icon
Denial-of-service (DoS) attacks against wireless communications
Icon
Compromising enterprise implementations of WPA/WPA2
Icon
Working with Ghost Phisher
Icon
Summary
7
Exploiting Web-Based Applications
Icon
Exploiting Web-Based Applications
Icon
Web application hacking methodology
Icon
The hacker's mind map
Icon
Reconnaissance of web apps
Icon
Client-side proxies
Icon
Application-specific attacks
Icon
Summary
8
Client-Side Exploitation
Icon
Client-Side Exploitation
Icon
Backdooring executable files
Icon
Attacking a system using hostile scripts
Icon
The Cross-Site Scripting framework
Icon
The Browser Exploitation Framework (BeEF)
Icon
Understanding BeEF Browser
Icon
Summary
9
Bypassing Security Controls
Icon
Bypassing Security Controls
Icon
Bypassing Network Access Control (NAC)
Icon
Bypassing the antivirus with files
Icon
Going fileless and evading antivirus
Icon
Bypassing application-level controls
Icon
Bypassing Windows operating system controls
Icon
Summary
10
Exploitation
Icon
Exploitation
Icon
The Metasploit Framework
Icon
Exploiting targets using MSF
Icon
Exploiting multiple targets using MSF resource files
Icon
Exploiting multiple targets with Armitage
Icon
Using public exploits
Icon
Developing a Windows exploit
Icon
Summary
11
Action on the Objective and Lateral Movement
Icon
Action on the Objective and Lateral Movement
Icon
Activities on the compromised local system
Icon
Horizontal escalation and lateral movement
Icon
Summary
12
Privilege Escalation
Icon
Privilege Escalation
Icon
Overview of the common escalation methodology
Icon
Escalating from domain user to system administrator
Icon
Local system escalation
Icon
Escalating from administrator to system
Icon
Credential harvesting and escalation attacks
Icon
Escalating access rights in Active Directory
Icon
Compromising Kerberos – the golden-ticket attack
Icon
Summary
13
Command and Control
Icon
Command and Control
Icon
Persistence
Icon
Using persistent agents
Icon
Domain fronting
Icon
Exfiltration of data
Icon
Hiding evidence of an attack
Icon
Summary
14
Embedded Devices and RFID Hacking
Icon
Embedded Devices and RFID Hacking
Icon
Embedded systems and hardware architecture
Icon
Firmware unpacking and updating
Icon
Introduction to RouterSploit Framework
Icon
UART
Icon
Cloning RFID using Chameleon Mini
Icon
Summary
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

The "Kill Chain" approach to penetration testing

In 2009, Mike Cloppert of Lockheed Martin CERT introduced the concept that is now known as the "attacker kill chain." This includes the steps taken by an adversary when they are attacking a network. It does not always proceed in a linear flow as some steps may occur in parallel. Multiple attacks may be launched over time at the same target, and overlapping stages may occur at the same time.

In this book, we have modified the Cloppert's kill chain to more accurately reflect on how attackers apply these steps when exploiting networks and data services. The following diagram shows a typical kill chain of an attacker:

The "Kill Chain" approach to penetration testing

A typical kill chain of an attacker can be described as follows:

  • Reconnaissance phase – The adage, "reconnaissance time is never wasted time", adopted by most military organizations acknowledges that it is better to learn as much as possible about an enemy before engaging them. For the same reason, attackers will conduct extensive reconnaissance of a target before attacking. In fact, it is estimated that at least 70 percent of the "work effort" of a penetration test or an attack is spent conducting reconnaissance! Generally, they will employ two types of reconnaissance:
    • Passive reconnaissance – This does not directly interact with the target in a hostile manner. For example, the attacker will review the publicly available website(s), assess online media (especially social media sites), and attempt to determine the "attack surface" of the target.

      One particular task will be to generate a list of past and current employee names. These names will form the basis of attempts to brute force, or guessing passwords. They will also be used in social engineering attacks.

      This type of reconnaissance is difficult, if not impossible, to distinguish from the behavior of regular users.

    • Active reconnaissance – This can be detected by the target but, it can be difficult to distinguish most online organizations' faces from the regular backgrounds.

      Activities occurring during active reconnaissance include physical visits to target premises, port scanning, and remote vulnerability scanning.

  • The delivery phase – Delivery is the selection and development of the weapon that will be used to complete the exploit during the attack. The exact weapon chosen will depend on the attacker's intent as well as the route of delivery (for example, across the network, via wireless, or through a web-based service). The impact of the delivery phase will be examined in the second half of this book.
  • The exploit or compromise phase – This is the point when a particular exploit is successfully applied, allowing attackers to reach their objective. The compromise may have occurred in a single phase (for example, a known operating system vulnerability was exploited using a buffer overflow), or it may have been a multiphase compromise (for example, an attacker physically accessed premises to steal a corporate phone book. The names were used to create lists for brute force attacks against a portal logon. In addition, e-mails were sent to all employees to click on an embedded link to download a crafted PDF file that compromised their computers.). Multiphase attacks are the norm when a malicious attacker targets a specific enterprise.
  • Post exploit: action on the objective – This is frequently, and incorrectly, referred to as the "exfiltration phase" because there is a focus on perceiving attacks solely as a route to steal sensitive data (such as login information, personal information, and financial information); it is common for an attacker to have a different objective. For example, a business may wish to cause a denial of service in their competitor's network to drive customers to their own website. Therefore, this phase must focus on the many possible actions of an attacker.

    One of the most common exploit activity occurs when, the attackers attempt to improve their access privileges to the highest possible level (vertical escalation), and to compromise as many accounts as possible (horizontal escalation).

  • Post exploit: persistence – If there is value in compromising a network or system, then that value can likely be increased if there is persistent access. This allows attackers to maintain communications with a compromised system. From a defender's point of view, this is the part of the kill chain that is usually the easiest to detect.

Kill chains are metamodels of an attacker's behavior when they attempt to compromise a network or a particular data system. As a metamodel, it can incorporate any proprietary or commercial penetration testing methodology. Unlike the methodologies, however, it ensures a strategic-level focus on how an attacker approaches the network. This focus on the attacker's activities will guide the layout and content of this book.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Kali Linux for Advanced Penetration Testing
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon