Book Image

The Ultimate Kali Linux Book - Second Edition

By : Glen D. Singh
5 (1)
Book Image

The Ultimate Kali Linux Book - Second Edition

5 (1)
By: Glen D. Singh

Overview of this book

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks. This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment. By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.

Related Content you might be interested in

Current Title:

Small book image
The Ultimate Kali Linux Book - Second Edition
Glen D. Singh
Feb, 2022 | 742 pages
Small book image
Reconnaissance for Ethical Hackers
Glen D Singh
Aug, 2023 | 430 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Small book image
Hands-On Penetration Testing with Kali NetHunter
SeanPhilip Oriyano | Glen D Singh
Feb, 2019 | 302 pages
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Disclaimer
Share Your Thoughts
1
Section 1: Getting Started with Penetration Testing
Section 1: Getting Started with Penetration Testing
Free Chapter
2
Chapter 1: Introduction to Ethical Hacking
Chapter 1: Introduction to Ethical Hacking
Identifying threat actors and their intent
Understanding what matters to threat actors
Discovering cybersecurity terminologies
Exploring the need for penetration testing and its phases
Understanding penetration testing approaches
Exploring hacking phases
Understanding the Cyber Kill Chain framework
Summary
Further reading
3
Chapter 2: Building a Penetration Testing Lab
Chapter 2: Building a Penetration Testing Lab
Technical requirements
Understanding the lab overview and its technologies
Setting up a hypervisor and virtually isolated networks
Setting up and working with Kali Linux
Deploying Metasploitable 2 as a target system
Implementing Metasploitable 3 using Vagrant
Setting up vulnerability web application systems
Summary
Further reading
4
Chapter 3: Setting Up for Advanced Hacking Techniques
Chapter 3: Setting Up for Advanced Hacking Techniques
Technical requirements
Building an AD red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
5
Section 2: Reconnaissance and Network Penetration Testing
Section 2: Reconnaissance and Network Penetration Testing
6
Chapter 4: Reconnaissance and Footprinting
Chapter 4: Reconnaissance and Footprinting
Technical requirements
Understanding the importance of reconnaissance
Understanding passive information gathering
Exploring open source intelligence
Using OSINT strategies to gather intelligence
Summary
Further reading
7
Chapter 5: Exploring Active Information Gathering
Chapter 5: Exploring Active Information Gathering
Technical requirements
Understanding active reconnaissance
Exploring Google hacking strategies
Exploring DNS reconnaissance
Enumerating subdomains
Profiling websites using EyeWitness
Exploring active scanning techniques
Enumerating common network services
Performing user enumeration through noisy authentication controls
Finding data leaks in the cloud
Summary
Further reading
8
Chapter 6: Performing Vulnerability Assessments
Chapter 6: Performing Vulnerability Assessments
Technical requirements
Nessus and its policies
Vulnerability discovery using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
9
Chapter 7: Understanding Network Penetration Testing
Chapter 7: Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and monitoring wireless modes
Summary
Further reading
10
Chapter 8: Performing Network Penetration Testing
Chapter 8: Performing Network Penetration Testing
Technical requirements
Discovering live systems
Profiling a target system
Exploring password-based attacks
Identifying and exploiting vulnerable services
Understanding watering hole attacks
Further reading
11
Section 3: Red Teaming Techniques
Section 3: Red Teaming Techniques
12
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Technical requirements
Post-exploitation using Meterpreter
Data encoding and exfiltration
Understanding MITM and packet sniffing attacks
Summary
Further reading
13
Chapter 10: Working with Active Directory Attacks
Chapter 10: Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
14
Chapter 11: Advanced Active Directory Attacks
Chapter 11: Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
15
Chapter 12: Delving into Command and Control Tactics
Chapter 12: Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
16
Chapter 13: Advanced Wireless Penetration Testing
Chapter 13: Advanced Wireless Penetration Testing
Technical requirements
Introduction to wireless networking
Performing wireless reconnaissance
Compromising WPA and WPA2 networks
Performing AP-less attacks
Exploiting enterprise wireless networks
Creating a Wi-Fi honeypot
Discovering WPA3 attacks
Securing your wireless network
Summary
Further reading
17
Section 4: Social Engineering and Web Application Attacks
Section 4: Social Engineering and Web Application Attacks
18
Chapter 14: Performing Client-Side Attacks – Social Engineering
Chapter 14: Performing Client-Side Attacks – Social Engineering
Technical requirements
Fundamentals of social engineering
Types of social engineering
Defending against social engineering
Planning for each type of social engineering attack
Exploring social engineering tools and techniques
Summary
Further reading
19
Chapter 15: Understanding Website Application Security
Chapter 15: Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
20
Chapter 16: Advanced Website Penetration Testing
Chapter 16: Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Understanding security logging and monitoring failures
Performing server-side request forgery
Automating SQL injection attacks
Understanding cross-site scripting
Performing client-side attacks
Summary
Further reading
21
Chapter 17: Best Practices for the Real World
Chapter 17: Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker's tool bag
Setting up remote access
Next steps ahead
Summary
Further reading
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Vulnerability discovery using Nmap

The Nmap Scripting Engine (NSE) is one of the most powerful features within Nmap. It allows penetration testers and security researchers to create, automate, and perform customized scanning on a target system or network. When using NSE, the scanning techniques are usually aggressive and can sometimes create data loss or even crash a target system. However, NSE allows a penetration tester to easily identify security vulnerabilities and whether the target is exploitable.

The following are various categories of scripts within NSE:

  • Auth: This category contains scripts that can scan a target to detect whether authentication bypass is possible.
  • Broadcast: This category contains scripts that are used to discover host systems on a network.
  • Brute: This category contains scripts that are used to perform some types of brute-force attacks on a remote server to gain unauthorized access.
  • Default: This category contains a set of default...
Previous Section
End of Section 4
Next Section