Preface
When breaking into the field of ethical hacking and penetration testing in the cybersecurity industry, you will often hear about the famous Linux distribution known as Kali Linux. Kali Linux is a penetration testing Linux distribution that is built to support the needs of cybersecurity professionals during each phase of a penetration test. As an information security author, cybersecurity trainer, and lecturer, I've heard from many persons within the industry and even from students about the importance of finding a book that guides the reader to thoroughly understand how to perform penetration testing using a step-by-step approach with Kali Linux. This was the motivation and inspiration behind creating the ultimate book that will be easy to understand for everyone and help all readers to become proficient experts using the latest tools and techniques upon completion.
Over the years, I've researched and created a lot of cybersecurity-related content, and one of the most important things about being an ethical hacker and a penetration tester is always staying up to date on knowing how to discover the latest security vulnerabilities. As a result, ethical hackers and penetration testers need to be equipped with the latest knowledge, skills, and tools to efficiently discover and exploit hidden security vulnerabilities on their targets' systems and networks. During the writing process of this book, I've used a student-centric and learner-friendly approach, helping you to easily understand the most complex topics, terminologies, and why there is a need to test for security flaws on a system and network.
This book begins by introducing you to understanding the mindset of a threat actor such as a hacker and comparing a hacker's mindset to that of penetration testers. It's important to understand how a threat actor thinks and what is most valuable to them. While penetration testers may have a similar mindset, their objective is to discover and help resolve the security vulnerabilities before a real cyber attack occurs on an organization. Furthermore, you will learn how to create a lab environment using virtualization technologies to reduce the cost of buying equipment. The lab environment will emulate a network with vulnerable systems and web application servers. Additionally, a fully patched Windows Active Directory lab is created to demonstrate the security vulnerabilities found within a Windows domain.
You will soon learn how to perform real-world intelligence gathering on organizations using popular tools and strategies for reconnaissance and information gathering. Learning ethical hacking and penetration testing would not be complete without learning how to perform a vulnerability assessment using industry-standard tools. Furthermore, you will spend some time learning how to perform exploitation on common security vulnerabilities. Following the exploitation phase, you will be exposed to post-exploitation techniques and learn how to set up Command and Control (C2) operations to maintain access on a compromised network.
New topics such as Active Directory enumeration and exploitation are included in this edition as many organizations have a Windows environment running Active Directory. You will learn how to abuse the trust of Active Directory and take over the Windows domain. New wireless attacks are included to help aspiring penetration testers gain the skills to test for security vulnerabilities on wireless networks, such as exploiting the WPA3 wireless security standard. Finally, the last section includes techniques for discovering and exploiting web applications and performing social engineering techniques and attacks.
By completing this book, you will be taken through an amazing journey from beginner to expert in terms of learning, understanding, and developing your skills in ethical hacking and penetration testing as an aspiring cybersecurity professional within the industry.