Book Image

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition - Fourth Edition

By : Vijay Kumar Velu
Book Image

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition - Fourth Edition

By: Vijay Kumar Velu

Overview of this book

Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.
Table of Contents (17 chapters)
15
Other Books You May Enjoy
16
Index

Goal-Based Penetration Testing

The COVID-19 pandemic has changed the way the world operates. Organizations of all sizes have transformed themselves from having none or partial remote working to all of their employees adopting this style. With the new normal, accessible and remote technology has become very important for work and in peoples’ personal lives. We can certainly call this a virtual world, where confidential activities that used to happen in closed rooms now happen over the internet. This has significantly increased the number of cyber threats at least five-fold. Threat actors utilize this digital transformation to exploit the mistakes made by users and companies as their entry point for financial gain, generating reputational damage, or whatever else their goal may be. This occurs in the form of ransomware, phishing, and data breaches.

To understand the current and future ways of working, let us start by exploring the different objectives or goals of threat actors. In this chapter, we will discuss the different types of threat actors and the importance of goal-based penetration testing with a set of objectives; we investigate misconceptions and how a typical vulnerability scan, penetration testing, and red team exercise can fail without the importance of a goal. This chapter also provides an overview of security testing and setting up a verification lab, focusing on the customization of Kali to support some advanced aspects of penetration testing. By the end of this chapter, you will have covered the following:

  • The different types of threat actors
  • An overview of security testing
  • Misconceptions of vulnerability scanning, penetration testing, and red team exercises
  • The history and purpose of Kali Linux
  • Updating and organizing Kali
  • Installing Kali on various services (Amazon Web Services/Google Cloud Platform/Android)
  • Setting up defined targets
  • Building a verification lab

Let us begin with the types of threat actors that exploit technological infrastructure.