Book Image

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition - Fourth Edition

By : Vijay Kumar Velu
Book Image

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition - Fourth Edition

By: Vijay Kumar Velu

Overview of this book

Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.
Table of Contents (17 chapters)
15
Other Books You May Enjoy
16
Index

Summary

This chapter has detailed the first step in an attack process or kill chain: to conduct information harvesting, or passive reconnaissance, to identify the right information on the target with the power of OSINT. Passive reconnaissance provides a real-time view of an attacker’s perspective on a target company. This is a stealthy assessment: the IP address and activities of an attacker are almost indistinguishable from normal business traffic.

The same information is extremely fruitful during social engineering attacks or when facilitating other attacks. We took a deep dive into the use of automated tools to save time and performed passive reconnaissance using both offensive and defensive OSINT.

In the next chapter, we will learn the difference between the types of reconnaissance in an active sense and make use of the data that was harvested using OSINT. Although active reconnaissance techniques will provide more information, there is always an increase in the...