Book Image

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition - Fourth Edition

By : Vijay Kumar Velu
Book Image

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition - Fourth Edition

By: Vijay Kumar Velu

Overview of this book

Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

Related Content you might be interested in

Current Title:

Small book image
Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition - Fourth Edition
Vijay Kumar Velu
Feb, 2022 | 572 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Small book image
The Ultimate Kali Linux Book
Glen D Singh
Feb, 2022 | 742 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Goal-Based Penetration Testing
Goal-Based Penetration Testing
Different types of threat actors
Conceptual overview of security testing
Common pitfalls of vulnerability assessments, penetration testing, and red team exercises
Objective-based penetration testing
The testing methodology
Introduction to Kali Linux features
Installing and updating Kali Linux
Kali on Android (non-rooted phones)
Organizing Kali Linux
Building a verification lab
CloudGoat
Managing collaborative penetration testing using Faraday
Summary
2
Open-Source Intelligence and Passive Reconnaissance
Open-Source Intelligence and Passive Reconnaissance
Basic principles of reconnaissance
Scraping
Google Hacking Database
Creating custom wordlists for cracking passwords
Summary
3
Active Reconnaissance of External and Internal Networks
Active Reconnaissance of External and Internal Networks
Stealth scanning techniques
DNS reconnaissance and route mapping
Employing comprehensive reconnaissance applications
Identifying the external network infrastructure
Mapping beyond the firewall
IDS/IPS identification
Enumerating hosts
Port, operating system, and service discovery
Writing your own port scanner using netcat
Large-scale scanning
Using machine learning for reconnaissance
Summary
4
Vulnerability Assessment
Vulnerability Assessment
Vulnerability nomenclature
Local and online vulnerability databases
Vulnerability scanning with Nmap
Web application vulnerability scanners
Vulnerability scanners for mobile applications
The OpenVAS network vulnerability scanner
Commercial vulnerability scanners
Specialized scanners
Threat modeling
Summary
5
Advanced Social Engineering and Physical Security
Advanced Social Engineering and Physical Security
Command methodology and TTPs
Physical attacks at the console
Creating a rogue physical device
The Social Engineering Toolkit (SET)
Hiding executables and obfuscating the attacker’s URL
Escalating an attack using DNS redirection
Launching a phishing attack using Gophish
Using bulk transfer as phishing to deliver payloads
Summary
6
Wireless and Bluetooth Attacks
Wireless and Bluetooth Attacks
Introduction to wireless and Bluetooth technologies
Configuring Kali for wireless attacks
Wireless reconnaissance
Bypassing a hidden SSID
Bypassing MAC address authentication and open authentication
Attacking WPA and WPA2
Denial of Service (DoS) attacks against wireless communications
Compromising enterprise implementations of WPA2
Working with bettercap
Evil Twin attack using Wifiphisher
WPA3
Bluetooth attacks
Summary
7
Exploiting Web-Based Applications
Exploiting Web-Based Applications
Web application hacking methodology
The hacker’s mind map
Reconnaissance of web apps
Client-side proxies
Application-specific attacks
The Browser Exploitation Framework (BeEF)
Understanding the BeEF browser
Summary
8
Cloud Security Exploitation
Cloud Security Exploitation
Introduction to cloud services
Vulnerability scanning and application exploitation in an EC2 instance
Testing for S3 bucket misconfiguration
Exploiting security permission flaws
Obfuscating CloudTrail logs
Summary
9
Bypassing Security Controls
Bypassing Security Controls
Bypassing Network Access Control (NAC)
Bypassing application-level controls
Bypassing the antivirus with files
Going fileless and evading antivirus
Bypassing Windows operating system controls
Summary
10
Exploitation
Exploitation
The Metasploit Framework
Exploiting targets using MSF
Exploiting multiple targets using MSF resource files
Using public exploits
Developing a Windows exploit
PowerShell Empire framework
Summary
11
Action on the Objective and Lateral Movement
Action on the Objective and Lateral Movement
Activities on the compromised local system
Horizontal escalation and lateral movement
Summary
12
Privilege Escalations
Privilege Escalations
Overview of the common escalation methodology
Escalating from domain user to system administrator
Local system escalation
Escalating from administrator to system
Credential harvesting and escalation attacks
Escalating access rights in Active Directory
Compromising Kerberos – a golden-ticket attack
Summary
13
Command and Control
Command and Control
Persistence
Using persistent agents
Domain fronting
Exfiltration of data
Summary
14
Embedded Devices and RFID Hacking
Embedded Devices and RFID Hacking
Embedded systems and hardware architecture
Firmware unpacking and updating
Introduction to RouterSploit Framework
UART
Cloning RFID using ChameleonMini
Summary
15
Other Books You May Enjoy
Other Books You May Enjoy
16
Index
Index

To get the most out of this book

To practice the material presented in this book, you will need virtualization tools such as VMware or VirtualBox.

You will need to download and configure the Kali Linux operating system and its suite of tools. To ensure that it is up-to-date and that you have all of the tools, you will need access to an internet connection.

Sadly, not all of the tools on the Kali Linux system will be addressed since there are too many of them. The focus of this book is not to overwhelm you with all of the tools and options but to provide an approach for testing that will allow you to learn and incorporate new tools as their experiences and knowledge change over time.

Although most of the examples from this book focus on Microsoft Windows, the methodology and most of the tools are transferrable to other operating systems such as Linux and the other flavors of Unix.

Finally, this book applies Kali to complete the cyber kill chain against target systems. You will need a target operating system. Many of the examples in the book use Microsoft Windows 2016, Windows 10, Ubuntu 14.04, and Windows 2008 R2.

To make the best use of lab exercises, it is recommended that you disable Windows Defender on the vulnerable Windows servers by running PowerShell with administrative privilege and typing Set-MpPreference -DisableRealtimeMonitoring $true

Download the example code files

The code bundle for the book is hosted on GitHub at https://github.com/PacktPublishing/Mastering-Kali-Linux-for-Advanced-Penetration-Testing-4E. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801819770_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in the text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. For example; “Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system.”

A block of code is set as follows:

<!DOCTYPE foo [ <!ENTITY Variable "hello" > ]><somexml><message>&Variable;</message></somexml>

Any command-line input or output is written as follows:

sudo weevely http://<target IP address><directory> <password>

Bold: Indicates a new term, an important word, or words you see on the screen, such as in menus or dialog boxes. For example: “An increasingly common protective device is the Web Application Firewall (WAF) and DNS Content Delivery Network (CDN).”

Warnings or important notes appear like this.

Tips and tricks appear like this.

Previous Section
Next Section