Book Image

The Ultimate Kali Linux Book - Third Edition

By : Glen D. Singh
5 (2)
Book Image

The Ultimate Kali Linux Book - Third Edition

5 (2)
By: Glen D. Singh

Overview of this book

Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity professionals. In its latest third edition, this book goes further to guide you on how to setup your labs and explains breaches using enterprise networks. This book is designed for newcomers and those curious about penetration testing, this guide is your fast track to learning pentesting with Kali Linux 2024.x. Think of this book as your stepping stone into real-world situations that guides you through lab setups and core penetration testing concepts. As you progress in the book you’ll explore the toolkit of vulnerability assessment tools in Kali Linux, where gathering information takes the spotlight. You'll learn how to find target systems, uncover device security issues, exploit network weaknesses, control operations, and even test web applications. The journey ends with understanding complex web application testing techniques, along with industry best practices. As you finish this captivating exploration of the Kali Linux book, you'll be ready to tackle advanced enterprise network testing – with newfound skills and confidence.

Related Content you might be interested in

Current Title:

Small book image
The Ultimate Kali Linux Book - Third Edition
Glen D. Singh
Apr, 2024 | 828 pages
Small book image
Reconnaissance for Ethical Hackers
Glen D Singh
Aug, 2023 | 430 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Free Chapter
1
Introduction to Ethical Hacking
Introduction to Ethical Hacking
Understanding the need for cybersecurity
Exploring cybersecurity terminology
Identifying threat actors and their intent
Understanding what matters to threat actors
Exploring the importance of penetration testing
Penetration testing methodologies
Discovering penetration testing approaches
Types of penetration testing
Exploring the phases of penetration testing
Understanding the Cyber Kill Chain framework
Summary
Further reading
2
Building a Penetration Testing Lab
Building a Penetration Testing Lab
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up and working with Kali Linux
Setting up a vulnerable web application
Deploying Metasploitable 2 as a vulnerable machine
Building and deploying Metasploitable 3
Summary
Further reading
3
Setting Up for Advanced Penetration Testing Techniques
Setting Up for Advanced Penetration Testing Techniques
Technical requirements
Building an Active Directory red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
4
Passive Reconnaissance
Passive Reconnaissance
Technical requirements
The importance of reconnaissance
Exploring passive reconnaissance
Creating a sock puppet
Anonymizing internet-based traffic
Summary
Further reading
5
Exploring Open-Source Intelligence
Exploring Open-Source Intelligence
Technical requirements
Google hacking techniques
Domain reconnaissance
Sub-domain harvesting
Identifying organizational infrastructure
Harvesting employees’ data using Hunter
Automating social media reconnaissance with Sherlock
Summary
Further reading
6
Active Reconnaissance
Active Reconnaissance
Technical requirements
Understanding active information
Profiling websites using EyeWitness
Exploring active scanning techniques
Using scanning evasion techniques
Enumerating network services
Discovering data leaks in the cloud
Summary
Further reading
7
Performing Vulnerability Assessments
Performing Vulnerability Assessments
Technical requirements
Getting started with Nessus
Vulnerability identification using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
8
Understanding Network Penetration Testing
Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and Monitoring wireless modes
Summary
Further reading
9
Performing Network Penetration Testing
Performing Network Penetration Testing
Technical requirements
Exploring password-based attacks
Performing host discovery
Identifying and exploiting vulnerable services
Summary
Further reading
10
Post-Exploitation Techniques
Post-Exploitation Techniques
Technical requirements
Pass-the-hash techniques
Post exploitation using Meterpreter
Data encoding and exfiltration
Summary
Further reading
11
Delving into Command and Control Tactics
Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
12
Working with Active Directory Attacks
Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
13
Advanced Active Directory Attacks
Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
14
Advanced Wireless Penetration Testing
Advanced Wireless Penetration Testing
Technical Requirements
Introduction to Wireless Networking
Performing Wireless Reconnaissance
Compromising WPA/WPA2 Networks
Performing AP-less Attacks
Exploiting Enterprise Networks
Setting Up a Wi-Fi Honeypot
Exploiting WPA3 Attacks
Summary
Further Reading
15
Social Engineering Attacks
Social Engineering Attacks
Technical requirements
Fundamentals of social engineering
Types of social engineering
Planning for each type of social engineering attack
Defending against social engineering
Exploring social engineering tools and techniques
Summary
Further reading
16
Understanding Website Application Security
Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
17
Advanced Website Penetration Testing
Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Exploring server-side request forgery
Understanding security logging and monitoring failures
Understanding cross-site scripting
Automating SQL injection attacks
Performing client-side attacks
Summary
Further reading
18
Best Practices for the Real World
Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker’s toolkit
Setting up remote access
Next steps ahead
Summary
Further reading
19
Index
Index
Appendix
Setting Up a Penetration Testing Lab on Ubuntu Desktop
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up Kali Linux on Ubuntu
Setting up Metasploitable 3 on Ubuntu
Summary

Understanding the need for cybersecurity

Cybersecurity focuses on protecting systems, networks, and organizations from specialized attacks and threats that are designed by cyber criminals with the intention to cause harm or damage. These cyber criminals are commonly referred to as threat actors. As time continues, more users and organizations are connecting their systems and networks to the largest network in the world, the internet, and cyber criminals are developing new strategies to steal money from potential victims.

For instance, many cyber criminals are developing more sophisticated threats, such as ransomware. Let’s use this example to underscore the importance of cybersecurity. Ransomware is a type of crypto-malware that’s designed to encrypt all data found on a victim’s system, except the host operating system. The intention is to encrypt the victim’s most valuable asset on the compromised system, the data stored on local storage media, and request a ransom payment in the form of cryptocurrencies to obtain the decryption keys to recover the data. The longer the ransomware is on a compromised system, the ransomware agent could establish a Command and Control (C2) communication channel with one or more C2 servers that are owned and managed by cyber criminals to receive updates and additional instructions. The threat actor can push updates to the ransomware agent to frequently update the cryptographic keys that are used to encrypt the victim’s data – therefore, reducing the likelihood that the victim is able to safely recover their data from the ransomware. During this time, the threat actor is also exfiltrating the data found on the victim’s system and selling it on various marketplaces on the Dark Web to the highest bidder. Cyber criminals are intelligent; they are very aware that organizations know the value of data that is stored on their computers and servers, and will do almost anything to recover their data as soon as possible.

NOTE

Ransomware has the capability of also compromising the data stored in various cloud storage services that are linked to the infected system. For instance, imagine a user’s system has a cloud storage agent running to ensure the user’s data is constantly synchronized. If the system is infected with ransomware, the infection will encrypt all data on the local storage drives, including those that are synchronized to the cloud service provider platform. However, various cloud storage providers have built-in protection against these types of threats.

From a cybersecurity perspective, it’s not recommended to pay the ransom as there’s no guarantee or reassurance that the threat actors will release the encrypted data or even provide the right decryption key to recover your data. It is important to note that threat actors are not only demanding ransom payment by encrypting data but also by threatening to expose organizational and customer sensitive data by releasing it or onto pastedump sites such as pastebin.com and to the media. This “doubling-down” on the pressure applied makes it difficult for victims not to cave into the ransomware gangs’ demands.

For instance, there are many organizations around the world with a reactive approach to cybersecurity, such that they will only react when their systems and network are compromised by a cyber-attack rather than implementing mitigation and countermeasures to prevent future threats. However, if an organization does not implement proper cyber defenses with an effective incident response plan, when ransomware compromises a vulnerable system within a network, it has the potential to automatically spread to other vulnerable systems within the organization to expand its foothold. Therefore, the longer it takes to contain/isolate the threat on the network, the more damage can be done.

NOTE

While working on the previous edition of this book, the technical reviewer, Mr. Rishalin Pillay, mentioned that during his time at Microsoft, he had seen how attackers “may” give the decryption key to victims; however, the threat actors mostly implant additional malware to return later for more cash gains. Essentially, the targeted organization becomes a “cash cow” for the threat actors (attacking group).

Therefore, without cybersecurity professionals, researchers, and security solutions, many organizations and users are left unprotected from various types of threats. For instance, many banks provide an online banking system that enables their customers to perform various types of transactions such as making payments, transferring funds, and so on. Imagine if cyber criminals discovered weak security controls on a bank’s customer login portal and found a way to take advantage of the security weakness to gain unauthorized access to multiple customers’ accounts, steal their Personally Identifiable Information (PII), and transfer funds out of their accounts. Therefore, safeguarding customer data is crucial, not only to protect individuals from immediate financial loss but also to prevent their information from being used in future cyber-attacks.

In the next section, you will learn about common security-related terminology in the industry.

Previous Section
End of Section 2
Next Section