Book Image

The Ultimate Kali Linux Book - Third Edition

By : Glen D. Singh
5 (2)
Book Image

The Ultimate Kali Linux Book - Third Edition

5 (2)
By: Glen D. Singh

Overview of this book

Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity professionals. In its latest third edition, this book goes further to guide you on how to setup your labs and explains breaches using enterprise networks. This book is designed for newcomers and those curious about penetration testing, this guide is your fast track to learning pentesting with Kali Linux 2024.x. Think of this book as your stepping stone into real-world situations that guides you through lab setups and core penetration testing concepts. As you progress in the book you’ll explore the toolkit of vulnerability assessment tools in Kali Linux, where gathering information takes the spotlight. You'll learn how to find target systems, uncover device security issues, exploit network weaknesses, control operations, and even test web applications. The journey ends with understanding complex web application testing techniques, along with industry best practices. As you finish this captivating exploration of the Kali Linux book, you'll be ready to tackle advanced enterprise network testing – with newfound skills and confidence.

Related Content you might be interested in

Current Title:

Small book image
The Ultimate Kali Linux Book - Third Edition
Glen D. Singh
Apr, 2024 | 828 pages
Small book image
Reconnaissance for Ethical Hackers
Glen D Singh
Aug, 2023 | 430 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Free Chapter
1
Introduction to Ethical Hacking
Introduction to Ethical Hacking
Understanding the need for cybersecurity
Exploring cybersecurity terminology
Identifying threat actors and their intent
Understanding what matters to threat actors
Exploring the importance of penetration testing
Penetration testing methodologies
Discovering penetration testing approaches
Types of penetration testing
Exploring the phases of penetration testing
Understanding the Cyber Kill Chain framework
Summary
Further reading
2
Building a Penetration Testing Lab
Building a Penetration Testing Lab
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up and working with Kali Linux
Setting up a vulnerable web application
Deploying Metasploitable 2 as a vulnerable machine
Building and deploying Metasploitable 3
Summary
Further reading
3
Setting Up for Advanced Penetration Testing Techniques
Setting Up for Advanced Penetration Testing Techniques
Technical requirements
Building an Active Directory red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
4
Passive Reconnaissance
Passive Reconnaissance
Technical requirements
The importance of reconnaissance
Exploring passive reconnaissance
Creating a sock puppet
Anonymizing internet-based traffic
Summary
Further reading
5
Exploring Open-Source Intelligence
Exploring Open-Source Intelligence
Technical requirements
Google hacking techniques
Domain reconnaissance
Sub-domain harvesting
Identifying organizational infrastructure
Harvesting employees’ data using Hunter
Automating social media reconnaissance with Sherlock
Summary
Further reading
6
Active Reconnaissance
Active Reconnaissance
Technical requirements
Understanding active information
Profiling websites using EyeWitness
Exploring active scanning techniques
Using scanning evasion techniques
Enumerating network services
Discovering data leaks in the cloud
Summary
Further reading
7
Performing Vulnerability Assessments
Performing Vulnerability Assessments
Technical requirements
Getting started with Nessus
Vulnerability identification using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
8
Understanding Network Penetration Testing
Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and Monitoring wireless modes
Summary
Further reading
9
Performing Network Penetration Testing
Performing Network Penetration Testing
Technical requirements
Exploring password-based attacks
Performing host discovery
Identifying and exploiting vulnerable services
Summary
Further reading
10
Post-Exploitation Techniques
Post-Exploitation Techniques
Technical requirements
Pass-the-hash techniques
Post exploitation using Meterpreter
Data encoding and exfiltration
Summary
Further reading
11
Delving into Command and Control Tactics
Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
12
Working with Active Directory Attacks
Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
13
Advanced Active Directory Attacks
Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
14
Advanced Wireless Penetration Testing
Advanced Wireless Penetration Testing
Technical Requirements
Introduction to Wireless Networking
Performing Wireless Reconnaissance
Compromising WPA/WPA2 Networks
Performing AP-less Attacks
Exploiting Enterprise Networks
Setting Up a Wi-Fi Honeypot
Exploiting WPA3 Attacks
Summary
Further Reading
15
Social Engineering Attacks
Social Engineering Attacks
Technical requirements
Fundamentals of social engineering
Types of social engineering
Planning for each type of social engineering attack
Defending against social engineering
Exploring social engineering tools and techniques
Summary
Further reading
16
Understanding Website Application Security
Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
17
Advanced Website Penetration Testing
Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Exploring server-side request forgery
Understanding security logging and monitoring failures
Understanding cross-site scripting
Automating SQL injection attacks
Performing client-side attacks
Summary
Further reading
18
Best Practices for the Real World
Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker’s toolkit
Setting up remote access
Next steps ahead
Summary
Further reading
19
Index
Index
Appendix
Setting Up a Penetration Testing Lab on Ubuntu Desktop
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up Kali Linux on Ubuntu
Setting up Metasploitable 3 on Ubuntu
Summary

Types of penetration testing

As an aspiring ethical hacker and penetration tester, it’s important to understand the difference between a vulnerability assessment and penetration testing. In a vulnerability assessment, the cybersecurity professional uses a vulnerability scanner to perform authenticated and unauthenticated scans, which is used to help identify the security posture of the targeted systems within the organization. These vulnerability scanners use various techniques to automate the process of discovering a wide range of security weaknesses in systems.

The downside of using an automated vulnerability scanning tool is its incapability to identify the issues that manual testing can via penetration testing to validate the vulnerabilities that actually exist on the target, and this is one of the many reasons why organizations hire penetration testers to perform these assessments on their systems. However, if the penetration tester only delivers the reports of the vulnerability scanning tools instead of performing manual testing during a network-based penetration test, in my opinion, this is highly unethical. Keep in mind that most effective security assessments often involve a combination of automated scanning and manual penetration testing. Automated tools can quickly cover a broad surface area, allowing manual testers to focus their efforts on more complex and potentially high-impact vulnerabilities. During the course of this book, you will learn how to perform successful penetration testing using industry practices, tools, and techniques.

In the upcoming subsections, you will learn about common types of penetration testing and their use cases.

Web application penetration testing

Web application penetration testing (WAPT), is the most common form of penetration testing and is likely to be the first penetration testing job most people reading this book will be involved in. WAPT is the act of performing manual identification and exploitation of security vulnerabilities in a targeted web application using techniques such as SQL injection (SQLi), cross-site scripting (XSS), and business logic errors that automated tools might miss.

In the later chapters of this book, you will gain the skills and hands-on experience of getting started with WAPT.

Mobile application penetration testing

As you may have noticed, the different types of penetration testing each have specific objectives. Mobile application penetration testing is similar to WAPT but it’s specific to mobile applications, which contain their own attack vectors and threats. This is a rising form of penetration testing with a great deal of opportunity for those who are looking to break into this field and have an understanding of mobile application development.

Social engineering penetration testing

Social engineering is the art of manipulating basic human psychology (the mind) to find human-based vulnerabilities and trick potential victims into doing things they may not otherwise do. The primary goal of social engineering penetration testing is to identify vulnerabilities in an organization’s security awareness and procedures and to measure how employees respond to social engineering attacks.

For instance, adversaries will attempt to trick an employee within a targeted organization into connecting a malware-infected USB drive to their computer or opening a malware-infected attachment within an email message. In my opinion, it is the most adrenaline-filled type of security assessment.

In this form of penetration testing, you may be asked to do activities such as sending phishing emails, making vishing phone calls, or talking your way into secure facilities and connecting a USB drive to the system to determine what a real adversary could achieve. There are many types of social engineering attacks, which will be covered later on in this book.

Network penetration testing (external and internal)

Network penetration testing focuses on identifying security weaknesses in a targeted environment. The penetration test objectives are to identify the flaws in the targeted organization’s systems, their networks (wired and wireless), and their networking devices such as switches and routers.

The following are some tasks that are performed using network penetration testing:

  • Bypassing an intrusion detection system (IDS)/IPS
  • Bypassing firewall appliances
  • Password cracking
  • Gaining access to end devices and servers
  • Exploiting misconfigurations on switches and routers

External network penetration testing focuses on performing security testing from the internet to identify any security vulnerabilities that a malicious actor can identify and exploit to gain authorized access to the organization’s internal network. In internal penetration testing, the penetration tester deploys their attack machine, which is directly connected to the organization’s internal network; therefore, the penetration testing is no longer concerned about bypassing the organization’s perimeter firewall.

Cloud penetration testing

Cloud penetration testing involves performing security assessments to identify the risks on cloud-based platforms to discover any security vulnerabilities that may expose confidential information to malicious actors. Before attempting to directly engage a cloud platform, ensure you have legal permission from the cloud provider. For instance, if you are going to perform penetration testing on the Microsoft Azure platform, you’ll need legal permission from both the cloud provider (Microsoft), as your actions may affect other users and services who are sharing the data center, and the customer who is hiring you for the service.

Cloud penetration testing can include various aspects such as testing the cloud provider’s infrastructure, the customer’s cloud-based applications, and the configuration of cloud services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

Physical penetration testing

Physical penetration testing focuses on testing the physical security access control systems in place to protect an organization’s data. Security controls exist within offices and data centers to prevent unauthorized persons from entering secure areas of a company.

Physical security controls include the following:

  • Security cameras and sensors – Security cameras are used to monitor physical actions within an area.
  • Biometric authentication systems – Biometrics are used to ensure that only authorized people are granted access to an area.
  • Doors and locks – Locking systems are used to prevent unauthorized persons from entering a secure room or area.
  • Security guards – Security guards are people who are assigned to protect something, someone, or an area.

Having completed this section, you are now able to describe various types of penetration testing. Your journey ahead won’t be complete without understanding the phases of hacking. The different phases of hacking will be covered in the next section.

Previous Section
End of Section 9
Next Section