Book Image

The Ultimate Kali Linux Book - Third Edition

By : Glen D. Singh
5 (2)
Book Image

The Ultimate Kali Linux Book - Third Edition

5 (2)
By: Glen D. Singh

Overview of this book

Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity professionals. In its latest third edition, this book goes further to guide you on how to setup your labs and explains breaches using enterprise networks. This book is designed for newcomers and those curious about penetration testing, this guide is your fast track to learning pentesting with Kali Linux 2024.x. Think of this book as your stepping stone into real-world situations that guides you through lab setups and core penetration testing concepts. As you progress in the book you’ll explore the toolkit of vulnerability assessment tools in Kali Linux, where gathering information takes the spotlight. You'll learn how to find target systems, uncover device security issues, exploit network weaknesses, control operations, and even test web applications. The journey ends with understanding complex web application testing techniques, along with industry best practices. As you finish this captivating exploration of the Kali Linux book, you'll be ready to tackle advanced enterprise network testing – with newfound skills and confidence.

Related Content you might be interested in

Current Title:

Small book image
The Ultimate Kali Linux Book - Third Edition
Glen D. Singh
Apr, 2024 | 828 pages
Small book image
Reconnaissance for Ethical Hackers
Glen D Singh
Aug, 2023 | 430 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Free Chapter
1
Introduction to Ethical Hacking
Introduction to Ethical Hacking
Understanding the need for cybersecurity
Exploring cybersecurity terminology
Identifying threat actors and their intent
Understanding what matters to threat actors
Exploring the importance of penetration testing
Penetration testing methodologies
Discovering penetration testing approaches
Types of penetration testing
Exploring the phases of penetration testing
Understanding the Cyber Kill Chain framework
Summary
Further reading
2
Building a Penetration Testing Lab
Building a Penetration Testing Lab
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up and working with Kali Linux
Setting up a vulnerable web application
Deploying Metasploitable 2 as a vulnerable machine
Building and deploying Metasploitable 3
Summary
Further reading
3
Setting Up for Advanced Penetration Testing Techniques
Setting Up for Advanced Penetration Testing Techniques
Technical requirements
Building an Active Directory red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
4
Passive Reconnaissance
Passive Reconnaissance
Technical requirements
The importance of reconnaissance
Exploring passive reconnaissance
Creating a sock puppet
Anonymizing internet-based traffic
Summary
Further reading
5
Exploring Open-Source Intelligence
Exploring Open-Source Intelligence
Technical requirements
Google hacking techniques
Domain reconnaissance
Sub-domain harvesting
Identifying organizational infrastructure
Harvesting employees’ data using Hunter
Automating social media reconnaissance with Sherlock
Summary
Further reading
6
Active Reconnaissance
Active Reconnaissance
Technical requirements
Understanding active information
Profiling websites using EyeWitness
Exploring active scanning techniques
Using scanning evasion techniques
Enumerating network services
Discovering data leaks in the cloud
Summary
Further reading
7
Performing Vulnerability Assessments
Performing Vulnerability Assessments
Technical requirements
Getting started with Nessus
Vulnerability identification using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
8
Understanding Network Penetration Testing
Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and Monitoring wireless modes
Summary
Further reading
9
Performing Network Penetration Testing
Performing Network Penetration Testing
Technical requirements
Exploring password-based attacks
Performing host discovery
Identifying and exploiting vulnerable services
Summary
Further reading
10
Post-Exploitation Techniques
Post-Exploitation Techniques
Technical requirements
Pass-the-hash techniques
Post exploitation using Meterpreter
Data encoding and exfiltration
Summary
Further reading
11
Delving into Command and Control Tactics
Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
12
Working with Active Directory Attacks
Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
13
Advanced Active Directory Attacks
Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
14
Advanced Wireless Penetration Testing
Advanced Wireless Penetration Testing
Technical Requirements
Introduction to Wireless Networking
Performing Wireless Reconnaissance
Compromising WPA/WPA2 Networks
Performing AP-less Attacks
Exploiting Enterprise Networks
Setting Up a Wi-Fi Honeypot
Exploiting WPA3 Attacks
Summary
Further Reading
15
Social Engineering Attacks
Social Engineering Attacks
Technical requirements
Fundamentals of social engineering
Types of social engineering
Planning for each type of social engineering attack
Defending against social engineering
Exploring social engineering tools and techniques
Summary
Further reading
16
Understanding Website Application Security
Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
17
Advanced Website Penetration Testing
Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Exploring server-side request forgery
Understanding security logging and monitoring failures
Understanding cross-site scripting
Automating SQL injection attacks
Performing client-side attacks
Summary
Further reading
18
Best Practices for the Real World
Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker’s toolkit
Setting up remote access
Next steps ahead
Summary
Further reading
19
Index
Index
Appendix
Setting Up a Penetration Testing Lab on Ubuntu Desktop
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up Kali Linux on Ubuntu
Setting up Metasploitable 3 on Ubuntu
Summary

Understanding the Cyber Kill Chain framework

As an aspiring ethical hacker and penetration tester who’s breaking into the cybersecurity industry, it’s essential to understand the mindset of threat actors, adversaries, and malicious actors. To be better at penetration testing, you need to develop a very creative and strategic mindset. To put it simply, you need to think like a real hacker if you are to compromise systems and networks as a cybersecurity professional.

Cyber Kill Chain is a seven-stage framework developed by Lockheed Martin, an American aerospace corporation. This framework outlines each critical step a threat actor will need to perform before they are successful in meeting the objectives and goals of the cyber-attack against their targets. Cybersecurity professionals will be able to reduce the likelihood of the threat actor meeting their goals and reduce the amount of damage if they are able to stop the attacker during the earlier phases of the Cyber Kill Chain.

The following diagram shows the seven stages of the Cyber Kill Chain that are used by threat actors:

Figure 1.3: Cyber Kill Chain phases

As shown in the preceding diagram, each stage of the Cyber Kill Chain flows into the other until the adversary reaches the last phase, actions on objectives, in which the threat actor has successfully achieved the goals of their cyber-attack, and neither the cyber defenses nor cybersecurity team of the compromised organization were able to stop the attack or hacker in their tracks. This is the typical operation of a red team, to simulate real-world adversary threats that are similar to APTs. Unlike penetration testers who are given a time constraint and scope for testing, red teamers do not typically have a scope or time constraint to perform their security testing on a target. However, red teamers still need legal permission prior to any security testing.

On the blue team side of cybersecurity operations, security engineers need to ensure the systems and networks are very well protected and monitored for any potential threats. If a threat is detected, the blue team needs to analyze and contain (isolate) the threat as quickly as possible, preventing it from spreading to other devices on the network. However, as aspiring ethical hackers and penetration testers, we can apply the techniques and strategies used by threat actors that are associated with each stage of the Cyber Kill Chain to achieve our objectives during a real-world penetration test for an organization.

In the next few sections, you will learn about the fundamentals of each stage of the Cyber Kill Chain, how each is used by threat actors, and how penetration testers apply these strategies within their security assessments.

Reconnaissance

As with every battle plan, it’s important to know a lot about your opponent before starting a war. The reconnaissance phase focuses on gathering a lot of information and intelligence about the target, whether it’s a person or an organization. Threat actors and penetration testers use this stage to create a profile of their targets, which contains IP addresses, operating systems, open service ports, running applications, security vulnerabilities, and any sensitive resources that may be unintentionally exposed that can increase the attack surface.

NOTE

The reconnaissance stage involves both passive and active information-gathering techniques, which will be covered in later chapters of this book. You will also discover tools and techniques to improve your information-collecting and analysis skills during a penetration test.

Threat actors will spend a lot of time researching their target to determine the geolocation of any physical offices, online services, domain names, network infrastructure, online servers, web applications, employees’ contact details, telephone numbers, email addresses, and so on. The main objective is to know as much information about the target as possible. Sometimes, this phase can take a long time. Compared to a penetration tester who has a specific time period to perform the entire penetration test, it can take 1 to 2 days of intensive research before moving on to the next phase. However, since adversaries do not have any time constraints like ethical hackers and penetration testers, they can spend a lot more time collecting information, looking for security vulnerabilities, and better planning their cyber-attacks on the target.

Weaponization

Using the information gathered from the reconnaissance phase, the threat actor and penetration tester can use it to better craft a weapon, also referred to as an exploit, which can take advantage of a security vulnerability in the targeted system. The weapon (exploit) has to be specially crafted and tested to ensure it is successful when launched by the threat actor or penetration tester. The objective of the exploit is to compromise the confidentiality, integrity, and/or availability (CIA) of the systems or networks that are owned by the targeted organization.

Both threat actors and penetration testers need to consider the likelihood that their exploit will be detected by any antimalware, endpoint detection and response (EDR), and any threat detection solutions that monitor the targeted systems and network. Therefore, it’s important to encode or disguise the exploit to reduce triggering any security sensors and alerting the security team.

An exploit takes advantage of a vulnerability. After that happens, what’s next? To be a bit more strategic, threat actors and penetration testers will couple their exploit with additional payloads. The payload is unleashed after the exploit has compromised the system. As a simple example, a payload can be used to create a persistent backdoor on the targeted system to allow the threat actor or the penetration tester remote access to the system at any time when the compromised system is online.

Delivery

After creating the exploit (weapon), the threat actor or penetration tester has to use an attack vector as a method to deliver the exploit onto the targeted system. Delivery can be done using the creative mindset of the attacker, whether using email messaging, instant messaging services, or even by creating drive-by downloads on compromised web services. Another technique is to copy the exploit onto multiple USB drives and drop them within the compound of the target organization, with the hope that an employee will find it and connect it to an internal system due to human curiosity.

The following is a picture of a USB Rubber Ducky, which is commonly used during ethical hacking and penetration testing:

Figure 1.4: USB rubbery ducky

As shown in the preceding image, the USB Rubber Ducky enables a penetration tester to load malicious scripts onto a memory card. Once this device is connected to a computer, it is detected as a human interface device (HID) such as a keyboard, and then executes the script on the targeted system. This is just one of many creative ideas for delivering a payload to a target.

As an aspiring ethical hacker and penetration tester, ensure you have multiple methods of delivering the weapon to the target, such that, in the event that one method does not work, you have alternative solutions.

Exploitation

After the weapon (exploit) is delivered to the target, the attacker needs to ensure that when the exploit is executed, it is successful in taking advantage of the security vulnerability of the targeted system as intended. If the exploit does not work, the threat actor or penetration tester may be detected by the organization’s cyber defenses and this can create a halt in the Cyber Kill Chain. The attacker needs to ensure the exploit is tested properly before executing it on the targeted system.

Installation

After the threat actor has exploited the targeted system, the attacker will attempt to create multiple persistent backdoor accesses to the compromised system. This allows the threat actor or the penetration tester to have multiple channels of entry back into the system and network. During this stage, additional applications may be usually installed while the threat actor takes a lot of precautions to avoid detection by any threat detection systems.

Command and Control (C2)

An important stage in a cyber-attack is creating C2 communication channels between the compromised systems and a C2 server on the internet. This allows the threat actor to centrally control a group of infected systems (zombies) in a collection of a botnet using a C2 server that is managed by the adversary. This allows the threat actor to create an army of zombies, all controlled and managed by a single threat actor. The following diagram shows an example of C2:

Figure 1.5: Command and Control operations

The threat actor uses data encryption, encapsulation, and various tunneling techniques to evade threat detection systems within target organizations. Similarly, there is an advanced stage of penetration testing known as red teaming where there are no limitations (rules of engagement) on the methods and techniques used to compromise a target organization, with the objective of simulating the closest thing to a real advanced cyber-attack of a malicious cyber army. However, keep in mind that legal permission is still needed for any type of red team engagement.

Actions on objectives

If the threat actor or penetration tester is able to reach this stage of the Cyber Kill Chain, the organization’s blue team has failed to stop the attacker and prevent the cyber-attack. At this stage, the threat actor has completed their objectives and achieved the goals of the attack. In this phase, the attacker can complete the main objective of the attack, whether it’s exfiltrating data from the organization and selling it on the Dark Web or even extending their botnet for a larger-scale cyber-attack on another target organization.

Stopping the threat actor or penetration tester at this phase is considered to be extremely difficult as the attacker would have already established multiple persistent backdoor accesses with encrypted C2 communication channels on many compromised systems within the targeted organization. Furthermore, the threat actor will also be clearing traces of any evidence or artifacts that could help cybersecurity professionals trace the source attack to the threat actor.

Having completed this section, you have learned about the various stages of the Cyber Kill Chain and how it helps cybersecurity professionals understand the intentions of threat actors. Additionally, you have learned how penetration testers can implement these strategies within their penetration testing engagements.

Previous Section
End of Section 11
Next Section