Book Image

The Ultimate Kali Linux Book - Third Edition

By : Glen D. Singh
5 (2)
Book Image

The Ultimate Kali Linux Book - Third Edition

5 (2)
By: Glen D. Singh

Overview of this book

Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity professionals. In its latest third edition, this book goes further to guide you on how to setup your labs and explains breaches using enterprise networks. This book is designed for newcomers and those curious about penetration testing, this guide is your fast track to learning pentesting with Kali Linux 2024.x. Think of this book as your stepping stone into real-world situations that guides you through lab setups and core penetration testing concepts. As you progress in the book you’ll explore the toolkit of vulnerability assessment tools in Kali Linux, where gathering information takes the spotlight. You'll learn how to find target systems, uncover device security issues, exploit network weaknesses, control operations, and even test web applications. The journey ends with understanding complex web application testing techniques, along with industry best practices. As you finish this captivating exploration of the Kali Linux book, you'll be ready to tackle advanced enterprise network testing – with newfound skills and confidence.

Related Content you might be interested in

Current Title:

Small book image
The Ultimate Kali Linux Book - Third Edition
Glen D. Singh
Apr, 2024 | 828 pages
Small book image
Reconnaissance for Ethical Hackers
Glen D Singh
Aug, 2023 | 430 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Small book image
Learn Penetration Testing
Rishalin Pillay
May, 2019 | 424 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Free Chapter
1
Introduction to Ethical Hacking
Introduction to Ethical Hacking
Understanding the need for cybersecurity
Exploring cybersecurity terminology
Identifying threat actors and their intent
Understanding what matters to threat actors
Exploring the importance of penetration testing
Penetration testing methodologies
Discovering penetration testing approaches
Types of penetration testing
Exploring the phases of penetration testing
Understanding the Cyber Kill Chain framework
Summary
Further reading
2
Building a Penetration Testing Lab
Building a Penetration Testing Lab
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up and working with Kali Linux
Setting up a vulnerable web application
Deploying Metasploitable 2 as a vulnerable machine
Building and deploying Metasploitable 3
Summary
Further reading
3
Setting Up for Advanced Penetration Testing Techniques
Setting Up for Advanced Penetration Testing Techniques
Technical requirements
Building an Active Directory red team lab
Setting up a wireless penetration testing lab
Summary
Further reading
4
Passive Reconnaissance
Passive Reconnaissance
Technical requirements
The importance of reconnaissance
Exploring passive reconnaissance
Creating a sock puppet
Anonymizing internet-based traffic
Summary
Further reading
5
Exploring Open-Source Intelligence
Exploring Open-Source Intelligence
Technical requirements
Google hacking techniques
Domain reconnaissance
Sub-domain harvesting
Identifying organizational infrastructure
Harvesting employees’ data using Hunter
Automating social media reconnaissance with Sherlock
Summary
Further reading
6
Active Reconnaissance
Active Reconnaissance
Technical requirements
Understanding active information
Profiling websites using EyeWitness
Exploring active scanning techniques
Using scanning evasion techniques
Enumerating network services
Discovering data leaks in the cloud
Summary
Further reading
7
Performing Vulnerability Assessments
Performing Vulnerability Assessments
Technical requirements
Getting started with Nessus
Vulnerability identification using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
Summary
Further reading
8
Understanding Network Penetration Testing
Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Antimalware evasion techniques
Working with wireless adapters
Managing and Monitoring wireless modes
Summary
Further reading
9
Performing Network Penetration Testing
Performing Network Penetration Testing
Technical requirements
Exploring password-based attacks
Performing host discovery
Identifying and exploiting vulnerable services
Summary
Further reading
10
Post-Exploitation Techniques
Post-Exploitation Techniques
Technical requirements
Pass-the-hash techniques
Post exploitation using Meterpreter
Data encoding and exfiltration
Summary
Further reading
11
Delving into Command and Control Tactics
Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Post-exploitation using Empire
Working with Starkiller
Summary
Further reading
12
Working with Active Directory Attacks
Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Leveraging network-based trust
Summary
Further reading
13
Advanced Active Directory Attacks
Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Attacking Active Directory
Domain dominance and persistence
Summary
Further reading
14
Advanced Wireless Penetration Testing
Advanced Wireless Penetration Testing
Technical Requirements
Introduction to Wireless Networking
Performing Wireless Reconnaissance
Compromising WPA/WPA2 Networks
Performing AP-less Attacks
Exploiting Enterprise Networks
Setting Up a Wi-Fi Honeypot
Exploiting WPA3 Attacks
Summary
Further Reading
15
Social Engineering Attacks
Social Engineering Attacks
Technical requirements
Fundamentals of social engineering
Types of social engineering
Planning for each type of social engineering attack
Defending against social engineering
Exploring social engineering tools and techniques
Summary
Further reading
16
Understanding Website Application Security
Understanding Website Application Security
Technical requirements
Understanding web applications
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Understanding injection-based attacks
Exploring broken access control attacks
Discovering cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Summary
Further reading
17
Advanced Website Penetration Testing
Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Exploiting identification and authentication failures
Understanding software and data integrity failures
Exploring server-side request forgery
Understanding security logging and monitoring failures
Understanding cross-site scripting
Automating SQL injection attacks
Performing client-side attacks
Summary
Further reading
18
Best Practices for the Real World
Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Penetration testing checklist
Creating a hacker’s toolkit
Setting up remote access
Next steps ahead
Summary
Further reading
19
Index
Index
Appendix
Setting Up a Penetration Testing Lab on Ubuntu Desktop
Technical requirements
An overview of the lab setup and technologies used
Setting up a hypervisor and virtual networks
Setting up Kali Linux on Ubuntu
Setting up Metasploitable 3 on Ubuntu
Summary

Summary

In this chapter, you have learned about the importance and need for cybersecurity professionals and solutions around the world to safeguard assets from cyber criminals. Furthermore, you now have a better understanding of different types of threat actors and their reasons for performing cyber-attacks on their targets. In addition, you have explored what matters to threat actors and how various factors can affect their motives and determine whether it’s truly worth attacking a system or organization.

You have also learned about the various phases of penetration testing that are commonly used by threat actors. Each phase of penetration testing is important to ensure the ethical hacker and penetration tester is efficiently able to test the cyber defenses of a targeted organization and discover hidden security vulnerabilities.

I trust that the knowledge presented in this chapter has provided you with valuable insights, supporting your path toward becoming an ethical hacker and penetration tester in the dynamic field of cybersecurity. May this newfound understanding empower you in your journey, allowing you to navigate the industry with confidence and make significant contributions. In the next chapter, Chapter 2, Building a Penetration Testing Lab, you will learn how to design and build a virtualized penetration testing lab on your personal computer that will be used to hone your new skills in a safe environment.

Previous Section
End of Section 12
Next Section