Sign In Start Free Trial

Book Overview & Buying
Table Of Contents
Feedback & Rating

Mastering Kali Linux for Advanced Penetration Testing - Third Edition

By : Vijay Kumar Velu, Robert Beggs

4.4 (8)

Mastering Kali Linux for Advanced Penetration Testing

4.4 (8)

By: Vijay Kumar Velu, Robert Beggs

Overview of this book

This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters. To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices. Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices.

Preface

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Disclaimer

Free Chapter

Goal-Based Penetration Testing

Goal-Based Penetration Testing

Conceptual overview of security testing

Misconceptions of vulnerability scanning, penetration testing, and red team exercises

Objective-based penetration testing

The testing methodology

Introduction to Kali Linux – features

Installing and updating Kali Linux

Organizing Kali Linux

Building a verification lab

Managing collaborative penetration testing using Faraday

Summary

Open Source Intelligence and Passive Reconnaissance

Open Source Intelligence and Passive Reconnaissance

Basic principles of reconnaissance

Google Hacking Database

Creating custom wordlists for cracking passwords

Summary

Active Reconnaissance of External and Internal Networks

Active Reconnaissance of External and Internal Networks

Stealth scanning strategies

DNS reconnaissance and route mapping

Employing comprehensive reconnaissance applications

Identifying the external network infrastructure

Mapping beyond the firewall

IDS/IPS identification

Enumerating hosts

Port, operating system, and service discovery

Writing your own port scanner using netcat

Large-scale scanning

Summary

Vulnerability Assessment

Vulnerability Assessment

Vulnerability nomenclature

Local and online vulnerability databases

Vulnerability scanning with Nmap

Web application vulnerability scanners

Vulnerability scanners for mobile applications

The OpenVAS network vulnerability scanner

Commercial vulnerability scanners

Specialized scanners

Threat modeling

Summary

Advanced Social Engineering and Physical Security

Advanced Social Engineering and Physical Security

Methodology and attack methods

Physical attacks at the console

Creating a rogue physical device

The Social Engineering Toolkit (SET)

Hiding executables and obfuscating the attacker's URL

Escalating an attack using DNS redirection

Launching a phishing attack

Using bulk transfer as a mode of phishing

Summary

Wireless Attacks

Wireless Attacks

Configuring Kali for wireless attacks

Wireless reconnaissance

Bypassing a hidden SSID

Bypassing the MAC address authentication and open authentication

Attacking WPA and WPA2

Denial-of-service (DoS) attacks against wireless communications

Compromising enterprise implementations of WPA/WPA2

Working with Ghost Phisher

Summary

Exploiting Web-Based Applications

Exploiting Web-Based Applications

Web application hacking methodology

The hacker's mind map

Reconnaissance of web apps

Client-side proxies

Application-specific attacks

Summary

Client-Side Exploitation

Client-Side Exploitation

Backdooring executable files

Attacking a system using hostile scripts

The Cross-Site Scripting framework

The Browser Exploitation Framework (BeEF)

Understanding BeEF Browser

Summary

Bypassing Security Controls

Bypassing Security Controls

Bypassing Network Access Control (NAC)

Bypassing the antivirus with files

Going fileless and evading antivirus

Bypassing application-level controls

Bypassing Windows operating system controls

Summary

Exploitation

Exploitation

The Metasploit Framework

Exploiting targets using MSF

Exploiting multiple targets using MSF resource files

Exploiting multiple targets with Armitage

Using public exploits

Developing a Windows exploit

Summary

Action on the Objective and Lateral Movement

Action on the Objective and Lateral Movement

Activities on the compromised local system

Horizontal escalation and lateral movement

Summary

Privilege Escalation

Privilege Escalation

Overview of the common escalation methodology

Escalating from domain user to system administrator

Local system escalation

Escalating from administrator to system

Credential harvesting and escalation attacks

Escalating access rights in Active Directory

Compromising Kerberos – the golden-ticket attack

Summary

Command and Control

Command and Control

Persistence

Using persistent agents

Domain fronting

Exfiltration of data

Hiding evidence of an attack

Summary

Embedded Devices and RFID Hacking

Embedded Devices and RFID Hacking

Embedded systems and hardware architecture

Firmware unpacking and updating

Introduction to RouterSploit Framework

UART

Cloning RFID using Chameleon Mini

Summary

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

4.4 (8)

5 star

75%

4 star

12.5%

3 star

0%

2 star

0%

1 star

12.5%

Identifying the external network infrastructure

Once the tester's identity is protected, identifying the devices on the internet-accessible portion of the network is the next critical first step in scanning a network.

Attackers and penetration testers use this information to do the following:

Identify devices that may confuse (load balancers) or eliminate (firewalls and packet inspection devices) test results
Identify devices with known vulnerabilities
Identify the requirement for continuing to implement stealthy scans
Gain an understanding of the target's focus on secure architecture and on security in general

traceroute provides basic information on packet filtering abilities; some other applications on Kali include the following:

Application	Description
`lbd`	Uses two DNS and HTTP-based techniques to detect load balancers (shown in the following screenshot...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Mastering Kali Linux for Advanced Penetration Testing

Search

Your notes and bookmarks