Mastering Kali Linux for Advanced Penetration Testing: Apply a proactive approach to secure your cyber infrastructure and enhance your pentesting skills, 4th Edition
- Length: 572 pages
- Edition: 4
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-02-28
- ISBN-10: 1801819777
- ISBN-13: 9781801819770
- Sales Rank: #544405 (See Top 100 Books)
Master key approaches used by real attackers to perform advanced pentesting in tightly secured infrastructure, cloud environments, and applications, and become familiar with the latest hacking techniques
Key Features
- Master advanced pentesting tactics and techniques with Kali Linux to build highly secure systems
- Leverage Kali Linux to penetrate modern infrastructures and avoid detection
- Explore red teaming and play the hackers game to proactively defend your infrastructure
Book Description
COVID-19 has changed the way we live and work. Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you will learn an offensive approach to enhance your penetration testing skills by becoming aware of the tactics employed by real attackers. You will be introduced to laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test.
Gathering all possible information on a target is pivotal for a penetration tester. This book covers the principles of passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on reconnaissance, different vulnerability assessments are explored, including threat modeling. You’ll also learn about COVID-19 pandemic-specific cyber failures and understand the cyber risks involved with working from home.
By the end of this Kali Linux book, you will have explored approaches for performing advanced pentesting in tightly secured infrastructure, cloud environments, and applications and hacking techniques employed on IoT, embedded peripheral devices, and radio frequencies.
What you will learn
- Exploit networks using wired/wireless networks, cloud infrastructure, and web services
- Learn embedded peripheral device, radio frequency, and IoT hacking techniques
- Master the art of bypassing traditional antivirus and endpoint detection and response (EDR) tools
- Test for data system exploits using Metasploit, PowerShell Empire, and CrackMapExec
- Perform cloud security vulnerability assessment and exploitation of security misconfiguration
- Take your physical security testing to the next level with RFID/Bluetooth hacking and learn how to clone identity cards
Who this book is for
This fourth edition is for security analysts, pentesters, ethical hackers, red team operators, and security consultants wanting to learn and optimize infrastructure/application/cloud security using advanced Kali Linux features. Prior penetration testing experience and basic knowledge of ethical hacking will help you make the most of this book.
Preface Who this book is for What this book covers To get the most out of this book Get in touch Goal-Based Penetration Testing Different types of threat actors Conceptual overview of security testing Common pitfalls of vulnerability assessments, penetration testing, and red team exercises Objective-based penetration testing The testing methodology Introduction to Kali Linux features The role of Kali in red team tactics Installing and updating Kali Linux Using as a portable device Installing Kali on a Raspberry Pi 4 Installing Kali on a VM VMware Workstation Player VirtualBox Installing to a Docker appliance Kali on AWS Cloud Kali on Google Cloud Platform (GCP) Kali on Android (non-rooted phones) Organizing Kali Linux Configuring and customizing Kali Linux Resetting the default password Configuring network services and secure communications Adjusting network proxy settings Accessing the secure shell remotely Speeding up Kali operations Sharing folders with the host operating system Using Bash scripts to customize Kali Building a verification lab Installing defined targets Lab Network Active Directory and Domain Controller Installing Microsoft Exchange Server 2016 Metasploitable3 Mutillidae CloudGoat Managing collaborative penetration testing using Faraday Summary Open-Source Intelligence and Passive Reconnaissance Basic principles of reconnaissance OSINT Offensive OSINT Gather domain information Maltego OSRFramework Web archives Passive Total Scraping Gathering usernames and email addresses Obtaining user information TinEye Online search portals SpiderFoot Other commercial tools Google Hacking Database Using dork scripts to query Google Data dump sites Defensive OSINT Dark web Security breaches Public records Threat intelligence Profiling users for password lists Creating custom wordlists for cracking passwords Using CeWL to map a website Extracting words from Twitter using twofi Summary Active Reconnaissance of External and Internal Networks Stealth scanning techniques Adjusting source IP stack and tool identification settings Modifying packet parameters Using proxies with anonymity networks DNS reconnaissance and route mapping The whois command (post GDPR) Employing comprehensive reconnaissance applications The recon-ng framework IPv4 IPv6 Using IPv6-specific tools Mapping the route to the target Identifying the external network infrastructure Mapping beyond the firewall IDS/IPS identification Enumerating hosts Live host discovery Port, operating system, and service discovery Port scanning Writing your own port scanner using netcat Fingerprinting the operating system Determining active services Large-scale scanning DHCP information Identification and enumeration of internal network hosts Native MS Windows commands ARP broadcasting Ping sweep Using scripts to combine masscan and nmap scans Taking advantage of SNMP Windows account information via SMB sessions Locating network shares Reconnaissance of active directory domain servers Enumerating the Microsoft Azure environment Using comprehensive tools (Legion) Using machine learning for reconnaissance Summary Vulnerability Assessment Vulnerability nomenclature Local and online vulnerability databases Vulnerability scanning with Nmap Introduction to Lua scripting Customizing NSE scripts Web application vulnerability scanners Nikto Customizing Nikto OWASP ZAP Vulnerability scanners for mobile applications The OpenVAS network vulnerability scanner Customizing OpenVAS Commercial vulnerability scanners Nessus Qualys Specialized scanners Threat modeling Summary Advanced Social Engineering and Physical Security Command methodology and TTPs Technology Computer-based Mobile-based People-based Physical attacks Voice-based Physical attacks at the console samdump2 and chntpw Sticky Keys Creating a rogue physical device Microcomputer or USB-based attack agents The Raspberry Pi MalDuino: the BadUSB The Social Engineering Toolkit (SET) Social-engineering attacks Credential harvester web attack method Multi-attack web attack method HTA web attack method Using the PowerShell alphanumeric shellcode injection attack Hiding executables and obfuscating the attacker’s URL Escalating an attack using DNS redirection Spear phishing attack Email phishing using Gophish Launching a phishing attack using Gophish Using bulk transfer as phishing to deliver payloads Summary Wireless and Bluetooth Attacks Introduction to wireless and Bluetooth technologies Configuring Kali for wireless attacks Wireless reconnaissance Bypassing a hidden SSID Bypassing MAC address authentication and open authentication Attacking WPA and WPA2 Brute-force attacks Attacking wireless routers with Reaver Denial of Service (DoS) attacks against wireless communications Compromising enterprise implementations of WPA2 Working with bettercap Evil Twin attack using Wifiphisher WPA3 Bluetooth attacks Summary Exploiting Web-Based Applications Web application hacking methodology The hacker’s mind map Reconnaissance of web apps Detection of web application firewall and load balancers Fingerprinting a web application and CMS Mirroring a website from the command line Client-side proxies Burp Proxy Web crawling and directory brute-force attacks Web service-specific vulnerability scanners Application-specific attacks Brute-forcing access credentials OS command injection using commix sqlmap XML injection Bit-flipping attack Maintaining access with web shells The Browser Exploitation Framework (BeEF) Installing and configuring BeEF Understanding the BeEF browser Using BeEF as a tunneling proxy Summary Cloud Security Exploitation Introduction to cloud services Vulnerability scanning and application exploitation in an EC2 instance Testing for S3 bucket misconfiguration Exploiting security permission flaws Obfuscating CloudTrail logs Summary Bypassing Security Controls Bypassing Network Access Control (NAC) Pre-admission NAC Adding new elements Identifying the rules Disabling endpoint security Post-admission NAC Bypassing isolation Detecting a honeypot Bypassing application-level controls Tunneling past client-side firewalls using SSH Inbound to outbound Bypassing URL filtering mechanisms Outbound to inbound Bypassing the antivirus with files Using the Veil framework Using Shellter Going fileless and evading antivirus Bypassing Windows operating system controls User Account Control (UAC) Using fodhelper to bypass UAC in Windows 10 Using Disk Cleanup to bypass UAC in Windows 10 Obfuscating the PowerShell and using fileless techniques Other Windows-specific operating system controls Access and authorization Encryption System security Communications security Auditing and logging Summary Exploitation The Metasploit Framework Libraries REX Framework core Framework base Interfaces Modules Database setup and configuration Exploiting targets using MSF Single targets using a simple reverse shell Exploiting multiple targets using MSF resource files Using public exploits Locating and verifying publicly available exploits Compiling and using exploits Compiling C files and executing exploits Adding the exploits that are written using the MSF as a base Developing a Windows exploit Identify the vulnerability through fuzzing Debug and replicate the crash Control the application execution Identify the right bad characters and generate shellcode Obtain the shell PowerShell Empire framework Summary Action on the Objective and Lateral Movement Activities on the compromised local system Conducting rapid reconnaissance of a compromised system Finding and taking sensitive data – pillaging the target Creating additional accounts Post-exploitation tools The Metasploit Framework – Meterpreter The PowerShell Empire project CrackMapExec Horizontal escalation and lateral movement Compromising domain trusts and shares PsExec, WMIC, and other tools WMIC Windows Credentials Editor Lateral movement using services Pivoting and port forwarding Using ProxyChains Summary Privilege Escalations Overview of the common escalation methodology Escalating from domain user to system administrator Local system escalation Escalating from administrator to system DLL injection Credential harvesting and escalation attacks Password sniffers Responder Performing a MiTM attack on LDAP over TLS Escalating access rights in Active Directory Compromising Kerberos – a golden-ticket attack Summary Command and Control Persistence Using persistent agents Employing Netcat as a persistent agent Using schtasks to configure a persistent task Maintaining persistence with the Metasploit framework Using the post exploit persistence module Creating a standalone persistent agent with Metasploit Persistence using online file storage cloud services Dropbox Microsoft OneDrive Covenant PoshC2 Domain fronting Using Amazon CloudFront for C2 Exfiltration of data Using existing system services (Telnet, RDP, and VNC) Using the ICMP protocol Hiding evidence of an attack Summary Embedded Devices and RFID Hacking Embedded systems and hardware architecture Embedded system basic architecture Understanding firmware Different types of firmware Understanding bootloaders Common tools Firmware unpacking and updating Introduction to RouterSploit Framework UART Cloning RFID using ChameleonMini Other tools Summary Other Books You May Enjoy Index
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Mastering Kali Linux for Advanced Penetration Testing: Apply a proactive approach to secure your cyber infrastructure and enhance your pentesting skills, 4th Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.