Wireless Penetration Testing: Up and Running: Run Wireless Networks Vulnerability Assessment, Wi-Fi Pen Testing, Android and iOS Application Security, and Break WEP, WPA, and WPA2 Protocols
- Length: 304 pages
- Edition: 1
- Language: English
- Publisher: BPB Publications
- Publication Date: 2022-12-08
- ISBN-10: 9355512740
- ISBN-13: 9789355512741
- Sales Rank: #0 (See Top 100 Books)
Examine, Attack, and Exploit Flaws and Vulnerabilities in Advanced Wireless Networks
KEY FEATURES
- Extensive hands-on lab instructions in using Kali Linux to crack wireless networks.
- Covers the misconceptions, failures, and best practices that can help any pen tester come up with their special cyber attacks.
- Extensive coverage of Android and iOS pentesting, as well as attacking techniques and simulated attack scenarios.
DESCRIPTION
This book satisfies any IT professional’s desire to become a successful ethical hacker who is willing to be employed in identifying and exploiting flaws in the organization’s network environment. This book explains in detail how to conduct wireless penetration tests using a wide variety of tools to simulate cyber attacks on both Android and iOS mobile devices and wireless networks.
This book walks you through the steps of wireless penetration testing from start to finish. Once Kali Linux has been installed on your laptop, as demonstrated, you will check the system requirements and install the wireless adapter. The book then explores the wireless LAN reconnaissance phase, which outlines the WEP and WPA/WPA2 security protocols and shows real-world attacks against them using Kali Linux tools like Aircrack-ng. Then, the book discusses the most recent and sophisticated cyberattacks that target access points and wireless devices and how to prepare a compelling and professionally presented report.
As a bonus, it removes myths, addresses misconceptions, and corrects common misunderstandings that can be detrimental to one’s professional credentials. Tips and advice that are easy to implement and can increase their marketability as a pentester are also provided, allowing them to quickly advance toward a satisfying career in the field.
WHAT YOU WILL LEARN
- Learn all about breaking the WEP security protocol and cracking authentication keys.
- Acquire the skills necessary to successfully attack the WPA/WPA2 protocol.
- Compromise the access points and take full control of the wireless network.
- Bring your laptop up to speed by setting up Kali Linux and a wifi adapter.
- Identify security flaws and scan for open wireless LANs.
- Investigate the process and steps involved in wireless penetration testing.
WHO THIS BOOK IS FOR
This book is primarily for pentesters, mobile penetration testing users, cybersecurity analysts, security engineers, and all IT professionals interested in pursuing a career in cybersecurity. Before diving into this book, familiarity with network security fundamentals is recommended.
Cover Page Title Page Copyright Page Dedication Page About the Author About the Reviewer Acknowledgement Preface Errata Table of Contents 1. Wireless Penetration Testing Lab Setup Introduction Structure Objectives Hardware requirements Software requirements Downloading and installing Kali Linux Installing Kali Linux inside VMware (Guest VM) step-by-step Wireless penetration testing tools Wireshark Scapy Nmap Aircrack-ng Metasploit Configuring an access point setting Installing wireless adaptor Connecting to the access point Conclusion Questions 2. Wireless Attacking Techniques and Methods Introduction Structure Objectives Access control attacks War driving Rogue access points Ad hoc associations MAC spoofing 802.11 RADIUS cracking Confidential attacks Eavesdropping WEP key cracking Evil twin AP AP phishing Man-in-the-middle attack Credential attacks Credential harvester Phishing Authentication attacks Shared key guessing PSK cracking Sniffing application credentials Cracking domain accounts VPN login cracking 802.11 identify theft 802.11 password guessing 802.11 LEAP cracking 802.11 EAP downgrade attack Conclusion Questions 3. Wireless Information Gathering and Footprinting Introduction Structure Objectives Footprinting Wireless network discovery Nmap Nmap commands Zenmap Wireless scanning Passive scanning Active scanning How does scanning work? Sniffing wireless networks The Wireshark application Ettercap dsniff Identifying your targets Protecting yourself from attacks Conclusion Questions 4. Wireless Vulnerability Research Introduction Structure Objectives Planning an attack Wireless attack The plan for attacking wireless networks Wireless password cracking WEP encryption Cracking WEP encryption WPA and WPA2 encryption Cracking WPA-PSK and WPA2-PSK passphrase Speeding up WPA and WPA2 Cracking Speeding up the cracking process Spoofing your mac address Protect yourself from wireless attacks Conclusion Questions 5. Gain Access to Wireless Network Introduction Structure Objectives Identifying hosts Network mapping tools Determining the network size Determining the network size using Kali Linux Detecting vulnerable hosts Preventing against threats Prevention identification of hosts Preventing others from determining your network size Protection of vulnerable hosts Conclusion Questions 6. Wireless Vulnerability Assessment Introduction Structure Objectives Planning an assessment Components of a vulnerability assessment plan Planning the process of a vulnerability assessment Setting up a vulnerability scanner Downloading Nessus Installing Nessus Running a Nessus vulnerability scan Configuring a Nessus vulnerability scan policy Configuring a Nessus vulnerability scan Launching a Nessus vulnerability scan Generating reports Resolving vulnerabilities Conclusion Questions 7. Client-side Attacks Introduction Structure Objectives How do client-side attacks work? Types of client-side attacks Sniffing unencrypted traffic Honeypot attacking Protecting yourself from a honeypot or man-in-the-middle attack How to start a fake access point (fake Wi-Fi) Preventing threats Conclusion Questions 8. Advanced Wireless Attacks Introduction Structure Objectives Capturing unencrypted traffic Man-in-the-middle attacks Metasploit Preventions Conclusion Questions 9. Wireless Post-Exploitation Introduction Structure Objectives What is routing? What is pivoting? Compromise first pivot and port forwarding Nmap via pivoting Port forwarding SSH brute-force over pivoting Gaining access to the second pivot MS08-067 with bind TCP Easy file share BoF Double pivoting Holy ProxyChains Mitigations Conclusion Questions 10. Android Penetration Testing Introduction Structure Objectives Android architecture The Linux kernel Confusion between Linux and the Linux kernel Android runtime The Java virtual machine The Dalvik virtual machine Zygote Core Java libraries ART Native libraries The application framework The applications layer Native Android or system apps User-installed or custom apps Android penetration testing environment setup Android Studio and SDK Downloading and installation of Android Studio The Android SDK The Android Debug Bridge Connecting to the device Getting access to the device Installing an application to the device Extracting files from the device Storing files to the device Stopping the service Viewing the log information Sideloading apps Genymotion Creating an Android virtual emulator Installing an application to the Genymotion emulator Installing the Genymotion plugin to Android Studio ARM apps and play store in Genymotion Configuring the emulator for HTTP proxy Setting up the proxy in Wi-Fi settings Setting up the proxy on mobile carrier settings Android penetration testing tools Secure android applications OWASP mobile top 10 vulnerabilities Improper platform usage Insecure data storage Insecure communication Insecure authentication Insufficient cryptography Insecure authorization Client code quality Code tampering Reverse engineering Extraneous functionality Conclusion Questions 11. iOS Penetration Testing Introduction Structure Objectives Basics of iOS application Architecture of iOS File structure of an IPA iOS application Sandbox structure Jailbreak Vulnerable application Testing methodology Extracting the IPA Running static analysis with MobSF Setting up proxy Bypassing Jailbreak detection Using Frida Using objection Bypassing SSL pinning Using Objection Bypassing biometric (local) authentication Checking for sensitive data exposure in local Sensitive data in Plist Sensitive data in UserDefaults Sensitive data in keychain Sensitive data in core data Sensitive data in couchbase lite Sensitive data in YapDatabase OWASP mobile top 10 M1: Improper platform usage M2: Insecure data storage M3: Insecure communication M4: Insecure authentication M5: Insufficient cryptography M6: Insecure authorization M7: Client code quality M8: Code tampering M9: Reverse engineering M10: Extraneous functionality Conclusion Questions 12. Reporting Introduction Structure Objectives Report writing Report writing stages Report planning Information collection Writing the first draft Review and finalization Content of penetration testing report Penetration testing report sample Conclusion Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.