The Ultimate Kali Linux Book - Second Edition

(ebook) (audiobook) (audiobook)

Autor:: Glen D. Singh

The Ultimate Kali Linux Book - Second Edition Glen D. Singh - okładka książki

The Ultimate Kali Linux Book - Second Edition Glen D. Singh - okładka audiobooka MP3

The Ultimate Kali Linux Book - Second Edition Glen D. Singh - okładka audiobooks CD

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 742
Dostępne formaty:: PDF

ePub

Ebook

159,00 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks.

This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you'll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you'll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You'll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you'll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.

By the end of this Kali Linux book, you'll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.

Wybrane bestsellery

Glen D. Singh - pozostałe książki

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook
i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Oceny i opinie klientów: The Ultimate Kali Linux Book - Second Edition Glen D. Singh (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły książki

Tytuł oryginału:: The Ultimate Kali Linux Book - Second Edition
ISBN Ebooka:: 978-18-018-1901-5, 9781801819015
Data wydania ebooka:: 2022-02-24 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 47.7MB
Rozmiar pliku ePub:: 73.9MB

Kategorie:
Hacking » Bezpieczeństwo systemów

Spis treści książki

The Ultimate Kali Linux Book Second Edition
Contributors
About the author
About the reviewer
Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Disclaimer
- Share Your Thoughts
Section 1: Getting Started with Penetration Testing
Chapter 1: Introduction to Ethical Hacking
- Identifying threat actors and their intent
- Understanding what matters to threat actors
  - Time
  - Resources
  - Financial factors
  - Hack value
- Discovering cybersecurity terminologies
- Exploring the need for penetration testing and its phases
  - Creating a penetration testing battle plan
- Understanding penetration testing approaches
  - Types of penetration testing
- Exploring hacking phases
  - Reconnaissance or information gathering
  - Scanning and enumeration
  - Gaining access
  - Maintaining access
  - Covering your tracks
- Understanding the Cyber Kill Chain framework
  - Reconnaissance
  - Weaponization
  - Delivery
  - Exploitation
  - Installation
  - Command and Control (C2)
  - Actions on objectives
- Summary
- Further reading
Chapter 2: Building a Penetration Testing Lab
- Technical requirements
- Understanding the lab overview and its technologies
- Setting up a hypervisor and virtually isolated networks
  - Part 1 deploying the hypervisor
  - Part 2 creating virtually isolated networks
- Setting up and working with Kali Linux
  - Part 1 setting up Kali Linux as a virtual machine
  - Part 2 customizing the Kali Linux virtual machine and network adapters
  - Part 3 getting started with Kali Linux
  - Part 4 updating sources and packages
- Deploying Metasploitable 2 as a target system
  - Part 1 deploying Metasploitable 2
  - Part 2 configuring networking settings
- Implementing Metasploitable 3 using Vagrant
  - Part 1 setting up the Windows version
  - Part 2 setting up the Linux version
- Setting up vulnerability web application systems
  - Part 1 deploying OWASP Juice Shop
  - Part 2 setting up OWASP Broken Web Applications
- Summary
- Further reading
Chapter 3: Setting Up for Advanced Hacking Techniques
- Technical requirements
- Building an AD red team lab
  - Part 1 installing Windows Server 2019
  - Part 2 installing Windows 10 Enterprise
  - Part 2 setting up AD services
  - Part 3 promoting to a DC
  - Part 4 creating domain users and administrator accounts
  - Part 5 disabling antimalware protection and the domain firewall
  - Part 6 setting up for file sharing and service authentication attacks
  - Part 7 joining clients to the AD domain
  - Part 8 setting up for local account takeover and SMB attacks
- Setting up a wireless penetration testing lab
  - Implementing a RADIUS server
- Summary
- Further reading
Section 2: Reconnaissance and Network Penetration Testing
Chapter 4: Reconnaissance and Footprinting
- Technical requirements
- Understanding the importance of reconnaissance
  - Footprinting
- Understanding passive information gathering
- Exploring open source intelligence
- Using OSINT strategies to gather intelligence
  - Importance of a sock puppet
  - Anonymizing your traffic
  - Profiling a target organizations IT infrastructure
  - Gathering employees' data
  - Social media reconnaissance
  - Gathering a company's infrastructure data
- Summary
- Further reading
Chapter 5: Exploring Active Information Gathering
- Technical requirements
- Understanding active reconnaissance
- Exploring Google hacking strategies
- Exploring DNS reconnaissance
  - Performing DNS enumeration
  - Checking for DNS zone transfer misconfiguration
  - Automating OSINT
- Enumerating subdomains
  - Working with DNSmap
  - Exploring Sublist3r
- Profiling websites using EyeWitness
- Exploring active scanning techniques
  - Spoofing MAC addresses
  - Discovering live systems on a network
  - Probing open service ports, services, and operating systems
  - Working with evasion techniques
- Enumerating common network services
  - Scanning using Metasploit
  - Enumerating SMB
  - Enumerating SSH
- Performing user enumeration through noisy authentication controls
- Finding data leaks in the cloud
- Summary
- Further reading
Chapter 6: Performing Vulnerability Assessments
- Technical requirements
- Nessus and its policies
  - Setting up Nessus
  - Scanning with Nessus
  - Analyzing Nessus results
  - Exporting Nessus results
- Vulnerability discovery using Nmap
- Working with Greenbone Vulnerability Manager
- Using web application scanners
  - WhatWeb
  - Nmap
  - Metasploit
  - Nikto
  - WPScan
- Summary
- Further reading
Chapter 7: Understanding Network Penetration Testing
- Technical requirements
- Introduction to network penetration testing
- Working with bind and reverse shells
  - Remote shells using Netcat
  - Creating a bind shell
  - Creating a reverse shell
- Antimalware evasion techniques
  - Using MSFvenon to encode payloads
  - Creating payloads using Shellter
- Working with wireless adapters
  - Connecting a wireless adapter to Kali Linux
  - Connecting a wireless adapter with an RTL8812AU chipset
- Managing and monitoring wireless modes
  - Configuring monitor mode manually
  - Using Aircrack-ng to enable monitor mode
- Summary
- Further reading
Chapter 8: Performing Network Penetration Testing
- Technical requirements
- Discovering live systems
- Profiling a target system
- Exploring password-based attacks
  - Exploiting Windows Remote Desktop Protocol
  - Creating wordlists using keywords
  - Crunching those wordlists
- Identifying and exploiting vulnerable services
  - Exploiting a vulnerable service on a Linux system
  - Exploiting SMB in Microsoft Windows
  - Passing the hash
  - Gaining access by exploiting SSH
  - Exploiting Windows Remote Management
  - Exploiting ElasticSearch
  - Exploiting Simple Network Management Protocol
- Understanding watering hole attacks
- Further reading
Section 3: Red Teaming Techniques
Chapter 9: Advanced Network Penetration Testing Post Exploitation
- Technical requirements
- Post-exploitation using Meterpreter
  - Core operations
  - User interface operations
  - File transfers
  - Privilege escalation
  - Token stealing and impersonation
  - Implementing persistence
  - Lateral movement and pivoting
  - Clearing tracks
- Data encoding and exfiltration
  - Encoding executables using exe2hex
  - Data exfiltration using PacketWhisper
- Understanding MITM and packet sniffing attacks
  - Performing MITM attacks using Ettercap
- Summary
- Further reading
Chapter 10: Working with Active Directory Attacks
- Technical requirements
- Understanding Active Directory
- Enumerating Active Directory
  - Working with PowerView
  - Exploring Bloodhound
- Leveraging network-based trust
  - Exploiting LLMNR and NetBIOS-NS
  - Exploiting trust between SMB and NTLMv2 within Active Directory
- Summary
- Further reading
Chapter 11: Advanced Active Directory Attacks
- Technical requirements
- Understanding Kerberos
- Abusing trust on IPv6 with Active Directory
  - Part 1: Setting up for the attack
  - Part 2: Launching the attack
  - Part 3: Taking over the domain
- Attacking Active Directory
  - Lateral movement with CrackMapExec
  - Vertical movement with Kerberos
  - Lateral movement with Mimikatz
- Domain dominance and persistence
  - Golden ticket
  - Silver ticket
  - Skeleton key
- Summary
- Further reading
Chapter 12: Delving into Command and Control Tactics
- Technical requirements
- Understanding C2
- Setting up C2 operations
  - Part 1 setting up Empire
  - Part 2 managing users
- Post-exploitation using Empire
  - Part 1 creating a listener
  - Part 2 creating a stager
  - Part 3 working with agents
  - Part 4 creating a new agent
  - Part 5 improving threat emulation
  - Part 6 setting up persistence
- Working with Starkiller
  - Part 1 starting Starkiller
  - Part 2 user management
  - Part 3 working with modules
  - Part 4 creating listeners
  - Part 5 creating stagers
  - Part 6 interacting with agents
  - Part 7 credentials and reporting
- Summary
- Further reading
Chapter 13: Advanced Wireless Penetration Testing
- Technical requirements
- Introduction to wireless networking
  - SISO and MIMO
  - Wireless security standards
- Performing wireless reconnaissance
  - Determining the associated clients for a specific network
- Compromising WPA and WPA2 networks
- Performing AP-less attacks
- Exploiting enterprise wireless networks
  - Part 1 setting up for the attack
  - Part 2 choosing the target
  - Part 3 starting the attack
  - Part 4 retrieving user credentials
- Creating a Wi-Fi honeypot
- Discovering WPA3 attacks
  - Performing a downgrade and dictionary attack
- Securing your wireless network
  - SSID management
  - MAC filtering
  - Power levels for antennas
  - Strong passwords
  - Securing enterprise wireless networks
- Summary
- Further reading
Section 4: Social Engineering and Web Application Attacks
Chapter 14: Performing Client-Side Attacks Social Engineering
- Technical requirements
- Fundamentals of social engineering
  - Elements of social engineering
- Types of social engineering
  - Human-based
  - Computer-based
  - Mobile-based
  - Social networking
- Defending against social engineering
- Planning for each type of social engineering attack
- Exploring social engineering tools and techniques
  - Creating a phishing website
  - Creating infectious media
- Summary
- Further reading
Chapter 15: Understanding Website Application Security
- Technical requirements
- Understanding web applications
  - Fundamentals of HTTP
- Exploring the OWASP Top 10: 2021
- Getting started with FoxyProxy and Burp Suite
  - Part one setting up FoxyProxy
  - Part two setting up Burp Suite
  - Part three getting familiar with Burp Suite
- Understanding injection-based attacks
  - Performing a SQL injection attack
- Exploring broken access control attacks
  - Exploring broken access control
- Discovering cryptographic failures
  - Exploiting cryptographic failures
- Understanding insecure design
- Exploring security misconfiguration
  - Exploiting security misconfigurations
- Summary
- Further reading
Chapter 16: Advanced Website Penetration Testing
- Technical requirements
- Identifying vulnerable and outdated components
  - Discovering vulnerable components
- Exploiting identification and authentication failures
  - Discovering authentication failures
- Understanding software and data integrity failures
- Understanding security logging and monitoring failures
- Performing server-side request forgery
- Automating SQL injection attacks
  - Part 1 discovering databases
  - Part 2 retrieving sensitive information
- Understanding cross-site scripting
  - Part 1 discovering reflected XSS
  - Part 2 discovering stored XSS
- Performing client-side attacks
- Summary
- Further reading
Chapter 17: Best Practices for the Real World
- Technical requirements
- Guidelines for penetration testers
  - Gaining written permission
  - Being ethical
  - Penetration testing contract
  - Rules of engagement
- Penetration testing checklist
  - Information gathering
  - Network scanning
  - Enumeration
  - Gaining access
  - Covering tracks
  - Report writing
- Creating a hacker's tool bag
- Setting up remote access
- Next steps ahead
- Summary
- Further reading
- Why subscribe?
Other Books You May Enjoy
- Packt is searching for authors like you
- Share Your Thoughts

pokaż cały spis treści