Learn Kali Linux 2019
eBook - ePub

Learn Kali Linux 2019

Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark

Glen D. Singh

Share book
  1. 550 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Learn Kali Linux 2019

Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark

Glen D. Singh

Book details
Book preview
Table of contents
Citations

About This Book

Explore the latest ethical hacking tools and techniques in Kali Linux 2019 to perform penetration testing from scratch

Key Features

  • Get up and running with Kali Linux 2019.2
  • Gain comprehensive insights into security concepts such as social engineering, wireless network exploitation, and web application attacks
  • Learn to use Linux commands in the way ethical hackers do to gain control of your environment

Book Description

The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects.

Through real-world examples, you'll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you'll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you'll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You'll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment.

By the end of this book, you'll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity.

What you will learn

  • Explore the fundamentals of ethical hacking
  • Learn how to install and configure Kali Linux
  • Get up to speed with performing wireless network pentesting
  • Gain insights into passive and active information gathering
  • Understand web application pentesting
  • Decode WEP, WPA, and WPA2 encryptions using a variety of methods, such as the fake authentication attack, the ARP request replay attack, and the dictionary attack

Who this book is for

If you are an IT security professional or a security consultant who wants to get started with penetration testing using Kali Linux 2019.2, then this book is for you. The book will also help if you're simply looking to learn more about ethical hacking and various security breaches. Although prior knowledge of Kali Linux is not necessary, some understanding of cybersecurity will be useful.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Learn Kali Linux 2019 an online PDF/ePUB?
Yes, you can access Learn Kali Linux 2019 by Glen D. Singh in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2019
ISBN
9781789612622
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Section 1: Kali Linux Basics

This section covers the basics of hacking by discussing the concepts of penetration testing and its value in combating cyber threats. In addition, the reader will learn how to build their own penetration testing lab filled with various operating systems to practice and sharpen their skill set.
This section comprises the following chapters:
  • Chapter 1, Introduction to Hacking
  • Chapter 2, Setting Up Kali - Part 1
  • Chapter 3, Setting Up Kali - Part 2
  • Chapter 4, Getting Comfortable with Kali Linux 2019

Introduction to Hacking

Cybersecurity is one of the most rapidly growing fields in information technology. Every day, numerous attacks are executed against various entities, from individuals to large enterprises and even governments. Due to these threats in the digital world, new professions are being created within organizations for people who can protect assets. This book aims to give you the knowledge and techniques that an aspiring penetration tester needs in order to enter the field of cybersecurity. A penetration tester is a professional who has the skills of a hacker; they are hired by an organization to perform simulations of real-world attacks on their network infrastructure with the objective of discovering security vulnerabilities before a real attack occurs. The penetration tester does this task with written legal permission from the target organization. To become a highly skilled hacker, it's vital to have a strong understanding of computers, networking, and programming, as well as how they work together. Most importantly, however, you need creativity. Creative thinking allows a person to think outside the box and go beyond the intended uses of technologies and find exciting new ways to implement them, doing things with them that were never intended by their developers. In some ways, hackers are artists.
Throughout this book, we will be using one of the most popular operating systems for penetration testing, Kali Linux. The Kali Linux operating system has hundreds of tools and utilities designed to assist you during a vulnerability assessment, penetration test, or even a digital forensics investigation in the field of cybersecurity. We will use Kali Linux to take you through various topics using a student-centric approach, filled with a lot of hands-on exercises starting from beginner level to intermediate to more advanced topics and techniques.
In this chapter, you will become acquainted with what hackers are and how they can be classified based on motivations and actions. You'll learn important terminology and look at methods and approaches that will help you throughout this book and set you on your path to becoming a penetration tester. You'll be introduced to the workflow of a hack as well.
In this chapter, we will look at the following topics:
  • Who is a hacker?
  • Key terminology
  • Penetration testing phases
  • Penetration testing methodologies
  • Penetration testing approaches
  • Types of penetration testing
  • Hacking phases

Who is a hacker?

Hacker, hack, and hacking are terms that have become ubiquitous in the 21st century. You've probably heard about life hacks, business hacks, and so on. While these may be, in some sense of the word, forms of hacking, the traditional form of hacking we'll discuss in this book is computer hacking. Computer hacking is the art of using computer-based technologies in ways they were never intended to be used to get them to do something unanticipated.
Hacking has taken on many different names and forms throughout the years. In the late 20th century, a common form of hacking was known as phreaking, which abused weaknesses in analog phone systems. Computer hacking has been around for more than half a century and, over the past few decades, has become a pop culture sensation in Hollywood movies and on television shows. It's all over the news, almost daily. You hear about things such as the Equifax, NHS, and Home Depot data breaches all the time. If you're reading this book, you have made your first step toward better understanding this fringe form of engineering.
Now that we have a better idea of what a hacker is, let's explore the various classifications of hackers.

Types of hackers

Hacking has many varieties or flavors, and so there are many classifications for hackers. In this section, we'll explore the various types of hackers, including the activities, skill sets, and values associated with each.
The following are the different types of hackers:
  • Black hat
  • White hat
  • Gray hat
  • Suicide
  • State-sponsored
  • Script kiddie
  • Cyber terrorist
At the end of this section, you will be able to compare and contrast each type of hacker.

Black hat hacker

Black hat hackers typically have a strong understanding of systems, networks, and application programming, which they use for malicious and/or criminal purposes. This type of hacker typically has a deep understanding of evasion and indemnification tactics, which they use to avoid imprisonment as a result of their actions.
They understand the common tools and tactics used by highly skilled ethical hackers. Hackers caught performing criminal hacking are usually blacklisted from ethical hacking, thus losing the ability to get employment as an ethical hacker.
Now that you have a better understanding of black hat hackers, let's take a look at another type—one that follows ethical practices and helps others: the white hat hacker.

White hat hacker

White hat hackers, like black hat hackers, possess a strong understanding of systems, networks, and application programming. However, unlike black hats, they use their knowledge and skills to test systems, applications, and networks for security vulnerabilities. This testing is conducted with the permission of the target and is used to find weaknesses in security before unethical hackers exploit them. The motivation to safeguard systems and entities, while staying within the confines of the law and ethics, leads to white hats being called ethical hackers.
Like black hats, they possess a solid knowledge of hacking tools, attack vectors, and tactics used in the exploitation and discovery of vulnerabilities. They also need to think like black hats when testing and, therefore, must use creativity to imagine themselves in the shoes of those they wish to combat. Ethical or white hat hacking is the most common form of hacking and the focus of this book.
Now that we understand the difference between a white hat hacker and a black hat hacker, let's move on to a type of hacker who looks for vulnerabilities while inhabiting an ambiguous or gray area between ethical and unethical hacking: the gray hat hacker.

Gray hat hacker

Gray hat hackers are similar to white hats but often conduct vulnerability research on their own, and then disclose these vulnerabilities to force vendors to remediate the issue by issuing a software patch. Their skills typically have a heavier emphasis on vulnerability research tactics, such as fuzzing, debugging, and reverse engineering.
At times, being a gray hat can be difficult as the balance and definition of ethical and unethical actions keep changing. Despite the difficult place that they occupy in the community, they share valuable information about security flaws, and are therefore important members of the cybersecurity community.
The next type of hacker uses unethical means to break into systems but does not do so for personal profit like a black hat—this type of hacker is the suicide hacker.

Suicide hacker

Suicide hackers are typically less-skilled hackers who are just about capable enough to gain access to systems but are not able to evade detection. These hackers have no concern for being caught or imprisoned—they are happy as long as they succeed in entering and disrupting a system. Their actions are motivated by revenge, political ideologies, and so on. This type of hacker doesn't care whether they are caught or arrested, so long as the job is done.
Next, we'll take a look at hackers that work on behalf of or within governments.

State-sponsored hacker

The state-sponsored hacker is usually employed by a national government to spy and launch cyberattacks against another nation. These hackers have dominated conversations about hacking in society.
This type of hacker enjoys access to all the tools and resources provided by the state, as well as protection from prosecution in order to execute their duties effectively.
However, not everyone has access to the cybersecurit...

Table of contents