eBook - ePub

Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Name: Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
Author: Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Buch teilen

568 Seiten
English
ePUB (handyfreundlich)
Über iOS und Android verfügbar

eBook - ePub

Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Angaben zum Buch

Buchvorschau

Inhaltsverzeichnis

Quellenangaben

Über dieses Buch

Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition!About This Book• Get a rock-solid insight into penetration testing techniques and test your corporate network against threats like never before• Formulate your pentesting strategies by relying on the most up-to-date and feature-rich Kali version in town—Kali Linux 2 (aka Sana).• Experience this journey with new cutting-edge wireless penetration tools and a variety of new features to make your pentesting experience smootherWho This Book Is ForIf you are an IT security professional or a student with basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.What You Will Learn• Find out to download and install your own copy of Kali Linux• Properly scope and conduct the initial stages of a penetration test• Conduct reconnaissance and enumeration of target networks• Exploit and gain a foothold on a target system or network• Obtain and crack passwords• Use the Kali Linux NetHunter install to conduct wireless penetration testing• Create proper penetration testing reportsIn DetailKali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.Style and approachThis practical guide will showcase penetration testing through cutting-edge tools and techniques using a coherent, step-by-step approach.

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?

Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.

(Wie) Kann ich Bücher herunterladen?

Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.

Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?

Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.

Was ist Perlego?

Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.

Unterstützt Perlego Text-zu-Sprache?

Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.

Ist Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition als Online-PDF/ePub verfügbar?

Ja, du hast Zugang zu Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition von Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Informatik & Cybersicherheit. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag

Packt Publishing

Jahr

2016

ISBN

9781785886065

Auflage

Thema

Informatik

Thema

Cybersicherheit

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Credits

Disclaimer

About the Authors

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

1. Beginning with Kali Linux

A brief history of Kali Linux

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Running Kali using Live DVD

Installing on a hard disk

Installing Kali on a physical machine

Installing kali on a virtual machine

Installing Kali on a virtual machine from the ISO image

Installing Kali Linux in a virtual machine using the provided Kali Linux VM image

Saving or Moving the virtual machine

Installing Kali on a USB disk

Configuring the virtual machine

VirtualBox Guest Additions

Setting up Networking

Setting up a wired connection

Setting up a wireless connection

Updating Kali Linux

Network services in Kali Linux

HTTP

MySQL

SSH

Installing a vulnerable server

Installing additional weapons

Installing the Nessus vulnerability scanner

Installing the Cisco password cracker

Summary

2. Penetration Testing Methodology

Types of penetration testing

Black box testing

White box testing

Gray box testing

Deciding on a test

Vulnerability assessment versus penetration testing

Security testing methodologies

Open Source Security Testing Methodology Manual

Key features and benefits of OSSTMM

Information Systems Security Assessment Framework

Key features and benefits of ISSAF

Open Web Application Security Project

Key features and benefits of OWASP

Web Application Security Consortium Threat Classification

Key features and benefits of WASC-TC

Penetration Testing Execution Standard

Key features and benefits of PTES

General penetration testing framework

Target scoping

Information gathering

Target discovery

Enumerating target

Vulnerability mapping

Social engineering

Target exploitation

Privilege escalation

Maintaining access

Documentation and reporting

The ethics

Summary

3. Target Scoping

Gathering client requirements

Creating the customer requirements form

The deliverables assessment form

Preparing the test plan

The test plan checklist

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

4. Information Gathering

Open Source Intelligence

Using public resources

Querying the domain registration information

Analyzing the DNS records

Host

dig

dnsenum

fierce

DMitry

Maltego

Getting network routing information

tcptraceroute

tctrace

Utilizing the search engine

theharvester

SimplyEmail

Metagoofil

Accessing leaked information

The Onion Router

Installing the TOR Browser

Summary

5. Target Discovery

Starting off with target discovery

Identifying the target machine

ping

arping

fping

hping3

nping

alive6

detect-new-ip6

passive_discovery6

nbtscan

OS fingerprinting

p0f

Nmap

Summary

6. Enumerating Target

Introducing port scanning

Understanding the TCP/IP protocol

Understanding the TCP and UDP message format

The network scanner

Nmap

Nmap target specification

Nmap TCP scan options

Nmap UDP scan options

Nmap port specification

Nmap output options

Nmap timing options

Useful Nmap options

Service version detection

Operating system detection

Disabling host discovery

Aggressive scan

Nmap for scanning the IPv6 target

The Nmap scripting engine

Nmap options for Firewall/IDS evasion

Unicornscan

Zenmap

Amap

SMB enumeration

SNMP enumeration

onesixtyone

snmpcheck

VPN enumeration

ike-scan

Summary

7. Vulnerability Mapping

Types of vulnerabilities

Local vulnerability

Remote vulnerability

Vulnerability taxonomy

Automated vulnerability scanning

Nessus

Network vulnerability scanning

Cisco analysis

Cisco auditing tool

Cisco global exploiter

SMB analysis

Impacket Samrdump

SNMP analysis

SNMP Walk

Web application analysis

Nikto2

OWASP ZAP

Burp Suite

Paros proxy

W3AF

WafW00f

WebScarab

Fuzz analysis

BED

JBroFuzz

Database assessment tools

SQLMap

SQL Ninja

Summary

8. Social Engineering

Modeling the human psychology

Attack process

Attack methods

Impersonation

Reciprocation

Influential authority

Scarcity

Social relationship

Curiosity

Social Engineering Toolkit

Anonymous USB Attack

Summary

9. Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

MSFConsole

MSFCLI

Ninja 101 drills

Scenario 1

Scenario 2

SMB usernames

VNC blank authentication scanner

PostGRESQL login

Scenario 3

Bind shell

Reverse shell

Meterpreter

Scenario 4

Generating a binary backdoor

Automated browser exploitation

Writing exploit modules

Summary

10. Privilege Escalation

Privilege escalation using a local exploit

Password atta...

Über dieses Buch

Häufig gestellte Fragen

Information

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Table of Contents

Inhaltsverzeichnis