Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
eBook - ePub

Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Partager le livre
  1. 568 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition!About This Book‱ Get a rock-solid insight into penetration testing techniques and test your corporate network against threats like never before‱ Formulate your pentesting strategies by relying on the most up-to-date and feature-rich Kali version in town—Kali Linux 2 (aka Sana).‱ Experience this journey with new cutting-edge wireless penetration tools and a variety of new features to make your pentesting experience smootherWho This Book Is ForIf you are an IT security professional or a student with basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.What You Will Learn‱ Find out to download and install your own copy of Kali Linux‱ Properly scope and conduct the initial stages of a penetration test‱ Conduct reconnaissance and enumeration of target networks‱ Exploit and gain a foothold on a target system or network‱ Obtain and crack passwords‱ Use the Kali Linux NetHunter install to conduct wireless penetration testing‱ Create proper penetration testing reportsIn DetailKali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.Style and approachThis practical guide will showcase penetration testing through cutting-edge tools and techniques using a coherent, step-by-step approach.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition par Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Informatik et Cybersicherheit. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Packt Publishing
Année
2016
ISBN
9781785886065
Édition
3
Sujet
Informatik
Sous-sujet
Cybersicherheit

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Table of Contents

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Credits
Disclaimer
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Beginning with Kali Linux
A brief history of Kali Linux
Kali Linux tool categories
Downloading Kali Linux
Using Kali Linux
Running Kali using Live DVD
Installing on a hard disk
Installing Kali on a physical machine
Installing kali on a virtual machine
Installing Kali on a virtual machine from the ISO image
Installing Kali Linux in a virtual machine using the provided Kali Linux VM image
Saving or Moving the virtual machine
Installing Kali on a USB disk
Configuring the virtual machine
VirtualBox Guest Additions
Setting up Networking
Setting up a wired connection
Setting up a wireless connection
Updating Kali Linux
Network services in Kali Linux
HTTP
MySQL
SSH
Installing a vulnerable server
Installing additional weapons
Installing the Nessus vulnerability scanner
Installing the Cisco password cracker
Summary
2. Penetration Testing Methodology
Types of penetration testing
Black box testing
White box testing
Gray box testing
Deciding on a test
Vulnerability assessment versus penetration testing
Security testing methodologies
Open Source Security Testing Methodology Manual
Key features and benefits of OSSTMM
Information Systems Security Assessment Framework
Key features and benefits of ISSAF
Open Web Application Security Project
Key features and benefits of OWASP
Web Application Security Consortium Threat Classification
Key features and benefits of WASC-TC
Penetration Testing Execution Standard
Key features and benefits of PTES
General penetration testing framework
Target scoping
Information gathering
Target discovery
Enumerating target
Vulnerability mapping
Social engineering
Target exploitation
Privilege escalation
Maintaining access
Documentation and reporting
The ethics
Summary
3. Target Scoping
Gathering client requirements
Creating the customer requirements form
The deliverables assessment form
Preparing the test plan
The test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary
4. Information Gathering
Open Source Intelligence
Using public resources
Querying the domain registration information
Analyzing the DNS records
Host
dig
dnsenum
fierce
DMitry
Maltego
Getting network routing information
tcptraceroute
tctrace
Utilizing the search engine
theharvester
SimplyEmail
Metagoofil
Accessing leaked information
The Onion Router
Installing the TOR Browser
Summary
5. Target Discovery
Starting off with target discovery
Identifying the target machine
ping
arping
fping
hping3
nping
alive6
detect-new-ip6
passive_discovery6
nbtscan
OS fingerprinting
p0f
Nmap
Summary
6. Enumerating Target
Introducing port scanning
Understanding the TCP/IP protocol
Understanding the TCP and UDP message format
The network scanner
Nmap
Nmap target specification
Nmap TCP scan options
Nmap UDP scan options
Nmap port specification
Nmap output options
Nmap timing options
Useful Nmap options
Service version detection
Operating system detection
Disabling host discovery
Aggressive scan
Nmap for scanning the IPv6 target
The Nmap scripting engine
Nmap options for Firewall/IDS evasion
Unicornscan
Zenmap
Amap
SMB enumeration
SNMP enumeration
onesixtyone
snmpcheck
VPN enumeration
ike-scan
Summary
7. Vulnerability Mapping
Types of vulnerabilities
Local vulnerability
Remote vulnerability
Vulnerability taxonomy
Automated vulnerability scanning
Nessus
Network vulnerability scanning
Cisco analysis
Cisco auditing tool
Cisco global exploiter
SMB analysis
Impacket Samrdump
SNMP analysis
SNMP Walk
Web application analysis
Nikto2
OWASP ZAP
Burp Suite
Paros proxy
W3AF
WafW00f
WebScarab
Fuzz analysis
BED
JBroFuzz
Database assessment tools
SQLMap
SQL Ninja
Summary
8. Social Engineering
Modeling the human psychology
Attack process
Attack methods
Impersonation
Reciprocation
Influential authority
Scarcity
Social relationship
Curiosity
Social Engineering Toolkit
Anonymous USB Attack
Summary
9. Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Scenario 1
Scenario 2
SMB usernames
VNC blank authentication scanner
PostGRESQL login
Scenario 3
Bind shell
Reverse shell
Meterpreter
Scenario 4
Generating a binary backdoor
Automated browser exploitation
Writing exploit modules
Summary
10. Privilege Escalation
Privilege escalation using a local exploit
Password atta...

Table des matiĂšres