Learn Kali Linux 2019
eBook - ePub

Learn Kali Linux 2019

Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark

Glen D. Singh

Partager le livre
  1. 550 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

Learn Kali Linux 2019

Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark

Glen D. Singh

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

Explore the latest ethical hacking tools and techniques in Kali Linux 2019 to perform penetration testing from scratch

Key Features

  • Get up and running with Kali Linux 2019.2
  • Gain comprehensive insights into security concepts such as social engineering, wireless network exploitation, and web application attacks
  • Learn to use Linux commands in the way ethical hackers do to gain control of your environment

Book Description

The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects.

Through real-world examples, you'll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you'll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you'll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You'll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment.

By the end of this book, you'll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity.

What you will learn

  • Explore the fundamentals of ethical hacking
  • Learn how to install and configure Kali Linux
  • Get up to speed with performing wireless network pentesting
  • Gain insights into passive and active information gathering
  • Understand web application pentesting
  • Decode WEP, WPA, and WPA2 encryptions using a variety of methods, such as the fake authentication attack, the ARP request replay attack, and the dictionary attack

Who this book is for

If you are an IT security professional or a security consultant who wants to get started with penetration testing using Kali Linux 2019.2, then this book is for you. The book will also help if you're simply looking to learn more about ethical hacking and various security breaches. Although prior knowledge of Kali Linux is not necessary, some understanding of cybersecurity will be useful.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Learn Kali Linux 2019 est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Learn Kali Linux 2019 par Glen D. Singh en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Computer Science et Cyber Security. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Packt Publishing
Année
2019
ISBN
9781789612622
Édition
1
Sujet
Computer Science
Sous-sujet
Cyber Security

Section 1: Kali Linux Basics

This section covers the basics of hacking by discussing the concepts of penetration testing and its value in combating cyber threats. In addition, the reader will learn how to build their own penetration testing lab filled with various operating systems to practice and sharpen their skill set.
This section comprises the following chapters:
  • Chapter 1, Introduction to Hacking
  • Chapter 2, Setting Up Kali - Part 1
  • Chapter 3, Setting Up Kali - Part 2
  • Chapter 4, Getting Comfortable with Kali Linux 2019

Introduction to Hacking

Cybersecurity is one of the most rapidly growing fields in information technology. Every day, numerous attacks are executed against various entities, from individuals to large enterprises and even governments. Due to these threats in the digital world, new professions are being created within organizations for people who can protect assets. This book aims to give you the knowledge and techniques that an aspiring penetration tester needs in order to enter the field of cybersecurity. A penetration tester is a professional who has the skills of a hacker; they are hired by an organization to perform simulations of real-world attacks on their network infrastructure with the objective of discovering security vulnerabilities before a real attack occurs. The penetration tester does this task with written legal permission from the target organization. To become a highly skilled hacker, it's vital to have a strong understanding of computers, networking, and programming, as well as how they work together. Most importantly, however, you need creativity. Creative thinking allows a person to think outside the box and go beyond the intended uses of technologies and find exciting new ways to implement them, doing things with them that were never intended by their developers. In some ways, hackers are artists.
Throughout this book, we will be using one of the most popular operating systems for penetration testing, Kali Linux. The Kali Linux operating system has hundreds of tools and utilities designed to assist you during a vulnerability assessment, penetration test, or even a digital forensics investigation in the field of cybersecurity. We will use Kali Linux to take you through various topics using a student-centric approach, filled with a lot of hands-on exercises starting from beginner level to intermediate to more advanced topics and techniques.
In this chapter, you will become acquainted with what hackers are and how they can be classified based on motivations and actions. You'll learn important terminology and look at methods and approaches that will help you throughout this book and set you on your path to becoming a penetration tester. You'll be introduced to the workflow of a hack as well.
In this chapter, we will look at the following topics:
  • Who is a hacker?
  • Key terminology
  • Penetration testing phases
  • Penetration testing methodologies
  • Penetration testing approaches
  • Types of penetration testing
  • Hacking phases

Who is a hacker?

Hacker, hack, and hacking are terms that have become ubiquitous in the 21st century. You've probably heard about life hacks, business hacks, and so on. While these may be, in some sense of the word, forms of hacking, the traditional form of hacking we'll discuss in this book is computer hacking. Computer hacking is the art of using computer-based technologies in ways they were never intended to be used to get them to do something unanticipated.
Hacking has taken on many different names and forms throughout the years. In the late 20th century, a common form of hacking was known as phreaking, which abused weaknesses in analog phone systems. Computer hacking has been around for more than half a century and, over the past few decades, has become a pop culture sensation in Hollywood movies and on television shows. It's all over the news, almost daily. You hear about things such as the Equifax, NHS, and Home Depot data breaches all the time. If you're reading this book, you have made your first step toward better understanding this fringe form of engineering.
Now that we have a better idea of what a hacker is, let's explore the various classifications of hackers.

Types of hackers

Hacking has many varieties or flavors, and so there are many classifications for hackers. In this section, we'll explore the various types of hackers, including the activities, skill sets, and values associated with each.
The following are the different types of hackers:
  • Black hat
  • White hat
  • Gray hat
  • Suicide
  • State-sponsored
  • Script kiddie
  • Cyber terrorist
At the end of this section, you will be able to compare and contrast each type of hacker.

Black hat hacker

Black hat hackers typically have a strong understanding of systems, networks, and application programming, which they use for malicious and/or criminal purposes. This type of hacker typically has a deep understanding of evasion and indemnification tactics, which they use to avoid imprisonment as a result of their actions.
They understand the common tools and tactics used by highly skilled ethical hackers. Hackers caught performing criminal hacking are usually blacklisted from ethical hacking, thus losing the ability to get employment as an ethical hacker.
Now that you have a better understanding of black hat hackers, let's take a look at another type—one that follows ethical practices and helps others: the white hat hacker.

White hat hacker

White hat hackers, like black hat hackers, possess a strong understanding of systems, networks, and application programming. However, unlike black hats, they use their knowledge and skills to test systems, applications, and networks for security vulnerabilities. This testing is conducted with the permission of the target and is used to find weaknesses in security before unethical hackers exploit them. The motivation to safeguard systems and entities, while staying within the confines of the law and ethics, leads to white hats being called ethical hackers.
Like black hats, they possess a solid knowledge of hacking tools, attack vectors, and tactics used in the exploitation and discovery of vulnerabilities. They also need to think like black hats when testing and, therefore, must use creativity to imagine themselves in the shoes of those they wish to combat. Ethical or white hat hacking is the most common form of hacking and the focus of this book.
Now that we understand the difference between a white hat hacker and a black hat hacker, let's move on to a type of hacker who looks for vulnerabilities while inhabiting an ambiguous or gray area between ethical and unethical hacking: the gray hat hacker.

Gray hat hacker

Gray hat hackers are similar to white hats but often conduct vulnerability research on their own, and then disclose these vulnerabilities to force vendors to remediate the issue by issuing a software patch. Their skills typically have a heavier emphasis on vulnerability research tactics, such as fuzzing, debugging, and reverse engineering.
At times, being a gray hat can be difficult as the balance and definition of ethical and unethical actions keep changing. Despite the difficult place that they occupy in the community, they share valuable information about security flaws, and are therefore important members of the cybersecurity community.
The next type of hacker uses unethical means to break into systems but does not do so for personal profit like a black hat—this type of hacker is the suicide hacker.

Suicide hacker

Suicide hackers are typically less-skilled hackers who are just about capable enough to gain access to systems but are not able to evade detection. These hackers have no concern for being caught or imprisoned—they are happy as long as they succeed in entering and disrupting a system. Their actions are motivated by revenge, political ideologies, and so on. This type of hacker doesn't care whether they are caught or arrested, so long as the job is done.
Next, we'll take a look at hackers that work on behalf of or within governments.

State-sponsored hacker

The state-sponsored hacker is usually employed by a national government to spy and launch cyberattacks against another nation. These hackers have dominated conversations about hacking in society.
This type of hacker enjoys access to all the tools and resources provided by the state, as well as protection from prosecution in order to execute their duties effectively.
However, not everyone has access to the cybersecurit...

Table des matiĂšres