Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition
eBook - ePub

Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Condividi libro
  1. 568 pagine
  2. English
  3. ePUB (disponibile sull'app)
  4. Disponibile su iOS e Android
eBook - ePub

Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali

Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni

Informazioni sul libro

Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its third edition!About This Book• Get a rock-solid insight into penetration testing techniques and test your corporate network against threats like never before• Formulate your pentesting strategies by relying on the most up-to-date and feature-rich Kali version in town—Kali Linux 2 (aka Sana).• Experience this journey with new cutting-edge wireless penetration tools and a variety of new features to make your pentesting experience smootherWho This Book Is ForIf you are an IT security professional or a student with basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you.What You Will Learn• Find out to download and install your own copy of Kali Linux• Properly scope and conduct the initial stages of a penetration test• Conduct reconnaissance and enumeration of target networks• Exploit and gain a foothold on a target system or network• Obtain and crack passwords• Use the Kali Linux NetHunter install to conduct wireless penetration testing• Create proper penetration testing reportsIn DetailKali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.Style and approachThis practical guide will showcase penetration testing through cutting-edge tools and techniques using a coherent, step-by-step approach.

Domande frequenti

Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition di Gerard Johansen, Lee Allen, Tedi Heriyanto, Shakeel Ali in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Informatik e Cybersicherheit. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore
Packt Publishing
Anno
2016
ISBN
9781785886065
Edizione
3
Argomento
Informatik
Categoria
Cybersicherheit

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition

Table of Contents

Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
Credits
Disclaimer
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Beginning with Kali Linux
A brief history of Kali Linux
Kali Linux tool categories
Downloading Kali Linux
Using Kali Linux
Running Kali using Live DVD
Installing on a hard disk
Installing Kali on a physical machine
Installing kali on a virtual machine
Installing Kali on a virtual machine from the ISO image
Installing Kali Linux in a virtual machine using the provided Kali Linux VM image
Saving or Moving the virtual machine
Installing Kali on a USB disk
Configuring the virtual machine
VirtualBox Guest Additions
Setting up Networking
Setting up a wired connection
Setting up a wireless connection
Updating Kali Linux
Network services in Kali Linux
HTTP
MySQL
SSH
Installing a vulnerable server
Installing additional weapons
Installing the Nessus vulnerability scanner
Installing the Cisco password cracker
Summary
2. Penetration Testing Methodology
Types of penetration testing
Black box testing
White box testing
Gray box testing
Deciding on a test
Vulnerability assessment versus penetration testing
Security testing methodologies
Open Source Security Testing Methodology Manual
Key features and benefits of OSSTMM
Information Systems Security Assessment Framework
Key features and benefits of ISSAF
Open Web Application Security Project
Key features and benefits of OWASP
Web Application Security Consortium Threat Classification
Key features and benefits of WASC-TC
Penetration Testing Execution Standard
Key features and benefits of PTES
General penetration testing framework
Target scoping
Information gathering
Target discovery
Enumerating target
Vulnerability mapping
Social engineering
Target exploitation
Privilege escalation
Maintaining access
Documentation and reporting
The ethics
Summary
3. Target Scoping
Gathering client requirements
Creating the customer requirements form
The deliverables assessment form
Preparing the test plan
The test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary
4. Information Gathering
Open Source Intelligence
Using public resources
Querying the domain registration information
Analyzing the DNS records
Host
dig
dnsenum
fierce
DMitry
Maltego
Getting network routing information
tcptraceroute
tctrace
Utilizing the search engine
theharvester
SimplyEmail
Metagoofil
Accessing leaked information
The Onion Router
Installing the TOR Browser
Summary
5. Target Discovery
Starting off with target discovery
Identifying the target machine
ping
arping
fping
hping3
nping
alive6
detect-new-ip6
passive_discovery6
nbtscan
OS fingerprinting
p0f
Nmap
Summary
6. Enumerating Target
Introducing port scanning
Understanding the TCP/IP protocol
Understanding the TCP and UDP message format
The network scanner
Nmap
Nmap target specification
Nmap TCP scan options
Nmap UDP scan options
Nmap port specification
Nmap output options
Nmap timing options
Useful Nmap options
Service version detection
Operating system detection
Disabling host discovery
Aggressive scan
Nmap for scanning the IPv6 target
The Nmap scripting engine
Nmap options for Firewall/IDS evasion
Unicornscan
Zenmap
Amap
SMB enumeration
SNMP enumeration
onesixtyone
snmpcheck
VPN enumeration
ike-scan
Summary
7. Vulnerability Mapping
Types of vulnerabilities
Local vulnerability
Remote vulnerability
Vulnerability taxonomy
Automated vulnerability scanning
Nessus
Network vulnerability scanning
Cisco analysis
Cisco auditing tool
Cisco global exploiter
SMB analysis
Impacket Samrdump
SNMP analysis
SNMP Walk
Web application analysis
Nikto2
OWASP ZAP
Burp Suite
Paros proxy
W3AF
WafW00f
WebScarab
Fuzz analysis
BED
JBroFuzz
Database assessment tools
SQLMap
SQL Ninja
Summary
8. Social Engineering
Modeling the human psychology
Attack process
Attack methods
Impersonation
Reciprocation
Influential authority
Scarcity
Social relationship
Curiosity
Social Engineering Toolkit
Anonymous USB Attack
Summary
9. Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsole
MSFCLI
Ninja 101 drills
Scenario 1
Scenario 2
SMB usernames
VNC blank authentication scanner
PostGRESQL login
Scenario 3
Bind shell
Reverse shell
Meterpreter
Scenario 4
Generating a binary backdoor
Automated browser exploitation
Writing exploit modules
Summary
10. Privilege Escalation
Privilege escalation using a local exploit
Password atta...

Indice dei contenuti