万本电子书0元读

万本电子书0元读

顶部广告

Mastering Kali Linux for Advanced Penetration Testing电子书

售       价:¥

1人正在读 | 0人评论 9.8

作       者:Vijay Kumar Velu

出  版  社:Packt Publishing

出版时间:2019-01-30

字       数:48.3万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
A practical guide to testing your infrastructure security with Kali Linux, the preferred choice of pentesters and hackers Key Features * Employ advanced pentesting techniques with Kali Linux to build highly secured systems * Discover various stealth techniques to remain undetected and defeat modern infrastructures * Explore red teaming techniques to exploit secured environment Book Description This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters. To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices. Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices. What you will learn * Configure the most effective Kali Linux tools to test infrastructure security * Employ stealth to avoid detection in the infrastructure being tested * Recognize when stealth attacks are being used against your infrastructure * Exploit networks and data systems using wired and wireless networks as well as web services * Identify and download valuable data from target systems * Maintain access to compromised systems * Use social engineering to compromise the weakest part of the network - the end users Who this book is for This third edition of Mastering Kali Linux for Advanced Penetration Testing is for you if you are a security analyst, pentester, ethical hacker, IT professional, or security consultant wanting to maximize the success of your infrastructure testing using some of the advanced features of Kali Linux. Prior exposure of penetration testing and ethical hacking basics will be helpful in making the most out of this book.
目录展开

Title Page

Copyright and Credits

Mastering Kali Linux for Advanced Penetration Testing Third Edition

Dedication

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Goal-Based Penetration Testing

Conceptual overview of security testing

Misconceptions of vulnerability scanning, penetration testing, and red team exercises

Objective-based penetration testing

The testing methodology

Introduction to Kali Linux – features

Role of Kali in red team tactics

Installing and updating Kali Linux

Using as a portable device

Installing Kali to Raspberry Pi 3

Installing Kali onto a VM

VMware Workstation Player

VirtualBox

Installing to a Docker Appliance

Kali on AWS Cloud

Organizing Kali Linux

Configuring and customizing Kali Linux

Resetting the root password

Adding a non-root user

Configuring network services and secure communications

Adjusting network proxy settings

Accessing the secure shell

Speeding up Kali operations

Sharing folders with the host operating system

Using Bash scripts to customize Kali

Building a verification lab

Installing defined targets

Metasploitable3

Mutillidae

Setting up an Active Directory and Domain Controller

Adding users to the Active Directory

Adding Metasploitable3 Windows to the new domain

Managing collaborative penetration testing using Faraday

Summary

Open Source Intelligence and Passive Reconnaissance

Basic principles of reconnaissance

Open source intelligence

Offensive OSINT

Domain gathering using Sublist3r

Maltego

OSRFramework

Web archives

Scraping

Gathering usernames and email addresses

Obtaining user information

Shodan and censys.io

Google Hacking Database

Using dork scripts to query Google

Data dump sites

Using scripts to automatically gather OSINT data

Defensive OSINT

Dark web

Security breaches

Threat intelligence

Profiling users for password lists

Creating custom wordlists for cracking passwords

Using CeWL to map a website

Extracting words from Twitter using twofi

Summary

Active Reconnaissance of External and Internal Networks

Stealth scanning strategies

Adjusting source IP stack and tool identification settings

Modifying packet parameters

Using proxies with anonymity networks

DNS reconnaissance and route mapping

The whois command (Post GDPR)

Employing comprehensive reconnaissance applications

The recon-ng framework

IPv4

IPv6

Using IPv6-specific tools

Mapping the route to the target

Identifying the external network infrastructure

Mapping beyond the firewall

IDS/IPS identification

Enumerating hosts

Live host discovery

Port, operating system, and service discovery

Port scanning

Writing your own port scanner using netcat

Fingerprinting the operating system

Determining active services

Large-scale scanning

DHCP information

Identification and enumeration of internal network hosts

Native MS Windows commands

ARP broadcasting

Ping sweep

Using scripts to combine masscan and nmap scans

Taking advantage of SNMP

Windows account information via SMB (Server Message Block) sessions

Locating network shares

Reconnaissance of active directory domain servers

Using comprehensive tools (SPARTA)

An example to configure SPARTA

Summary

Vulnerability Assessment

Vulnerability nomenclature

Local and online vulnerability databases

Vulnerability scanning with Nmap

Introduction to Lua scripting

Customizing NSE scripts

Web application vulnerability scanners

Introduction to Nikto and Vega

Customizing Nikto and Vega

Vulnerability scanners for mobile applications

The OpenVAS network vulnerability scanner

Customizing OpenVAS

Commercial vulnerability scanners

Nessus

Nexpose

Specialized scanners

Threat modeling

Summary

Advanced Social Engineering and Physical Security

Methodology and attack methods

Technology

Computer-based

Mobile-based

People-based

Physical attacks

Voice-based

Physical attacks at the console

samdump2 and chntpw

Sticky keys

Creating a rogue physical device

Microcomputer or USB-based attack agents

The Raspberry Pi

The MalDuino – the BadUSB

The Social Engineering Toolkit (SET)

Using a website attack vector – the credential harvester attack method

Using a website attack vector – the tabnabbing attack method

HTA attack

Using the PowerShell alphanumeric shellcode injection attack

Hiding executables and obfuscating the attacker's URL

Escalating an attack using DNS redirection

Spear phishing attack

Setting up a phishing campaign with Gophish

Launching a phishing attack

Using bulk transfer as a mode of phishing

Summary

Wireless Attacks

Configuring Kali for wireless attacks

Wireless reconnaissance

Kismet

Bypassing a hidden SSID

Bypassing the MAC address authentication and open authentication

Attacking WPA and WPA2

Brute-force attacks

Attacking wireless routers with Reaver

Denial-of-service (DoS) attacks against wireless communications

Compromising enterprise implementations of WPA/WPA2

Working with Ghost Phisher

Summary

Exploiting Web-Based Applications

Web application hacking methodology

The hacker's mind map

Reconnaissance of web apps

Detection of web application firewall and load balancers

Fingerprinting a web application and CMS

Mirroring a website from the command line

Client-side proxies

Burp Proxy

Web crawling and directory brute-force attacks

Web service-specific vulnerability scanners

Application-specific attacks

Brute-forcing access credentials

Injection

OS command injection using commix

SQL injection

XML injection

Bit-flipping attack

Maintaining access with web shells

Summary

Client-Side Exploitation

Backdooring executable files

Attacking a system using hostile scripts

Conducting attacks using VBScript

Attacking systems using Windows PowerShell

The Cross-Site Scripting framework

The Browser Exploitation Framework (BeEF)

Configuring the BeEF

Understanding BeEF Browser

Integrating BeEF and Metasploit attacks

Using BeEF as a tunneling proxy

Summary

Bypassing Security Controls

Bypassing Network Access Control (NAC)

Pre-admission NAC

Adding new elements

Identifying the rules

Exceptions

Quarantine rules

Disabling endpoint security

Preventing remediation

Adding exceptions

Post-admission NAC

Bypassing isolation

Detecting honeypot

Bypassing the antivirus with files

Using the Veil framework

Using Shellter

Going fileless and evading antivirus

Bypassing application-level controls

Tunneling past client-side firewalls using SSH

Inbound to outbound

Bypassing URL filtering mechanisms

Outbound to inbound

Bypassing Windows operating system controls

User Account Control (UAC)

Using fileless techniques

Using fodhelper to bypass UAC in Windows 10

Using Disk Cleanup to bypass UAC in Windows 10

Other Windows-specific operating system controls

Access and authorization

Encryption

System security

Communications security

Auditing and logging

Summary

Exploitation

The Metasploit Framework

Libraries

REX

Framework core

Framework base

Interfaces

Modules

Database setup and configuration

Exploiting targets using MSF

Single targets using a simple reverse shell

Single targets using a reverse shell with a PowerShell attack vector

Exploiting multiple targets using MSF resource files

Exploiting multiple targets with Armitage

Using public exploits

Locating and verifying publicly available exploits

Compiling and using exploits

Compiling C files

Adding the exploits that are written using the MSF as a base

Developing a Windows exploit

Identifying a vulnerability using fuzzing

Creating a Windows-specific exploit

Summary

Action on the Objective and Lateral Movement

Activities on the compromised local system

Conducting rapid reconnaissance of a compromised system

Finding and taking sensitive data – pillaging the target

Creating additional accounts

Post-exploitation tools

The Metasploit Framework

The Empire project

CrackMapExec

Horizontal escalation and lateral movement

Veil-Pillage

Compromising domain trusts and shares

PsExec, WMIC, and other tools

WMIC

Windows Credential Editor

Lateral movement using services

Pivoting and port forwarding

Using Proxychains

Summary

Privilege Escalation

Overview of the common escalation methodology

Escalating from domain user to system administrator

Local system escalation

Escalating from administrator to system

DLL injection

Credential harvesting and escalation attacks

Password sniffers

Responder

SMB relay attacks

Escalating access rights in Active Directory

Compromising Kerberos – the golden-ticket attack

Summary

Command and Control

Persistence

Using persistent agents

Employing Netcat as a persistent agent

Using schtasks to configure a persistent task

Maintaining persistence with the Metasploit framework

Using the persistence script

Creating a standalone persistent agent with Metasploit

Persistence using online file storage cloud services

Dropbox

Microsoft OneDrive

Domain fronting

Using Amazon CloudFront for C2

Using Microsoft Azure for C2

Exfiltration of data

Using existing system services (Telnet, RDP, and VNC)

Using the DNS protocol

Using the ICMP protocol

Using the Data Exfiltration Toolkit (DET)

Using PowerShell

Hiding evidence of an attack

Summary

Embedded Devices and RFID Hacking

Embedded systems and hardware architecture

Embedded system basic architecture

Understanding firmware

Different types of firmware

Understanding bootloaders

Common tools

Firmware unpacking and updating

Introduction to RouterSploit Framework

UART

Cloning RFID using Chameleon Mini

Other tools

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部