万本电子书0元读

万本电子书0元读

顶部广告

Mastering Kali Linux for Advanced Penetration Testing - Second Edition电子书

售       价:¥

1人正在读 | 0人评论 9.8

作       者:Vijay Kumar Velu

出  版  社:Packt Publishing

出版时间:2017-07-07

字       数:46.8万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
A practical guide to testing your network’s security with Kali Linux, the preferred choice of penetration testers and hackers. About This Book ? Employ advanced pentesting techniques with Kali Linux to build highly-secured systems ? Get to grips with various stealth techniques to remain undetected and defeat the latest defenses and follow proven approaches ? Select and configure the most effective tools from Kali Linux to test network security and prepare your business against malicious threats and save costs Who This Book Is For Penetration Testers, IT professional or a security consultant who wants to maximize the success of your network testing using some of the advanced features of Kali Linux, then this book is for you.Some prior exposure to basics of penetration testing/ethical hacking would be helpful in making the most out of this title. What You Will Learn ? Select and configure the most effective tools from Kali Linux to test network security ? Employ stealth to avoid detection in the network being tested ? Recognize when stealth attacks are being used against your network ? Exploit networks and data systems using wired and wireless networks as well as web services ? Identify and download valuable data from target systems ? Maintain access to compromised systems ? Use social engineering to compromise the weakest part of the network—the end users In Detail This book will take you, as a tester or security practitioner through the journey of reconnaissance, vulnerability assessment, exploitation, and post-exploitation activities used by penetration testers and hackers. We will start off by using a laboratory environment to validate tools and techniques, and using an application that supports a collaborative approach to penetration testing. Further we will get acquainted with passive reconnaissance with open source intelligence and active reconnaissance of the external and internal networks. We will also focus on how to select, use, customize, and interpret the results from a variety of different vulnerability scanners. Specific routes to the target will also be examined, including bypassing physical security and exfiltration of data using different techniques. You will also get to grips with concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections. Later you will learn the practical aspects of attacking user client systems by backdooring executable files. You will focus on the most vulnerable part of the network—directly and bypassing the controls, attacking the end user and maintaining persistence access through social media. You will also explore approaches to carrying out advanced penetration testing in tightly secured environments, and the book's hands-on approach will help you understand everything you need to know during a Red teaming exercise or penetration testing Style and approach An advanced level tutorial that follows a practical approach and proven methods to maintain top notch security of your networks.
目录展开

Title Page

Second Edition

Copyright

Mastering Kali Linux for Advanced Penetration Testing

Second Edition

Credits

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Goal-Based Penetration Testing

Conceptual overview of security testing

Failure of classical vulnerability scanning, penetration testing, and Red Team Exercises

The testing methodology

Introduction to Kali Linux – history and purpose

Installing and updating Kali Linux

Using Kali Linux from a portable device

Installing Kali into a virtual machine

VMware Workstation Player

VirtualBox

Installing to a Docker appliance

Installing Kali to the cloud – creating an AWS instance

Organizing Kali Linux

Configuring and customizing Kali Linux

Resetting the root password

Adding a non-root user

Speeding up Kali operations

Sharing folders with the host operating system

Using BASH scripts to customize Kali

Building a verification lab

Setting up a virtual network with Active Directory

Installing defined targets

Metasploitable3

Mutillidae

Managing collaborative penetration testing using Faraday

Summary

Open Source Intelligence and Passive Reconnaissance

Basic principles of reconnaissance

OSINT

Offensive OSINT

Maltego

CaseFile

Google caches

Scraping

Gathering usernames and email addresses

Obtaining user information

Shodan and censys.io

Google Hacking Database

Using dork script to query Google

DataDump sites

Using scripts to automatically gather OSINT data

Defensive OSINT

Dark Web

Security breaches

Threat Intelligence

Profiling users for password lists

Creating custom word lists for cracking passwords

Using CeWL to map a website

Extracting words from Twitter using Twofi

Summary

Active Reconnaissance of External and Internal Networks

Stealth scanning strategies

Adjusting source IP stack and tool identification settings

Modifying packet parameters

Using proxies with anonymity networks

DNS reconnaissance and route mapping

The whois command

Employing comprehensive reconnaissance applications

The recon-ng framework

IPv4

IPv6

Using IPv6 - specific tools

Mapping the route to the target

Identifying the external network infrastructure

Mapping beyond the firewall

IDS/IPS identification

Enumerating hosts

Live host discovery

Port, operating system, and service discovery

Port scanning

Writing your own port scanner using netcat

Fingerprinting the operating system

Determining active services

Large scale scanning

DHCP information

Identification and enumeration of internal network hosts

Native MS Windows commands

ARP broadcasting

Ping sweep

Using scripts to combine Masscan and nmap scans

Taking advantage of SNMP

Windows account information via Server Message Block (SMB) sessions

Locating network shares

Reconnaissance of active directory domain servers

Using comprehensive tools (SPARTA)

An example to configure SPARTA

Summary

Vulnerability Assessment

Vulnerability nomenclature

Local and online vulnerability databases

Vulnerability scanning with nmap

Introduction to LUA scripting

Customizing NSE scripts

Web application vulnerability scanners

Introduction to Nikto and Vega

Customizing Nikto and Vega

Vulnerability scanners for mobile applications

The OpenVAS network vulnerability scanner

Customizing OpenVAS

Specialized scanners

Threat modelling

Summary

Physical Security and Social Engineering

Methodology and attack methods

Computer-based

Voice-based

Physical attacks

Physical attacks at the console

Samdump2 and chntpw

Sticky keys

Attacking system memory with Inception

Creating a rogue physical device

Microcomputer-based attack agents

The Social Engineering Toolkit (SET)

Using a website attack vector - the credential harvester attack method

Using a website attack vector - the tabnabbing attack method

Using the PowerShell alphanumeric shellcode injection attack

HTA attack

Hiding executables and obfuscating the attacker's URL

Escalating an attack using DNS redirection

Spear phishing attack

Setting up a phishing campaign with Phishing Frenzy

Launching a phishing attack

Summary

Wireless Attacks

Configuring Kali for wireless attacks

Wireless reconnaissance

Kismet

Bypassing a hidden service set identifier (SSID)

Bypassing the MAC address authentication and open authentication

Attacking WPA and WPA2

Brute force attacks

Attacking wireless routers with Reaver

Denial-of-service (DoS) attacks against wireless communications

Compromising enterprise implementations of WPA/WPA2

Working with Ghost Phisher

Summary

Reconnaissance and Exploitation of Web-Based Applications

Methodology

Hackers mindmap

Conducting reconnaissance of websites

Detection of web application firewall and load balancers

Fingerprinting a web application and CMS

Mirroring a website from the command line

Client-side proxies

Burp Proxy

Extending the functionality of web browsers

Web crawling and directory brute force attacks

Web-service-specific vulnerability scanners

Application-specific attacks

Brute-forcing access credentials

OS command injection using commix

Injection attacks against databases

Maintaining access with web shells

Summary

Attacking Remote Access

Exploiting vulnerabilities in communication protocols

Compromising Remote Desktop Protocol (RDP)

Compromising secure shell

Compromising remote access protocols (VNC)

Attacking Secure Sockets Layer (SSL)

Weaknesses and vulnerabilities in the SSL protocol

Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH)

Compression Ratio Info-leak Made Easy (CRIME)

Factoring Attack on RSA-EXPORT Keys (FREAK)

Heartbleed

Insecure TLS renegotiation

Logjam attack

Padding Oracle On Demanded Legacy Encryption (POODLE)

Introduction to Testssl

Reconnaissance of SSL connections

Using sslstrip to conduct a man-in-the-middle attack

Denial-of-service attacks against SSL

Attacking an IPSec virtual private network

Scanning for VPN gateways

Fingerprinting the VPN gateway

Capturing pre-shared keys

Performing offline PSK cracking

Identifying default user accounts

Summary

Client-Side Exploitation

Backdooring executable files

Attacking a system using hostile scripts

Conducting attacks using VBScript

Attacking systems using Windows PowerShell

The Cross-Site Scripting framework

The Browser Exploitation Framework (BeEF)

Configuring the BeEF

Understanding BeEF browser

Integrating BeEF and Metasploit attacks

Using BeEF as a tunneling proxy

Summary

Bypassing Security Controls

Bypassing Network Access Control (NAC)

Pre-admission NAC

Adding new elements

Identifying the rules

Exceptions

Quarantine rules

Disabling endpoint security

Preventing remediation

Adding exceptions

Post-admission NAC

Bypassing isolation

Detecting HoneyPot

Bypassing antivirus using different frameworks

Using the Veil framework

Using Shellter

Bypassing application-level controls

Tunneling past client-side firewalls using SSH

Inbound to outbound

Bypassing URL filtering mechanisms

Outbound to inbound

Defeating application whitelisting

Bypassing Windows-specific operating system controls

Enhanced Migration Experience Toolkit (EMET)

User Account Control (UAC)

Other Windows-specific operating system controls

Access and authorization

Encryption

System security

Communications security

Auditing and logging

Summary

Exploitation

The Metasploit framework

Libraries

REX

Framework - core

Framework - base

Interfaces

Modules

Database setup and configuration

Exploiting targets using MSF

Single targets using a simple reverse shell

Single targets using a reverse shell with a PowerShell attack vector

Exploiting multiple targets using MSF resource files

Exploiting multiple targets with Armitage

Using public exploits

Locating and verifying publicly available exploits

Compiling and using exploits

Compiling C files

Adding the exploits that are written using Metasploit framework as a base

Developing a Windows exploit

Identifying a vulnerability using fuzzing

Crafting a Windows-specific exploit

Summary

Action on the Objective

Activities on the compromised local system

Conducting a rapid reconnaissance of a compromised system

Finding and taking sensitive data - pillaging the target

Creating additional accounts

Post-exploitation tools (MSF, the Veil-Pillage framework, scripts)

Veil-Pillage

Horizontal escalation and lateral movement

Compromising domain trusts and shares

PsExec, WMIC, and other tools

WMIC

Lateral movement using services

Pivoting and port forwarding

Using Proxychains

Summary

Privilege Escalation

Overview of common escalation methodology

Local system escalation

Escalating from administrator to system

DLL injection

PowerShell's Empire tool

Credential harvesting and escalation attacks

Password sniffers

Responder

SMB relay attacks

Escalating access rights in Active Directory

Compromising Kerberos - the golden ticket attack

Summary

Command and Control

Using persistent agents

Employing Netcat as a persistent agent

Using schtasks to configure a persistent task

Maintaining persistence with the Metasploit framework

Using the persistence script

Creating a standalone persistent agent with Metasploit

Persistence using social media and Gmail

Exfiltration of data

Using existing system services (Telnet, RDP, and VNC)

Exfiltration of data using DNS protocol

Exfiltration of data using ICMP

Using the Data Exfiltration Toolkit (DET)

Exfiltration from PowerShell

Hiding evidence of the attack

Summary

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部