Читать книгу Kali Linux Penetration Testing Bible - Gus Khawaja - Страница 8
ОглавлениеIntroduction
Kali is a popular Linux distribution used by security professionals and is becoming an important tool for daily use and for certifications. Penetration testers need to master Kali's hundreds of tools for pentesting, digital forensics, and reverse engineering. Kali Linux Penetration Testing Bible is a hands‐on guide for getting the most from Kali Linux for pentesting. This book is for working cybersecurity professionals in offensive, hands‐on roles, including red teamers, white‐hat hackers, and ethical hackers. Defensive specialists will also find this book valuable, as they need to be familiar with the tools used by attackers.
This comprehensive pentesting book covers every aspect of the art and science of penetration testing. It covers topics like building a modern Dockerized environment, the basics of bash language in Linux, finding vulnerabilities in different ways, identifying false positives, and practical penetration testing workflows. You'll also learn to automate penetration testing with Python and dive into advanced subjects like buffer overflow, privilege escalation, and beyond.
By reading this book, you will:
Gain a thorough understanding of the hundreds of penetration testing tools available in Kali Linux.
Master the entire range of techniques for ethical hacking so you can be more effective in your job and gain coveted certifications.
Learn how penetration testing works in practice and fill the gaps in your knowledge to become a pentesting expert.
Discover the tools and techniques that hackers use so you can boost your network's defenses.
What Does This Book Cover?
This book goes deep into the subject of penetration testing. For established penetration testers, this book fills all the practical gaps, so you have one complete resource that will help you as your career progresses. For newcomers to the field, Kali Linux Penetration Testing Bible is your best guide to how ethical hacking really works.
Chapter 1: Mastering the Terminal Window
This chapter outlines the in and outs of the Linux system Terminal window and covers how to manage the file system like the pros. You will learn how to manage users and groups inside Kali, and you will see how to manipulate files and folders during your engagements and much more.
Chapter 2: Bash Scripting
Bash scripting is an essential skill for a penetration tester. In this chapter you will learn how to start to use programming principles such as variables, functions, conditions, loops, and much more.
Chapter 3: Network Hosts Scanning
This chapter teaches you how to conduct network scans like professionals. You will learn first about the basics of networking, and then you will delve deep into the port scanning techniques.
Chapter 4: Internet Information Gathering
This chapter discusses the passive information gathering phase in penetration testing. You will be introduced to how to deal with advanced search engine queries. Also, you will learn how to use Shodan and other tools to get the job done.
Chapter 5: Social Engineering Attacks
This chapter focuses on how to take advantage of human weakness to exploit organizations. You will learn about how to send phishing emails and steal credentials. On top of that, you will see how to use the Social Engineer Toolkit as a penetration tester. Finally, you will see how USB Rubber Ducky operates in similar SE attacks.
Chapter 6: Advanced Enumeration Phase
This chapter reviews how to handle the enumeration phase in a penetration testing engagement. Enumeration means collecting the necessary information that will allow us to exploit the specific service (e.g., FTP, SSH, etc.).
Chapter 7: Exploitation Phase
This chapter discusses some actual attacks and shows you how to get inside the systems. In the previous chapters, you had all the information about each service, and in this one, we will take this step further and exploit the vulnerabilities.
Chapter 8: Web Application Vulnerabilities
This chapter focuses on the basics of web application vulnerabilities. The goal is to allow you test web applications with ease during your engagements. Every company has a website these days, and it's crucial to understand this topic from A to Z.
Chapter 9: Web Penetration Testing and Secure Software Development Lifecycle
In this chapter, you will mainly learn about the methodology of web application penetration testing and how to use Burp Suite Pro. Finally, you will see how to implement a secure software development lifecycle (SSDLC) in an organization.
Chapter 10: Linux Privilege Escalation
This chapter focuses mainly on Linux operating system privilege escalation. The techniques in this chapter will allow you to gain root privileges on a compromised Linux OS.
Chapter 11: Windows Privilege Escalation
This chapter describes how to get administrator privileges on the compromised Windows OS. First you will learn about how to enumerate the Windows OS, and then you will see how to exploit the Windows system with practical examples.
Chapter 12: Pivoting and Lateral Movement
This chapter describes how to use the pivoting techniques to move laterally on the compromised network. In this chapter, you will learn how Windows hashes work under the hood and how to reuse admin credentials to get the job done.
Chapter 13: Cryptography and Hash Cracking
This chapter describes how to crack hashes during your engagements using Hashcat. Before starting on the cracking topic, you will learn about the basics of cryptography including hashing and encryption.
Chapter 14: Reporting
This chapter explains how to present professional penetration testing reports. Also, you will learn how to evaluate accurately the severity of your findings.
Chapter 15: Assembly Language and Reverse Engineering
This chapter will introduce you to the concept of reverse engineering using the assembly language. You will learn about the basics of the assembly language including registers, assembly instructions, memory segments, and much more.
Chapter 16: Buffer/Stack Overflow
This chapter will use what you learned in the previous chapter to exploit the stack using the buffer overflow technique.
Chapter 17: Programming with Python
This chapter discusses the basics of Python version 3. This programming language is the choice of hackers, so you should learn it too.
Chapter 18: Pentest Automation with Python
This chapter focuses on the automation of the penetration testing phases using the Python language. You will see a complete practical example that can use in your career.
Appendix A: Kali Linux Desktop at a Glance
This appendix focuses on how to manage the interface of the Kali Linux desktop environment. You will learn how to handle this operating system with ease and customize it to your liking.
Appendix B: Building a Lab Environment Using Docker
This appendix will delve deep with Docker, and you will see how images and containers work in practice. Both Docker and hypervisor technologies facilitate the creation of a live lab so we, penetration testers, can have fun with it.
Companion Download Files
As you work through the examples in this book, you may choose either to type in all the code manually or to use the source code files that accompany the book. All the source code used in this book is available for download from www.wiley.com/go/kalilinuxpenbible .
How to Contact the Publisher
If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.
To submit your possible errata, please email it to our Customer Service Team at wileysupport@wiley.com with the subject line “Possible Book Errata Submission.”
How to Contact the Author
We appreciate your input and questions about this book! Email the author at gus.khawaja@guskhawaja.me , or message him on Twitter at @GusKhawaja .
