The Ultimate Kali Linux Book Harness Nmap, Metaspolit, Aircrack-Ng, and Empire for Cutting-edge Pentesting
Embark on an exciting journey into the world of Kali Linux – the central hub for advanced penetration testing. Honing your pentesting skills and exploiting vulnerabilities or conducting advanced penetration tests on wired and wireless enterprise networks, Kali Linux empowers cybersecurity profession...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited
2024.
|
| Edición: | 3rd ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009816677806719 |
Tabla de Contenidos:
- Cover
- Copyright
- Contributors
- Table of Contents
- Preface
- Chapter 1: Introduction to Ethical Hacking
- Understanding the need for cybersecurity
- Exploring cybersecurity terminology
- Identifying threat actors and their intent
- Understanding what matters to threat actors
- Time
- Resources
- Financial factors
- Hack value
- Exploring the importance of penetration testing
- Penetration testing methodologies
- Pre-engagement phase
- Information-gathering phase
- Threat modeling
- Vulnerability analysis
- Exploitation
- Post-exploitation
- Report writing
- Discovering penetration testing approaches
- Types of penetration testing
- Web application penetration testing
- Mobile application penetration testing
- Social engineering penetration testing
- Network penetration testing (external and internal)
- Cloud penetration testing
- Physical penetration testing
- Exploring the phases of penetration testing
- Reconnaissance
- Scanning and enumeration
- Gaining access (exploitation)
- Maintaining access
- Covering your tracks
- Understanding the Cyber Kill Chain framework
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control (C2)
- Actions on objectives
- Summary
- Further reading
- Chapter 2: Building a Penetration Testing Lab
- Technical requirements
- An overview of the lab setup and technologies used
- Setting up a hypervisor and virtual networks
- Part 1 - setting up the hypervisor
- Part 2 - creating virtually isolated networks
- Setting up and working with Kali Linux
- Part 1 - deploying Kali Linux as a virtual machine
- Part 2 - customizing Kali Linux and its network adapters
- Part 3 - getting started with Kali Linux
- Part 4 - updating repository sources and packages
- Setting up a vulnerable web application.
- Deploying Metasploitable 2 as a vulnerable machine
- Part 1 - deploying Metasploitable 2
- Part 2 - configuring network settings
- Building and deploying Metasploitable 3
- Part 1 - building the Windows server version
- Part 2 - building the Linux server version
- Summary
- Further reading
- Chapter 3: Setting Up for Advanced Penetration Testing Techniques
- Technical requirements
- Building an Active Directory red team lab
- Part 1 - Setting up Windows Server
- Part 2 - Configuring virtual machine additional features
- Part 3 - Setting Active Directory Domain Services
- Part 4 - Creating domain users and administrator accounts
- Part 5 - Disabling antimalware protection and the domain firewall
- Part 6 - Setting up for service authentication attacks
- Part 7 - Installing Windows 10 Enterprise
- Part 8 - Adding the clients to the domain
- Part 9 - Setting up for account takeover and file sharing attacks
- Setting up a wireless penetration testing lab
- Brief overview of wireless network security
- Setting up a RADIUS server
- Part 1 - Install a Ubuntu server
- Part 2 - Setting up FreeRadius
- Part 3 - Setting the wireless router with RADIUS
- Summary
- Further reading
- Chapter 4: Passive Reconnaissance
- Technical requirements
- The importance of reconnaissance
- Exploring passive reconnaissance
- Open source intelligence
- How much data should be collected?
- Creating a sock puppet
- Anonymizing internet-based traffic
- VPN
- Proxychains
- TOR
- Summary
- Further reading
- Chapter 5: Exploring Open-Source Intelligence
- Technical requirements
- Google hacking techniques
- Domain reconnaissance
- Collecting WHOIS data
- Performing DNS enumeration
- Exploiting DNS zone transfer
- Automation using SpiderFoot
- Sub-domain harvesting
- Enumeration with DNSMap
- Sub-domain discovery with Knockpy.
- Identifying organizational infrastructure
- Data leakage on job websites
- Finding vulnerable systems using Shodan
- Discovering exposed systems with Censys
- Mapping external systems using Maltego
- Identifying infrastructure with Netcraft
- Using Recon-ng for data harvesting
- Data collection with theHarvester
- Harvesting employees' data using Hunter
- Automating social media reconnaissance with Sherlock
- Summary
- Further reading
- Chapter 6: Active Reconnaissance
- Technical requirements
- Understanding active information
- Profiling websites using EyeWitness
- Exploring active scanning techniques
- Changing your MAC address
- Performing live host discovery
- Identifying open ports, services, and operating systems
- Using scanning evasion techniques
- Avoiding detection with decoys
- Using MAC and IP spoofing techniques
- Stealth scanning techniques
- Enumerating network services
- Enumerating SMB services
- Enumerating SMTP services
- Enumerating SNMP services
- Discovering data leaks in the cloud
- Summary
- Further reading
- Chapter 7: Performing Vulnerability Assessments
- Technical requirements
- Getting started with Nessus
- Part 1 - installing Nessus
- Part 2 - identifying vulnerabilities
- Part 3 - vulnerability analysis
- Part 4 - exporting vulnerability reports
- Vulnerability identification using Nmap
- Working with Greenbone Vulnerability Manager
- Part 1 - installing GVM
- Part 2 - vulnerability identification
- Part 3 - vulnerability analysis and reporting
- Using web application scanners
- WhatWeb
- Nmap
- Nikto
- Metasploit
- WPScan
- Summary
- Further reading
- Chapter 8: Understanding Network Penetration Testing
- Technical requirements
- Introduction to network penetration testing
- Working with bind and reverse shells
- Working with remote shells using Netcat.
- Setting up a bind shell
- Setting up reverse shells
- Antimalware evasion techniques
- Encoding payloads with MSFvenom
- Creating custom payloads with Shellter
- Working with wireless adapters
- Connecting wireless adapters to Kali Linux
- Connecting a wireless adapter with an RTL8812AU chipset
- Managing and Monitoring wireless modes
- Configuring Monitoring mode
- Using aircrack-ng to enable monitor mode
- Summary
- Further reading
- Chapter 9: Performing Network Penetration Testing
- Technical requirements
- Exploring password-based attacks
- Creating a keyword-based wordlist
- Generating a custom wordlist using Crunch
- Gaining access by exploiting SSH
- Exploiting Remote Desktop Protocol
- Performing host discovery
- Profiling a targeted system
- Identifying and exploiting vulnerable services
- Exploiting Linux-based systems
- Compromising Windows-based systems
- Exploiting vulnerable SMB services
- Cracking hashes with Hashcat
- Exploiting Windows Remote Management
- Exploiting ElasticSearch
- Exploiting Simple Network Management Protocol
- Summary
- Further reading
- Chapter 10: Post-Exploitation Techniques
- Technical requirements
- Pass-the-hash techniques
- Gaining a shell with PTH-WinExe
- Working with Impacket
- Pass-the-hash for remote desktop
- Post exploitation using Meterpreter
- Core operations
- User interface options
- File transfers
- Privilege escalation
- Token stealing and impersonation
- Setting up persistence
- Lateral movement and pivoting
- Clearing tracks
- Data encoding and exfiltration
- Encoding using exe2hex
- Exfiltration with PacketWhisper
- Part 1 - setting up the environment
- Part 2 - changing the DNS settings on the targeted system
- Part 3 - performing data exfiltration
- Part 4 - reassembling data
- Man-in-the-Middle (MiTM) attacks.
- Intercepting traffic with MiTM attacks
- Summary
- Further reading
- Chapter 11: Delving into Command and Control Tactics
- Technical requirements
- Understanding C2
- Setting up C2 operations
- Part 1 - Empire client-server model
- Part 2 - Managing users on Empire
- Post-exploitation using Empire
- Part 1 - Creating a listener
- Part 2 - Creating a stager
- Part 3 - Working with agents
- Part 4 - Creating a new agent
- Part 5 - Threat emulation
- Part 6 - Setting up persistence
- Working with Starkiller
- Part 1 - Starkiller
- Part 2 - User management
- Part 3 - Working with modules
- Part 4 - Creating listeners
- Part 5 - Creating stagers
- Part 6 - Interacting with agents
- Part 7 - Credentials and reporting
- Summary
- Further reading
- Chapter 12: Working with Active Directory Attacks
- Technical requirements
- Understanding Active Directory
- Enumerating Active Directory
- Working with PowerView
- Exploring BloodHound
- Part 1 - setting up BloodHound
- Part 2 - remote data collection with BloodHound.py
- Part 3 - data analysis using BloodHound
- Leveraging network-based trust
- Exploiting LLMNR and NetBIOS-NS
- Exploiting SMB and NTLMv2 within Active Directory
- Retrieving the SAM database
- Obtaining a reverse shell
- Summary
- Further reading
- Chapter 13: Advanced Active Directory Attacks
- Technical requirements
- Understanding Kerberos
- Abusing trust on IPv6 with Active Directory
- Part 1: setting up for an attack
- Part 2: launching the attack
- Part 3: taking over the domain
- Attacking Active Directory
- Lateral movement with CrackMapExec
- Vertical movement with Kerberos
- Lateral movement with Mimikatz
- Part 1: setting up the attack
- Part 2: grabbing credentials
- Domain dominance and persistence
- Golden ticket
- Silver ticket
- Skeleton key
- Summary
- Further reading.
- Chapter 14: Advanced Wireless Penetration Testing.
