Details zum E-Book

Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals

Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals

Lee Allen, Shakeel Ali, Tedi Heriyanto

E-book
  • Kali Linux Assuring Security by Penetration Testing
    • Table of Contents
    • Kali Linux Assuring Security by Penetration Testing
    • Credits
    • About the Authors
    • About the Reviewers
    • www.PacktPub.com
      • Support files, eBooks, discount offers and more
        • Why Subscribe?
        • Free Access for Packt account holders
    • Disclaimer
    • Preface
      • What this book covers
      • What you need for this book
      • Who this book is for
      • Conventions
      • Reader feedback
      • Customer support
        • Errata
        • Piracy
        • Questions
    • I. Lab Preparation and Testing Procedures
      • 1. Beginning with Kali Linux
        • A brief history of Kali Linux
        • Kali Linux tool categories
        • Downloading Kali Linux
        • Using Kali Linux
          • Running Kali using Live DVD
          • Installing on a hard disk
            • Installing Kali on a physical machine
            • Installing Kali on a virtual machine
              • Installing Kali on a virtual machine from the ISO image
              • Installing Kali in a virtual machine using the provided Kali VM image
          • Installing Kali on a USB disk
        • Configuring the virtual machine
          • VirtualBox guest additions
          • Setting up networking
            • Setting up a wired connection
            • Setting up a wireless connection
            • Starting the network service
          • Configuring shared folders
          • Saving the guest machine state
          • Exporting a virtual machine
        • Updating Kali Linux
        • Network services in Kali Linux
          • HTTP
          • MySQL
          • SSH
        • Installing a vulnerable server
        • Installing additional weapons
          • Installing the Nessus vulnerability scanner
          • Installing the Cisco password cracker
        • Summary
      • 2. Penetration Testing Methodology
        • Types of penetration testing
          • Black box testing
          • White box testing
        • Vulnerability assessment versus penetration testing
        • Security testing methodologies
          • Open Source Security Testing Methodology Manual (OSSTMM)
            • Key features and benefits
          • Information Systems Security Assessment Framework (ISSAF)
            • Key features and benefits
          • Open Web Application Security Project (OWASP)
            • Key features and benefits
          • Web Application Security Consortium Threat Classification (WASC-TC)
            • Key features and benefits
        • Penetration Testing Execution Standard (PTES)
          • Key features and benefits
        • General penetration testing framework
          • Target scoping
          • Information gathering
          • Target discovery
          • Enumerating target
          • Vulnerability mapping
          • Social engineering
          • Target exploitation
          • Privilege escalation
          • Maintaining access
          • Documentation and reporting
        • The ethics
        • Summary
    • II. Penetration Testers Armory
      • 3. Target Scoping
        • Gathering client requirements
          • Creating the customer requirements form
          • The deliverables assessment form
        • Preparing the test plan
          • The test plan checklist
        • Profiling test boundaries
        • Defining business objectives
        • Project management and scheduling
        • Summary
      • 4. Information Gathering
        • Using public resources
        • Querying the domain registration information
        • Analyzing the DNS records
          • host
          • dig
          • dnsenum
          • dnsdict6
          • fierce
          • DMitry
          • Maltego
        • Getting network routing information
          • tcptraceroute
          • tctrace
        • Utilizing the search engine
          • theharvester
          • Metagoofil
        • Summary
      • 5. Target Discovery
        • Starting off with target discovery
        • Identifying the target machine
          • ping
          • arping
          • fping
          • hping3
          • nping
          • alive6
          • detect-new-ip6
          • passive_discovery6
          • nbtscan
        • OS fingerprinting
          • p0f
          • Nmap
        • Summary
      • 6. Enumerating Target
        • Introducing port scanning
          • Understanding the TCP/IP protocol
          • Understanding the TCP and UDP message format
        • The network scanner
          • Nmap
            • Nmap target specification
            • Nmap TCP scan options
            • Nmap UDP scan options
            • Nmap port specification
            • Nmap output options
            • Nmap timing options
            • Nmap useful options
              • Service version detection
              • Operating system detection
              • Disabling host discovery
              • Aggressive scan
            • Nmap for scanning the IPv6 target
            • The Nmap scripting engine
            • Nmap options for Firewall/IDS evasion
          • Unicornscan
          • Zenmap
          • Amap
        • SMB enumeration
        • SNMP enumeration
          • onesixtyone
          • snmpcheck
        • VPN enumeration
          • ike-scan
        • Summary
      • 7. Vulnerability Mapping
        • Types of vulnerabilities
          • Local vulnerability
          • Remote vulnerability
        • Vulnerability taxonomy
        • Open Vulnerability Assessment System (OpenVAS)
          • Tools used by OpenVAS
        • Cisco analysis
          • Cisco auditing tool
          • Cisco global exploiter
        • Fuzz analysis
          • BED
          • JBroFuzz
        • SMB analysis
          • Impacket Samrdump
        • SNMP analysis
          • SNMP Walk
        • Web application analysis
          • Database assessment tools
            • DBPwAudit
            • SQLMap
            • SQL Ninja
          • Web application assessment
            • Burp Suite
            • Nikto2
            • Paros proxy
            • W3AF
            • WafW00f
            • WebScarab
        • Summary
      • 8. Social Engineering
        • Modeling the human psychology
        • Attack process
        • Attack methods
          • Impersonation
          • Reciprocation
          • Influential authority
        • Scarcity
        • Social relationship
        • Social Engineering Toolkit (SET)
          • Targeted phishing attack
        • Summary
      • 9. Target Exploitation
        • Vulnerability research
        • Vulnerability and exploit repositories
        • Advanced exploitation toolkit
          • MSFConsole
          • MSFCLI
          • Ninja 101 drills
            • Scenario 1
            • Scenario 2
              • SNMP community scanner
              • VNC blank authentication scanner
              • IIS6 WebDAV unicode auth bypass
            • Scenario 3
              • Bind shell
              • Reverse shell
              • Meterpreter
            • Scenario 4
              • Generating a binary backdoor
              • Automated browser exploitation
          • Writing exploit modules
        • Summary
      • 10. Privilege Escalation
        • Privilege escalation using a local exploit
        • Password attack tools
          • Offline attack tools
            • hash-identifier
            • Hashcat
            • RainbowCrack
            • samdump2
            • John
            • Johnny
            • Ophcrack
            • Crunch
          • Online attack tools
            • CeWL
            • Hydra
            • Medusa
        • Network spoofing tools
          • DNSChef
            • Setting up a DNS proxy
            • Faking a domain
          • arpspoof
          • Ettercap
        • Network sniffers
          • dsniff
          • tcpdump
          • Wireshark
        • Summary
      • 11. Maintaining Access
        • Using operating system backdoors
          • Cymothoa
          • Intersect
          • The meterpreter backdoor
        • Working with tunneling tools
          • dns2tcp
          • iodine
            • Configuring the DNS server
            • Running the iodine server
            • Running the iodine client
          • ncat
          • proxychains
          • ptunnel
          • socat
            • Getting HTTP header information
            • Transferring files
          • sslh
          • stunnel4
        • Creating web backdoors
          • WeBaCoo
          • weevely
          • PHP meterpreter
        • Summary
      • 12. Documentation and Reporting
        • Documentation and results verification
        • Types of reports
          • The executive report
          • The management report
          • The technical report
        • Network penetration testing report (sample contents)
        • Preparing your presentation
        • Post-testing procedures
        • Summary
    • III. Extra Ammunition
      • A. Supplementary Tools
        • Reconnaissance tool
        • Vulnerability scanner
          • NeXpose Community Edition
            • Installing NeXpose
            • Starting the NeXpose community
            • Logging in to the NeXpose community
            • Using the NeXpose community
        • Web application tools
          • Golismero
          • Arachni
          • BlindElephant
        • Network tool
          • Netcat
            • Open connection
            • Service banner grabbing
            • Simple chat server
            • File transfer
            • Portscanning
            • Backdoor shell
            • Reverse shell
        • Summary
      • B. Key Resources
        • Vulnerability disclosure and tracking
          • Paid incentive programs
        • Reverse engineering resources
        • Penetration testing learning resources
        • Exploit development learning resources
        • Penetration testing on a vulnerable environment
          • Online web application challenges
          • Virtual machines and ISO images
        • Network ports
    • Index
  • Titel: Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals
  • Autor: Lee Allen, Shakeel Ali, Tedi Heriyanto
  • Originaler Titel: Kali Linux - Assuring Security by Penetration Testing. With Kali Linux you can test the vulnerabilities of your network and then take steps to secure it. This engaging tutorial is a comprehensive guide to this penetration testing platform, specially written for IT security professionals.
  • ISBN: 9781849519496, 9781849519496
  • Veröffentlichungsdatum: 2014-04-07
  • Format: E-book
  • Artikelkennung: e_3c8w
  • Verleger: Packt Publishing