Title Page Copyright and Credits Learn Kali Linux 2019 Dedication About Packt Why subscribe? Contributors About the author About the reviewers Packt is searching for authors like you Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Reviews Section 1: Kali Linux Basics Introduction to Hacking Who is a hacker? Types of hackers Black hat hacker White hat hacker Gray hat hacker Suicide hacker State-sponsored hacker Script kiddie Cyber terrorist Exploring important terminology Threat Asset Vulnerability Exploit Risk Zero-day Hack value Penetration testing phases Pre-engagement Information gathering Threat modeling Vulnerability analysis Exploitation Post-exploitation Report writing Penetration testing methodologies OWASP NIST OSSTMM SANS 25 Penetration testing approaches White box Black box Gray box Types of penetration testing Web application penetration testing Mobile application penetration testing Social engineering penetration testing Network penetration testing Cloud penetration testing Physical penetration testing Hacking phases Reconnaissance or information gathering Scanning Gaining access Maintaining access Covering tracks Summary Questions Further reading Setting Up Kali - Part 1 Technical requirements Lab overview Virtualization Hypervisors Type 1 hypervisor Type 2 hypervisor Additional components Virtual switches Operating systems Building our lab Creating a virtual network Setting up Kali Linux Attaching the virtual network to a virtual machine Installing Nessus Setting up Android emulators Installing Metasploitable 2 Summary Questions Further reading Setting Up Kali - Part 2 Technical requirements Installing Windows as a VM Creating a user account Opting out of automatic updates Setting a static IP address Adding additional interfaces Installing Ubuntu 8.10 Creating and using snapshots Troubleshooting Kali Linux Network adapter and USB incompatibility  VM memory problems Summary Further reading Getting Comfortable with Kali Linux 2019 Technical requirements Understanding Kali Linux What's new in Kali Linux 2019? Basics of Kali Linux The Terminal and Linux commands Navigating in Kali Linux Updating sources and installing programs The find, locate, and which commands The locate command The which command The find command Managing Kali Linux services Summary Questions Further reading Section 2: Reconnaissance Passive Information Gathering Technical requirements Reconnaissance and footprinting Reconnaissance Footprinting Understanding passive information gathering Understanding OSINT Using the top OSINT tools Maltego Recon-ng theHarvester Shodan OSRFramework Identifying target technology and security controls Discovering technologies using Shodan The power of Netcraft Recognizing technologies with WhatWeb Finding data leaks in cloud resources Understanding Google hacking and search operators Leveraging whois and copying websites with HTTrack whois HTTrack Finding subdomains using Sublist3r Summary Questions Further reading Active Information Gathering Technical requirements Understanding active information gathering DNS interrogation What is DNS and why do we need it on a network? Performing DNS enumeration and zone transfer using dnsenum Using the host utility to perform DNS analysis Finding subdomains with dnsmap DNS interrogation using Fierce Scanning Nmap Performing a ping sweep with Nmap Obtaining operating system and service versions using Nmap Scanning host devices with ICMP disabled Performing a stealth scan using Nmap Scanning UDP ports using Nmap Evading detection using Nmap Evading firewalls with Nmap Checking for a stateful firewall NSE scripts Zenmap Hping3 SMB, LDAP enumeration, and null sessions SMBmap and SMBclient Enum4linux LDAP enumeration Null sessions User enumeration through noisy authentication controls Web footprints and enumeration with EyeWitness Metasploit auxiliary modules Summary Questions Further reading Section 3: Vulnerability Assessment and Penetration Testing with Kali Linux 2019 Working with Vulnerability Scanners Technical requirements Nessus and its policies Nessus policies Scanning with Nessus Exporting Nessus results Analyzing Nessus results Using web application scanners Nikto WPScan Burp Suite Using Intruder for brute force Summary Questions Further reading Understanding Network Penetration Testing Technical requirements Introduction to network penetration testing Types of penetration test Understanding the MAC address How to spoof the MAC address Connecting a wireless adapter to Kali Linux Managing and monitoring wireless modes Enabling monitor mode manually Enabling monitor mode using airmon-ng Summary Questions Further reading Network Penetration Testing - Pre-Connection Attacks Technical requirements Getting started with packet sniffing using airodump-ng Targeted packet sniffing using airodump-ng Deauthenticating clients on a wireless network Creating a rogue AP/evil twin Performing a password spraying attack Setting up watering hole attacks Exploiting weak encryption to steal credentials Summary Questions Further reading Network Penetration Testing - Gaining Access Technical requirements Gaining access WEP cracking WPA cracking Securing your network from the aforementioned attacks SSID management MAC filtering Power levels for antennas Strong passwords Securing enterprise wireless networks Configuring wireless security settings to secure your network Exploiting vulnerable perimeter systems with Metasploit EternalBlue exploitation Penetration testing Citrix and RDP-based remote access systems Citrix penetration testing Breaking into RDP Leveraging user credentials Plugging PWN boxes and other tools directly into a network Bypassing NAC Summary Questions Further reading Network Penetration Testing - Post-Connection Attacks Technical requirements Gathering information Scanning using Netdiscover Scanning using AutoScan-Network Scanning using Zenmap MITM attacks ARPspoof MITMf Use cases of MITMf Session hijacking DHCP attacks Exploiting LLMNR and NetBIOS-NS WPAD protocol attacks Wireshark Basic overview of Wireshark and how to use it in MITM attacks Configuring a SPAN port Configuring a monitor (sniffer) interface on Wireshark Parsing Wireshark packet captures to find the goods Escalating privileges Lateral movement tactics PowerShell tradecraft Removing Windows Defender virus definitions Disabling Windows Antimalware Scan Interface Launching a VLAN hopping attack Summary Questions Further reading Network Penetration Testing - Detection and Security Technical requirements Using Wireshark to understand ARP Detecting ARP poisoning attacks Detecting suspicious activity MITM remediation techniques Encryption Dynamic ARP inspection Sniffing remediation techniques Summary Questions Further reading Client-Side Attacks - Social Engineering Technical requirements Basics of social engineering Types of social engineering Human-based social engineering Eavesdropping Shoulder surfing Dumpster diving Computer-based social engineering Phishing Spear phishing Mobile-based social engineering Social engineering through social networking Phone-based social engineering (vishing) Defending against social engineering Protecting your perimeter security Protecting the help desk and general staff Additional countermeasures Detecting phishing emails Recon for social engineering (doxing) Planning for each type of social engineering attack Social engineering tools Social-Engineer Toolkit Ghost Phisher Summary Questions Further reading Performing Website Penetration Testing Technical requirements Information gathering Discovering technologies that are being used on a website Discovering websites on the same server Discovering sensitive files robots.txt Analyzing discovered files Cryptography File upload and file inclusion vulnerabilities XSS Stored XSS Reflected XSS CSRF SQLi Insecure deserialization Common misconfigurations Vulnerable components IDOR Exploiting file upload vulnerabilities Exploiting code execution vulnerabilities Exploiting LFI vulnerabilities Preventing vulnerabilities Summary Questions Further reading Website Penetration Testing - Gaining Access Technical requirements Exploring the dangers of SQL injection Dangers from SQL injection vulnerabilities Bypassing logins using SQL injection SQL injection vulnerabilities and exploitation Discovering SQL injections with POST Detecting SQL injections and extracting data using SQLmap Preventing SQL injection Cross-Site Scripting vulnerabilities Understanding XSS Discovering reflected XSS Discovering stored XSS Exploiting XSS – hooking vulnerable page visitors to BeEF Discovering vulnerabilities automatically Burp Suite Acunetix OWASP ZAP Summary Questions Further reading Best Practices Technical requirements Guidelines for penetration testers Gaining written permission Being ethical Penetration testing contract Rules of engagement Additional tips and tricks Web application security blueprints and checklists OWASP Penetration testing execution standard Reporting Penetration testing checklist Information gathering Network scanning Enumeration Gaining access Covering tracks Summary Questions Further reading Assessments Chapter 1: Introduction to Hacking Chapter 2: Setting Up Kali - Part Chapter 4: Getting Comfortable with Kali Linux 2019 Chapter 5: Passive Information Gathering Chapter 6: Active Information Gathering Chapter 7: Working with Vulnerability Scanners Chapter 8: Understanding Network Penetration Testing Chapter 9: Network Penetration Testing - Pre-Connection Attacks Chapter 10: Network Penetration Testing - Gaining Access Chapter 11: Network Penetration Testing - Post-Connection Attacks Chapter 12: Network Penetration Testing - Detection and Security Chapter 13: Client-Side Attacks - Social Engineering Chapter 14: Performing Website Penetration Testing Chapter 15: Website Penetration Testing - Gaining Access  Chapter 16: Best Practices Other Books You May Enjoy Leave a review - let other readers know what you think