About the Book
Achieve the gold standard in penetration testing with Kali using this masterpiece, now in its fourth edition
Key Features
Rely on the most updated version of Kali to formulate your pentesting strategies
Test your corporate network against threats
Explore new cutting-edge wireless penetration tools and features
Book DescriptionKali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply the appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in successful penetration testing project engagement.
This fourth edition of Kali Linux 2018: Assuring Security by Penetration Testing starts with the installation of Kali Linux. You will be able to create a full test environment to safely practice scanning, vulnerability assessment, and exploitation. You’ll explore the essentials of penetration testing by collecting relevant data on the target network with the use of several footprinting and discovery tools. As you make your way through the chapters, you’ll focus on specific hosts and services via scanning and run vulnerability scans to discover various risks and threats within the target, which can then be exploited. In the concluding chapters, you’ll apply techniques to exploit target systems in order to gain access and find a way to maintain that access. You’ll also discover techniques and tools for assessing and attacking devices that are not physically connected to the network, including wireless networks.
By the end of this book, you will be able to use NetHunter, the mobile version of Kali Linux, and write a detailed report based on your findings.
What you will learn
Conduct the initial stages of a penetration test and understand its scope
Perform reconnaissance and enumeration of target networks
Obtain and crack passwords
Use Kali Linux NetHunter to conduct wireless penetration testing
Create proper penetration testing reports
Understand the PCI-DSS framework and tools used to carry out segmentation scans and penetration testing
Carry out wireless auditing assessments and penetration testing
Understand how a social engineering attack such as phishing works
Who this book is forThis fourth edition of Kali Linux 2018: Assuring Security by Penetration Testing is for pentesters, ethical hackers, and IT security professionals with basic knowledge of Unix/Linux operating systems. Prior knowledge of information security will help you understand the concepts in this book
Table of Contents:
Table of Contents
Installing and Configuring Kali Linux
Setting Up Your Test Lab
Penetration Testing Methodology
Footprinting and Information Gathering
Scanning and Evasion Techniques
Vulnerability Scanning
Social Engineering
Target Exploitation
Privilege-Escalation and Maintaining Access
Web Application Testing
Wireless Penetration Testing
Mobile Penetration Testing with Kali NetHunter
PCI DSS Scanning and Penetration Testing
Tools for Penetration Testing Reporting
Assessments
About the Author :
Shiva V. N Parasram is the director of the Computer Forensics and Security Institute and is a cyber security trainer, pentester, and forensic investigator with 14 years in the field. His qualifications include an MSc in Network Security (distinction), CCISO, CEH, CHFI, and CCNA. As a Certified EC-Council Instructor (CEI), he has also trained several hundred people in ethical hacking and forensics and has recently been selected as the sole trainer for cyber security courses for staff at Fujitsu Trinidad. He is also the author of Digital Forensics with Kali Linux published by Packt. Alex Samm is an IT and computer security professional with 11 years' experience. He's currently working for ESP Global Services. His roles includes system and network administrator, programmer, VMware infrastructure support engineer, and security consultant, among others, for many of the world's largest airlines and pharmaceutical companies, including Roche Diabetes, Norvatis, Ingredion, and Shire Pharmaceuticals. He holds a BSc in Computer Science and CEH, ACE, AME, and NSE, and is currently pursuing OSCP. He also lectures at the Computer Forensics and Security Institute. Damian Boodoo is a penetration tester and security researcher who wants to live in a world where people have safer networks and don't live in fear of evildoers. With more than 10 years' experience of working in IT, he is the co-founder of DKIT Solutions, who provide security services and other creative solutions to problems that are commonly overlooked. When he's not obsessing over zero days or finding holes in firewalls, he spend his time either tinkering with devices to see how they can be made better or pondering "is it too late to make it into e-sports?" Gerard Johansen is an information security professional with over a decade of experience in penetration testing, vulnerability management, threat assessment modeling, and incident response. Beginning his career as a cyber crime investigator, he has also worked as a consultant and security analyst for clients and organizations ranging from healthcare to finance. He is a graduate from Norwich University, gaining an MSc in Information Assurance and also a CISSP, and is currently employed with an international information technology services firm that specializes in incident response and threat intelligence. Tedi Heriyanto currently works as an information security analyst at a Fortune 500 company. He has experience of designing secure network architectures, deploying and managing enterprise-wide security systems, developing information security policies and procedures, performing various network, web, and mobile application penetration testing, and giving information security training. In his spare time, he deepens his knowledge and skills in information fields. Lee Allen is the associate director at Ohio State University. He specializes in information security, penetration testing, security research, task automation, risk management, data analysis, and 3D application development. Shakeel Ali is a senior cybersecurity consultant at a global Fortune 500 organization. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, attack simulations, SOC/CSIRC facilitation, incident response, and forensic projects that he carries out in day-to-day operations. He is an independent researcher who writes various articles and white papers to provide insights into threat intelligence, and also provides constant security support to various businesses globally.
