Learning Kali Linux. 2nd Edition

Learning Kali Linux. 2nd Edition - Opis

With hundreds of tools preinstalled, the Kali Linux distribution makes it easier for security professionals to get started with security testing quickly. But with more than 600 tools in its arsenal, Kali Linux can also be overwhelming. The new edition of this practical book covers updates to the tools, including enhanced coverage of forensics and reverse engineering.
Author Ric Messier also goes beyond strict security testing by adding coverage on performing forensic analysis, including disk and memory forensics, as well as some basic malware analysis.
Explore the breadth of tools available on Kali LinuxUnderstand the value of security testing and examine the testing types availableLearn the basics of penetration testing through the entire attack lifecycleInstall Kali Linux on multiple systems, both physical and virtualDiscover how to use different security-focused toolsStructure a security test around Kali Linux toolsExtend Kali tools to create advanced attack techniquesUse Kali Linux to generate reports once testing is complete Spis treści:
Preface
What This Book Covers
New in This Edition
Who This Book Is For
The Value and Importance of Ethics
Conventions Used in This Book
OReilly Online Learning
How to Contact Us
Acknowledgments
1. Foundations of Kali Linux
Heritage of Linux
About Linux
Acquiring and Installing Kali Linux
Virtual Machines
Low-Cost Computing
Windows Subsystem for Linux
Desktops
Xfce Desktop
GNOME Desktop
Logging In Through the Desktop Manager
Cinnamon and (...) więcej MATE
Using the Command Line
File and Directory Management
Process Management
Other Utilities
User Management
Service Management
Package Management
Remote Access
Log Management
Summary
Useful Resources
2. Network Security Testing Basics
Security Testing
Network Security Testing
Monitoring
Layers
Stress Testing
Denial-of-Service Tools
Slowloris attack
SSL-based stress testing
DHCP attacks
Using Scapy to build packets
Encryption Testing
Packet Captures
Using tcpdump
Berkeley Packet Filters
Wireshark
Poisoning Attacks
ARP Spoofing
DNS Spoofing
Summary
Useful Resources
3. Reconnaissance
What Is Reconnaissance?
Open Source Intelligence
Google Hacking
Automating Information Grabbing
Recon-ng
Maltego
DNS Reconnaissance and whois
DNS Reconnaissance
Using nslookup and dig
Automating DNS recon
Regional Internet Registries
Using whois
Passive Reconnaissance
Port Scanning
TCP Scanning
UDP Scanning
Port Scanning with nmap
High-Speed Scanning
Service Scanning
Manual Interaction
Summary
Useful Resources
4. Looking for Vulnerabilities
Understanding Vulnerabilities
Vulnerability Types
Buffer Overflow
Race Condition
Input Validation
Access Control
Vulnerability Scanning
Local Vulnerabilities
Using lynis for Local Checks
OpenVAS Local Scanning
Root Kits
Remote Vulnerabilities
Quick Start with OpenVAS
Creating a Scan
OpenVAS Reports
Network Device Vulnerabilities
Auditing Devices
Database Vulnerabilities
Identifying New Vulnerabilities
Summary
Useful Resources
5. Automated Exploits
What Is an Exploit?
Cisco Attacks
Management Protocols
Other Devices
Exploit Database
Metasploit
Starting with Metasploit
Working with Metasploit Modules
Importing Data
Exploiting Systems
Armitage
Social Engineering
Summary
Useful Resources
6. Owning Metasploit
Scanning for Targets
Port Scanning
SMB Scanning
Vulnerability Scanning
Exploiting Your Target
Using Meterpreter
Meterpreter Basics
User Information
Process Manipulation
Privilege Escalation
Pivoting to Other Networks
Maintaining Access
Cleaning Up
Summary
Useful Resources
7. Wireless Security Testing
The Scope of Wireless
802.11
Bluetooth
Zigbee
WiFi Attacks and Testing Tools
802.11 Terminology and Functioning
Identifying Networks
WPS Attacks
Automating Multiple Tests
Injection Attacks
Password Cracking on WiFi
besside-ng
coWPAtty
Aircrack-ng
Fern
Going Rogue
Hosting an Access Point
Phishing Users
Wireless Honeypot
Bluetooth Testing
Scanning
Service Identification
Other Bluetooth Testing
Home Automation Testing
Summary
Useful Resources
8. Web Application Testing
Web Architecture
Firewall
Load Balancer
Web Server
Application Server
Database Server
Cloud-Native Design
Web-Based Attacks
SQL Injection
XML Entity Injection
Command Injection
Cross-Site Scripting
Cross-Site Request Forgery
Session Hijacking
Using Proxies
Burp Suite
Zed Attack Proxy
WebScarab
Paros Proxy
Automated Web Attacks
Recon
nikto
wapiti
dirbuster and gobuster
Java-Based Application Servers
SQL-Based Attacks
Content Management System Testing
Assorted Tasks
Summary
Useful Resources
9. Cracking Passwords
Password Storage
Security Account Manager
PAM and Crypt
Acquiring Passwords
Offline Cracking
John the Ripper
Rainbow Tables
ophcrack
RainbowCrack project
HashCat
Online Cracking
Hydra
Patator
Web-Based Cracking
Summary
Useful Resources
10. Advanced Techniques and Concepts
Programming Basics
Compiled Languages
Interpreted Languages
Intermediate Languages
Compiling and Building
Programming Errors
Buffer Overflows
Heap Overflows
Return to libc
Writing Nmap Modules
Extending Metasploit
Maintaining Access and Cleanup
Metasploit and Cleanup
Maintaining Access
Summary
Useful Resources
11. Reverse Engineering and Program Analysis
Memory Management
Program and Process Structures
Portable Executable
Executable and Linkable Format
Debugging
Disassembly
Java Decompilation
Reverse Engineering
Radare2
Cutter
Ghidra
Summary
Resources
12. Digital Forensics
Disks, Filesystems, and Images
Filesystems
Acquiring Disk Images
Introducing The Sleuth Kit
Using Autopsy
File Analysis
File from Disk Images
Recovering Deleted Files
Data Searches
Hidden Data
PDF Analysis
Steganography
Memory Forensics
Summary
Resources
13. Reporting
Determining Threat Potential and Severity
Writing Reports
Audience
Executive Summary
Methodology
Findings
Managing Results
Text Editors
GUI-Based Editors
Notes
Cherry Tree
Capturing Data
Organizing Your Data
Dradis Framework
CaseFile
Summary
Useful Resources
Index O autorze: Ric Messier od początku lat 80. zeszłego stulecia interesuje się zagadnieniami bezpieczeństwa. Od ponad ćwierćwiecza zajmuje się systemami Unix i Linux. Uzyskał takie certyfikaty jak GCIH, GSEC, CEH, CISSP. Jest autorem publikacji, instruktorem, wykładowcą, niepoprawnym kolekcjonerem certyfikatów branżowych i specjalistą do spraw bezpieczeństwa z kilkudziesięcioletnim doświadczeniem. mniej