Kali Linux is the latest Linux distribution from Offensive Security, custom-built for the distinct purposes of performing network security audits and forensic investigations. Kali comes fully loaded with hundreds of integrated tools to perform every aspect of a penetration test.
Kali Linux - Backtrack Evolved: A Penetration Tester’s Guide helps you to develop practical and useful professional skills in the information security industry, while simultaneously delivering the high level of excitement and exhilaration that goes hand-in-hand with the world of computer and network hacking.
Cyber-crime is on the rise and information security is becoming more paramount than ever before. A single attack on a company’s network infrastructure can often result in irreparable damage to a company’s assets and/or reputation.
It is no longer sufficient to merely rely on traditional security measures. In order to ensure the security of critical information assets, it is essential to become familiar with the strategies, tactics, and techniques that are used by actual hackers who seek to compromise your network.
Kali Linux - Backtrack Evolved: A Penetration Tester’s Guide will prepare you to enter the world of professional hacking by ensuring that you are well versed with the skills needed and tools used to compromise the security of enterprise networks and information systems.
Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force where he worked as an intrusion detection specialist, network vulnerability analyst and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He currently holds a Bachelor’s degree in Information Technology and multiple professional information security certifications, to include CISSP (Certified Information Systems Security Professional), OSCP (Offensive Security Certified Professional), eWPT (eLearnSecurity Web-Application Penetration Tester), GCIH (GIAC Certified Incident Handler), CNDA (Certified Network Defense Architect), CEH (Certified Ethical Hacker), ECSA (EC-Council Certified Security Analyst) and CHFI (Computer Hacking Forensic Investigator).
Must have multiple virtual machines for a test lab / acquire images from multiple locations
Must manage network operating systems in a singe virtual environment / install the VirtualBox virtualization software
Must manage the network operating systems in a singe virtual environment / install the VMware virtualization software
Need a Kali Linux virtual machine for performing penetration tests / install Backtrack 5
Must have vulnerable systems to perform penetration testing techniques / modify security policies on network systems to increase vulnerabilities
Information gathering / use public resources and websites
Information gathering / use uniquely crafted Google queries
Use a series of Google queries to enumerate target subdomains
Information gathering / automated command-line tools (Dmitry & Goofile)
Network discovery / discover hosts on the local network at layer 2
Network discovery / discover remote hosts at layer 3
Network discovery / use nmap utilities
Operating system identification / automated tools (p0f, xprobe2, and nmap)
Port enumeration / the nmap command-line tool
Port enumeration / Zenmap graphical interface
Automate nmap related tasks / use Nmap Scripting Engine and scriptable outputs
Stealth scanning without risk of detection / zombie scanning with an idle host
Verify services running on open ports / Netcat, Dmitry, and Amap
Identify unique vulnerabilities / use Metasploit auxiliary modules
Identify vulnerabilities / install Nessus vulnerability scanner
Identify vulnerabilities / perform scans with Nessus
Focus on vulnerability discovery / modify and create scan policies
Gather vulnerability information / review Nessus scan results
Automated tool to launch exploits against remote systems / use the Metasploit framework
Launch exploit with Meterpreter payload / navigate payload to further compromise the system
Launch exploit with Meterpreter payload / perform advanced exploitation techniques
Automated exploitation platform / install Metasploit Pro in Kali Linux
Exploit target systems / use proof-of-concept scripts in the exploit database
Social engineering attack / use credential harvester to gather the victim's credentials
Exploit web services / Burp Suite Intruder function
Learn web application attacks / use DVWA for testing
Man-in-the-middle attack / use the ettercap graphic interface
Unknown hash value / use Hash-ID to identify and then Find-My-Hash to crack a password hash
Acquire network service credentials / use Hydra to attack a service
Acquire Linux and/or Windows password hashes / use John the Ripper to crack
Graphical interface for password attacks / use Johnny or xHydra
Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.
With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.
From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.
Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.