PacktLib: Kali Linux – Assuring Security by Penetration Testing

Kali Linux – Assuring Security by Penetration Testing

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Disclaimer

Preface

Lab Preparation and Testing Procedures

Beginning with Kali Linux

A brief history of Kali Linux

Kali Linux tool categories

Downloading Kali Linux

Using Kali Linux

Configuring the virtual machine

Updating Kali Linux

Network services in Kali Linux

Installing a vulnerable server

Installing additional weapons

Summary

Penetration Testing Methodology

Types of penetration testing

Vulnerability assessment versus penetration testing

Security testing methodologies

Penetration Testing Execution Standard (PTES)

General penetration testing framework

The ethics

Summary

Penetration Testers Armory

Target Scoping

Gathering client requirements

Preparing the test plan

Profiling test boundaries

Defining business objectives

Project management and scheduling

Summary

Information Gathering

Using public resources

Querying the domain registration information

Analyzing the DNS records

Getting network routing information

Utilizing the search engine

Summary

Target Discovery

Starting off with target discovery

Identifying the target machine

OS fingerprinting

Summary

Enumerating Target

Introducing port scanning

The network scanner

SMB enumeration

SNMP enumeration

VPN enumeration

Summary

Vulnerability Mapping

Types of vulnerabilities

Vulnerability taxonomy

Open Vulnerability Assessment System (OpenVAS)

Cisco analysis

Fuzz analysis

SMB analysis

SNMP analysis

Web application analysis

Summary

Social Engineering

Modeling the human psychology

Attack process

Attack methods

Scarcity

Social relationship

Social Engineering Toolkit (SET)

Summary

Target Exploitation

Vulnerability research

Vulnerability and exploit repositories

Advanced exploitation toolkit

Summary

Privilege Escalation

Privilege escalation using a local exploit

Password attack tools

Network spoofing tools

Network sniffers

Summary

Maintaining Access

Using operating system backdoors

Working with tunneling tools

Creating web backdoors

Summary

Documentation and Reporting

Documentation and results verification

Types of reports

Network penetration testing report (sample contents)

Preparing your presentation

Post-testing procedures

Summary

Extra Ammunition

Index