-
.NET (.NET Core)
-
1C
-
APL
-
AWK
-
Agda
-
Agile/Scrum
-
Alef
-
Assembler
-
Basic
-
Beta Programming Language
-
Big Data/DataScience
-
C
-
C#
-
C++
-
CSS
-
Cobol
-
Crystal
-
D
-
Dart
-
DataBase (SQL)
-
Delphi
-
F#
-
Flutter
-
Fortran
-
GPT/AI/ИИ
-
GameDev
-
Git
-
Go (Golang)
-
HTML
-
Hacking and Security
-
Haskell
-
Java
-
JavaScript (JS)
-
Julia
-
Kotlin
-
Machine Learning (ML)
-
Natural language processing (NLP)
-
PHP
-
Pascal
-
Python
-
R
-
Ruby
-
Rust
-
Scratch
-
Swift
-
UML
-
UX/UI
-
Visual Basic
-
Wolfram
-
XML
-
АСУ
-
Проектирование/System Design
-
Сети/Network
-
Схемотехника/электронные схемы
-
.NET (.NET Core)
-
1C
-
APL
-
AWK
-
Agda
-
Agile/Scrum
-
Alef
-
Assembler
-
Basic
-
Beta Programming Language
-
Big Data/DataScience
-
C
-
C#
-
C++
-
CSS
-
Cobol
-
Crystal
-
D
-
Dart
-
DataBase (SQL)
-
Delphi
-
F#
-
Flutter
-
Fortran
-
GPT/AI/ИИ
-
GameDev
-
Git
-
Go (Golang)
-
HTML
-
Hacking and Security
-
Haskell
-
Java
-
JavaScript (JS)
-
Julia
-
Kotlin
-
Machine Learning (ML)
-
Natural language processing (NLP)
-
PHP
-
Pascal
-
Python
-
R
-
Ruby
-
Rust
-
Scratch
-
Swift
-
UML
-
UX/UI
-
Visual Basic
-
Wolfram
-
XML
-
АСУ
-
Проектирование/System Design
-
Сети/Network
-
Схемотехника/электронные схемы
Меню
Advanced Penetration Testing with Kali Linux: Unlocking industry-oriented VAPT tactics
Автор: Meel Ummed
Дата выхода: 2024
Издательство: BPB Publications
Количество страниц: 398
Размер файла: 12.2 MB
Тип файла: PDF
Добавил: codelibs
Cover....2
Title Page....3
Copyright Page....4
Dedication Page....5
About the Author....6
About the Reviewer....8
Acknowledgement....9
Preface....10
Table of Contents....16
1. Beginning with Advanced Pen Testing....27
Introduction....27
Structure....28
Objectives....28
Fundamentals of VAPT....29
Vulnerability Assessment....30
Penetration Testing....30
Advanced penetration testing techniques and strategies....31
Business and compliance requirements for VAPT....32
Industrial approach and methodology in VAPT....33
Goals and objectives....34
Kickoff call....34
Intelligence gathering....35
Passive intelligence....35
Active intelligence....35
Threat modeling....35
Vulnerability assessment....36
Automated VA scan....36
Manual VA scan....37
Penetration testing....37
Post exploitation....37
Reporting....38
Security posture: Executive summary....38
Detailed technical report....38
Vulnerability management tracker....38
Security audit standards and frameworks: Best practices....39
Open web application security project standard....39
CWE/SANS Top 25....39
Penetration Testing Execution Standard....40
Open-source security testing methodology manual....40
NIST Cybersecurity Framework....41
ISO 27001 standards....41
CIS benchmarks....42
ISACA standards and guidelines....43
MITRE framework....43
Pre-engagement interaction with customers....43
Define audit scope....44
Exercise nature....44
Testing method....45
Black box....45
Grey box....45
White box....46
Environment selection....46
Approach and methodology selection....46
Exercise time selection....46
Project timeline....46
Rules of engagement....47
Deliverables....47
Designing the Scope of Work for security audits....47
Project planning and governance in VAPT....48
Project planning....48
Project management....49
Project governance....51
Delivery and customer success tactics in VAPT....51
Conclusion....52
References....53
2. Setting up the VAPT Lab....54
Introduction....54
Structure....54
Initiating with Kali Linux....55
Kali Linux features....55
Establishing the virtualization landscape....56
How is it useful in VAPT....57
Deploying Kali Linux 2023.2....57
Installing Kali Linux on VMware workstation....58
Installing Kali Linux on VirtualBox....61
Arranging network services....64
Enabling ProxyChains....66
Use cases of ProxyChains....68
Personalizing Kali Linux....68
Changing the desktop environment....68
Installing additional applications....69
Modifying system settings....69
Changing the login screen....70
Refreshing Kali Linux....71
Enabling third-party VAPT tools....72
MobSF framework....73
Trivy....78
Setting up vulnerable machines and applications....79
Setting up Metasploitable 2....79
Setting Up BWAPP....81
Conclusion....84
3. Active and Passive Reconnaissance Tactics....85
Introduction....85
Structure....85
What is reconnaissance....86
Why is reconnaissance so important....87
Types of reconnaissance....87
Passive reconnaissance....88
Active reconnaissance....88
Passive reconnaissance tools and tactics....88
WHOIS....88
DNS reconnaissance....91
IP reconnaissance....94
Shodan....96
Route mapping....99
Email address....101
Name and number....102
Password or breach data dump....102
Active reconnaissance tools and tactics....103
Host discovery....103
Port scanning....106
Port scanning techniques....106
Running services and version detection....108
OS fingerprinting....109
Directory enumeration....110
Hard-coded information....111
Additional resources for reconnaissance....112
Maltego....112
SPARTA....115
Conclusion....117
4. Vulnerability Assessment and Management....119
Introduction....119
Structure....119
Overview of vulnerability assessment....120
Vulnerability nomenclature....122
Vulnerability management life cycle....122
Vulnerability assessment....123
Web application....123
OWASP ZAP....123
Burp suite....127
Computer network....131
Nessus....131
Legion....136
NMAP....138
Mobile application....143
MobSF....143
Container....147
Trivy....148
Vulnerability management....152
Application security....153
Conclusion....154
5. Exploiting Computer Network....155
Introduction....155
Structure....155
Objectives....156
Understanding network pen testing....156
Introduction to Metasploit....157
Metasploit database and workspace management....158
Integrating NMAP scans with Metasploit....161
Metasploit automation....164
Starting with auxiliary and exploits....166
Auxiliary modules....166
Exploit modules....166
Post-exploitation modules....166
Manual exploitation....171
Exploitation using Armitage....173
Setting up Armitage....173
Conclusion....179
6. Exploiting Web Application....181
Introduction....181
Structure....181
Objectives....182
What is web application pen testing....182
Web application pen testing approach....183
Web application pen testing attack vectors....183
OWASP top 10 for web application....184
Web application pen testing threat modeling....185
Web application pen testing mind map....186
Detecting web app firewalls and load balancers....188
Exploiting application-specific vulnerabilities....189
SQL injection....189
PHP code execution....194
Brute force at login....197
Broken authentication....200
Insecure Direct Object Reference....202
XSS using XSS validator....205
Backdoor via unrestricted file upload....210
HTTP parameter pollution....213
Business logic flaws....216
Conclusion....220
7. Exploiting Wireless Network....222
Introduction....222
Structure....222
Objectives....223
Introduction to wireless pentesting....223
Wireless network fundamentals....224
Wireless networks and protocols overview....224
Wireless network topologies and architectures....224
Radio Frequency fundamentals....224
Wireless security threats and standards....225
Common wireless security threats....225
Wireless security overview....225
Wireless pen testing methodology....225
Steps involved in wireless pentesting....225
Approach to wireless pentesting....226
Wireless pen testing tools....227
Overview of wireless pen testing tools....227
Common wireless pen testing tools....228
Configuring Kali Linux for wireless pentesting....228
Configuring Kali Linux for wireless attacks....230
Wireless network exploitation techniques....234
Compromising WPA/WPA2 encryption....234
Man-in-the-middle attacks with rogue access points....238
Bypassing hidden SSIDs....238
Bypassing MAC and open authentication....241
Denial-of-service attacks....243
Advanced wireless attacks....245
Attacking wireless routers with Reaver....245
Conclusion....246
8. Hash Cracking and Post Exploitation....247
Introduction....247
Structure....247
Objectives....248
Exploring hash functions....248
Purpose and properties of modern hash functions....248
Unveiling common hash algorithms....249
Mastering password hashing....250
Art of securing passwords....250
Cutting-edge techniques - Salting and key stretching....251
Unleashing hash cracking techniques....251
Strategic approaches....252
Empowering hash cracking arsenal....252
Elite tools for hash warriors....253
Hash-identifier....253
John the Ripper....254
John the Ripper Jumbo....256
Hashcat....256
Online tools for hash warriors....258
CrackStation....258
Hashes....259
Difference between hashing, encryption and encoding....261
Post exploitation and lateral movement....261
Understanding post exploitation....261
Significance of lateral movement....261
Privilege escalation techniques....262
Privilege escalation on Linux....262
Phase 1: Initial access....262
Phase 2: Preparing for privilege escalation using a Udev exploit....263
Phase 3: Escalating privileges....265
Privilege escalation on Windows....267
Phase 1: Initial access....268
Phase 2: Preparing for privilege escalation using bypass UAC....270
Phase 3: Escalating privileges....271
Exploring network pivoting....272
Pivoting approach....272
Phase 1: Gain (initial) access to Windows 7....273
Phase 2: Network info gathering and pivot connection establishment....274
Phase 3: Network pivoting by exploiting Metasploitable 2 machine....276
Persistence and lateral movement....277
Strategies for persistent access and lateral movement....278
Persistence through hashdump techniques....279
Exploring RDP for lateral movement....280
Unleashing the power of Mimikatz in meterpreter....283
Conclusion....285
9. Bypass Security Controls....287
Introduction....287
Structure....287
Objectives....288
Significance of bypassing security controls....288
Advancements in security controls....289
Cutting-edge technologies....289
Intelligent systems....289
Evolving threat landscape....290
Cloud specific security controls....290
Security control bypass in network recon....290
Source port manipulation....291
IP address spoofing / decoy IP....292
Packet fragmentation....292
Spoofing MAC address....293
Custom packet creation....293
Nmap Scripting Engine scripts....295
Outsmarting Windows Defender....295
Antivirus evasion techniques and tools....304
Antivirus evasion techniques....304
Antivirus evasion tools....305
Harnessing Metasploit templates and custom binaries for antivirus evasion....305
Shellter....316
Unicorn....320
Phantom-Evasion....323
Invoke-Stealth....326
Cutting-edge WAF evasion tactics....329
Evolving social engineering tactics....333
Phishing simulation....335
Phishing approach and methodology....335
Gophish....337
Conclusion....343
10. Revolutionary Approaches to Report Writing....344
Introduction....344
Structure....344
Objectives....345
Overview of report writing....345
Importance of report writing in cybersecurity....345
Integrating reports in comprehensive assessments....346
Components of well-crafted reports....346
Vulnerability Assessment report....364
Penetration Testing report....364
Risk assessment and prioritization....365
Quantifying risks for effective assessment....365
Utilizing CVSS scores....366
Factors influencing CVSS scores....366
Interpreting and applying CVSS scores appropriately....367
Types of cybersecurity assessment reports....370
Executive summary report....370
Detailed technical assessment report....371
Vulnerability management tracker....371
Examples of detailed reports....372
Web application VAPT report writing example....372
Network VAPT report writing example....375
Automated vulnerability management with DefectDojo....379
Conclusion....383
Index....384
This book is a comprehensive guide to Vulnerability Assessment and Penetration Testing (VAPT), designed to teach and empower readers of all cybersecurity backgrounds. Whether you are a beginner or an experienced IT professional, this book will give you the knowledge and practical skills you need to navigate the ever-changing cybersecurity landscape effectively.
With a focused yet comprehensive scope, this book covers all aspects of VAPT, from the basics to the advanced techniques. It also discusses project planning, governance, and the critical PPT (People, Process, and Technology) framework, providing a holistic understanding of this essential practice. Additionally, the book emphasizes on the pre-engagement strategies and the importance of choosing the right security assessments.
The book's hands-on approach teaches you how to set up a VAPT test lab and master key techniques such as reconnaissance, vulnerability assessment, network pentesting, web application exploitation, wireless network testing, privilege escalation, and bypassing security controls. This will help you to improve your cybersecurity skills and become better at protecting digital assets. Lastly, the book aims to ignite your curiosity, foster practical abilities, and prepare you to safeguard digital assets effectively, bridging the gap between theory and practice in the field of cybersecurity.
What you will learn
- Understand VAPT project planning, governance, and the PPT framework.
- Apply pre-engagement strategies and select appropriate security assessments.
- Set up a VAPT test lab and master reconnaissance techniques.
- Perform practical network penetration testing and web application exploitation.
- Conduct wireless network testing, privilege escalation, and security control bypass.
- Write comprehensive VAPT reports for informed cybersecurity decisions.
Who this book is for
This book is for everyone, from beginners to experienced cybersecurity and IT professionals, who want to learn about Vulnerability Assessment and Penetration Testing (VAPT). To get the most out of this book, it's helpful to have a basic understanding of IT concepts and cybersecurity fundamentals.
