You're reading from The Ultimate Kali Linux Book Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire

Product type Paperback

Published in Feb 2022

Publisher Packt

ISBN-13 9781801818933

Length 742 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Glen D. Singh

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Getting Started with Penetration Testing FREE CHAPTER

2. Chapter 1: Introduction to Ethical Hacking

3. Chapter 2: Building a Penetration Testing Lab

4. Chapter 3: Setting Up for Advanced Hacking Techniques

5. Section 2: Reconnaissance and Network Penetration Testing

6. Chapter 4: Reconnaissance and Footprinting

7. Chapter 5: Exploring Active Information Gathering

8. Chapter 6: Performing Vulnerability Assessments

9. Chapter 7: Understanding Network Penetration Testing

10. Chapter 8: Performing Network Penetration Testing

11. Section 3: Red Teaming Techniques

12. Chapter 9: Advanced Network Penetration Testing — Post Exploitation

13. Chapter 10: Working with Active Directory Attacks

14. Chapter 11: Advanced Active Directory Attacks

15. Chapter 12: Delving into Command and Control Tactics

16. Chapter 13: Advanced Wireless Penetration Testing

17. Section 4: Social Engineering and Web Application Attacks

18. Chapter 14: Performing Client-Side Attacks – Social Engineering

19. Chapter 15: Understanding Website Application Security

20. Chapter 16: Advanced Website Penetration Testing

21. Chapter 17: Best Practices for the Real World

22. Other Books You May Enjoy

Understanding what matters to threat actors

The concept of hacking into another system or network will always seem very fascinating to many, while for others it's quite concerning knowing the level of security is not acceptable if a system can be compromised by a threat actor. Threat actors, ethical hackers, or even penetration testers need to plan and evaluate the time, resources, complexity, and the hack's value before performing a cyber-attack on a target's systems or networks.

Time

Understanding how much time it will take from starting to gather information about the target to meeting the objectives of the attack is important. Sometimes, a cyber-attack can take a threat actor anything from days to a few months of careful planning to ensure each phase is successful when executed in the proper order. Threat actors have to also account for the possibility that an attack or exploit might not work on the target and this creates a speed bump during the process, which increases the time taken to meet the goals of the hack. This concept can be applied to penetration testers as they need to determine how long it will take to complete a penetration test for a customer and present the report with the findings and security recommendations.

Resources

Without the right set of resources, it will be a challenge to complete a task. Threat actors need to have the right set of resources, which can be software- and hardware-based tools. While skilled and seasoned hackers can manually discover and exploit security weaknesses on a system, it can be a time-consuming process. However, using the right set of tools can help automate these tasks and improve the time taken to find security flaws and exploit them. Additionally, without the right set of skills, a threat actor may face some challenges in being successful in performing the cyber-attack. This can lead to gaining the support of additional persons with the skills needed to assist and contribute to achieving the objectives of the cyber-attack. Once again, this concept can be applied to security professionals such as penetration testers within the industry. Not everyone has the same skills and a team may be needed for a penetration test engagement for a customer.

Financial factors

Another important resource is financial factors. Sometimes a threat actor does not need any additional resources and can perform a successful cyber-attack and compromise their targets. However, there may be times when an additional software- or hardware-based tool is needed to ensure the attack is successful. Having a budget allows the threat actors to purchase the additional resources needed. Similarly, penetration testers are well-funded by their employers to ensure they have access to the best tools within the industry to excel at their jobs.

Hack value

Lastly, the hack value is simply the motivation or the reason for performing a cyber-attack against a target's systems and network. For a threat actor, it's the value of accomplishing the objectives and goals of compromising the system. Threat actors may not target an organization if they think it's not worth the time, effort, or resources to compromise its systems. Other threat actors may target the same organization with another motive.

Having completed this section, you have learned about some of the important factors that matter to threat actors prior to performing a cyber-attack on an organization. In the next section, you will discover various key terminologies that are commonly used within the cybersecurity industry.