Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book

The Ultimate Kali Linux Book: Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting , Third Edition

eBook
$38.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

The Ultimate Kali Linux Book

Introduction to Ethical Hacking

Cybersecurity is one of the most exciting and rapidly growing fields in the world. Each day, security professionals and researchers are discovering new and emerging threats at an increasing rate, and many organizations are discovering that their systems and networks have been compromised by malicious actors, while there are so many other companies without proper cyber defenses to detect threats and determine whether their assets have been compromised or not. Due to the increase in cyber-attacks and threats around the world, more cybersecurity-related jobs are being created within many organizations that seek to acquire industry experts and skilled professionals who can help improve their cyber defenses and safeguard their assets from cyber criminals. This book is designed with the intention of providing you with the skills, knowledge, and wisdom that are needed by aspiring ethical hackers and penetration testers for the cybersecurity industry.

During the course of this book, you will develop new skills and learn techniques for simulating real-world cyber-attacks on systems and networks as a cybersecurity professional with the intent to discover hidden security vulnerabilities within organizations, while understanding the Tactics, Techniques, and Procedures (TTPs) used by real attackers to compromise their targets. In addition, you will learn how to leverage one of the most popular Linux distributions within the cybersecurity industry, Kali Linux, to perform ethical hacking and penetration testing assessments on targeted systems and network infrastructure. The Kali Linux operation system has tons of pre-installed Linux packages (applications) and security tools that are commonly used by industry experts, hence it’s an arsenal packed with everything you’ll need as an ethical hacker and penetration tester. Throughout this book, we’ll be using a student-centric and learner-friendly approach, filled with a lot of practical and hands-on exercises to help you gradually progress from beginner-friendly to intermediate and advanced topics.

In this chapter, you will learn about various types of threat actors and the intentions/motives behind their attacks on targets. You will discover how various key factors play an important role for attackers when planning a cyber-attack, and how such factors determine the level of complexity to compromise a targeted system, network, or organization as compared to cybersecurity professionals such as ethical hackers and penetration testers who are hired to discover hidden vulnerabilities within a company. Furthermore, you will learn about the various phases of ethical hacking and penetration testing approaches that are commonly used by industry professionals.

Lastly, you will gain a solid understanding of how the Cyber Kill Chain framework is used to help cybersecurity professionals to better understand cyber-attacks, and how each phase can be aligned with penetration testing techniques.

In this chapter, we will cover the following topics:

  • Understanding the need for cybersecurity
  • Exploring the importance of penetration testing
  • Identifying threat actors and their intent
  • Understanding what matters to threat actors
  • Exploring the importance of penetration testing
  • Penetration testing methodologies
  • Discovering penetration testing approaches
  • Types of penetration testing
  • Exploring the phases of penetration testing
  • Understanding the Cyber Kill Chain framework

I hope you’re as excited as I am to begin this awesome journey. Let’s dive in!

Understanding the need for cybersecurity

Cybersecurity focuses on protecting systems, networks, and organizations from specialized attacks and threats that are designed by cyber criminals with the intention to cause harm or damage. These cyber criminals are commonly referred to as threat actors. As time continues, more users and organizations are connecting their systems and networks to the largest network in the world, the internet, and cyber criminals are developing new strategies to steal money from potential victims.

For instance, many cyber criminals are developing more sophisticated threats, such as ransomware. Let’s use this example to underscore the importance of cybersecurity. Ransomware is a type of crypto-malware that’s designed to encrypt all data found on a victim’s system, except the host operating system. The intention is to encrypt the victim’s most valuable asset on the compromised system, the data stored on local storage media, and request a ransom payment in the form of cryptocurrencies to obtain the decryption keys to recover the data. The longer the ransomware is on a compromised system, the ransomware agent could establish a Command and Control (C2) communication channel with one or more C2 servers that are owned and managed by cyber criminals to receive updates and additional instructions. The threat actor can push updates to the ransomware agent to frequently update the cryptographic keys that are used to encrypt the victim’s data – therefore, reducing the likelihood that the victim is able to safely recover their data from the ransomware. During this time, the threat actor is also exfiltrating the data found on the victim’s system and selling it on various marketplaces on the Dark Web to the highest bidder. Cyber criminals are intelligent; they are very aware that organizations know the value of data that is stored on their computers and servers, and will do almost anything to recover their data as soon as possible.

NOTE

Ransomware has the capability of also compromising the data stored in various cloud storage services that are linked to the infected system. For instance, imagine a user’s system has a cloud storage agent running to ensure the user’s data is constantly synchronized. If the system is infected with ransomware, the infection will encrypt all data on the local storage drives, including those that are synchronized to the cloud service provider platform. However, various cloud storage providers have built-in protection against these types of threats.

From a cybersecurity perspective, it’s not recommended to pay the ransom as there’s no guarantee or reassurance that the threat actors will release the encrypted data or even provide the right decryption key to recover your data. It is important to note that threat actors are not only demanding ransom payment by encrypting data but also by threatening to expose organizational and customer sensitive data by releasing it or onto pastedump sites such as pastebin.com and to the media. This “doubling-down” on the pressure applied makes it difficult for victims not to cave into the ransomware gangs’ demands.

For instance, there are many organizations around the world with a reactive approach to cybersecurity, such that they will only react when their systems and network are compromised by a cyber-attack rather than implementing mitigation and countermeasures to prevent future threats. However, if an organization does not implement proper cyber defenses with an effective incident response plan, when ransomware compromises a vulnerable system within a network, it has the potential to automatically spread to other vulnerable systems within the organization to expand its foothold. Therefore, the longer it takes to contain/isolate the threat on the network, the more damage can be done.

NOTE

While working on the previous edition of this book, the technical reviewer, Mr. Rishalin Pillay, mentioned that during his time at Microsoft, he had seen how attackers “may” give the decryption key to victims; however, the threat actors mostly implant additional malware to return later for more cash gains. Essentially, the targeted organization becomes a “cash cow” for the threat actors (attacking group).

Therefore, without cybersecurity professionals, researchers, and security solutions, many organizations and users are left unprotected from various types of threats. For instance, many banks provide an online banking system that enables their customers to perform various types of transactions such as making payments, transferring funds, and so on. Imagine if cyber criminals discovered weak security controls on a bank’s customer login portal and found a way to take advantage of the security weakness to gain unauthorized access to multiple customers’ accounts, steal their Personally Identifiable Information (PII), and transfer funds out of their accounts. Therefore, safeguarding customer data is crucial, not only to protect individuals from immediate financial loss but also to prevent their information from being used in future cyber-attacks.

In the next section, you will learn about common security-related terminology in the industry.

Exploring cybersecurity terminology

During your journey in the field of cybersecurity, you’ll discover the jargon and terminology that is commonly used within various research papers, articles, literature, discussions, and learning resources. As an aspiring cybersecurity professional, it’s important to be aware of and gain a solid understanding of common terminology and how it is related to ethical hacking and penetration testing.

The following are the most common terms used within the cybersecurity industry:

  • Asset – Within the field of cybersecurity, we usually define an asset to be anything that has value to an organization or person. For instance, assets are systems within a network that can be interacted with and potentially expose an organization’s network infrastructure to security weaknesses that could be compromised and enable unauthorized access to a cyber criminal, while providing a way to escalate their privileges on the compromised system from standard user to administrator-/root-level privileges. However, it’s important to mention that assets are not and should not be limited to technical systems. In addition, other forms of assets include people (humans), physical security controls, and even the data that resides within the network and systems we aim to protect. Assets are commonly categorized as follows:
    • Tangible – Tangible assets are simply described as any physical object with value, such as computers, servers, networking devices (routers, switches, etc.), and security appliances (firewalls). Computers and other end devices help typical users and employees access the resources on a network and perform their daily duties within an organization. Servers are typically used to store and host applications and provide services that are needed within typical network infrastructures. Networking devices contain configurations that are used to forward network traffic between systems, and security appliances are implemented to filter unwanted traffic and prevent threats between networks and systems. If these systems and devices are compromised, cyber criminals will be able to redirect network traffic to malicious websites that are owned by malicious actors and expand their operations.
    • Intangible – Intangible assets are things without a physical form that have value, such as applications, software license keys, intellectual property, business plans and models, and data.
    • People – This type of asset is the customers and employees of an organization. Protecting customers’ data from being stolen and leaked on the Dark Web, and safeguarding employees from various types of threats are of paramount importance. It is important to identify all the assets of an organization and potential threats that can cause harm and damage to them.
  • Threat – In the context of cybersecurity, a threat is anything that has the potential to cause harm or damage to a system, network, or person. Whether you’re focusing on the offensive or defensive path in cybersecurity, it’s important to identify various types of threats. Many organizations around the world encounter different types of threats each day, and cybersecurity teams work around the clock to ensure their company’s assets are safeguarded from cyber criminals.

    One of the most exciting but also overwhelming aspects of cybersecurity is industry professionals always need to stay one step ahead of threat actors to quickly find security weaknesses in systems, networks, and applications and implement countermeasures to mitigate any potential threats those assets.

  • Vulnerability – A vulnerability is a security weakness or flaw that exists within a system that enables hackers to exploit it in order to gain unauthorized access or control over systems within a network. Common vulnerabilities that exist within organizations include human error (the greatest of vulnerabilities on a global scale), misconfiguration of devices, weak user credentials, poor programming practices, unpatched operating systems, outdated applications on host systems, default against configurations on systems, and so on.

    A threat actor usually looks for the lowest-hanging fruits such as the vulnerabilities that are the easiest to exploit on a targeted system. The same concept applies to penetration testing. During a security assessment, the penetration tester will use various techniques and tools to discover vulnerabilities and will attempt to exploit the easy ones before moving on to more complex security flaws on a targeted system.

  • Exploit – An exploit is anything such as a tool or code that is used to take advantage of security vulnerabilities on a system. For instance, take a hammer, a piece of wood, and a nail. The vulnerability is the soft, permeable nature of the wood, the exploit is the act of hammering the nail into the piece of the wood, while the hammer is the threat. Once a security vulnerability is found on a targeted system, the threat actor or penetration tester will either acquire an exploit from various online sources or develop one on their own that has the capability of taking advantage of the security weakness.

    If you’ve acquired or developed an exploit, it’s important that you test the exploit on a system to ensure it has the capabilities to compromise the targeted system and works as expected. Sometimes, an exploit may work on one system and not on another. Hence, it’s a common practice that seasoned penetration testers will test and ensure their exploits are working as expected and graded on their rate of success for a vulnerability.

  • Attack – An attack is simply a method or technique that is used by a threat actor to take advantage of (exploit) a security vulnerability (weakness) within a system. There are various types of attacks that are commonly used by cyber criminals to compromise the confidentiality, integrity, and/or availability of a targeted system. For instance, the LockBit 3.0 ransomware focuses on exploiting the security vulnerabilities that are found on internet-facing systems that do not have their language settings configured to match a specific exclusion list. The attack launches ransomware on the internet; it will automatically seek and compromise vulnerable systems.

    NOTE

    To learn more about the LockBit 3.0 ransomware, please see the official Cybersecurity and Infrastructure Security Agency (CISA) advisory at https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a.

  • Attack vector – An attack vector is simply an area or pathway through which a targeted system, network, or organization can be compromised by a threat actor.

    The following are common attack vectors:

    • Direct access – Physical access to the targeted computer or network
    • Wireless – Exploiting security vulnerabilities found within the target’s wireless network infrastructure
    • Email – Sending malicious email messages containing links to malware-infected services, fake websites, and malicious attachments
    • Supply chain – Compromising the security of a vendor or supplier to gain access to a target
    • Social media – Using deceptive messages or malicious advertising (malvertising) to trick the target into revealing sensitive information or downloading a malicious file
    • Removable media – Connecting malware-infected media to the targeted system
    • Cloud – Exploiting security vulnerabilities within cloud services and its infrastructure

    These are the infrastructures in which an attacker can deliver a malicious payload to a target.

  • Risk – Risk is the potential impact that a vulnerability, threat, or attack presents to the assets of an organization and the likelihood an attack or threat has to cause harm systems. Evaluating risk helps to determine the likelihood of a specific issue causing a data breach that will cause harm to an organization’s finances, reputation, or regulatory compliance. Reducing risk is critical for many organizations. There are many certifications, regulatory standards, and frameworks that are designed to help companies understand, identify, and reduce risks.

    While it may seem like ethical hackers and penetration testers are hired to simulate real-world cyber-attacks on a target organization, the goal of such engagements is much deeper than it seems. At the end of the penetration test, the cybersecurity professional will present all the vulnerabilities and possible solutions to help the organization mitigate and reduce the risk of a potential cyber-attack while reducing the attack surface of the company.

  • Attack surface – This is all the vulnerable points of entry into a system, network, or organization that can be exploited by a threat actor to gain unauthorized access and expand their foothold on the network. Ethical hackers and penetration testers focus on identifying these vulnerability points of entry to determine the attack surface of an organization and how a cyber criminal would potentially exploit those weaknesses to compromise their target.
  • Zero-day – A zero-day is when a threat actor discovers a security vulnerability within a product or application and is able to exploit it before the vendor is either aware of the vulnerability or has time to develop a security patch to resolve the issue. These attacks are commonly used in nation-state attacks, Advanced Persistent Threat (APT) groups, and large criminal organizations. The discovery of a zero-day vulnerability can be very valuable to ethical hackers and penetration testers and can earn them a bug bounty. These bounties are fees paid by vendors to security researchers who discover unknown vulnerabilities in their applications.

    There are many bug bounty programs that allow security researchers, professionals, and anyone with the right skill set to discover security vulnerabilities within an application or system owned by a vendor and report them for a reward. The person who reports the security vulnerability, usually a zero-day flaw, is often given a financial reward. However, there are threat actors who intentionally attempt to exploit the targeted system for personal gain, which is commonly referred to as the hack value of the target.

So far, you have learned about the importance and need for cybersecurity within various industries around the world. Next, let’s learn about various types of threat actors and the motives behind their cyber-attacks.

Identifying threat actors and their intent

As an aspiring ethical hacker and penetration tester, it’s important to develop a good moral compass and understand the differences between various types of threat actors and the motives behind their cyber-attacks. Let’s take a closer look at the following list of common types of threat actors in the cybersecurity industry:

  • Script kiddie – A script kiddie is a common type of threat actor who is not necessarily a young adult or kid. Rather, it is someone who does not fully understand the technical details of cybersecurity to perform a cyber-attack or develop a threat on their own. However, a script kiddie usually follows the instructions or tutorials of real hackers to perform their own attacks against a targeted system or network.

    While you may think a script kiddie is harmless because the person does not have the required knowledge and skills, they can create an equal amount or more damage as real hackers, simply by following the instructions and tutorials of malicious actors on the internet. This type of hacker makes use of tools for which they do not know how they properly work, thus causing more harm and damage.

  • Cyber terrorist – Cyber terrorists perform cyber-attacks that are designed to compromise communication channels and systems, with the intention to cause enough damage and disruption to create fear and/or intimidate a targeted society to achieve an ideological goal.
  • Hacktivist – Across the world, there are many social and political agendas in many countries, and there are many persons and groups who are either supportive or not supportive of these agendas. You will commonly find protesters who organize rallies and marches or even perform illegal activities such as the defacement of public property.

    This is a type of threat actor who uses their hacking skills to perform malicious activities such as defacing websites or launching Denial of Service (DoS) attacks in support of a political or social agenda. While some hacktivists use their hacking skills for good reasons, keep in mind that hacking is still an illegal act and the threat actor can face legal action by law enforcement. Therefore, ethical hackers and penetration testers are required to obtain legal permission prior to performing any attacks on the target.

  • Insider – Many threat actors know it’s more challenging to break into an organization through the internet and it’s easier to do it from within the targeted organization’s network. Some threat actors will create a fake identity and curriculum vitae with the intention of applying for a job within their targeted organization and becoming an employee; this threat actor is commonly referred to as a malicious insider. Once this type of threat actor becomes an employee, the person will have access to the internal network and gain better insights into the network architecture and security vulnerabilities of the company. Therefore, this type of threat actor can implement network implants on the network and create backdoors for remote access to critical systems.

    Note

    Network implants can be software- or hardware-based. Software-based network implants are malicious code that is installed and running on a compromised system that enables the threat actor to remotely access and control the target. However, hardware-based network implants are physical devices that are directly connected to the target’s internal network, enabling the attacker to remotely connect to the hardware-based network implant and perform attacks. These network implants are commonly used for monitoring, control, and data exfiltration.

    In addition, there are unintentional insiders who are the legitimate employees of the organization who unintentionally cause harm to the organization’s systems and network due to negligence such as connecting a personal USB flash drive onto the organization’s computer.

  • State-sponsored – This type of threat actor is commonly referred to as a nation-state actor. While many nations will send their army of soldiers to fight a war, many battles are now fought within cyberspace (including espionage, disruption, influence operations, and preparing the battlefield for potential physical conflicts); this is known as cyber warfare. Many nations have realized the need to develop and enhance their cyber defenses to protect their citizens, national assets, and critical infrastructure from cyber criminals and other nations with malicious intent.

    Therefore, a government may hire state-sponsored hackers who are responsible for performing reconnaissance (intelligence gathering) on other countries and protecting their own country from cyber-attacks and emerging threats. Some nations use this type of threat actor to gather intelligence on other countries and even compromise the systems that control the infrastructure of public utilities or other critical resources. Keep in mind that state-sponsored threat actors are not only employed by governments but can also include groups or individuals funded, directed, or aligned and supported by national governments.

    Note

    Cyber espionage involves the stealthy extraction of classified, sensitive, or proprietary information. This can include technological blueprints, government plans, or even personal information of key individuals.

  • Organized crime – Around the world, we commonly read and hear about many crime syndicates and organized crime groups. Within the cybersecurity industry, there are also crime organizations made up of a group of people with the same goals in mind. Each person within the group is usually an expert or has a specialized skill set, such as one person may be responsible for performing extensive reconnaissance on the target, including additional roles such as social engineering experts, network penetration specialists, malware analysts, money laundering specialists, and legal advisors. Each role contributes to the syndicate’s success by leveraging specific expertise.

    When this level of effort and resources is brought to bear, the group becomes an APT. Within this organized crime group, there is usually a person who is responsible for financially funding the group to provide the best available resources money can buy to ensure the attack is successful. The intention of this type of threat actor is usually big, such as stealing their target’s data and selling it for financial gain.

  • Black hat – A black hat hacker is a threat actor who uses their hacking skills for malicious reasons. This is a broad category; these hackers can be anyone and their reason for performing a hack against a targeted system or network can be random. Sometimes they may hack to destroy their target’s reputation, steal data, or even as a personal challenge to prove a point for fun.
  • White hat – White hat hackers form another broad category, encompassing the industry’s good people. This type of hacker uses their skills to help organizations and people secure their networks and safeguard their assets from malicious hackers. Ethical hackers and penetration testers are examples of white hat hackers as these people use their skills to help others in a positive and ethical manner.
  • Gray hat – A gray hat hacker metaphorically sits between the boundary of a white hat and a black hat hacker. This means the gray hat hacker has a hacking skill set and uses their skills to help people and organizations during the day as a cybersecurity professional but uses their skills at night for malicious reasons. As previously mentioned, ethical hackers and penetration testers have a good moral compass, but gray hat hackers go outside the good moral zone and may use their skills for malicious intentions.

With the continuous development of new technologies, the curious minds of many will always find a way to gain a deeper understanding of the underlying technologies of a system. This often leads to discovering security flaws in the design and eventually enabling a person to exploit the vulnerability. Having completed this section, you have discovered the characteristics of various threat actors and their intentions for performing a cyber-attack. Next, you will gain a deeper understanding of what matters to threat actors when planning a cyber-attack on a target.

Understanding what matters to threat actors

From a cybersecurity perspective, hacking into a system or device has always been interesting and fascinating to many people around the world. Reverse engineering a system to better understand how it works has always attracted curious minds. Similarly, hacking focuses on gaining a better understanding of how a system operates and functions, whether there are any flaws within its programming or design, and whether these security flaws can be exploited to alter the functionality of the system to enable the curious mind to take advantage of it.

However, before a cyber criminal launches any attack on a targeted organization, it’s important to plan the attack and evaluate the time and resources that are needed to perform the cyber-attack. Furthermore, the complexity of the attack and the hack value of the target help the threat actor determine whether it’s worth moving forward with the plan of attack or not.

Time

Determining the amount of time it will take from gathering information about the target to meeting the objectives of the attack is important. Sometimes, a cyber-attack can take a threat actor anything from days to a few months of careful planning to ensure each phase of the Cyber Kill Chain is successful when executed in the proper order. We will discuss this further in the Understanding the Cyber Kill Chain framework section later in this chapter.

Threat actors also need to consider the possibility that an attack or exploit might not work on the targeted system and this will create an unexpected delay during the process, which increases the time taken to meet the goals of the hack. The time to achieve objectives is not just about gaining access but also what happens afterward, such as maintaining persistence, lateral movement, and data exfiltration.

Similarly, this concept can be applied to both ethical hackers and penetration testers as they need to determine how long it will take to complete a penetration test for a customer and present a report with the findings and security recommendations to help the customer improve their security posture.

Resources

Without the right set of resources, it will be a challenge to complete a task. Threat actors need to have the right set of resources; these are software- and hardware-based tools. While skilled and seasoned hackers can manually discover and exploit security weaknesses in targeted systems, it can be a time-consuming process. However, using the right set of tools can help automate these tasks and improve the time taken to find security flaws and exploit them. Additionally, without the right skill set, a threat actor may experience some challenges in being successful in performing the cyber-attack. This can lead to seeking the support of additional persons with the skills needed to assist and contribute to achieving the objectives of the cyber-attack. Once again, this concept can be applied to security professionals such as penetration testers within the industry. Not everyone has the same skills and a team may be needed for a penetration test security assessment for a customer.

Financial factors

Another important resource is financial factors. Sometimes a threat actor does not need any additional resources and can perform a successful cyber-attack and compromise their targets. However, there may be times when additional software- or hardware-based tools are needed to increase the potential of compromising the target. Having a budget allows the threat actors to purchase the additional resources needed. Similarly, penetration testers are well-funded by their employers to ensure they have access to the best tools within the industry to excel at their jobs.

Hack value

Finally, the hack value is simply the motivation or the reason for performing a cyber-attack against a targeted system, network, or organization. For a threat actor, it’s the value of accomplishing the objectives and goals of compromising the system. Threat actors may not target an organization if they think it’s not worth the time, effort, or resources to compromise its systems. Other threat actors may target the same organization with another motive.

Having completed this section, you have learned about some of the important factors that matter to threat actors prior to performing a cyber-attack on an organization. In the next section, you will discover the importance of penetration testing and how it helps organizations improve their cyber defenses.

Exploring the importance of penetration testing

Each day, cybersecurity professionals are in a race against time with threat actors in discovering vulnerabilities in systems and networks. Imagine that threat actors are able to exploit a security vulnerability on a targeted system before a cybersecurity professional can find it and implement security controls and countermeasures to mitigate the threat. The longer cybersecurity professionals take to identify hidden security flaws in systems, the more time threat actors have to improve their cyber operations, exploit their targets, and expand their foothold on a compromised network. This would leave the cybersecurity professional to perform incident handling and response to contain and eradicate the threat and recover any compromised systems back to an acceptable working state.

Organizations are realizing the need to hire white hat hackers such as ethical hackers and penetration testers with the skills needed to simulate real-world cyber-attacks on their systems and networks to discover and exploit hidden vulnerabilities and better understand the TTPs of cyber criminals. Furthermore, penetration testing helps organizations improve their incident response plans, enhances their security posture, and creates a culture of continuous improvement in cybersecurity practices.

These techniques enable the ethical hacker and penetration tester to perform the same type of attacks as a real hacker; the difference is the penetration tester is hired by the organization and has been granted legal permission to conduct such intrusive security testing.

Note

Penetration testers usually have a strong understanding of computers, operating systems, networking, and programming, as well as how these technologies work together. Most importantly, you need creativity. Creative thinking enables a person to think outside the box, go beyond the intended uses of technologies, and find new and exciting ways to implement them.

At the end of the penetration test, both an executive and technical report are presented to the organization’s stakeholders detailing all the findings, such as vulnerabilities and how each weakness can be exploited. The reports also contain recommendations on how to mitigate and prevent a possible cyber-attack on each vulnerability found. This allows the organization to better understand what type of information and systems a hacker will discover if they are targeted and the countermeasures that are needed to reduce the risk of a future cyber-attack. Some organizations will even perform a second penetration test after implementing the recommendations outlined in the penetration test reports to determine whether all the vulnerabilities have been fixed, whether the security controls are working as expected to mitigate the threats, and whether the attack surface is reduced. By providing feedback to the organization’s security team, the interaction ensures that security vulnerabilities are better understood and the recommendations are feasible and effective within the context of the organization’s mission.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Execute sophisticated real-world penetration tests, exposing hidden vulnerabilities in enterprise networks
  • Explore Kali Linux’s capabilities with practical steps and in-depth labs
  • Discover penetration testing best practices, including how to replicate a hacker’s toolkit
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

Journey into the world of Kali Linux – the central hub for advanced penetration testing, with this ultimate guide to exposing security vulnerabilities in websites and both wired and wireless enterprise networks. With real-world scenarios, practical steps and coverage of popular tools, this third edition of the bestselling Ultimate Kali Linux Book is your fast track to learning penetration testing with Kali Linux 2024.x. As you work through the book, from preliminary penetration testing activities through performing network and website penetration testing, to exploring Active Directory and social engineering attacks, you’ll discover the range of vulnerability assessment tools in Kali Linux, building your confidence and proficiency as a penetration tester or ethical hacker. This new edition of the book features a brand new chapter on Open Source Intelligence (OSINT), as well as new labs on web applications and social engineering. Procedures for building virtual labs have also been improved, making these easier to understand and follow. Think of this book as your stepping stone into the modern world of penetration testing and ethical hacking – with the practical guidance and industry best practices the book provides, you’ll be ready to tackle real-world cybersecurity challenges head-on.

Who is this book for?

This ultimate guide to Kali Linux is for students, trainers, cybersecurity professionals, cyber enthusiasts, network security professionals, ethical hackers, penetration testers, and security engineers. No prior knowledge of Kali Linux is required, this book will take you from first steps to advanced penetration testing techniques.

What you will learn

  • Install and configure Kali Linux 2024.1
  • Think like an adversary to strengthen your cyber defences
  • Create a lab environment using virtualization technologies to reduce costs
  • Learn how common security vulnerabilities can be exploited
  • Use Nmap to discover security weakness on a target system on a network
  • Explore post-exploitation techniques and Command and Control tactics
  • Understand how attackers abuse the trust of Active Directory
  • Implement advanced wireless penetration testing techniques
Estimated delivery fee Deliver to Chile

Standard delivery 10 - 13 business days

$19.95

Premium delivery 3 - 6 business days

$40.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 30, 2024
Length: 828 pages
Edition : 3rd
Language : English
ISBN-13 : 9781835085806
Category :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Chile

Standard delivery 10 - 13 business days

$19.95

Premium delivery 3 - 6 business days

$40.95
(Includes tracking information)

Product Details

Publication date : Apr 30, 2024
Length: 828 pages
Edition : 3rd
Language : English
ISBN-13 : 9781835085806
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 154.97
Mastering PowerShell Scripting
$39.99
Cybersecurity Architect's Handbook
$59.99
The Ultimate Kali Linux Book
$54.99
Total $ 154.97 Stars icon

Table of Contents

19 Chapters
Introduction to Ethical Hacking Chevron down icon Chevron up icon
Building a Penetration Testing Lab Chevron down icon Chevron up icon
Setting Up for Advanced Penetration Testing Techniques Chevron down icon Chevron up icon
Passive Reconnaissance Chevron down icon Chevron up icon
Exploring Open-Source Intelligence Chevron down icon Chevron up icon
Active Reconnaissance Chevron down icon Chevron up icon
Performing Vulnerability Assessments Chevron down icon Chevron up icon
Understanding Network Penetration Testing Chevron down icon Chevron up icon
Performing Network Penetration Testing Chevron down icon Chevron up icon
Post-Exploitation Techniques Chevron down icon Chevron up icon
Delving into Command and Control Tactics Chevron down icon Chevron up icon
Working with Active Directory Attacks Chevron down icon Chevron up icon
Advanced Active Directory Attacks Chevron down icon Chevron up icon
Advanced Wireless Penetration Testing Chevron down icon Chevron up icon
Social Engineering Attacks Chevron down icon Chevron up icon
Understanding Website Application Security Chevron down icon Chevron up icon
Advanced Website Penetration Testing Chevron down icon Chevron up icon
Best Practices for the Real World Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(30 Ratings)
5 star 90%
4 star 6.7%
3 star 0%
2 star 0%
1 star 3.3%
Filter icon Filter
Top Reviews

Filter reviews by




Dwayne Natwick May 03, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a comprehensive guide to setting up ethical hacking environments leveraging the Kali Linux build. The Kali Linux build provides a variety of tools that can be used by the “Red Teamers” to identify vulnerabilities within an infrastructure, whether on-premises, cloud, or hybrid. This book guides the reader through setting up lab environments that can be used to test and identify potential threats before they are leveraged by attackers. Whether you are a beginner or an experienced cybersecurity professional, you will benefit from having a copy of this book.
Amazon Verified review Amazon
David Meece "Cybertech Dave" Jul 25, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is written well and very beginner friendly. The way the author explains the technical concepts is perfect for newcomers with less experience. I would highly recommend this book to students or more seasoned cybersecurity professionals in the field.
Amazon Verified review Amazon
blkhedrulz Sep 22, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Just be aware that all examples in the book are based on using a Windows virtual machine to run Kali and set up a virtual testing network. So if you are like me and avoid Windows like the plague be prepared to buy a cheap mini PC running Windows to be able to work through the examples verbatim, or to spend some time figuring out how to adapt what he is doing to another system. Overall and awesome book.
Amazon Verified review Amazon
Raymond Jul 20, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The Ultimate Kali Linux Book - Third Edition: Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting 3rd ed. Edition by Glen D Singh is a comprehensive guide to ethical hacking and penetration testing with Kali Linux. I originally purchased the Audible edition to study for thne Comptia Pentest + exam as adjunct material to Comptia study guides. The audio helped to reinforce topics for study. This prompted me to order a kindle copy and I read through for further reinforcement of command and concepts. The book is excellent for those new to advanced in Kali Linux. The author uses real-world scenarios to explain and explore penetration testing concepts. This is done by a step by step of setting up a pentest lab using virtual machines.Exercises focus on reconnaissance, Open-source intelligence gathering, asset and network discovery techniques and how to use/commands for tools in Kali Linux which can target systems, perform vulnerability assessments, perform social engineering attacks, identify security flaws on devices, exploit security weaknesses to gain access, persistence, command and control and data extraction. Compromise of Active Directory and enterprise network exploitation and red teaming is covered on wired and wireless networks as well as explanation of how to exploit vulnerable web applications.Tools covered include Nmap, Metasploit, Aircrack-ng, the Harvester, SET Toolkit and many other Kali Tools and Applications. I highly recommend this for learning, reinforcing for Pentest exams and as a shelf reference guide.The authors' concise, well elaborated and easy to follow explanations make this a comfortable read. After reading this and using it as study , I would happily purchase the authors' future books as he is clearly accomplished as an instructor and author.
Amazon Verified review Amazon
zs Oct 26, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Super!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the digital copy I get with my Print order? Chevron down icon Chevron up icon

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela