Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition
Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition: Become a cybersecurity ethical hacking expert using Metasploit, Nmap, Wireshark, and Burp Suite , Fourth Edition

eBook
€28.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition

Goal-Based Penetration Testing

The COVID-19 pandemic has changed the way the world operates. Organizations of all sizes have transformed themselves from having none or partial remote working to all of their employees adopting this style. With the new normal, accessible and remote technology has become very important for work and in peoples’ personal lives. We can certainly call this a virtual world, where confidential activities that used to happen in closed rooms now happen over the internet. This has significantly increased the number of cyber threats at least five-fold. Threat actors utilize this digital transformation to exploit the mistakes made by users and companies as their entry point for financial gain, generating reputational damage, or whatever else their goal may be. This occurs in the form of ransomware, phishing, and data breaches.

To understand the current and future ways of working, let us start by exploring the different objectives or goals of threat actors. In this chapter, we will discuss the different types of threat actors and the importance of goal-based penetration testing with a set of objectives; we investigate misconceptions and how a typical vulnerability scan, penetration testing, and red team exercise can fail without the importance of a goal. This chapter also provides an overview of security testing and setting up a verification lab, focusing on the customization of Kali to support some advanced aspects of penetration testing. By the end of this chapter, you will have covered the following:

  • The different types of threat actors
  • An overview of security testing
  • Misconceptions of vulnerability scanning, penetration testing, and red team exercises
  • The history and purpose of Kali Linux
  • Updating and organizing Kali
  • Installing Kali on various services (Amazon Web Services/Google Cloud Platform/Android)
  • Setting up defined targets
  • Building a verification lab

Let us begin with the types of threat actors that exploit technological infrastructure.

Different types of threat actors

A threat actor is nothing but an entity or individual who is responsible for an event or incident that impacts another entity. It is important that we understand the different types of threat actors and their common motivations, which will help us throughout this book to understand different perspectives. Table 1.1 provides the common threat actors, their motives, and typical goals.

Threat Actor

Common Motivation

Goal(s)

State- or government-sponsored actors

Military, political, and technological agendas

Cyber espionage, data theft, or any other activity that interests a nation for its economic benefits

Organized crime or cybercriminals

Financial gain and profit

Money and valuable data

Hacktivists/cyber extremists

Motivational overlaps

Focus on exposing secrets and disrupting services/organizations that they think are not good for society (hacktivists); focus on causing harm and destruction to further their cause (extremists)

Insiders

Revenge

Money or data ransom or creating revenue loss

Table 1.1: Various threat actors and their motivations

We have now summarized the four major threat actors and their motivations that we can use during goal-based penetration testing and red team exercises to simulate real threat scenarios.

Conceptual overview of security testing

Now that we understand the different threat actors; let’s go ahead and understand what the organizations are trying to protect and from whom? If you asked 100 security consultants the question, what is security testing?, it is very likely that you would receive 100 different responses.

In its simplest form, security testing is a process to determine that any information asset or system is protected and its functionality is maintained as intended.

Common pitfalls of vulnerability assessments, penetration testing, and red team exercises

In this section, we will discuss some misconceptions and limitations regarding traditional/classical vulnerability scanning, penetration testing, and red team exercises. Let us now understand the actual meaning of these three topics in simple terms and their limitations:

  • Vulnerability Assessment (VA): The process of identifying vulnerabilities or security loopholes in a system or network through a vulnerability scanner. One of the misconceptions about VA is that it will let you find all of the known vulnerabilities; well, that’s not true. Limitations with VA include that only potential vulnerabilities are found, and it depends purely on the type of scanner that you utilize. It might also include a number of false positives and, to the business owner, there is no clear indication as to which ones do not pose a relevant risk and which one will be initially utilized by the attackers to gain access. The biggest pitfall of VA is false negatives, meaning the scanner did not find an issue that the system or application has.
  • Penetration testing (pentesting): The process of safely simulating the hacking scenarios by exploiting vulnerabilities without much impact on the existing network or business. There is also a lower number of false positives since testers will try to validate the vulnerabilities and also attempt to exploit them. A limitation with pentesting is that it uses only currently known, publicly available exploits; mostly, these are a focus for project testing. We often hear from pentesters during an assessment, Yay! Got Root—but we never hear the question, what can you do with it? This could be due to various reasons such as project limitations, including the reporting of high-risk issues immediately to the client, or the client only being interested in one segment of the network and only wanting that part tested.

    One of the misconceptions about the pentest is that it provides the attacker with a full view of the network, and you are safe once penetration testing has been performed. This is not the case when attackers have found a vulnerability in the business process of your secure application.

  • Red Team Exercise (RTE): A focused process of evaluating the effectiveness of an organization to defend against cyber threats and improve its security by any possible means; during an RTE, we can discover multiple ways of achieving project objectives/scenarios and goals, such as complete coverage of activities with the defined project goal, including phishing (enticing a victim to enter sensitive information or download malicious content through emails), vishing (enticing a victim to provide or do some actions with malicious intent through phone calls), “WhatsApping” (engaging a victim through WhatsApp messenger with malicious intent), wireless, disk drops (USB and SSD), and physical penetration testing. The limitations with RTEs are time-bound, pre-defined scenarios and an assumed rather than real environment. Often, the RTE is run with a fully monitored mode for every technique, and tactics are executed according to the procedure, but this isn’t the case when a real attacker wants to achieve an objective.

Figure 1.1 showcases the difference between all three activities in terms of the length and breadth of their focus:

Figure 1.1: The three methods of assessing the vulnerability of systems and the breadth and depth to which they are successful

Often, all three different testing methodologies refer to the term hack or compromise. We will hack your network and show you where your weaknesses are; but wait, does the client or business owner understand the difference between these terms? How do we measure it? What are the criteria? And when do we know that the hack or compromise is complete? All the questions point to only one thing: what the purpose of the testing is, and what the primary goal in mind is.

Objective-based penetration testing

The primary goal of a pentest/RTE is to determine the real risk, differentiating the risk rating from the scanner and giving a business a risk value for each asset, along with the risk to the brand image of the organization. It’s not about how much risk they have; rather, how much they are exposed and how easy it is to exploit this exposure.

A threat that has been found does not really constitute a risk and need not be demonstrated; for example, Cross-Site Scripting (XSS) is a script injection vulnerability that can steal users’ credentials. If a client running a trading company had a brochure website that provides static content to their customers was vulnerable to XSS, it may not have a significant impact on the business. In this case, a client might accept the risk and put in a mitigation plan using a Web Application Firewall (WAF) to prevent the XSS attacks. If the same vulnerability was identified on their main trading website, however, then it would be a significant issue in need of rectification as soon as possible since the company will be at risk of losing the trust of customers through attackers stealing their credentials.

Objective-based penetration testing is time-based, depending on the specific problem that an organization faces. An example of an objective is: We are most worried about our data being stolen and the regulatory fines incurred as a consequence of these breaches. So, the objective now is to compromise the data either by exploiting a system flaw or by manipulating the employees through phishing; sometimes it will be a surprise to see some of their data is already available on the dark web. Every objective comes with its own Tactics, Techniques, and Procedures (TTP) that will support the primary goal of the penetration test activity. We will be exploring all of these different methodologies throughout this book using Kali Linux 2021.4.

The testing methodology

Methodologies rarely consider why a penetration test is being undertaken or which data is critical to the business and needs to be protected. In the absence of this vital first step, penetration tests lose their focus.

Many penetration testers are reluctant to follow a defined methodology, fearing that it will hinder their creativity in exploiting a security weakness on the network or application. Penetration testing fails to reflect the actual activities of a malicious attacker. Frequently, the client wants to see whether you can gain administrative access to a particular system (that is, Can you root the box?). However, the attacker may be focused on copying critical data in a manner that does not require root access or cause a denial of service.

To address the limitations inherent in formal testing methodologies, they must be integrated in a framework that views the network from the perspective of an attacker, known as the cyber kill chain.

In 2009, Mike Cloppert of Lockheed Martin CERT introduced the concept that is now known as the cyber kill chain. This includes the steps taken by an adversary when they are attacking a network. It does not always proceed in a linear flow, as some steps may occur in parallel. Multiple attacks may be launched over time at the same target, and overlapping stages may occur.

In this book, we have modified Cloppert’s cyber kill chain to more accurately reflect how attackers apply these steps when exploiting networks, applications, and data services. Figure 1.2 shows a typical cyber kill chain of an attacker:

Figure 1.2: The typical cyber kill chain an attacker may follow

A typical cyber kill chain of an attacker can be described as follows:

  • Explore or reconnaissance phase: The adage, reconnaissance time is never wasted time, adopted by most military organizations, acknowledges that it is better to learn as much as possible about an enemy before engaging them. For the same reason, attackers will conduct extensive reconnaissance of a target before attacking. In fact, it is estimated that at least 70 percent of the effort of a penetration test or an attack is spent conducting reconnaissance! Generally, they will employ two types of reconnaissance:
    • Passive: There is no direct interaction with the target in a hostile manner. For example, the attacker will review publicly available website(s), assess online media (especially social media sites), and attempt to determine the attack surface of the target. One particular task will be to generate a list of past and current employee names, or even an investigation into the breached databases that are publicly available.

      These names will form the basis of attempts to use brute force in guessing passwords. They will also be used in social engineering attacks. This type of reconnaissance is difficult, if not impossible, to distinguish from the behavior of regular users.

    • Active: This can be detected by the target, but it can be difficult to distinguish it from the rest of the activity that most online organizations encounter from regular traffic. Activities occurring during active reconnaissance include physical visits to target premises, port scanning, and remote vulnerability scanning.
  • Delivery phase: Delivery is the selection and development of the weapon that will be used to complete the exploit during the attack. The exact weapon chosen will depend on the attacker’s intent as well as the route of delivery (for example, across the network, via a wireless connection, or through a web-based service). The impact of the delivery phase will be examined in detail in the second half of this book.
  • Exploit or compromise phase: This is the point when a particular exploit is successfully applied, allowing attackers to gain a foothold in the objective system. The compromise may have occurred in a single phase (for example, a known operating system vulnerability was exploited using a buffer overflow), or it may have been a multiphase compromise (for example, if an attacker could search and download the data from the internet from sources such as https://haveibeenpwned.com or similar; these sites typically include breached data, including usernames, passwords, phone numbers, and email addresses, that will allow them to easily create a dictionary of passwords to attempt to access the Software as a Service (SaaS) applications, such as Microsoft Office 365 or Outlook Web, attempt to log in to a corporate VPN directly, or use email addresses to perform targeted email phishing techniques. The attacker could even send an SMS with malicious links to deliver a payload). Multiphase attacks are the norm when a malicious attacker targets a specific enterprise.
  • Achieve phase – Action on the Objective: This is frequently, and incorrectly, referred to as the exfiltration phase because there is a focus on perceiving attacks solely as a route to steal sensitive data (such as login information, personal information, and financial information). It is in fact common for an attacker to have a different objective; for example, an attacker may wish to drop a ransomware package on their competitors to drive customers to their own business. Therefore, this phase must focus on the many possible actions of an attacker. One of the most common exploitation activities occurs when the attackers attempt to improve their access privileges to the highest possible level (vertical escalation) and to compromise as many accounts as possible (horizontal escalation).
  • Achieve phase – Persistence: If there is value in compromising a network or system, then that value can likely be increased if there is persistent access. This allows attackers to maintain communications with a compromised system. From a defender’s point of view, this is the part of the cyber kill chain that is usually the easiest to detect.

Cyber kill chains are merely metamodels of an attacker’s behavior when they attempt to compromise a network or a particular data system. As a metamodel, it can incorporate any proprietary or commercial penetration testing methodology. Unlike the methodologies, however, it ensures a strategic-level focus on how an attacker approaches the network. This focus on the attacker’s activities will guide the layout and content of this book.

Introduction to Kali Linux features

Kali Linux (Kali) is the successor to the BackTrack penetration testing platform that is generally regarded as the de facto standard package of tools used to facilitate penetration testing to secure data and voice networks. It was developed by Mati Aharoni and Devon Kearns of Offensive Security. This distribution is mainly meant for penetration testing and digital forensics.

In 2021, Kali had four updates. The latest rolling version was released on December 9, 2021 with kernel 5.14.0 and the Xfce 4.16.3 desktop environment. Additionally, there was a minor update on December 23, 2021 with version Kali 2021.4a.

Some features of this latest version of Kali include the following:

Over 500 advanced penetration testing, data forensics, and defensive tools. The majority of the older pre-installed tools are eliminated and replaced by similar tools. They provide extensive wireless support with multiple hardware and kernel patches to permit the packet injection required by some wireless attacks. Table 1.2 provides a breakdown of the tools with respect to their specific task as of December 2021:

Tool Sections

No. of Tools

Information Gathering

67

Vulnerability Analysis

27

Wireless Attacks

54

Web Applications

43

Exploitation Tools

21

Forensics Tools

23

Sniffing & Spoofing

33

Password Attacks

39

Maintaining Access

17

Reverse Engineering

11

Hardware Hacking

6

Reporting Tools

10

Table 1.2: The number of tools available, listed with respect to the specific tasks for which they are used

Some of the key features of Kali Linux 2021.4 include:

  • Support for multiple desktop environments such as KDE, GNOME3, Xfce, MATE, e17, lxde, and i3wm.021.
  • By default, Kali Linux has Debian-compliant tools that are synchronized with the Debian repositories at least four times daily, making it easier to update packages and apply security fixes.
  • There are secure development environments and GPG-signed packages and repositories.
  • There is support for ISO customization, allowing users to build their own versions of customized Kali with a limited set of tools to make it lightweight. The bootstrap function also performs enterprise-wide network installs that can be automated using pre-seed files.
  • Since ARM-based systems have become more prevalent and less expensive, support for ARMEL and ARMHF in Kali Linux can be installed on devices such as rk3306 mk/ss808, Raspberry Pi, ODROID U2/X2, Samsung Chromebook, EfikaMX, Beaglebone Black, CuBox, and Galaxy Note 10.1.
  • Kali remains a free open-source project. Most importantly, it is well supported by an active online community.

The role of Kali in red team tactics

While pentesters might prefer any type of operating system to perform their desired activity, usage of Kali Linux saves significant time and prevents the need to search for packages that aren’t typically available in other operating systems. Some of the advantages that are not noticed with Kali Linux during a red team exercise include the following:

  • One single source to attack various platforms.
  • It’s quick to add sources and install packages and supporting libraries (especially those that are not available for Windows).
  • It’s even possible to install RPM packages with the usage of alien.

The purpose of Kali Linux is to secure network, cloud, and application infrastructure and bundle all of the tools to provide a single platform for penetration testers and forensic analysts.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Explore red teaming and play the hackers game to proactively defend your infrastructure
  • Use OSINT, Google dorks, Nmap, recon-nag, and other tools for passive and active reconnaissance
  • Learn about the latest email, Wi-Fi, and mobile-based phishing techniques

Description

Remote working has given hackers plenty of opportunities as more confidential information is shared over the internet than ever before. In this new edition of Mastering Kali Linux for Advanced Penetration Testing, you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You'll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances. This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

Who is this book for?

This fourth edition is for security analysts, pentesters, ethical hackers, red team operators, and security consultants wanting to learn and optimize infrastructure/application/cloud security using advanced Kali Linux features. Prior penetration testing experience and basic knowledge of ethical hacking will help you make the most of this book.

What you will learn

  • Exploit networks using wired/wireless networks, cloud infrastructure, and web services
  • Learn embedded peripheral device, Bluetooth, RFID, and IoT hacking techniques
  • Master the art of bypassing traditional antivirus and endpoint detection and response (EDR) tools
  • Test for data system exploits using Metasploit, PowerShell Empire, and CrackMapExec
  • Perform cloud security vulnerability assessment and exploitation of security misconfigurations
  • Use bettercap and Wireshark for network sniffing
  • Implement complex attacks with Metasploit, Burp Suite, and OWASP ZAP

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 28, 2022
Length: 572 pages
Edition : 4th
Language : English
ISBN-13 : 9781801812672
Category :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Feb 28, 2022
Length: 572 pages
Edition : 4th
Language : English
ISBN-13 : 9781801812672
Category :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total €83.97 €94.97 €11.00 saved
The Ultimate Kali Linux Book
€41.99
Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition
€41.99
Windows and Linux Penetration Testing from Scratch
€35.99
Total €83.97€94.97 €11.00 saved Stars icon

Table of Contents

16 Chapters
Goal-Based Penetration Testing Chevron down icon Chevron up icon
Open-Source Intelligence and Passive Reconnaissance Chevron down icon Chevron up icon
Active Reconnaissance of External and Internal Networks Chevron down icon Chevron up icon
Vulnerability Assessment Chevron down icon Chevron up icon
Advanced Social Engineering and Physical Security Chevron down icon Chevron up icon
Wireless and Bluetooth Attacks Chevron down icon Chevron up icon
Exploiting Web-Based Applications Chevron down icon Chevron up icon
Cloud Security Exploitation Chevron down icon Chevron up icon
Bypassing Security Controls Chevron down icon Chevron up icon
Exploitation Chevron down icon Chevron up icon
Action on the Objective and Lateral Movement Chevron down icon Chevron up icon
Privilege Escalations Chevron down icon Chevron up icon
Command and Control Chevron down icon Chevron up icon
Embedded Devices and RFID Hacking Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.7
(27 Ratings)
5 star 77.8%
4 star 18.5%
3 star 0%
2 star 0%
1 star 3.7%
Filter icon Filter
Top Reviews

Filter reviews by




K Shamugavelu Nov 13, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book's extensive coverage, from network reconnaissance to post-exploitation strategies, resonated with the challenges I face in my day-to-day work. I found the inclusion of real-world scenarios invaluable. It's this blend of theory and practice has directly impacted my performance in the field.While the book assumes a foundational knowledge of networking and cybersecurity, you will run into issues whilst setting up the infrastructure, it will increase your ability to understand the basics clearly. This book is a mentor in the world of ethical hacking, which transforms knowledge into actionable expertise.
Amazon Verified review Amazon
Manjunath Velu Mar 02, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great book for my pent testing collection! Absolutely recommended for those who know how to set up and a good computer in hand.
Amazon Verified review Amazon
Michael Mar 06, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
As someone that has just recently done the Offensive Security OSCP course, I have been relying on many different resources, primarily as each does not quite consolidate the information required to gain knowledge in this area.This book is well written and captures many areas that now are consolidated into one title.It will satisfy the beginner, to the more knowledgeable, and I am sure even experts would learn one or two things from this book. Certainly its up to date and covers new areas that many other resources do not, many of which start to seem a little dated.Whether learning from zero point or you need a fresher or reference manual, this is a decent worthwhile book to have in your weaponry.
Amazon Verified review Amazon
Adrian Santangelo May 06, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I've been a security professional since the late 90's and read my fair share of books. I found "Mastering Kali Linux for Advanced Penetration Testing" to be easy to follow, choked FULL of useful info, and a flow you could follow. It's rare to find a technical book that can talk about so much, yet hold interest. And the linked files are well done and match up correctly.If I had to give it any criticism, it would only be that for an "advanced book" it dabbles in some beginner terms and areas that one may be already expected to know. But in some cases, that is also a feature, not a bug! For beginners, it gives enough background for them to follow along. Many areas are captured, resources are current, and the in-deppt concepts are well organized and explained.Highly recommend grabbing your own copy, again, regardless of skill level.
Amazon Verified review Amazon
Katherine Linville-Meece May 28, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
First off, I would like to say, Vijay Kumar is a brilliant author. In this book he talks about advance pentesting approaches, different hacking techniques and much more. For someone who has been in the IT/Cyber industry for the past 10 years I can say this book is very well written and easy to understand even for a beginner to read. If you are wanting to become a Cybersecurity ethical hacking expert I would highly recommend this book!! - CyberTechDave
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.