Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book

The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire , Second Edition

eBook
€8.99 €32.99
Paperback
€41.99
Audiobook
€8.99 €34.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

The Ultimate Kali Linux Book

Chapter 1: Introduction to Ethical Hacking

Cybersecurity is one of the most rapidly growing fields within the information technology (IT) industry. Each day security professionals are discovering new and emerging threats at a rapid rate and organizations' assets are becoming compromised by threat actors. Due to these threats in the digital world, new professions are being created within many organizations for people who can help protect and safeguard their assets. This book is designed with the intent to provide you with the knowledge, wisdom, and skills that an aspiring penetration tester needs in order to be super awesome within the cybersecurity industry. A penetration tester is a cybersecurity professional who has the skills of a hacker; they are hired by an organization to perform simulations of real-world cyber-attacks on the organization's network infrastructure with the objective of discovering and exploiting security vulnerabilities. This allows the organization to determine any security weaknesses and implement security controls to prevent and mitigate a real cyber-attack.

Throughout the course of this book, you will learn how to use one of the most popular Linux distributions within the cybersecurity industry to simulate real-world cyber-attacks in penetration testing exercises to discover and exploit security weaknesses on systems and networks. The Kali Linux operating system has tons of pre-installed Linux packages/applications that are widely used within the cybersecurity industry, hence it's an arsenal filled with everything you will need. We'll be using a student-centric approach, filled with a lot of hands-on exercises starting from beginner level to intermediate, to more advanced topics and techniques, including red team engagements.

In this chapter, you will gain an in-depth understanding of the various characteristics of various threat actors, their intentions, and the motives behind their cyber-attacks against their targets. Next, you will learn about key factors that are important to threat actors, which determine the level of complexity to compromise a system in comparison to cybersecurity professionals such as ethical hackers and penetration testers who are hired to discover and exploit hidden security weaknesses within a target organization. Furthermore, you will also discover the need for penetration testing, its phases, and approaches used by seasoned professionals within the industry. Lastly, you will explore the Cyber Kill Chain framework, how cybersecurity professionals use it to prevent cyber-attacks, and how each stage can be aligned with penetration testing.

In this chapter, we will cover the following topics:

  • Identifying threat actors and their intent
  • Understanding what matters to threat actors
  • Discovering cybersecurity terminologies
  • Exploring the need for penetration testing and its phases
  • Understanding penetration testing approaches
  • Exploring hacking phases
  • Understanding the Cyber Kill Chain framework

I hope you're as excited as I am to begin this journey. Let's dive in!

Identifying threat actors and their intent

All around the world, there is a huge demand for cybersecurity professionals as many organizations are beginning to understand the need for skilled professionals to help them secure and safeguard their assets. One of the most valuable assets to any organization is data. Threat actors such as hackers are improving their game plan and hacking has become a business on the dark web. Threat actors use advanced and sophisticated attacks and threats to compromise their target's systems and networks, steal their data using various techniques of exfiltration to bypass threat detection, and sell the stolen data on the dark web.

Years ago, hackers would manually perform these tasks; however, these days they have created advanced threats such as ransomware, which is a crypto-malware designed to compromise vulnerable systems. Once a system is infected with ransomware, it will encrypt all the data within the local drives except the operating system. Additionally, ransomware has the capabilities of also compromising any cloud storage that is linked to the infected system. For example, imagine a user's system has Google Drive, Microsoft OneDrive, or even Dropbox and data is constantly synchronized. If the system is infected, the infection could also affect the data within the cloud storage. However, some cloud providers have built-in protection against these types of threats.

Ransomware encrypts the data and holds it hostage while presenting a payment window on the victim's desktop requesting payment to recover the data. During this time, the responsible threat actor is also exfiltrating your data and selling it on the dark web.

Important note

It is not recommended to pay the ransom as there is no guarantee or reassurance the threat actors will release the data. If the threat actors provide a decryption key, it may not be the right one. Furthermore, former Microsoft Detection and Response Team (DART) member Mr. Rishalin Pillay mentioned during his time at Microsoft that he has seen how attackers "may" give the decryption key to victims, however, they 110% implant additional malware to return later for more cash gains. Essentially, the target organization becomes a "cash cow" for the threat actors (attacking group).

So far, we've only encountered one type of threat actor, the hacker. However, there are other types of threat actors involved in cyber-attacks. You'll be surprised at the variety of people involved in hacking. Let's look at a list of the most popular threat actors in the industry:

  • Script kiddie – The script kiddie is a common type of threat actor who is not necessarily a young adult or kid. Rather, they are someone who does not understand the technical details of cybersecurity to perform a cyber-attack on their own. However, a script kiddie usually follows the instructions or tutorials of real hackers to perform their own attacks against a system or network. While you may think a script kiddie is harmless because the person does not have the required knowledge and skills, they can create an equal amount of damage as a real hacker by following the instructions of malicious hackers on the internet. These types of hackers may make use of tools that they have no knowledge of how they work, thus causing more damage.
  • Hacktivist – Across the world, there are many social and political agendas in many nations, and there are many persons and groups who are either supportive or not supportive of their agendas. You will commonly find protesters who will organize rallies, marches, or even perform illegal activities such as the defacement of public property. There is a type of threat actor who uses their hacking skills to perform malicious activities in support of a political or social agenda. This person is commonly referred to as a hacktivist. While some hacktivists use their hacking skills for good reasons, keep in mind hacking is still an illegal act and the threat actor can face legal action.
  • Insider – Many threat actors have realized it's more challenging to break into an organization through the internet and it's easier to do it from the inside on the target's internal network. Some threat actors will create a fake identity and curriculum vitae with the intention of applying for a job within their target organization and becoming an employee. Once this type of threat actor becomes an employee, the person will have access to the internal network and gain better insights into the network architecture and security vulnerabilities. Therefore, this type of threat actor can implement network implants on the network and create backdoors for remote access to critical systems. This type of threat actor is known as an insider.
  • State-sponsored – While many nations will send their army of soldiers to fight a war, many battles are now fought within cyberspace. This is known as cyber warfare. Many nations have realized the need to create defenses to protect their citizens and national assets from hackers and other nations with malicious intents. Therefore, a nation's government will hire state-sponsored hackers who are responsible for protecting their country from cyber-attacks and threats. Some nations use this type of threat actor to gather intelligence on other countries and even compromise the systems that control the infrastructure of public utilities or other critical resources needed by a country.
  • Organized crime – Around the world, we commonly read and hear about many crime syndicates and organized crime groups. Within the cybersecurity industry, there are also crime organizations made up of a group of people with the same goals in mind. Each person within the group is usually an expert or has a few special skillsets, such as one person may be responsible for performing extensive reconnaissance on the target, while another is responsible for developing an Advanced Persistent Threat (APT). Within this organized crime group, there is usually a person who is responsible for financially funding the group to provide the best available resources money can buy to ensure the attack is successful. The intention of this type of threat actor is usually big, such as stealing their target's data and selling it for financial gain.
  • Black hat – The black hat hacker is a threat actor who uses their skills for malicious reasons. These hackers can be anyone and their reason for performing a hack against a system or network can be random. Sometimes they may hack to destroy their target's reputation, steal data, or even as a personal challenge to prove a point for fun.
  • White hat – White hat hackers are the industry's good guys and girls. This type of hacker uses their skills to help organizations and people secure their networks and safeguard their assets from malicious hackers. Ethical hackers and penetration testers are examples of white hat hackers as these people use their skills to help others in a positive and ethical manner.
  • Gray hat – The gray hat hacker is a person who metaphorically sits between the white hat and the black hat. This means the gray hat hacker has a hacking skillset and can be a good guy/girl during the day as a cybersecurity professional and a bad guy/girl at night using their skills for malicious intentions.

With the continuous development of new technologies, the curious minds of many will always find a way to gain a deeper understanding of the underlying technologies of a system. This often leads to discovering security flaws in the design and eventually allows a person to exploit the vulnerability. Having completed this section, you have discovered the characteristics of various threat actors and their intentions for performing a cyber-attack. In the next section, we will take a deep dive into understanding what matters to a threat actor.

Understanding what matters to threat actors

The concept of hacking into another system or network will always seem very fascinating to many, while for others it's quite concerning knowing the level of security is not acceptable if a system can be compromised by a threat actor. Threat actors, ethical hackers, or even penetration testers need to plan and evaluate the time, resources, complexity, and the hack's value before performing a cyber-attack on a target's systems or networks.

Time

Understanding how much time it will take from starting to gather information about the target to meeting the objectives of the attack is important. Sometimes, a cyber-attack can take a threat actor anything from days to a few months of careful planning to ensure each phase is successful when executed in the proper order. Threat actors have to also account for the possibility that an attack or exploit might not work on the target and this creates a speed bump during the process, which increases the time taken to meet the goals of the hack. This concept can be applied to penetration testers as they need to determine how long it will take to complete a penetration test for a customer and present the report with the findings and security recommendations.

Resources

Without the right set of resources, it will be a challenge to complete a task. Threat actors need to have the right set of resources, which can be software- and hardware-based tools. While skilled and seasoned hackers can manually discover and exploit security weaknesses on a system, it can be a time-consuming process. However, using the right set of tools can help automate these tasks and improve the time taken to find security flaws and exploit them. Additionally, without the right set of skills, a threat actor may face some challenges in being successful in performing the cyber-attack. This can lead to gaining the support of additional persons with the skills needed to assist and contribute to achieving the objectives of the cyber-attack. Once again, this concept can be applied to security professionals such as penetration testers within the industry. Not everyone has the same skills and a team may be needed for a penetration test engagement for a customer.

Financial factors

Another important resource is financial factors. Sometimes a threat actor does not need any additional resources and can perform a successful cyber-attack and compromise their targets. However, there may be times when an additional software- or hardware-based tool is needed to ensure the attack is successful. Having a budget allows the threat actors to purchase the additional resources needed. Similarly, penetration testers are well-funded by their employers to ensure they have access to the best tools within the industry to excel at their jobs.

Hack value

Lastly, the hack value is simply the motivation or the reason for performing a cyber-attack against a target's systems and network. For a threat actor, it's the value of accomplishing the objectives and goals of compromising the system. Threat actors may not target an organization if they think it's not worth the time, effort, or resources to compromise its systems. Other threat actors may target the same organization with another motive.

Having completed this section, you have learned about some of the important factors that matter to threat actors prior to performing a cyber-attack on an organization. In the next section, you will discover various key terminologies that are commonly used within the cybersecurity industry.

Discovering cybersecurity terminologies

Throughout your journey in the exciting field of cybersecurity, you will be exposed to various jargon and terminologies that are commonly found in various literature, discussions, and learning resources. As an aspiring penetration tester, it's important you are aware of and understand various key terminologies and how they are related to penetration testing.

The following is a list of the most common terminologies within the cybersecurity industry:

  • Asset – Within the field of cybersecurity, we define an asset as anything that has value to an organization or person. Assets are systems within a network that can be interacted with and potentially expose the network or organization to weaknesses that could be exploited and give hackers a way to escalate their privileges from standard user access to administrator-/root-level access or gain remote access to the network. It is important to mention that assets are not and should not be limited to technical systems. Other forms of assets include humans, physical security controls, and even data that resides within the networks we aim to protect.

    Assets can be broken down into three categories:

    1. Tangible: These are physical things such as networking devices, computer systems, and appliances.
    2. Intangible: These are things that are not in a physical form, such as intellectual property, business plans, data, and records.
    3. People: These are the employees who drive the business or organization. Humans are one of the most vulnerable assets in the field of cybersecurity. Additionally, organizations need to protect their customers' data from being stolen by threat actors.

    As cybersecurity professionals, it's important to be able to identify assets and the potential threats that may cause harm to them.

  • Threat – In the context of cybersecurity, a threat is anything that has the potential to cause harm to a system, network, or person. Whether you're on the offensive or defensive side in cybersecurity, it's important to be able to identify threats. Many organizations around the world face various types of threats each day and their cybersecurity team works around the clock to ensure the organization's assets are safeguarded from threat actors and threats. One of the most exciting, but also overwhelming, aspects of cybersecurity is professionals within the industry always need to stay one step ahead of threat actors to quickly find security weaknesses in systems, networks, and applications, and implement countermeasures to mitigate any potential threats against those assets.

    All organizations have assets that need to be kept safe; an organization's systems, networks, and assets always contain some sort of security weakness that can be taken advantage of by a hacker. Next, we'll dive into understanding what a vulnerability is.

  • Vulnerability – A vulnerability is a weakness or security flaw that exists within technical, physical, or human systems that hackers can exploit in order to gain unauthorized access or control over systems within a network. Common vulnerabilities that exist within organizations include human error (the greatest of vulnerabilities on a global scale), misconfiguration of devices, using weak user credentials, poor programming practices, unpatched operating systems and outdated applications on host systems, using default configurations on systems, and so on.

    A threat actor will look for the lowest-hanging fruits such as the vulnerabilities that are the easiest to be taken advantage of. The same concept applies to penetration testing. During an engagement, the penetration tester will use various techniques and tools to discover vulnerabilities and will attempt to exploit the easy ones before moving to the more complex security flaws on a target system.

  • Exploit – An exploit is the thing, tool, or code that is used to take advantage of a vulnerability on a system. For example, take a hammer, a piece of wood, and a nail. The vulnerability is the soft, permeable nature of wood, and the exploit is the act of hammering the nail into the wood. Once a vulnerability is found on a system, the threat actor or penetration tester will either develop or search for an exploit that is able to take advantage of the security weakness. It's important to understand that the exploit should be tested on a system to ensure it has the potential to be successful when launched by the threat actor. Sometimes, an exploit may work on a system and may not work on another. Hence, seasoned penetration testers will ensure their exploits are tested and graded on their rate of success per vulnerability.
  • Risk – While it may seem like penetration testers are hired to simulate real-world cyber-attacks on a target organization, the goal of such engagements is much deeper than it seems. At the end of the penetration test, the cybersecurity professional will present all the vulnerabilities and possible solutions to help the organization mitigate and reduce the risk of a potential cyber-attack.

    What is risk? Risk is the potential impact that a vulnerability, threat, or asset presents to an organization calculated against all other vulnerabilities, threats, and assets. Evaluating risk helps to determine the likelihood of a specific issue causing a data breach that will cause harm to an organization's finances, reputation, or regulatory compliance. Reducing risk is critical for many organizations. There are many certifications, regulatory standards, and frameworks that are designed to help companies understand, identify, and reduce risks.

  • Zero-day – A zero-day attack is an exploit that is unknown to the world, including the vendor of the product, which means it is unpatched by the vendor. These attacks are commonly used in nation-state attacks, as well as by large criminal organizations. The discovery of a zero-day exploit can be very valuable to ethical hackers and penetration testers, and can earn them a bug bounty. These bounties are fees paid by vendors to security researchers that discover unknown vulnerabilities in their applications.

    Today, many organizations have established a bug bounty program, which allows interested persons who discover a vulnerability within a system of a vendor to report it. The person who reports the vulnerability, usually a zero-day flaw, is given a reward. However, there are hackers who intentionally attempt to exploit a system or network for some sort of personal gain; this is known as the hack value.

During this section, you have discovered various key terminologies that are commonly used within the cybersecurity industry. In the next section, you will explore the various phases of penetration testing.

Exploring the need for penetration testing and its phases

Each day, cybersecurity professionals are always in a race against time with threat actors in discovering vulnerabilities in systems and networks. Imagine that a threat actor is able to exploit a vulnerability on a system before a cybersecurity professional can find it and implement security controls to mitigate the threat. The threat actor would have compromised the system. This would leave the cybersecurity professional to perform incident response (IR) strategies and plans to recover the compromised system back to an acceptable working state.

Organizations are realizing the need to hire white hat hackers such as penetration testers who have the skills to simulate real-world cyber-attacks on the organization's systems and networks with the intent of discovering and exploiting hidden vulnerabilities. These techniques allow the penetration tester to perform the same types of attacks as a real hacker; the difference is the penetration tester is hired by the organization and has been granted legal permission to conduct such intrusive security testing.

Important note

Penetration testers usually have a strong understanding of computers, operating systems, networking, and programming, as well as how they work together. Most importantly, you need creativity. Creative thinking allows a person to think outside the box and go beyond the intended uses of technologies and find exciting new ways to implement them.

At the end of the penetration test, a report is presented to the organization's stakeholders detailing all the findings, such as vulnerabilities and how each weakness can be exploited. The report also contains recommendations on how to mitigate and prevent a possible cyber-attack on each vulnerability found. This allows the organization to understand what a hacker will discover if they are a target and how to implement countermeasures to reduce the risk of a cyber-attack. Some organizations will even perform a second penetration test after implementing the recommendations outlined in the penetration test report to determine whether all the vulnerabilities have been fixed and the risk has been reduced.

Creating a penetration testing battle plan

While penetration testing is interesting, we cannot attack a target without a battle plan. Planning ensures that the penetration testing follows a sequential order of steps to achieve the desired outcome, which is identifying and exploiting vulnerabilities. Each phase outlines and describes what is required before moving onto the next steps. This ensures that all details about the work and target are gathered efficiently and the penetration tester has a clear understanding of the task ahead.

The following are the different phases of penetration testing:

Figure 1.1 – Penetration testing phases

Figure 1.1 – Penetration testing phases

As shown in the preceding diagram, penetration testing usually consists of the pre-engagement, information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and report writing phases. Each of these phases will be covered in more detail in the following sections.

Pre-engagement

During the pre-engagement phase, key personnel are selected. These individuals are key to providing information, coordinating resources, and helping the penetration testers to understand the scope, breadth, and rules of engagement in the assessment.

This phase also covers legal requirements, which typically include a Non-Disclosure Agreement (NDA) and a Consulting Services Agreement (CSA). The following is a typical process overview of what is required prior to the actual penetration testing:

Figure 1.2 – Pre-engagement

Figure 1.2 – Pre-engagement

An NDA is a legal agreement that specifies that a penetration tester and their employer will not share or hold onto any sensitive or proprietary information that is encountered during the assessment. Companies usually sign these agreements with cybersecurity companies who will, in turn, sign them with employees working on the project. In some cases, companies sign these agreements directly with the penetration testers from the company carrying out the project.

The scope of a penetration test, also known as the rules of engagement, defines the systems the penetration tester can and cannot hack. This ensures the penetration tester remains within legal boundaries. This is a mutual agreement between the client (organization) and the penetration tester and their employer. It also defines sensitive systems and their IP addresses as well as testing times and which systems require special testing windows. It's incredibly important for penetration testers to pay close attention to the scope of a penetration test and where they are testing in order to always stay within the testing constraints.

The following are some sample pre-engagement questions to help you define the scope of a penetration test:

  • What is the size/class of your external network? (Network penetration testing)
  • What is the size/class of your internal network? (Network penetration testing)
  • What is the purpose and goal of the penetration test? (Applicable to any form of penetration testing)
  • How many pages does the web application have? (Web application penetration testing)
  • How many user inputs or forms does the web application have?

This is not an extensive list of pre-engagement questions, and all engagements should be given thorough thought to ensure that you ask all the important questions so you don't underscope or underprice the engagement.

Now that we've understood the legal limitation stages of penetration testing, let's move on to learn about the information gathering phase and its importance.

Information gathering

Penetration testing involves information gathering, which is vital to ensure that penetration testers have access to key information that will assist them in conducting their assessment. Seasoned professionals normally spend a day or two conducting extensive reconnaissance on their target. The more knowledge that is known about the target will help the penetration tester to identify the attack surface such as points of entry in the target's systems and networks. Additionally, this phase also helps the penetration tester to identify the employees, infrastructure, geolocation for physical access, network details, servers, and other valuable information about the target organization.

Understanding the target is very important before any sort of attack as a penetration tester, as it helps in creating a profile of the potential target. Recovering user credentials/login accounts in this phase, for instance, will be vital to later phases of penetration testing as it will help us gain access to vulnerable systems and networks. Next, we will discuss the essentials of threat modeling.

Threat modeling

Threat modeling is a process used to assist penetration testers and network security defenders to better understand the threats that inspired the assessment or the threats that the application or network is most prone to. This data is then used to help penetration testers simulate, assess, and address the most common threats that the organization, network, or application faces.

The following are some threat modeling frameworks:

  • Spoofing, Tampering, Repudiation, Information disclosure, Denial of server and Elevation of privilege (STRIDE)
  • Process for Attack Simulation and Threat Analysis (PASTA)

Having understood the threats an organization faces, the next step is to perform a vulnerability assessment on the assets to further determine the risk rating and severity.

Vulnerability analysis

Vulnerability analysis typically involves the assessors or penetration testers running vulnerability or network/port scans to better understand which services are on the network or the applications running on a system and whether there are any vulnerabilities in any systems included in the scope of the assessment. This process often includes manual vulnerability discovery and testing, which is often the most accurate form of vulnerability analysis or vulnerability assessment.

There are many tools, both free and paid, to assist us in quickly identifying vulnerabilities on a target system or network. After discovering the security weaknesses, the next phase is to attempt exploitation.

Exploitation

Exploitation is the most commonly ignored or overlooked part of penetration testing, and the reality is that clients and executives don't care about vulnerabilities unless they understand why they matter to them. Exploitation is the ammunition or evidence that helps articulate why the vulnerability matters and illustrates the impact that the vulnerability could have on the organization. Furthermore, without exploitation, the assessment is not a penetration test and is nothing more than a vulnerability assessment, which most companies can conduct in-house better than a third-party consultant could.

To put it simply, during the information gathering phase, a penetration tester will profile the target and identify any vulnerabilities. Next, using the information about the vulnerabilities, the penetration tester will do their research and create specific exploits that will take advantage of the vulnerabilities of the target—this is exploitation. We use exploits (malicious code) to leverage a vulnerability (weakness) in a system, which will allow us to execute arbitrary code and commands on the target.

Often, after successfully exploiting a target system or network, we may think the task is done—but it isn't just yet. There are tasks and objectives to complete after breaking into the system. This is the post-exploitation phase in penetration testing.

Post-exploitation

Exploitation is the process of gaining access to systems that may contain sensitive information. The process of post-exploitation is the continuation of this step, where the foothold gained is leveraged to access data or spread to other systems via lateral movement techniques within the target network. During post-exploitation, the primary goal is typically to demonstrate the impact that the vulnerability and access gained can pose to the organization. This impact assists in helping executive leadership to better understand the vulnerabilities and the damage it could cause to the organization if a real cyber-attack was to occur.

Report writing

Report writing is exactly as it sounds and is one of the most important elements of any penetration test. Penetration testing may be the service, but report writing is the deliverable that the client sees and is the only tangible element given to the client at the end of the assessment. Reports should be given as much attention and care as the testing.

Report writing involves much more than listing a few vulnerabilities discovered during the assessment. It is the medium through which you convey risk and business impact, summarize your findings, and include remediation steps. A good penetration tester needs to be a good report writer, or the issues they find will be lost and may never be understood by the client who hired them to conduct the assessment.

Having completed this section, you are now able to describe each phase of a penetration test and have gained a better idea of the expectations of penetration testers in the industry. Next, we will dive into understanding various penetration testing approaches.

Understanding penetration testing approaches

A white box assessment is typical of web application testing but can extend to any form of penetration testing. The key difference between white, black, and gray box testing is the amount of information provided to the penetration testers prior to the engagement. In a white box assessment, the penetration tester will be provided with full information about the application and its technologies, and will usually be given credentials with varying degrees of access to quickly and thoroughly identify vulnerabilities in the applications, systems, or networks. Not all security testing is done using the white box approach; sometimes, only the target company's name is provided to the penetration tester.

Black box assessments are the most common form of network penetration assessment and are most typical among external network penetration tests and social engineering penetration tests. In a black box assessment, the penetration testers are given very little or no information about the target networks or systems they are testing. This particular form of testing is efficient when trying to determine what a real hacker will discover and their strategies to gain unauthorized access to the organization's network and compromise their systems.

Gray box assessments are a hybrid of white and black box testing and are typically used to provide a realistic testing scenario while also giving penetration testers enough information to reduce the time needed to conduct reconnaissance and other black box testing activities. In addition, it's important in any assessment to ensure you are testing all in-scope systems. In a true black box, it's possible to miss systems, and as a result, they are left out of the assessment.

Each penetration test approach is different from the others, and it's vital that you know about all of them. Imagine a potential client calling to request a black box test on their external network; as a penetration tester, we must be familiar with the terms and what is expected.

Types of penetration testing

As an aspiring penetration tester, it's important to understand the difference between a vulnerability assessment and penetration testing. In a vulnerability assessment, the cybersecurity professional uses a vulnerability scanner, which is used to help assess the security posture of the systems within the organization. These vulnerability scanners use various techniques to automate the process of discovering a wide range of security weaknesses on systems.

The downside of vulnerability scanning is its incapability to identify the issues that manual testing can, and this is the reason that an organization hires penetration testers to conduct these assessments. Within the industry, organizations may hire a cybersecurity professional to perform penetration testing on their infrastructure. However, if the cybersecurity professional delivers scans instead of manual testing, this is a form of fraud and is, in my opinion, highly unethical. If you can't cut it in penetration testing, then practice, practice, and practice some more. You will learn legal ways to improve your tradecraft later in this book.

Web application penetration testing

Web application penetration testing, hereafter referred to as WAPT, is the most common form of penetration testing and is likely to be the first penetration testing job most people reading this book will be involved in. WAPT is the act of conducting manual hacking or penetration testing against a web application to test for vulnerabilities that typical vulnerability scanners won't find. Too often, penetration testers submit web application vulnerability scans instead of manually finding and verifying issues within web applications.

Mobile application penetration testing

Mobile application penetration testing is similar to WAPT but is specific to mobile applications that contain their own attack vectors and threats. This is a rising form of penetration testing with a great deal of opportunity for those who are looking to break into penetration testing and have an understanding of mobile application development. As you may have noticed, the different types of penetration testing each have specific objectives.

Social engineering penetration testing

Social engineering penetration testing, in my opinion, is the most adrenaline-filled type of testing. Social engineering is the art of manipulating basic human psychology to find human vulnerabilities and get people to do things they may not otherwise do. During this form of penetration testing, you may be asked to do activities such as sending phishing emails, make vishing phone calls, or talk your way into secure facilities to determine what an attacker targeting their personnel could achieve. There are many types of social engineering attacks, which will be covered later on in this book.

Network penetration testing (external and internal)

Network penetration testing focuses on identifying security weaknesses in a targeted environment. The penetration test objectives are to identify the flaws in the target organization's systems, their networks (wired and wireless), and their networking devices such as switches and routers.

The following are some tasks that are performed using network penetration testing:

  • Bypassing an Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
  • Bypassing firewall appliances
  • Password cracking
  • Gaining access to end devices and servers
  • Exploiting misconfigurations on switches and routers

Now that you have a better idea of the objectives of network penetration testing, let's take a look at the purpose of cloud penetration testing.

Cloud penetration testing

Cloud penetration testing involves performing security assessments and penetration testing on risks to cloud platforms to discover any vulnerabilities that may expose confidential information to malicious users. Before attempting to directly engage a cloud platform, ensure you have legal permission from the cloud provider. For example, if you are going to perform penetration testing on the Microsoft Azure platform, you'll need legal permission from Microsoft as your actions may affect other users and services who are sharing the data center.

Physical penetration testing

Physical penetration testing focuses on testing the physical security access control systems in place to protect an organization's data. Security controls exist within offices and data centers to prevent unauthorized persons from entering secure areas of a company.

Physical security controls include the following:

  • Security cameras and sensors: Security cameras are used to monitor physical actions within an area.
  • Biometric authentication systems: Biometrics are used to ensure that only authorized people are granted access to an area.
  • Doors and locks: Locking systems are used to prevent unauthorized persons from entering a room or area.
  • Security guards: Security guards are people who are assigned to protect something, someone, or an area.

Having completed this section, you are now able to describe the various types of penetration testing. Your journey ahead won't be complete without understanding the phases of hacking. The different phases of hacking will be covered in the next section.

Exploring hacking phases

Since penetration testers are the white hats, the good guys and girls within the industry, it's important to understand the phases of hacking as it's also associated with penetration testing. During any penetration test training, you will encounter the five phases of hacking. These phases are as follows:

Figure 1.3 – Hacking phases

Figure 1.3 – Hacking phases

As shown in the preceding diagram, before a threat actor attacks a target, information gathering is needed to better understand various details about the target. In the following sections, you will gain a better understanding of each phase and how it relates to penetration testing.

Reconnaissance or information gathering

The reconnaissance or information gathering phase is where the threat actor focuses on acquiring meaningful information about their target. This is the most important phase in hacking: the more details known about the target, the easier it is to compromise a weakness and exploit it.

The following are techniques used in the reconnaissance phase:

  • Using search engines to gather information
  • Using social networking platforms
  • Performing Google hacking/dorking
  • Performing Domain Name System (DNS) interrogation
  • Using social engineering

In this phase, the objective is to gather as much information as possible about the target. Next, we will discuss using a more directed approach, and engage the target to get more specific and detailed information.

Scanning and enumeration

The second phase of hacking is scanning. Scanning involves using a direct approach in engaging the target to obtain information that is not accessible via the reconnaissance phase. This phase involves profiling the target organization, its systems, and network infrastructure.

The following are techniques used in the scanning phase:

  • Checking for any live systems
  • Checking for firewalls and their rules
  • Checking for open network ports
  • Checking for running services
  • Checking for security vulnerabilities
  • Creating a network topology of the target network

This phase is very important as it helps us to improve the profile of the target. The information found in this phase will help us to move on to performing exploitation on the target system or network.

Gaining access

This phase can sometimes be the most challenging phase of them all. In this phase, the threat actor uses the information obtained from the previous phases to exploit the target. Upon successful exploitation of vulnerabilities, the threat actor can then remotely execute malicious code on the target and gain remote access to the target system.

The following can occur once access is gained:

  • Password cracking
  • Exploiting vulnerabilities
  • Escalating privileges
  • Hiding files

The gaining access (exploitation) phase can at times be difficult as exploits may work on one system and not on another. Once an exploit is successful and system access is acquired, the next phase is to ensure that you have a persistent connection back to the target.

Maintaining access

After exploiting a system, the threat actor should usually ensure that they are able to gain access to the victim's system at any time as long as the system is online. This is done by creating backdoor access to the target and setting up multiple persistence connections between the attacker's machines and the victim's system.

The objectives of maintaining access are as follows:

  • Lateral movement
  • Exfiltration of data
  • Creating backdoor and persistent connections

Maintaining access is important to ensure that you, the penetration tester, always have access to the target system or network. Once the technical aspect of the penetration test is completed, it's time to clean up the network.

Covering your tracks

The last phase is to cover your tracks. This ensures that you do not leave any traces of your presence on a compromised system or network. As penetration testers, we would like to be as undetectable as possible on a target's network, not triggering any alerts on security sensors and appliances while we remove any residual traces of the actions performed during the penetration test. Covering your tracks ensures that you don't leave any trace of your presence on the network, as a penetration test is designed to be stealthy and simulate real-world attacks on an organization.

Having completed this section, you have gained the knowledge to describe the phases of hacking that are commonly used by threat actors. In the next section, you will discover the Cyber Kill Chain framework and we are going to combine it into the training and exercises throughout this book.

Understanding the Cyber Kill Chain framework

As an aspiring penetration tester who is breaking into the cybersecurity industry, it's vital to understand the mindset of threat actors. To be better at penetration testing, you need to have a very creative and strategic mindset. To put it simply, you need to think like a real hacker if you are to compromise systems and networks as a cybersecurity professional.

The Cyber Kill Chain is a seven-stage framework developed by Lockheed Martin, an American aerospace corporation. This framework outlines each critical step a threat actor will need to perform before they are successful in meeting the objectives and goals of the cyber-attack against their targets. Cybersecurity professionals will be able to reduce the likelihood of the threat actor meeting their goals and reduce the amount of damage if they are able to stop the attacker during the earlier phases of the Cyber Kill Chain.

The following diagram shows the seven stages of the Cyber Kill Chain that are used by threat actors:

Figure 1.4 – Cyber Kill Chain

Figure 1.4 – Cyber Kill Chain

As shown in Figure 1.4, you can see each stage flows into the other until the threat actor reaches the last phase where the attacker is successful in their cyber-attack and the cybersecurity professionals were unable to stop the attack. On the blue team side of cybersecurity operations, the security engineers need to ensure the systems and networks are very well protected and monitored for any potential threats. If a threat is detected, the blue team needs to mitigate the threat as quickly as possible, hence the need to understand the Cyber Kill Chain. However, as a penetration tester, we can apply the techniques and strategies used by threat actors corresponding to each stage of the Cyber Kill Chain to achieve our objectives during a penetration test for an organization.

In the next few sections, you will learn about the fundamentals of each stage of the Cyber Kill Chain, how each is used by threat actors, and how penetration testers apply these strategies within their engagements.

Reconnaissance

As with every battle plan, it's important to know a lot about your opponent before starting a war. The reconnaissance stage is focused on gathering a lot of information and intelligence about the target, whether it's a person or an organization. Threat actors and penetration testers use this stage to create a profile of their target, which contains IP addresses, systems' operating systems, and open service ports, running applications, vulnerabilities, and any sensitive resources that may be unintentionally exposed that can increase the attack surface.

Important note

The reconnaissance stage involves both passive and active information gathering techniques, which will be covered in later sections of this book. You will also discover tools and techniques to improve your information skills when performing a penetration testing engagement.

Threat actors will spend a lot of time researching their target to determine the geolocation of any physical offices, online services, domain names, network infrastructure, online servers and web applications, employees, telephone numbers and email addresses, and so on. The main objective is to know as much information about the target. Sometimes this phase can take a long time. As compared to a penetration tester who has a specific time period to perform the entire penetration test, it can take between 1 to 2 days of intensive research before moving onto the next phase.

Weaponization

Using the information gathered from the reconnaissance phase, the threat actor and penetration tester can use it to better craft a weapon, better referred to as an exploit, that can take advantage of a security vulnerability on the target. The weapon (exploit) has to be specially crafted and tested to ensure its success when launched by the threat actor or the penetration tester. The objective of the exploit is to affect the confidentiality, integrity, and/or availability of the target's systems or networks.

An exploit takes advantage of a vulnerability. After that happens, what's next? To be a bit more strategic, threat actors and penetration testers will couple their exploit with a payload. The payload is unleashed after the exploit has compromised the system. As a simple example, a payload can be used to create a persistent backdoor on the target system to allow the threat actor or the penetration tester remote access to the system at any time when the compromised system is online.

Delivery

After creating the weapon, the threat actor or the penetration tester has to deliver the weapon onto the target system. Delivery can be done using the creative mindset of the attacker, whether using email messaging, instant messaging services, or even by creating drive-by downloads on compromised web services. Another technique can be copying the exploit onto multiple USB drives and dropping them within the compound of the target organization, with the hope an employee will find it and connect it to an internal system due to human curiosity.

The following figure seems to show a regular data cable for a mobile phone, however, it's a special type of USB ninja cable, which can be pre-programmed with malicious scripts by a threat actor and execute when connected to a computer:

Figure 1.5 – USB ninja cable

Figure 1.5 – USB ninja cable

The USB ninja cable can be used by both threat actors and penetration testers as a method of delivering a malicious payload onto their target's system.

The following figure shows a USB rubber ducky, which can be used to deliver payloads:

Figure 1.6 – USB rubber ducky

Figure 1.6 – USB rubber ducky

When both the USB ninja cable and USB rubber ducky are inserted into a computer, they function as a keyboard emulator and execute the payload. This technique allows both threat actors and penetration testers to simply bypass firewalls and antimalware software.

As an upcoming penetration tester, ensure you have multiple methods of delivering the weapon to the target, such that, in the event that one method does not work, you have another, and so on.

Exploitation

After the weapon (exploit) is delivered to the target, the attacker needs to ensure when the exploit is executed, it successfully takes advantage of the security vulnerability on the target system as intended. If the exploit does not work, the threat actor or penetration tester may be detected by the organization's blue team and there is a halt in the Cyber Kill Chain. The attacker needs to ensure the exploit is tested properly before executing it on the target system.

Installation

After the threat actor has exploited the target system, the attacker will attempt to create multiple persistent backdoor accesses to the compromised system. This allows the threat actor or the penetration tester to have multiple channels of entry back into the system and network. During this stage, additional applications may usually install while the threat actor takes a lot of precautions to avoid detection by any threat detection systems.

Command and Control (C2)

An important stage in a cyber-attack is creating Command and Control (C2) connections between the compromised systems and a C2 server on the internet. This allows the threat actor to centrally control a group of infected systems (botnet) using a C2 server that is managed by the attacker. This allows the threat actor to create an army of zombies, all controlled and managed by a single threat actor.

The following diagram shows an example of C2:

Figure 1.7 – C2 operations

Figure 1.7 – C2 operations

The threat actor uses data encryption, encapsulation, and various tunneling techniques to evade threat detection systems within target organizations. Similarly, there is an advanced stage of penetration testing known as red teaming where there are no limitations (rules of engagement) on the methods and techniques used to compromise a target organization, with the objective of simulating the closest thing to a real advanced cyber-attack of a malicious cyber army. However, keep in mind that legal permission is still needed for any type of red teaming engagements.

Actions on objectives

If the threat actor or the penetration tester is able to reach this stage of the Cyber Kill Chain, the organization's blue team has failed to stop the attacker and prevent the cyber-attack. At this stage, the threat actor has completed their objectives and achieved the goals of the attack. In this phase, the attacker can complete the main objective of the attack, whether it's exfiltrating data from the organization and selling it on the dark web or even extending their botnet for a larger-scale cyber-attack on another target organization.

Stopping the threat actor or the penetration tester at this phase is considered to be extremely difficult as the attacker would have already established multiple persistent backdoor accesses with encrypted C2 connections on multiple compromised systems within the target organization. Furthermore, the threat actor will also be clearing traces of any evidence or artifacts that could help cybersecurity professionals to trace the attack to the threat actor.

Having completed this section, you have learned about the various stages of the Cyber Kill Chain and how it helps cybersecurity professionals understand the intentions of threat actors. Additionally, you have learned how penetration testers can implement these strategies within their penetration testing engagements.

Summary

During the course of this chapter, you have discovered various types of threats actors and their motivation for performing malicious cyber-attacks on persons and organizations. Furthermore, you have gained an understanding of some factors that are considered among threat actors and penetration testers as they affect the launching of a cyber-attack or performing a penetration testing assessment on target organizations. You have also acquired the knowledge to identify various key terminologies within the cybersecurity industry and have explored the stages of penetration testing and how it relates to the phases of hacking. Lastly, you have discovered various types of penetration tests that are conducted within organizations and have explored the Cyber Kill Chain framework as it relates to penetration testing.

I hope this chapter has been informative and helpful to you in your journey toward becoming a super awesome penetration tester and cybersecurity professional within the industry. In the next chapter, Chapter 2, Building a Penetration Testing Lab, you will learn how to build your very own penetration testing lab environment to hone your new skills in a safe space.

Further reading

Left arrow icon Right arrow icon

Key benefits

  • Learn to compromise enterprise networks with Kali Linux
  • Gain comprehensive insights into security concepts using advanced real-life hacker techniques
  • Use Kali Linux in the same way ethical hackers and penetration testers do to gain control of your environment
  • Purchase of the print or Kindle book includes a free eBook in the PDF format

Description

Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks. This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment. By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.

Who is this book for?

This pentesting book is for students, trainers, cybersecurity professionals, cyber enthusiasts, network security professionals, ethical hackers, penetration testers, and security engineers. If you do not have any prior knowledge and are looking to become an expert in penetration testing using the Kali Linux operating system (OS), then this book is for you.

What you will learn

  • Explore the fundamentals of ethical hacking
  • Understand how to install and configure Kali Linux
  • Perform asset and network discovery techniques
  • Focus on how to perform vulnerability assessments
  • Exploit the trust in Active Directory domain services
  • Perform advanced exploitation with Command and Control (C2) techniques
  • Implement advanced wireless hacking techniques
  • Become well-versed with exploiting vulnerable web applications
Estimated delivery fee Deliver to Spain

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 24, 2022
Length: 742 pages
Edition : 2nd
Language : English
ISBN-13 : 9781801818933
Category :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Spain

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Publication date : Feb 24, 2022
Length: 742 pages
Edition : 2nd
Language : English
ISBN-13 : 9781801818933
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 115.97
Mastering Kali Linux for Advanced Penetration Testing – Fourth Edition
€41.99
The Ultimate Kali Linux Book
€41.99
Cybersecurity – Attack and Defense Strategies, 3rd edition
€31.99
Total 115.97 Stars icon
Banner background image

Table of Contents

22 Chapters
Section 1: Getting Started with Penetration Testing Chevron down icon Chevron up icon
Chapter 1: Introduction to Ethical Hacking Chevron down icon Chevron up icon
Chapter 2: Building a Penetration Testing Lab Chevron down icon Chevron up icon
Chapter 3: Setting Up for Advanced Hacking Techniques Chevron down icon Chevron up icon
Section 2: Reconnaissance and Network Penetration Testing Chevron down icon Chevron up icon
Chapter 4: Reconnaissance and Footprinting Chevron down icon Chevron up icon
Chapter 5: Exploring Active Information Gathering Chevron down icon Chevron up icon
Chapter 6: Performing Vulnerability Assessments Chevron down icon Chevron up icon
Chapter 7: Understanding Network Penetration Testing Chevron down icon Chevron up icon
Chapter 8: Performing Network Penetration Testing Chevron down icon Chevron up icon
Section 3: Red Teaming Techniques Chevron down icon Chevron up icon
Chapter 9: Advanced Network Penetration Testing — Post Exploitation Chevron down icon Chevron up icon
Chapter 10: Working with Active Directory Attacks Chevron down icon Chevron up icon
Chapter 11: Advanced Active Directory Attacks Chevron down icon Chevron up icon
Chapter 12: Delving into Command and Control Tactics Chevron down icon Chevron up icon
Chapter 13: Advanced Wireless Penetration Testing Chevron down icon Chevron up icon
Section 4: Social Engineering and Web Application Attacks Chevron down icon Chevron up icon
Chapter 14: Performing Client-Side Attacks – Social Engineering Chevron down icon Chevron up icon
Chapter 15: Understanding Website Application Security Chevron down icon Chevron up icon
Chapter 16: Advanced Website Penetration Testing Chevron down icon Chevron up icon
Chapter 17: Best Practices for the Real World Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.1
(27 Ratings)
5 star 70.4%
4 star 0%
3 star 14.8%
2 star 0%
1 star 14.8%
Filter icon Filter
Top Reviews

Filter reviews by




Marek Zima Feb 13, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Feefo Verified review Feefo
Arwin Oct 18, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I am really happy with the book, and it was so cool that I didn't have to wait for days it. About book., I think it is a must have for everyone who wants to master the hacking skills.
Feefo Verified review Feefo
Elicio Hernández Aug 20, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excelente 👌
Amazon Verified review Amazon
Jim Brigham Oct 14, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
If it wasn't for Mudge none of this would've happened
Amazon Verified review Amazon
Ian Jangai Mar 21, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
If you want to get an introduction into cyber security this book is what you need for the different type of testing an labs to guide you through your first experience.Highly recommend.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela