Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Mastering Kali Linux for Advanced Penetration Testing Secure your network with Kali Linux 2019.1 – the ultimate white hat hackers' toolkit

Product type Paperback

Published in Jan 2019

Publisher Packt

ISBN-13 9781789340563

Length 548 pages

Edition 3rd Edition

Tools

Kali Linux

Concepts

Penetration Testing

Authors (2):

Robert Beggs

Vijay Kumar Velu

View More author details

Table of Contents (16) Chapters

Preface

1. Goal-Based Penetration Testing FREE CHAPTER

2. Open Source Intelligence and Passive Reconnaissance

3. Active Reconnaissance of External and Internal Networks

4. Vulnerability Assessment

5. Advanced Social Engineering and Physical Security

6. Wireless Attacks

7. Exploiting Web-Based Applications

8. Client-Side Exploitation

9. Bypassing Security Controls

10. Exploitation

11. Action on the Objective and Lateral Movement

12. Privilege Escalation

13. Command and Control

14. Embedded Devices and RFID Hacking

15. Other Books You May Enjoy

Leave a review - let other readers know what you think

Compromising Kerberos – the golden-ticket attack

Another set of more sophisticated (and more recent) attacks is the abuse of Microsoft Kerberos vulnerabilities in an Active Directory environment. A successful attack leads to attackers compromising domain controllers and then escalating the privilege to the enterprise admin-and schema admin-level using the Kerberos implementation.

The following are typical steps when a user logs on with a username and password in a Kerberos-based environment:

User's password is converted into an NTLM hash with a timestamp and then it is sent over to the Key Distribution Center (KDC).
Domain controller checks the user information and creates a (Ticket-Granting Ticket (TGT).
This TGT can be accessed only by Kerberos service (KRBTGT).
The TGT is then passed on to the domain controller from the user to request a Ticket...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

Vijay Kumar Velu

Vijay Kumar Velu is a passionate information security practitioner, author, speaker, investor, and blogger. He has 16+ years of IT industry experience, is a licensed penetration tester and is specialized in providing technical solutions to diverse cyber problems, ranging from simple security configuration reviews to cyber threat intelligence. Vijay holds multiple security qualifications, including CEH, ECSA, and CHFI. He has authored a few books on penetration testing: Mastering Kali Linux for Advanced Penetration Testing – Second & Third Editions, and Mobile Application Penetration Testing. For the community, Vijay serves as the chair member of NCDRC, India. When not working, he enjoys playing music and doing charity work.

See other products by Vijay Kumar Velu

Robert Beggs

Robert Beggs is the founder and CEO of DigitalDefence, a Canadian-focused company that specializes in preventing and responding to information security incidents. Robert is a security practitioner with more than 15 years of experience. He has been responsible for the technical leadership and project management of more than 300 consulting engagements, including policy development and review, standards compliance, penetration testing of wired and wireless networks, third party security assessments, incident response and data forensics, and other consulting projects. Previously, he provided security services for a major Canadian financial institution and Netigy, a global network and security infrastructure firm based in San Jose.

See other products by Robert Beggs