To get the most out of this book
To practice the material presented in this book, you will need virtualization tools such as VMware or VirtualBox.
You will need to download and configure the Kali Linux operating system and its suite of tools. To ensure that it is up-to-date and that you have all of the tools, you will need access to an internet connection.
Sadly, not all of the tools on the Kali Linux system will be addressed since there are too many of them. The focus of this book is not to overwhelm you with all of the tools and options but to provide an approach for testing that will allow you to learn and incorporate new tools as their experiences and knowledge change over time.
Although most of the examples from this book focus on Microsoft Windows, the methodology and most of the tools are transferrable to other operating systems such as Linux and the other flavors of Unix.
Finally, this book applies Kali to complete the cyber kill chain against target systems. You will need a target operating system. Many of the examples in the book use Microsoft Windows 2016, Windows 10, Ubuntu 14.04, and Windows 2008 R2.
To make the best use of lab exercises, it is recommended that you disable Windows Defender on the vulnerable Windows servers by running PowerShell with administrative privilege and typing Set-MpPreference -DisableRealtimeMonitoring $true
Download the example code files
The code bundle for the book is hosted on GitHub at https://github.com/PacktPublishing/Mastering-Kali-Linux-for-Advanced-Penetration-Testing-4E. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801819770_ColorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in the text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. For example; “Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system.”
A block of code is set as follows:
<!DOCTYPE foo [ <!ENTITY Variable "hello" > ]><somexml><message>&Variable;</message></somexml>
Any command-line input or output is written as follows:
sudo weevely http://<target IP address><directory> <password>
Bold: Indicates a new term, an important word, or words you see on the screen, such as in menus or dialog boxes. For example: “An increasingly common protective device is the Web Application Firewall (WAF) and DNS Content Delivery Network (CDN).”
Warnings or important notes appear like this.
Tips and tricks appear like this.
