Learning Kali Linux. 2nd Edition - Helion
ebook
Autor: Ric MessierISBN: 9781098154097
stron: 542, Format: ebook
Data wydania: 2024-08-13
Księgarnia: Helion
Cena książki: 186,15 zł (poprzednio: 216,45 zł)
Oszczędzasz: 14% (-30,30 zł)
With hundreds of tools preinstalled, the Kali Linux distribution makes it easier for security professionals to get started with security testing quickly. But with more than 600 tools in its arsenal, Kali Linux can also be overwhelming. The new edition of this practical book covers updates to the tools, including enhanced coverage of forensics and reverse engineering.
Author Ric Messier also goes beyond strict security testing by adding coverage on performing forensic analysis, including disk and memory forensics, as well as some basic malware analysis.
- Explore the breadth of tools available on Kali Linux
- Understand the value of security testing and examine the testing types available
- Learn the basics of penetration testing through the entire attack lifecycle
- Install Kali Linux on multiple systems, both physical and virtual
- Discover how to use different security-focused tools
- Structure a security test around Kali Linux tools
- Extend Kali tools to create advanced attack techniques
- Use Kali Linux to generate reports once testing is complete
Osoby które kupowały "Learning Kali Linux. 2nd Edition", wybierały także:
- Certified Information Security Manager Exam Prep Guide 230,00 zł, (29,90 zł -87%)
- Nmap Network Exploration and Security Auditing Cookbook 157,37 zł, (29,90 zł -81%)
- Malware Analysis Techniques 157,37 zł, (29,90 zł -81%)
- Cybersecurity Career Master Plan 142,38 zł, (29,90 zł -79%)
- API Testing and Development with Postman 142,38 zł, (29,90 zł -79%)
Spis treści
Learning Kali Linux. 2nd Edition eBook -- spis treści
- Preface
- What This Book Covers
- New in This Edition
- Who This Book Is For
- The Value and Importance of Ethics
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- 1. Foundations of Kali Linux
- Heritage of Linux
- About Linux
- Acquiring and Installing Kali Linux
- Virtual Machines
- Low-Cost Computing
- Windows Subsystem for Linux
- Desktops
- Xfce Desktop
- GNOME Desktop
- Logging In Through the Desktop Manager
- Cinnamon and MATE
- Using the Command Line
- File and Directory Management
- Process Management
- Other Utilities
- User Management
- Service Management
- Package Management
- Remote Access
- Log Management
- Summary
- Useful Resources
- 2. Network Security Testing Basics
- Security Testing
- Network Security Testing
- Monitoring
- Layers
- Stress Testing
- Denial-of-Service Tools
- Slowloris attack
- SSL-based stress testing
- DHCP attacks
- Using Scapy to build packets
- Encryption Testing
- Packet Captures
- Using tcpdump
- Berkeley Packet Filters
- Wireshark
- Poisoning Attacks
- ARP Spoofing
- DNS Spoofing
- Summary
- Useful Resources
- 3. Reconnaissance
- What Is Reconnaissance?
- Open Source Intelligence
- Google Hacking
- Automating Information Grabbing
- Recon-ng
- Maltego
- DNS Reconnaissance and whois
- DNS Reconnaissance
- Using nslookup and dig
- Automating DNS recon
- Regional Internet Registries
- Using whois
- DNS Reconnaissance
- Passive Reconnaissance
- Port Scanning
- TCP Scanning
- UDP Scanning
- Port Scanning with nmap
- High-Speed Scanning
- Service Scanning
- Manual Interaction
- Summary
- Useful Resources
- 4. Looking for Vulnerabilities
- Understanding Vulnerabilities
- Vulnerability Types
- Buffer Overflow
- Race Condition
- Input Validation
- Access Control
- Vulnerability Scanning
- Local Vulnerabilities
- Using lynis for Local Checks
- OpenVAS Local Scanning
- Root Kits
- Remote Vulnerabilities
- Quick Start with OpenVAS
- Creating a Scan
- OpenVAS Reports
- Network Device Vulnerabilities
- Auditing Devices
- Database Vulnerabilities
- Identifying New Vulnerabilities
- Summary
- Useful Resources
- 5. Automated Exploits
- What Is an Exploit?
- Cisco Attacks
- Management Protocols
- Other Devices
- Exploit Database
- Metasploit
- Starting with Metasploit
- Working with Metasploit Modules
- Importing Data
- Exploiting Systems
- Armitage
- Social Engineering
- Summary
- Useful Resources
- 6. Owning Metasploit
- Scanning for Targets
- Port Scanning
- SMB Scanning
- Vulnerability Scanning
- Exploiting Your Target
- Using Meterpreter
- Meterpreter Basics
- User Information
- Process Manipulation
- Privilege Escalation
- Pivoting to Other Networks
- Maintaining Access
- Cleaning Up
- Summary
- Useful Resources
- Scanning for Targets
- 7. Wireless Security Testing
- The Scope of Wireless
- 802.11
- Bluetooth
- Zigbee
- WiFi Attacks and Testing Tools
- 802.11 Terminology and Functioning
- Identifying Networks
- WPS Attacks
- Automating Multiple Tests
- Injection Attacks
- Password Cracking on WiFi
- besside-ng
- coWPAtty
- Aircrack-ng
- Fern
- Going Rogue
- Hosting an Access Point
- Phishing Users
- Wireless Honeypot
- Bluetooth Testing
- Scanning
- Service Identification
- Other Bluetooth Testing
- Home Automation Testing
- Summary
- Useful Resources
- The Scope of Wireless
- 8. Web Application Testing
- Web Architecture
- Firewall
- Load Balancer
- Web Server
- Application Server
- Database Server
- Cloud-Native Design
- Web-Based Attacks
- SQL Injection
- XML Entity Injection
- Command Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- Session Hijacking
- Using Proxies
- Burp Suite
- Zed Attack Proxy
- WebScarab
- Paros Proxy
- Automated Web Attacks
- Recon
- nikto
- wapiti
- dirbuster and gobuster
- Java-Based Application Servers
- SQL-Based Attacks
- Content Management System Testing
- Assorted Tasks
- Summary
- Useful Resources
- Web Architecture
- 9. Cracking Passwords
- Password Storage
- Security Account Manager
- PAM and Crypt
- Acquiring Passwords
- Offline Cracking
- John the Ripper
- Rainbow Tables
- ophcrack
- RainbowCrack project
- HashCat
- Online Cracking
- Hydra
- Patator
- Web-Based Cracking
- Summary
- Useful Resources
- Password Storage
- 10. Advanced Techniques and Concepts
- Programming Basics
- Compiled Languages
- Interpreted Languages
- Intermediate Languages
- Compiling and Building
- Programming Errors
- Buffer Overflows
- Heap Overflows
- Return to libc
- Writing Nmap Modules
- Extending Metasploit
- Maintaining Access and Cleanup
- Metasploit and Cleanup
- Maintaining Access
- Summary
- Useful Resources
- Programming Basics
- 11. Reverse Engineering and Program Analysis
- Memory Management
- Program and Process Structures
- Portable Executable
- Executable and Linkable Format
- Debugging
- Disassembly
- Java Decompilation
- Reverse Engineering
- Radare2
- Cutter
- Ghidra
- Summary
- Resources
- 12. Digital Forensics
- Disks, Filesystems, and Images
- Filesystems
- Acquiring Disk Images
- Introducing The Sleuth Kit
- Using Autopsy
- File Analysis
- File from Disk Images
- Recovering Deleted Files
- Data Searches
- Hidden Data
- PDF Analysis
- Steganography
- Memory Forensics
- Summary
- Resources
- Disks, Filesystems, and Images
- 13. Reporting
- Determining Threat Potential and Severity
- Writing Reports
- Audience
- Executive Summary
- Methodology
- Findings
- Managing Results
- Text Editors
- GUI-Based Editors
- Notes
- Cherry Tree
- Capturing Data
- Organizing Your Data
- Dradis Framework
- CaseFile
- Summary
- Useful Resources
- Index