{"product_id":"kali-linux-penetration-testing-bible-isbn-9781119719083","title":"Kali Linux Penetration Testing Bible","description":"\u003cp\u003e\u003cb\u003eYour ultimate guide to pentesting with Kali Linux\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali’s varied library of tools to be effective at their work. \u003ci\u003eThe Kali Linux Penetration Testing Bible\u003c\/i\u003e is the hands-on and methodology guide for pentesting with Kali.\u003c\/p\u003e \u003cp\u003eYou’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eBuild a modern dockerized environment\u003c\/li\u003e \u003cli\u003eDiscover the fundamentals of the bash language in Linux\u003c\/li\u003e \u003cli\u003eUse a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)\u003c\/li\u003e \u003cli\u003eAnalyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation\u003c\/li\u003e \u003cli\u003eApply practical and efficient pentesting workflows\u003c\/li\u003e \u003cli\u003eLearn about Modern Web Application Security Secure SDLC\u003c\/li\u003e \u003cli\u003eAutomate your penetration testing with Python\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003eIntroduction xx\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Mastering the Terminal Window 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKali Linux File System 2\u003c\/p\u003e \u003cp\u003eTerminal Window Basic Commands 3\u003c\/p\u003e \u003cp\u003eTmux Terminal Window 6\u003c\/p\u003e \u003cp\u003eStarting Tmux 6\u003c\/p\u003e \u003cp\u003eTmux Key Bindings 7\u003c\/p\u003e \u003cp\u003eTmux Session Management 7\u003c\/p\u003e \u003cp\u003eNavigating Inside Tmux 9\u003c\/p\u003e \u003cp\u003eTmux Commands Reference 9\u003c\/p\u003e \u003cp\u003eManaging Users and Groups in Kali 10\u003c\/p\u003e \u003cp\u003eUsers Commands 10\u003c\/p\u003e \u003cp\u003eGroups Commands 14\u003c\/p\u003e \u003cp\u003eManaging Passwords in Kali 14\u003c\/p\u003e \u003cp\u003eFiles and Folders Management in Kali Linux 15\u003c\/p\u003e \u003cp\u003eDisplaying Files and Folders 15\u003c\/p\u003e \u003cp\u003ePermissions 16\u003c\/p\u003e \u003cp\u003eManipulating Files in Kali 19\u003c\/p\u003e \u003cp\u003eSearching for Files 20\u003c\/p\u003e \u003cp\u003eFiles Compression 21\u003c\/p\u003e \u003cp\u003eManipulating Directories in Kali 23\u003c\/p\u003e \u003cp\u003eMounting a Directory 23\u003c\/p\u003e \u003cp\u003eManaging Text Files in Kali Linux 24\u003c\/p\u003e \u003cp\u003eVim vs. Nano 26\u003c\/p\u003e \u003cp\u003eSearching and Filtering Text 27\u003c\/p\u003e \u003cp\u003eRemote Connections in Kali 29\u003c\/p\u003e \u003cp\u003eRemote Desktop Protocol 29\u003c\/p\u003e \u003cp\u003eSecure Shell 30\u003c\/p\u003e \u003cp\u003eSSH with Credentials 30\u003c\/p\u003e \u003cp\u003ePasswordless SSH 32\u003c\/p\u003e \u003cp\u003eKali Linux System Management 34\u003c\/p\u003e \u003cp\u003eLinux Host Information 36\u003c\/p\u003e \u003cp\u003eLinux OS Information 36\u003c\/p\u003e \u003cp\u003eLinux Hardware Information 36\u003c\/p\u003e \u003cp\u003eManaging Running Services 38\u003c\/p\u003e \u003cp\u003ePackage Management 39\u003c\/p\u003e \u003cp\u003eProcess Management 41\u003c\/p\u003e \u003cp\u003eNetworking in Kali Linux 42\u003c\/p\u003e \u003cp\u003eNetwork Interface 42\u003c\/p\u003e \u003cp\u003eIPv4 Private Address Ranges 42\u003c\/p\u003e \u003cp\u003eStatic IP Addressing 43\u003c\/p\u003e \u003cp\u003eDNS 45\u003c\/p\u003e \u003cp\u003eEstablished Connections 46\u003c\/p\u003e \u003cp\u003eFile Transfers 47\u003c\/p\u003e \u003cp\u003eSummary 48\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Bash Scripting 49\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasic Bash Scripting 50\u003c\/p\u003e \u003cp\u003ePrinting to the Screen in Bash 50\u003c\/p\u003e \u003cp\u003eVariables 52\u003c\/p\u003e \u003cp\u003eCommands Variable 54\u003c\/p\u003e \u003cp\u003eScript Parameters 54\u003c\/p\u003e \u003cp\u003eUser Input 56\u003c\/p\u003e \u003cp\u003eFunctions 56\u003c\/p\u003e \u003cp\u003eConditions and Loops 57\u003c\/p\u003e \u003cp\u003eConditions 58\u003c\/p\u003e \u003cp\u003eLoops 60\u003c\/p\u003e \u003cp\u003eFile Iteration 61\u003c\/p\u003e \u003cp\u003eSummary 63\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Network Hosts Scanning 65\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Networking 65\u003c\/p\u003e \u003cp\u003eNetworking Protocols 66\u003c\/p\u003e \u003cp\u003eTCP 66\u003c\/p\u003e \u003cp\u003eUDP 67\u003c\/p\u003e \u003cp\u003eOther Networking Protocols 67\u003c\/p\u003e \u003cp\u003eIP Addressing 69\u003c\/p\u003e \u003cp\u003eIPv4 69\u003c\/p\u003e \u003cp\u003eSubnets and CIDR 69\u003c\/p\u003e \u003cp\u003eIPv6 70\u003c\/p\u003e \u003cp\u003ePort Numbers 71\u003c\/p\u003e \u003cp\u003eNetwork Scanning 72\u003c\/p\u003e \u003cp\u003eIdentifying Live Hosts 72\u003c\/p\u003e \u003cp\u003ePing 73\u003c\/p\u003e \u003cp\u003eARP 73\u003c\/p\u003e \u003cp\u003eNmap 73\u003c\/p\u003e \u003cp\u003ePort Scanning and Services Enumeration 74\u003c\/p\u003e \u003cp\u003eTCP Port SYN Scan 75\u003c\/p\u003e \u003cp\u003eUDP 75\u003c\/p\u003e \u003cp\u003eBasics of Using Nmap Scans 76\u003c\/p\u003e \u003cp\u003eServices Enumeration 77\u003c\/p\u003e \u003cp\u003eOperating System Fingerprinting 79\u003c\/p\u003e \u003cp\u003eNmap Scripting Engine 80\u003c\/p\u003e \u003cp\u003eNSE Category Scan 82\u003c\/p\u003e \u003cp\u003eNSE Arguments 84\u003c\/p\u003e \u003cp\u003eDNS Enumeration 84\u003c\/p\u003e \u003cp\u003eDNS Brute-Force 85\u003c\/p\u003e \u003cp\u003eDNS Zone Transfer 86\u003c\/p\u003e \u003cp\u003eDNS Subdomains Tools 87\u003c\/p\u003e \u003cp\u003eFierce 87\u003c\/p\u003e \u003cp\u003eSummary 88\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Internet Information Gathering 89\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePassive Footprinting and Reconnaissance 90\u003c\/p\u003e \u003cp\u003eInternet Search Engines 90\u003c\/p\u003e \u003cp\u003eShodan 91\u003c\/p\u003e \u003cp\u003eGoogle Queries 92\u003c\/p\u003e \u003cp\u003eInformation Gathering Using Kali Linux 94\u003c\/p\u003e \u003cp\u003eWhois Database 95\u003c\/p\u003e \u003cp\u003eTheHarvester 97\u003c\/p\u003e \u003cp\u003eDMitry 99\u003c\/p\u003e \u003cp\u003eMaltego 99\u003c\/p\u003e \u003cp\u003eSummary 103\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Social Engineering Attacks 105\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSpear Phishing Attacks 105\u003c\/p\u003e \u003cp\u003eSending an E-mail 106\u003c\/p\u003e \u003cp\u003eThe Social Engineer Toolkit 106\u003c\/p\u003e \u003cp\u003eSending an E-mail Using Python 108\u003c\/p\u003e \u003cp\u003eStealing Credentials 109\u003c\/p\u003e \u003cp\u003ePayloads and Listeners 110\u003c\/p\u003e \u003cp\u003eBind Shell vs. Reverse Shell 111\u003c\/p\u003e \u003cp\u003eBind Shell 111\u003c\/p\u003e \u003cp\u003eReverse Shell 112\u003c\/p\u003e \u003cp\u003eReverse Shell Using SET 113\u003c\/p\u003e \u003cp\u003eSocial Engineering with the USB Rubber Ducky 115\u003c\/p\u003e \u003cp\u003eA Practical Reverse Shell Using USB Rubber Ducky and PowerShell 117\u003c\/p\u003e \u003cp\u003eGenerating a PowerShell Script 118\u003c\/p\u003e \u003cp\u003eStarting a Listener 118\u003c\/p\u003e \u003cp\u003eHosting the PowerShell Script 119\u003c\/p\u003e \u003cp\u003eRunning PowerShell 120\u003c\/p\u003e \u003cp\u003eDownload and Execute the PS Script 120\u003c\/p\u003e \u003cp\u003eReverse Shell 121\u003c\/p\u003e \u003cp\u003eReplicating the Attack Using the USB Rubber Ducky 122\u003c\/p\u003e \u003cp\u003eSummary 122\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Advanced Enumeration Phase 125\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTransfer Protocols 126\u003c\/p\u003e \u003cp\u003eFTP (Port 21) 126\u003c\/p\u003e \u003cp\u003eExploitation Scenarios for an FTP Server 126\u003c\/p\u003e \u003cp\u003eEnumeration Workflow 127\u003c\/p\u003e \u003cp\u003eService Scan 127\u003c\/p\u003e \u003cp\u003eAdvanced Scripting Scan with Nmap 128\u003c\/p\u003e \u003cp\u003eMore Brute-Forcing Techniques 129\u003c\/p\u003e \u003cp\u003eSSH (Port 22) 130\u003c\/p\u003e \u003cp\u003eExploitation Scenarios for an SSH Server 130\u003c\/p\u003e \u003cp\u003eAdvanced Scripting Scan with Nmap 131\u003c\/p\u003e \u003cp\u003eBrute-Forcing SSH with Hydra 132\u003c\/p\u003e \u003cp\u003eAdvanced Brute-Forcing Techniques 133\u003c\/p\u003e \u003cp\u003eTelnet (Port 23) 134\u003c\/p\u003e \u003cp\u003eExploitation Scenarios for Telnet Server 135\u003c\/p\u003e \u003cp\u003eEnumeration Workflow 135\u003c\/p\u003e \u003cp\u003eService Scan 135\u003c\/p\u003e \u003cp\u003eAdvanced Scripting Scan 136\u003c\/p\u003e \u003cp\u003eBrute-Forcing with Hydra 136\u003c\/p\u003e \u003cp\u003eE-mail Protocols 136\u003c\/p\u003e \u003cp\u003eSMTP (Port 25) 137\u003c\/p\u003e \u003cp\u003eNmap Basic Enumeration 137\u003c\/p\u003e \u003cp\u003eNmap Advanced Enumeration 137\u003c\/p\u003e \u003cp\u003eEnumerating Users 138\u003c\/p\u003e \u003cp\u003ePOP3 (Port 110) and IMAP4 (Port 143) 141\u003c\/p\u003e \u003cp\u003eBrute-Forcing POP3 E-mail Accounts 141\u003c\/p\u003e \u003cp\u003eDatabase Protocols 142\u003c\/p\u003e \u003cp\u003eMicrosoft SQL Server (Port 1433) 142\u003c\/p\u003e \u003cp\u003eOracle Database Server (Port 1521) 143\u003c\/p\u003e \u003cp\u003eMySQL (Port 3306) 143\u003c\/p\u003e \u003cp\u003eCI\/CD Protocols 143\u003c\/p\u003e \u003cp\u003eDocker (Port 2375) 144\u003c\/p\u003e \u003cp\u003eJenkins (Port 8080\/50000) 145\u003c\/p\u003e \u003cp\u003eBrute-Forcing a Web Portal Using Hydra 147\u003c\/p\u003e \u003cp\u003eStep 1: Enable a Proxy 148\u003c\/p\u003e \u003cp\u003eStep 2: Intercept the Form Request 149\u003c\/p\u003e \u003cp\u003eStep 3: Extracting Form Data and Brute-Forcing with Hydra 150\u003c\/p\u003e \u003cp\u003eWeb Protocols 80\/443 151\u003c\/p\u003e \u003cp\u003eGraphical Remoting Protocols 152\u003c\/p\u003e \u003cp\u003eRDP (Port 3389) 152\u003c\/p\u003e \u003cp\u003eRDP Brute-Force 152\u003c\/p\u003e \u003cp\u003eVNC (Port 5900) 153\u003c\/p\u003e \u003cp\u003eFile Sharing Protocols 154\u003c\/p\u003e \u003cp\u003eSMB (Port 445) 154\u003c\/p\u003e \u003cp\u003eBrute-Forcing SMB 156\u003c\/p\u003e \u003cp\u003eSNMP (Port UDP 161) 157\u003c\/p\u003e \u003cp\u003eSNMP Enumeration 157\u003c\/p\u003e \u003cp\u003eSummary 159\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Exploitation Phase 161\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eVulnerabilities Assessment 162\u003c\/p\u003e \u003cp\u003eVulnerability Assessment Workflow 162\u003c\/p\u003e \u003cp\u003eVulnerability Scanning with OpenVAS 164\u003c\/p\u003e \u003cp\u003eInstalling OpenVAS 164\u003c\/p\u003e \u003cp\u003eScanning with OpenVAS 165\u003c\/p\u003e \u003cp\u003eExploits Research 169\u003c\/p\u003e \u003cp\u003eSearchSploit 171\u003c\/p\u003e \u003cp\u003eServices Exploitation 173\u003c\/p\u003e \u003cp\u003eExploiting FTP Service 173\u003c\/p\u003e \u003cp\u003eFTP Login 173\u003c\/p\u003e \u003cp\u003eRemote Code Execution 174\u003c\/p\u003e \u003cp\u003eSpawning a Shell 177\u003c\/p\u003e \u003cp\u003eExploiting SSH Service 178\u003c\/p\u003e \u003cp\u003eSSH Login 178\u003c\/p\u003e \u003cp\u003eTelnet Service Exploitation 179\u003c\/p\u003e \u003cp\u003eTelnet Login 179\u003c\/p\u003e \u003cp\u003eSniffing for Cleartext Information 180\u003c\/p\u003e \u003cp\u003eE-mail Server Exploitation 183\u003c\/p\u003e \u003cp\u003eDocker Exploitation 185\u003c\/p\u003e \u003cp\u003eTesting the Docker Connection 185\u003c\/p\u003e \u003cp\u003eCreating a New Remote Kali Container 186\u003c\/p\u003e \u003cp\u003eGetting a Shell into the Kali Container 187\u003c\/p\u003e \u003cp\u003eDocker Host Exploitation 188\u003c\/p\u003e \u003cp\u003eExploiting Jenkins 190\u003c\/p\u003e \u003cp\u003eReverse Shells 193\u003c\/p\u003e \u003cp\u003eUsing Shells with Metasploit 194\u003c\/p\u003e \u003cp\u003eExploiting the SMB Protocol 196\u003c\/p\u003e \u003cp\u003eConnecting to SMB Shares 196\u003c\/p\u003e \u003cp\u003eSMB Eternal Blue Exploit 197\u003c\/p\u003e \u003cp\u003eSummary 198\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Web Application Vulnerabilities 199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWeb Application Vulnerabilities 200\u003c\/p\u003e \u003cp\u003eMutillidae Installation 200\u003c\/p\u003e \u003cp\u003eApache Web Server Installation 200\u003c\/p\u003e \u003cp\u003eFirewall Setup 201\u003c\/p\u003e \u003cp\u003eInstalling PHP 201\u003c\/p\u003e \u003cp\u003eDatabase Installation and Setup 201\u003c\/p\u003e \u003cp\u003eMutillidae Installation 202\u003c\/p\u003e \u003cp\u003eCross-Site Scripting 203\u003c\/p\u003e \u003cp\u003eReflected XSS 203\u003c\/p\u003e \u003cp\u003eStored XSS 204\u003c\/p\u003e \u003cp\u003eExploiting XSS Using the Header 205\u003c\/p\u003e \u003cp\u003eBypassing JavaScript Validation 207\u003c\/p\u003e \u003cp\u003eSQL Injection 208\u003c\/p\u003e \u003cp\u003eQuerying the Database 208\u003c\/p\u003e \u003cp\u003eBypassing the Login Page 211\u003c\/p\u003e \u003cp\u003eExecute Database Commands Using SQLi 211\u003c\/p\u003e \u003cp\u003eSQL Injection Automation with SQLMap 215\u003c\/p\u003e \u003cp\u003eTesting for SQL Injection 216\u003c\/p\u003e \u003cp\u003eCommand Injection 217\u003c\/p\u003e \u003cp\u003eFile Inclusion 217\u003c\/p\u003e \u003cp\u003eLocal File Inclusion 218\u003c\/p\u003e \u003cp\u003eRemote File Inclusion 219\u003c\/p\u003e \u003cp\u003eCross-Site Request Forgery 220\u003c\/p\u003e \u003cp\u003eThe Attacker Scenario 221\u003c\/p\u003e \u003cp\u003eThe Victim Scenario 222\u003c\/p\u003e \u003cp\u003eFile Upload 223\u003c\/p\u003e \u003cp\u003eSimple File Upload 223\u003c\/p\u003e \u003cp\u003eBypassing Validation 225\u003c\/p\u003e \u003cp\u003eEncoding 227\u003c\/p\u003e \u003cp\u003eOWASP Top 10 228\u003c\/p\u003e \u003cp\u003eSummary 229\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Web Penetration Testing and Secure Software Development Lifecycle 231\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWeb Enumeration and Exploitation 231\u003c\/p\u003e \u003cp\u003eBurp Suite Pro 232\u003c\/p\u003e \u003cp\u003eWeb Pentest Using Burp Suite 232\u003c\/p\u003e \u003cp\u003eMore Enumeration 245\u003c\/p\u003e \u003cp\u003eNmap 246\u003c\/p\u003e \u003cp\u003eCrawling 246\u003c\/p\u003e \u003cp\u003eVulnerability Assessment 247\u003c\/p\u003e \u003cp\u003eManual Web Penetration Testing Checklist 247\u003c\/p\u003e \u003cp\u003eCommon Checklist 248\u003c\/p\u003e \u003cp\u003eSpecial Pages Checklist 248\u003c\/p\u003e \u003cp\u003eSecure Software Development Lifecycle 250\u003c\/p\u003e \u003cp\u003eAnalysis\/Architecture Phase 251\u003c\/p\u003e \u003cp\u003eApplication Threat Modeling 251\u003c\/p\u003e \u003cp\u003eAssets 251\u003c\/p\u003e \u003cp\u003eEntry Points 252\u003c\/p\u003e \u003cp\u003eThird Parties 252\u003c\/p\u003e \u003cp\u003eTrust Levels 252\u003c\/p\u003e \u003cp\u003eData Flow Diagram 252\u003c\/p\u003e \u003cp\u003eDevelopment Phase 252\u003c\/p\u003e \u003cp\u003eTesting Phase 255\u003c\/p\u003e \u003cp\u003eProduction Environment (Final Deployment) 255\u003c\/p\u003e \u003cp\u003eSummary 255\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Linux Privilege Escalation 257\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Kernel Exploits and Missing Configurations 258\u003c\/p\u003e \u003cp\u003eKernel Exploits 258\u003c\/p\u003e \u003cp\u003eKernel Exploit: Dirty Cow 258\u003c\/p\u003e \u003cp\u003eSUID Exploitation 261\u003c\/p\u003e \u003cp\u003eOverriding the Passwd Users File 263\u003c\/p\u003e \u003cp\u003eCRON Jobs Privilege Escalation 264\u003c\/p\u003e \u003cp\u003eCRON Basics 265\u003c\/p\u003e \u003cp\u003eCrontab 265\u003c\/p\u003e \u003cp\u003eAnacrontab 266\u003c\/p\u003e \u003cp\u003eEnumerating and Exploiting CRON 266\u003c\/p\u003e \u003cp\u003esudoers 268\u003c\/p\u003e \u003cp\u003esudo Privilege Escalation 268\u003c\/p\u003e \u003cp\u003eExploiting the Find Command 268\u003c\/p\u003e \u003cp\u003eEditing the sudoers File 269\u003c\/p\u003e \u003cp\u003eExploiting Running Services 270\u003c\/p\u003e \u003cp\u003eAutomated Scripts 270\u003c\/p\u003e \u003cp\u003eSummary 271\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Windows Privilege Escalation 273\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWindows System Enumeration 273\u003c\/p\u003e \u003cp\u003eSystem Information 274\u003c\/p\u003e \u003cp\u003eWindows Architecture 275\u003c\/p\u003e \u003cp\u003eListing the Disk Drives 276\u003c\/p\u003e \u003cp\u003eInstalled Patches 276\u003c\/p\u003e \u003cp\u003eWho Am I? 276\u003c\/p\u003e \u003cp\u003eList Users and Groups 277\u003c\/p\u003e \u003cp\u003eNetworking Information 279\u003c\/p\u003e \u003cp\u003eShowing Weak Permissions 282\u003c\/p\u003e \u003cp\u003eListing Installed Programs 283\u003c\/p\u003e \u003cp\u003eListing Tasks and Processes 283\u003c\/p\u003e \u003cp\u003eFile Transfers 284\u003c\/p\u003e \u003cp\u003eWindows Host Destination 284\u003c\/p\u003e \u003cp\u003eLinux Host Destination 285\u003c\/p\u003e \u003cp\u003eWindows System Exploitation 286\u003c\/p\u003e \u003cp\u003eWindows Kernel Exploits 287\u003c\/p\u003e \u003cp\u003eGetting the OS Version 287\u003c\/p\u003e \u003cp\u003eFind a Matching Exploit 288\u003c\/p\u003e \u003cp\u003eExecuting the Payload and Getting a Root Shell 289\u003c\/p\u003e \u003cp\u003eThe Metasploit PrivEsc Magic 289\u003c\/p\u003e \u003cp\u003eExploiting Windows Applications 293\u003c\/p\u003e \u003cp\u003eRunning As in Windows 295\u003c\/p\u003e \u003cp\u003ePSExec Tool 296\u003c\/p\u003e \u003cp\u003eExploiting Services in Windows 297\u003c\/p\u003e \u003cp\u003eInteracting with Windows Services 297\u003c\/p\u003e \u003cp\u003eMisconfigured Service Permissions 297\u003c\/p\u003e \u003cp\u003eOverriding the Service Executable 299\u003c\/p\u003e \u003cp\u003eUnquoted Service Path 299\u003c\/p\u003e \u003cp\u003eWeak Registry Permissions 301\u003c\/p\u003e \u003cp\u003eExploiting the Scheduled Tasks 302\u003c\/p\u003e \u003cp\u003eWindows PrivEsc Automated Tools 302\u003c\/p\u003e \u003cp\u003ePowerUp 302\u003c\/p\u003e \u003cp\u003eWinPEAS 303\u003c\/p\u003e \u003cp\u003eSummary 304\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Pivoting and Lateral Movement 305\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDumping Windows Hashes 306\u003c\/p\u003e \u003cp\u003eWindows NTLM Hashes 306\u003c\/p\u003e \u003cp\u003eSAM File and Hash Dump 307\u003c\/p\u003e \u003cp\u003eUsing the Hash 308\u003c\/p\u003e \u003cp\u003eMimikatz 308\u003c\/p\u003e \u003cp\u003eDumping Active Directory Hashes 310\u003c\/p\u003e \u003cp\u003eReusing Passwords and Hashes 310\u003c\/p\u003e \u003cp\u003ePass the Hash 311\u003c\/p\u003e \u003cp\u003ePivoting with Port Redirection 312\u003c\/p\u003e \u003cp\u003ePort Forwarding Concepts 312\u003c\/p\u003e \u003cp\u003eSSH Tunneling and Local Port Forwarding 314\u003c\/p\u003e \u003cp\u003eRemote Port Forwarding Using SSH 315\u003c\/p\u003e \u003cp\u003eDynamic Port Forwarding 316\u003c\/p\u003e \u003cp\u003eDynamic Port Forwarding Using SSH 316\u003c\/p\u003e \u003cp\u003eSummary 317\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Cryptography and Hash Cracking 319\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Cryptography 319\u003c\/p\u003e \u003cp\u003eHashing Basics 320\u003c\/p\u003e \u003cp\u003eOne-Way Hash Function 320\u003c\/p\u003e \u003cp\u003eHashing Scenarios 321\u003c\/p\u003e \u003cp\u003eHashing Algorithms 321\u003c\/p\u003e \u003cp\u003eMessage Digest 5 321\u003c\/p\u003e \u003cp\u003eSecure Hash Algorithm 323\u003c\/p\u003e \u003cp\u003eHashing Passwords 323\u003c\/p\u003e \u003cp\u003eSecuring Passwords with Hash 324\u003c\/p\u003e \u003cp\u003eHash-Based Message Authenticated Code 325\u003c\/p\u003e \u003cp\u003eEncryption Basics 326\u003c\/p\u003e \u003cp\u003eSymmetric Encryption 326\u003c\/p\u003e \u003cp\u003eAdvanced Encryption Standard 326\u003c\/p\u003e \u003cp\u003eAsymmetric Encryption 328\u003c\/p\u003e \u003cp\u003eRivest Shamir Adleman 329\u003c\/p\u003e \u003cp\u003eCracking Secrets with Hashcat 331\u003c\/p\u003e \u003cp\u003eBenchmark Testing 332\u003c\/p\u003e \u003cp\u003eCracking Hashes in Action 334\u003c\/p\u003e \u003cp\u003eAttack Modes 336\u003c\/p\u003e \u003cp\u003eStraight Mode 336\u003c\/p\u003e \u003cp\u003eCombinator 337\u003c\/p\u003e \u003cp\u003eMask and Brute-Force Attacks 339\u003c\/p\u003e \u003cp\u003eBrute-Force Attack 342\u003c\/p\u003e \u003cp\u003eHybrid Attacks 342\u003c\/p\u003e \u003cp\u003eCracking Workflow 343\u003c\/p\u003e \u003cp\u003eSummary 344\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Reporting 345\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview of Reports in Penetration Testing 345\u003c\/p\u003e \u003cp\u003eScoring Severities 346\u003c\/p\u003e \u003cp\u003eCommon Vulnerability Scoring System Version 3.1 346\u003c\/p\u003e \u003cp\u003eReport Presentation 349\u003c\/p\u003e \u003cp\u003eCover Page 350\u003c\/p\u003e \u003cp\u003eHistory Logs 350\u003c\/p\u003e \u003cp\u003eReport Summary 350\u003c\/p\u003e \u003cp\u003eVulnerabilities Section 350\u003c\/p\u003e \u003cp\u003eSummary 351\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Assembly Language and Reverse Engineering 353\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCPU Registers 353\u003c\/p\u003e \u003cp\u003eGeneral CPU Registers 354\u003c\/p\u003e \u003cp\u003eIndex Registers 355\u003c\/p\u003e \u003cp\u003ePointer Registers 355\u003c\/p\u003e \u003cp\u003eSegment Registers 355\u003c\/p\u003e \u003cp\u003eFlag Registers 357\u003c\/p\u003e \u003cp\u003eAssembly Instructions 358\u003c\/p\u003e \u003cp\u003eLittle Endian 360\u003c\/p\u003e \u003cp\u003eData Types 360\u003c\/p\u003e \u003cp\u003eMemory Segments 361\u003c\/p\u003e \u003cp\u003eAddressing Modes 361\u003c\/p\u003e \u003cp\u003eReverse Engineering Example 361\u003c\/p\u003e \u003cp\u003eVisual Studio Code for C\/C++ 362\u003c\/p\u003e \u003cp\u003eImmunity Debugger for Reverse Engineering 363\u003c\/p\u003e \u003cp\u003eSummary 368\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Buffer\/Stack Overflow 369\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Stack Overflow 369\u003c\/p\u003e \u003cp\u003eStack Overview 370\u003c\/p\u003e \u003cp\u003ePUSH Instruction 370\u003c\/p\u003e \u003cp\u003ePOP Instruction 371\u003c\/p\u003e \u003cp\u003eC Program Example 371\u003c\/p\u003e \u003cp\u003eBuffer Analysis with Immunity Debugger 372\u003c\/p\u003e \u003cp\u003eStack Overflow 376\u003c\/p\u003e \u003cp\u003eStack Overflow Mechanism 377\u003c\/p\u003e \u003cp\u003eStack Overflow Exploitation 378\u003c\/p\u003e \u003cp\u003eLab Overview 379\u003c\/p\u003e \u003cp\u003eVulnerable Application 379\u003c\/p\u003e \u003cp\u003ePhase 1: Testing 379\u003c\/p\u003e \u003cp\u003eTesting the Happy Path 379\u003c\/p\u003e \u003cp\u003eTesting the Crash 381\u003c\/p\u003e \u003cp\u003ePhase 2: Buffer Size 382\u003c\/p\u003e \u003cp\u003ePattern Creation 382\u003c\/p\u003e \u003cp\u003eOffset Location 382\u003c\/p\u003e \u003cp\u003ePhase 3: Controlling EIP 383\u003c\/p\u003e \u003cp\u003eAdding the JMP Instruction 384\u003c\/p\u003e \u003cp\u003ePhase 4: Injecting the Payload and Getting a Remote Shell 386\u003c\/p\u003e \u003cp\u003ePayload Generation 386\u003c\/p\u003e \u003cp\u003eBad Characters 386\u003c\/p\u003e \u003cp\u003eShellcode Python Script 387\u003c\/p\u003e \u003cp\u003eSummary 388\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Programming with Python 389\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasics of Python 389\u003c\/p\u003e \u003cp\u003eRunning Python Scripts 390\u003c\/p\u003e \u003cp\u003eDebugging Python Scripts 391\u003c\/p\u003e \u003cp\u003eInstalling VS Code on Kali 391\u003c\/p\u003e \u003cp\u003ePracticing Python 392\u003c\/p\u003e \u003cp\u003ePython Basic Syntaxes 393\u003c\/p\u003e \u003cp\u003ePython Shebang 393\u003c\/p\u003e \u003cp\u003eComments in Python 393\u003c\/p\u003e \u003cp\u003eLine Indentation and Importing Modules 394\u003c\/p\u003e \u003cp\u003eInput and Output 394\u003c\/p\u003e \u003cp\u003ePrinting CLI Arguments 395\u003c\/p\u003e \u003cp\u003eVariables 395\u003c\/p\u003e \u003cp\u003eNumbers 395\u003c\/p\u003e \u003cp\u003eArithmetic Operators 397\u003c\/p\u003e \u003cp\u003eStrings 397\u003c\/p\u003e \u003cp\u003eString Formatting 397\u003c\/p\u003e \u003cp\u003eString Functions 398\u003c\/p\u003e \u003cp\u003eLists 399\u003c\/p\u003e \u003cp\u003eReading Values in a List 399\u003c\/p\u003e \u003cp\u003eUpdating List Items 399\u003c\/p\u003e \u003cp\u003eRemoving a list item 400\u003c\/p\u003e \u003cp\u003eTuples 400\u003c\/p\u003e \u003cp\u003eDictionary 400\u003c\/p\u003e \u003cp\u003eMore Techniques in Python 400\u003c\/p\u003e \u003cp\u003eFunctions 400\u003c\/p\u003e \u003cp\u003eReturning Values 401\u003c\/p\u003e \u003cp\u003eOptional Arguments 401\u003c\/p\u003e \u003cp\u003eGlobal Variables 402\u003c\/p\u003e \u003cp\u003eChanging Global Variables 402\u003c\/p\u003e \u003cp\u003eConditions 403\u003c\/p\u003e \u003cp\u003eif\/else Statement 403\u003c\/p\u003e \u003cp\u003eComparison Operators 403\u003c\/p\u003e \u003cp\u003eLoop Iterations 404\u003c\/p\u003e \u003cp\u003ewhile Loop 404\u003c\/p\u003e \u003cp\u003efor Loop 405\u003c\/p\u003e \u003cp\u003eManaging Files 406\u003c\/p\u003e \u003cp\u003eException Handling 407\u003c\/p\u003e \u003cp\u003eText Escape Characters 407\u003c\/p\u003e \u003cp\u003eCustom Objects in Python 408\u003c\/p\u003e \u003cp\u003eSummary 409\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18 Pentest Automation with Python 411\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePenetration Test Robot 411\u003c\/p\u003e \u003cp\u003eApplication Workflow 412\u003c\/p\u003e \u003cp\u003ePython Packages 414\u003c\/p\u003e \u003cp\u003eApplication Start 414\u003c\/p\u003e \u003cp\u003eInput Validation 415\u003c\/p\u003e \u003cp\u003eCode Refactoring 417\u003c\/p\u003e \u003cp\u003eScanning for Live Hosts 418\u003c\/p\u003e \u003cp\u003ePorts and Services Scanning 420\u003c\/p\u003e \u003cp\u003eAttacking Credentials and Saving the Results 423\u003c\/p\u003e \u003cp\u003eSummary 426\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A Kali Linux Desktop at a Glance 427\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDownloading and Running a VM of Kali Linux 428\u003c\/p\u003e \u003cp\u003eVirtual Machine First Boot 428\u003c\/p\u003e \u003cp\u003eKali Xfce Desktop 429\u003c\/p\u003e \u003cp\u003eKali Xfce Menu 430\u003c\/p\u003e \u003cp\u003eSearch Bar 430\u003c\/p\u003e \u003cp\u003eFavorites Menu Item 430\u003c\/p\u003e \u003cp\u003eUsual Applications 432\u003c\/p\u003e \u003cp\u003eOther Menu Items 433\u003c\/p\u003e \u003cp\u003eKali Xfce Settings Manager 433\u003c\/p\u003e \u003cp\u003eAdvanced Network Configuration 435\u003c\/p\u003e \u003cp\u003eAppearance 436\u003c\/p\u003e \u003cp\u003eDesktop 439\u003c\/p\u003e \u003cp\u003eDisplay 441\u003c\/p\u003e \u003cp\u003eFile Manager 442\u003c\/p\u003e \u003cp\u003eKeyboard 445\u003c\/p\u003e \u003cp\u003eMIME Type Editor 447\u003c\/p\u003e \u003cp\u003eMouse and Touchpad 448\u003c\/p\u003e \u003cp\u003ePanel 449\u003c\/p\u003e \u003cp\u003eWorkspaces 450\u003c\/p\u003e \u003cp\u003eWindow Manager 451\u003c\/p\u003e \u003cp\u003ePractical Example of Desktop Customization 454\u003c\/p\u003e \u003cp\u003eEdit the Top Panel 454\u003c\/p\u003e \u003cp\u003eAdding a New Bottom Panel 454\u003c\/p\u003e \u003cp\u003eChanging the Desktop Look 457\u003c\/p\u003e \u003cp\u003eInstalling Kali Linux from Scratch 458\u003c\/p\u003e \u003cp\u003eSummary 466\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B Building a Lab Environment Using Docker 467\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDocker Technology 468\u003c\/p\u003e \u003cp\u003eDocker Basics 468\u003c\/p\u003e \u003cp\u003eDocker Installation 468\u003c\/p\u003e \u003cp\u003eImages and Registries 469\u003c\/p\u003e \u003cp\u003eContainers 470\u003c\/p\u003e \u003cp\u003eDockerfile 472\u003c\/p\u003e \u003cp\u003eVolumes 472\u003c\/p\u003e \u003cp\u003eNetworking 473\u003c\/p\u003e \u003cp\u003eMutillidae Docker Container 474\u003c\/p\u003e \u003cp\u003eSummary 475\u003c\/p\u003e \u003cp\u003eIndex 477\u003c\/p\u003e \u003cp\u003e\u003cb\u003eGus Khawaja\u003c\/b\u003e is an expert in application security and penetration testing. He is a cybersecurity consultant in Montreal, Canada and has a depth of experience working with organizations to protect their assets from cyberattacks. He is a published author and online educator in the field of cybersecurity.\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eYour ultimate guide to pentesting with Kali Linux\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eKali is a popular and powerful Linux distribution used by cybersecurity professionals around the world. Penetration testers must master Kali’s varied library of tools to be effective at their work. The \u003ci\u003eKali Linux Penetration Testing Bible\u003c\/i\u003e is \u003ci\u003ethe\u003c\/i\u003e hands-on and methodology guide for pentesting with Kali.\u003c\/p\u003e\u003cp\u003eYou’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.\u003c\/p\u003e \u003cul\u003e\u003cb\u003e\u003cli\u003eBuild a modern dockerized environment\u003c\/li\u003e\n\u003cli\u003eDiscover the fundamentals of the bash language in Linux\u003c\/li\u003e\n\u003cli\u003eUse a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)\u003c\/li\u003e\n\u003cli\u003eAnalyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation\u003c\/li\u003e\n\u003cli\u003eApply practical and efficient pentesting workflows\u003c\/li\u003e\n\u003cli\u003eLearn about Modern Web Application Security Secure SDLC\u003c\/li\u003e\n\u003cli\u003eAutomate your penetration testing with Python\u003c\/li\u003e\u003c\/b\u003e\u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989495070949,"sku":"NP9781119719083","price":42.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119719083.jpg?v=1761784332","url":"https:\/\/k12savings.com\/products\/kali-linux-penetration-testing-bible-isbn-9781119719083","provider":"K12savings","version":"1.0","type":"link"}