Penetration Testing: A Survival Guide Front Cover

Penetration Testing: A Survival Guide

Description

A complete pentesting guide facilitating smooth backtracking for working hackers

About This Book

  • Conduct network testing, surveillance, pen testing and forensics on MS Windows using Kali Linux
  • Gain a deep understanding of the flaws in web applications and exploit them in a practical manner
  • Pentest Android apps and perform various attacks in the real world using real case studies

Who This Book Is For

This course is for anyone who wants to learn about security. Basic knowledge of Android programming would be a plus.

What You Will Learn

  • Exploit several common Windows network vulnerabilities
  • Recover lost files, investigate successful hacks, and discover hidden data in innocent-looking files
  • Expose vulnerabilities present in web servers and their applications using server-side attacks
  • Use SQL and cross-site scripting (XSS) attacks
  • Check for XSS flaws using the burp suite proxy
  • Acquaint yourself with the fundamental building blocks of Android Apps in the right way
  • Take a look at how your personal data can be stolen by malicious attackers
  • See how developers make mistakes that allow attackers to steal data from phones

In Detail

The need for penetration testers has grown well over what the IT industry ever anticipated. Running just a vulnerability scanner is no longer an effective method to determine whether a business is truly secure. This learning path will help you develop the most effective penetration testing skills to protect your Windows, web applications, and Android devices.

The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,you’ll be introduced to Kali’s top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. You’ll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.

The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, you’ll understand the web application vulnerabilities and the ways they can be exploited.

In the last module, you’ll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. You’ll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. You’ll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.

This Learning Path is a blend of content from the following Packt products:

  • Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo Weaver
  • Web Penetration Testing with Kali Linux, Second Edition by Juned Ahmed Ansari
  • Hacking Android by Srinivasa Rao Kotipalli and Mohammed A. Imran

Style and approach

This course uses easy-to-understand yet professional language for explaining concepts to test your network’s security.

Table of Contents

Part I. Module 1
Chapter 1. Sharpening the Saw
Chapter 2. Information Gathering and Vulnerability Assessment
Chapter 3. Exploitation Tools (Pwnage)
Chapter 4. Web Application Exploitation
Chapter 5. Sniffing and Spoofing
Chapter 6. Password Attacks
Chapter 7. Windows Privilege Escalation
Chapter 8. Maintaining Remote Access
Chapter 9. Reverse Engineering and Stress Testing
Chapter 10. Forensics

Part II. Module 2
Chapter 1. Introduction to Penetration Testing and Web Applications
Chapter 2. Setting up Your Lab with Kali Linux
Chapter 3. Reconnaissance and Profiling the Web Server
Chapter 4. Major Flaws in Web Applications
Chapter 5. Attacking the Server Using Injection-based Flaws
Chapter 6. Exploiting Clients Using XSS and CSRF Flaws
Chapter 7. Attacking SSL-based Websites
Chapter 8. Exploiting the Client Using Attack Frameworks
Chapter 9. AJAX and Web Services – Security Issues
Chapter 10. Fuzzing Web Applications

Part III. Module 3
Chapter 1. Setting Up the Lab
Chapter 2. Android Rooting
Chapter 3. Fundamental Building Blocks of Android Apps
Chapter 4. Overview of Attacking Android Apps
Chapter 5. Data Storage and Its Security
Chapter 6. Server-Side Attacks
Chapter 7. Client-Side Attacks – Static Analysis Techniques
Chapter 8. Client-Side Attacks – Dynamic Analysis Techniques
Chapter 9. Android Malware
Chapter 10. Attacks on Android Devices

To access the link, solve the captcha.