Mohammed A. Imran
Preface
Attacks on networks are increasing, and these days, it is not so much whether your network will be breached, but when. The stakes are high, and you have to think like an attacker to know what really needs protection in your network. We are dedicated to your success in protecting your network and the data that your organization runs on. The stakeholders include your customers, whose personal data can be exploited. There is no peace of mind in hoping and praying your network is secure, and hope is not a strategy. As a working hacker, you need the most compact and complete toolset for the largest proportion of conditions.
Welcome to the fascinating world of penetration testing where this course will help you prepare for and conduct network testing, surveillance, infiltration, penetration tests, advanced persistent threat detection, and forensics on the most commonly hacked systems on the planet Microsoft Windows, Web Applications, and Android.
Kali Linux is a Linux distribution widely used by security professionals. It comes bundled with many tools to effectively perform a security assessment. It has tools categorized based on the different phases of a penetration test such as information gathering, vulnerability analysis, and exploitation phase to name a few. The latest version, Kali 2.0, was released at Black Hat USA 2015. Besides tools used in a network penetration test, Kali Linux also includes tools to perform web application security and database assessment.
Web applications being an integral part of any network, they need special attention when performing a security assessment. Web penetration testing with Kali Linux is designed to be a guide for network penetration testers who want to explore web application hacking. Our goal is to gain an understanding about the different security flaws that exist in web application and then use selected tools from Kali Linux to identify the vulnerabilities and exploit them.
Mobile security is another hottest topic today. Android being the leading mobile operating system in the market, it has a huge user base, and lots of personal as well as business data is being stored on Android mobile devices. Mobile devices are now sources of entertainment, business, personal life, and new risks. Attacks targeting mobile devices and apps are on the rise. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. This course will also provide insights into various attack techniques in order to help developers and penetration testers as well as end users understand Android security fundamentals.
What this learning path covers
, Kali Linux 2: Windows Penetration Testing , starts by covering several ways to setting up Kali to perform different task before you find your way around your target network and determine known vulnerabilities to be able to exploit a Windows system remotely. You will then learn few techniques such as network sniffing, IP spoofing, and password attacks. You will also learn to get administrative privileges on a Windows server or workstation and then learn some devious ways of maintaining access and control of a Windows machine after you have gained access through the techniques you learned. Later on you will get familiar with other tools and techniques that Kali provides such as reverse engineering and stress testing. Finally, you will learn how forensic research is required to help you understand how one of your Windows devices was compromised.
, Web Penetration Testing withKali Linux, Second Edition , covers different testing methodologies and rules that security professionals follow when performing an assessment of a web application. You will learn to gather information using different tools that Kali provides such as the OS, application version, and additional information that help us in the later stages of the penetration test. You will then learn the different security flaws that affect web applications at various levels before gain a deep understanding of the command injection flaw and exploit it using Metasploit. Later on you will exploit clients using XSS and CSRF flaws, Social Engineering Toolkit (SET), and Browser exploitation framework (BeEF). Security issues affecting AJAX applications and web services is also covered before you finally learn the different ways in which fuzzing can identify flaws in web applications.
, Hacking Android , starts by building an arsenal of tools required for Android security at one place. You will be introduced to the basics of Android rooting before understanding how apps are being built, installed, and run. You will then understand the possible attacks your Android apps, devices, and other components in the application architecture might face. You will also look at Data storage, one of the most important elements of Android app development, and learn how to secure it. Later on it provides an overview of various server-side attacks, and also client-side attacks using both static and dynamic application testing. You will also learn the fundamental techniques typically used in creating and analyzing Android malware and will be creating one too. Finally, you will learn to secure yourself from attackers while performing everyday operations and also understand why it is dangerous to root Android devices and install unknown applications.
What you need for this learning path
For the first module you would require:
- An Internet-connected computer/laptop for your Kali attack platform.
- A workstation with a minimum of 8 GB of RAM. An Ubuntu or Debian base OS is recommended.