Joshi Pranav - Penetration Testing with Kali Linux

www.bpbonline.com

FIRST EDITION 2021

Copyright BPB Publications, India

ISBN: 978-93-90684-793

All Rights Reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means or stored in a database or retrieval system, without the prior written permission of the publisher with the exception to the program listings which may be entered, stored and executed in a computer system, but they can not be reproduced by the means of publication, photocopy, recording, or by any electronic and mechanical means.

LIMITS OF LIABILITY AND DISCLAIMER OF WARRANTY

The information contained in this book is true to correct and the best of authors and publishers knowledge. The author has made every effort to ensure the accuracy of these publications, but publisher cannot be held responsible for any loss or damage arising from any information in this book.

All trademarks referred to in the book are acknowledged as properties of their respective owners but BPB Publications cannot guarantee the accuracy of this information.

www.bpbonline.com

Diana Kelley: Every business owner should know the answers to these critical questions, Are my online and mobile apps secure?, Is my company data at risk? and Can my customers buy my services safely?

If they know the answers, then, we must, by all means, thank the hard work of a penetration (or pen) tester.

The concept of pen testing sounds rather exotic or cool, especially to those who have never executed it before. In practice, pen testing can be a confusing and challenging endeavor. Tests are often run in the wee hours and if you do not notice anything amiss, that doesnt mean A job well done. Instead, it advises you to take a deeper look and try additional tools to ensure that you have covered all the regions of the app and done as deep a dive as possible! Besides, there are the eternal questions, How do we know weve checked all places? and How can we know the app is fully tested?

Therefore, the book youre about to read is such an important resource. Written by Deepyan Chanda and Pranav Joshi, the seasoned cybersecurity professionals who have completed hundreds of pen tests, led large internal testing teams, and learned many lessons the hard way. Deep and Pranav were inspired by their many experiences to write this book and serve as your advocates and guides to the penetration testing process. Based on years of real-world experiences and trial and error methods to determine what works and what does not, they have put up a practical framework-based approach using Kali Linux as the platform.

If you are new to pen testing, this book is all you need to get started. If youve been performing pen testing for a while, the framework and experiential wisdom will shine light on ways to improve your process and help cue into new approaches.

As Deepayan likes to say, Pen testing always tells the truth; it is a measure we use to validate if all our hard work in design and implementation has resulted in a robust and secure system or not. And this is your step-by-step guide for unearthing that truth.

Burgess Sam Cooper: Today, penetration testing is more relevant than ever before. The threat landscape is evolving fast(er) and the attacker is getting younger. Information security is also maturing as a field. In addition, it is no longer necessary to have the technical know-how in order to attack a target. The attacks can be bought as services in the dark net.

This leads to a situation wherein the only way to determine if your infrastructure and applications are secure is to test them before the attackers do.

Testing is sometimes likened to an art, which it is. However, it is possible to achieve consistent results if a process is followed. Deepayan and Pranav in this book have specified this process. The core strength of the book lies in the fact that it starts from the scratch. If you can download a file from the internet, you can start following the steps in this book.

Kali Linux as a platform is geared towards testing. The key advantage is that the tester does not have to spend time installing the basic tools. Kali has a ready-to-use environment which lets the tester start quickly.

Another strong point in the book is the emphasis on learning by doing. The book takes you from setting up your environment to creating a report after conducting a test. Clear reporting helps the receiver understand what the findings in a test mean and how to prioritize them and leads to a constructive conversation between the tester, application teams, developers and infrastructure maintainers.

So, grab your virtual machines and let Deepayan and Pranav take you on a journey of discovery!

Ajay Kumar: In todays digitally connected world, the organizations are at risk. The magnitude and prevalence of cybersecurity threats in our lives are increasing on a regular basis. While events in the media have by and large gained everybodys attention, the information security practitioners and defenders often have no or insufficient tools, skill sets, and experiences to understand the gravity of these sophisticated new attacks. Its evident that whenever the team rehearses before the actual game, they deliver with confidence and ease in the real game against the opponent. It judges your readiness before the real test. This scenario resonates very well in cyber security also where the information security team needs to test their defenses and expose the gaps and vulnerabilities before the real world attack happens. These simulated exercises not only help the information security team to be ready in an adverse situation, but also helps the business team to take informed decisions to fill the gap in the cyber security posture.

In this book, the authors, Deepayan Chanda and Pranav Joshi have explained in detail the relevance of penetration testing as one of the key simulation practices performed by the security professionals. This book explains in laymans terms the fundamentals of penetration testing using Kali Linux along with the methodology, hands-on exercises, sample reporting and recommendations. Kali Linux is one of the many tools that help the information security teams to fight adversaries.

Whether you are a student or cyber security professional, this book would give you the basic concepts of penetration testing, which are often used in simulation-based red teaming exercises. It really takes courage and dedication to formulate this sort of writing, which explains the end-to-end process and various phases of penetration testing in a remarkably simple manner.

I hope this book will spark your understanding and interest to deep dive into learning and share your knowledge with the larger cyber security community.