What this book covers

This book is divided into two parts. In Part 1, The Attacker's Kill Chain, we will follow the steps of a kill chain, analyzing each phase in detail. In Part 2, The Delivery Phase, we will focus on the delivery phase and some of the available methodologies to understand how attacks take place, and how this knowledge can be used to secure a network.

Chapter 1, Starting with Kali Linux, introduces the reader to the fundamentals of Kali Linux, and its optimal configuration to support penetration testing.

Chapter 2, Identifying the Target – Passive Reconnaissance, provides a background on how to gather information about a target using publicly available sources, and the tools that can simplify the reconnaissance and information management.

Chapter 3, Active Reconnaissance and Vulnerability Scanning, introduces the reader to stealthy approaches that can be used to gain information about the target, especially the information that identifies vulnerabilities, which could be exploited.

Chapter 4, Exploit, demonstrates the methodologies that can be used to find and execute exploits that allow a system to be compromised by an attacker.

Chapter 5, Post Exploit – Action on the Objective, describes how attackers can escalate their privileges to achieve their objective for compromising the system, including theft of data, altering data, launching additional attacks, or creating a denial of service.

Chapter 6, Post Exploit – Persistence, provides a background on how to configure a compromised system so that the attacker can return at will and continue post-exploit activities.

Chapter 7, Physical Attacks and Social Engineering, demonstrates why being able to physically access a system or interact with the humans who manage it provides the most successful route to exploitation.

Chapter 8, Exploiting Wireless Communications, demonstrates how to take advantage of common wireless connections to access data networks and isolated systems.

Chapter 9, Reconnaissance and Exploitation of Web-based Applications, provides a brief overview of one of the most complex delivery phases to secure: web-based applications that are exposed to the public Internet.

Chapter 10, Exploiting Remote Access Communications, provides an increasingly important route into systems as more and more organizations adopt distributed and work-from-home models that rely on remote access communications that are themselves vulnerable to attack.

Chapter 11, Client-side Exploitation, focuses on attacks against applications on the end-user's systems, which are frequently not protected to the same degree as the organization's primary network.

Appendix, Installing Kali Linux, provides an overview of how to install Kali Linux, and how to employ a whole-disk encryption to avoid an intercept of confidential testing data.