39,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Kali Linux is the most popular and advanced penetration testing Linux distribution within the cybersecurity industry. Using Kali Linux, a cybersecurity professional will be able to discover and exploit various vulnerabilities and perform advanced penetration testing on both enterprise wired and wireless networks.
This book is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts. Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks. Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.
By the end of this Kali Linux book, you’ll have gained the skills to perform advanced penetration testing on enterprise networks using Kali Linux.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 668
Veröffentlichungsjahr: 2022
Ähnliche
The Ultimate Kali Linux Book
Second Edition
Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire
Glen D. Singh
BIRMINGHAM—MUMBAI
The Ultimate Kali Linux Book Second Edition
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Rahul Nair
Publishing Product Manager: Rahul Nair
Senior Editor: Athikho Sapuni Rishana
Content Development Editor: Sayali Pingale
Technical Editor: Rajat Sharma
Copy Editor: Safis Editing
Associate Project Manager: Neil Dmello
Proofreader: Safis Editing
Indexer: Subalakshmi Govindhan
Production Designer: Jyoti Chauhan
Marketing Co-Ordinator: Sanjana Gupta
First published: November 2019
Second edition: January 2022
Production reference: 1060122
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
978-1-80181-893-3
www.packt.com
I would like to dedicate this book to the people in our society who have always worked hard in their field of expertise and who have not been recognized for their hard work, commitment, sacrifices, and ideas, but who, most importantly, believed in themselves when no one else did. This book is for you. Always have faith in yourself. With commitment, hard work, and focus, anything can be possible. Never give up, because great things take time.
Contributors
About the author
Glen D. Singh is a cybersecurity instructor and an InfoSec author. His areas of expertise are cybersecurity operations, offensive security tactics, and enterprise networking. He is a holder of many certifications, including CEH, CHFI, PAWSP, and 3xCCNA (in CyberOps, Security, and Routing and Switching).
Glen loves teaching and mentoring others and sharing his wealth of knowledge and experience as an author. He has written many books that focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, implementing security solutions, and enterprise networking. As an aspiring game-changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.
I would like to thank God, the preserver of the universe, for all His divine grace and guidance. I would also like to thank Rahul Nair, Sayali Pingale, Rahul D'souza, Neil D'mello, and the wonderful team at Packt Publishing, who have provided amazing support throughout this journey. To the technical reviewer, Rishalin Pillay, thank you for your outstanding contribution to making this an amazing book.
About the reviewer
Rishalin Pillay has over 12 years of cybersecurity experience and has acquired a vast amount of skills consulting for Fortune 500 companies while taking part in projects, performing tasks in network security design, implementation, and vulnerability analysis. He holds many certifications that demonstrate his knowledge and expertise in the cybersecurity field from vendors such as ISC2, Cisco, Juniper, Check Point, Microsoft, and CompTIA. Rishalin currently works at a large software company as a senior cybersecurity engineer.
I would like to thank Glen for allowing me to review this book. To the publication team and the greater Packt team – thank you for giving me the opportunity to review this book. It is always a pleasure working with you.
To my wife, Rubleen, and my son, Kai, thank you for all the support. Without you, life would be really dull – I love you.
Table of Contents
Preface
Section 1: Getting Started with Penetration Testing
Chapter 1: Introduction to Ethical Hacking
Identifying threat actors and their intent
Understanding what matters to threat actors
Time
Resources
Financial factors
Hack value
Discovering cybersecurity terminologies
Exploring the need for penetration testing and its phases
Creating a penetration testing battle plan
Understanding penetration testing approaches
Types of penetration testing
Exploring hacking phases
Reconnaissance or information gathering
Scanning and enumeration
Gaining access
Maintaining access
Covering your tracks
Understanding the Cyber Kill Chain framework
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control (C2)
Actions on objectives
Summary
Further reading
Chapter 2: Building a Penetration Testing Lab
Technical requirements
Understanding the lab overview and its technologies
Setting up a hypervisor and virtually isolated networks
Part 1 – deploying the hypervisor
Part 2 – creating virtually isolated networks
Setting up and working with Kali Linux
Part 1 – setting up Kali Linux as a virtual machine
Part 2 – customizing the Kali Linux virtual machine and network adapters
Part 3 – getting started with Kali Linux
Part 4 – updating sources and packages
Deploying Metasploitable 2 as a target system
Part 1 – deploying Metasploitable 2
Part 2 – configuring networking settings
Implementing Metasploitable 3 using Vagrant
Part 1 – setting up the Windows version
Part 2 – setting up the Linux version
Setting up vulnerability web application systems
Part 1 – deploying OWASP Juice Shop
Part 2 – setting up OWASP Broken Web Applications
Summary
Further reading
Chapter 3: Setting Up for Advanced Hacking Techniques
Technical requirements
Building an AD red team lab
Part 1 – installing Windows Server 2019
Part 2 – installing Windows 10 Enterprise
Part 2 – setting up AD services
Part 3 – promoting to a DC
Part 4 – creating domain users and administrator accounts
Part 5 – disabling antimalware protection and the domain firewall
Part 6 – setting up for file sharing and service authentication attacks
Part 7 – joining clients to the AD domain
Part 8 – setting up for local account takeover and SMB attacks
Setting up a wireless penetration testing lab
Implementing a RADIUS server
Summary
Further reading
Section 2: Reconnaissance and Network Penetration Testing
Chapter 4: Reconnaissance and Footprinting
Technical requirements
Understanding the importance of reconnaissance
Footprinting
Understanding passive information gathering
Exploring open source intelligence
Using OSINT strategies to gather intelligence
Importance of a sock puppet
Anonymizing your traffic
Profiling a target organization's IT infrastructure
Gathering employees' data
Social media reconnaissance
Gathering a company's infrastructure data
Summary
Further reading
Chapter 5: Exploring Active Information Gathering
Technical requirements
Understanding active reconnaissance
Exploring Google hacking strategies
Exploring DNS reconnaissance
Performing DNS enumeration
Checking for DNS zone transfer misconfiguration
Automating OSINT
Enumerating subdomains
Working with DNSmap
Exploring Sublist3r
Profiling websites using EyeWitness
Exploring active scanning techniques
Spoofing MAC addresses
Discovering live systems on a network
Probing open service ports, services, and operating systems
Working with evasion techniques
Enumerating common network services
Scanning using Metasploit
Enumerating SMB
Enumerating SSH
Performing user enumeration through noisy authentication controls
Finding data leaks in the cloud
Summary
Further reading
Chapter 6: Performing Vulnerability Assessments
Technical requirements
Nessus and its policies
Setting up Nessus
Scanning with Nessus
Analyzing Nessus results
Exporting Nessus results
Vulnerability discovery using Nmap
Working with Greenbone Vulnerability Manager
Using web application scanners
WhatWeb
Nmap
Metasploit
Nikto
WPScan
Summary
Further reading
Chapter 7: Understanding Network Penetration Testing
Technical requirements
Introduction to network penetration testing
Working with bind and reverse shells
Remote shells using Netcat
Creating a bind shell
Creating a reverse shell
Antimalware evasion techniques
Using MSFvenon to encode payloads
Creating payloads using Shellter
Working with wireless adapters
Connecting a wireless adapter to Kali Linux
Connecting a wireless adapter with an RTL8812AU chipset
Managing and monitoring wireless modes
Configuring monitor mode manually
Using Aircrack-ng to enable monitor mode
Summary
Further reading
Chapter 8: Performing Network Penetration Testing
Technical requirements
Discovering live systems
Profiling a target system
Exploring password-based attacks
Exploiting Windows Remote Desktop Protocol
Creating wordlists using keywords
Crunching those wordlists
Identifying and exploiting vulnerable services
Exploiting a vulnerable service on a Linux system
Exploiting SMB in Microsoft Windows
Passing the hash
Gaining access by exploiting SSH
Exploiting Windows Remote Management
Exploiting ElasticSearch
Exploiting Simple Network Management Protocol
Understanding watering hole attacks
Further reading
Section 3: Red Teaming Techniques
Chapter 9: Advanced Network Penetration Testing — Post Exploitation
Technical requirements
Post-exploitation using Meterpreter
Core operations
User interface operations
File transfers
Privilege escalation
Token stealing and impersonation
Implementing persistence
Lateral movement and pivoting
Clearing tracks
Data encoding and exfiltration
Encoding executables using exe2hex
Data exfiltration using PacketWhisper
Understanding MITM and packet sniffing attacks
Performing MITM attacks using Ettercap
Summary
Further reading
Chapter 10: Working with Active Directory Attacks
Technical requirements
Understanding Active Directory
Enumerating Active Directory
Working with PowerView
Exploring Bloodhound
Leveraging network-based trust
Exploiting LLMNR and NetBIOS-NS
Exploiting trust between SMB and NTLMv2 within Active Directory
Summary
Further reading
Chapter 11: Advanced Active Directory Attacks
Technical requirements
Understanding Kerberos
Abusing trust on IPv6 with Active Directory
Part 1: Setting up for the attack
Part 2: Launching the attack
Part 3: Taking over the domain
Attacking Active Directory
Lateral movement with CrackMapExec
Vertical movement with Kerberos
Lateral movement with Mimikatz
Domain dominance and persistence
Golden ticket
Silver ticket
Skeleton key
Summary
Further reading
Chapter 12: Delving into Command and Control Tactics
Technical requirements
Understanding C2
Setting up C2 operations
Part 1 – setting up Empire
Part 2 – managing users
Post-exploitation using Empire
Part 1 – creating a listener
Part 2 – creating a stager
Part 3 – working with agents
Part 4 – creating a new agent
Part 5 – improving threat emulation
Part 6 – setting up persistence
Working with Starkiller
Part 1 – starting Starkiller
Part 2 – user management
Part 3 – working with modules
Part 4 – creating listeners
Part 5 – creating stagers
Part 6 – interacting with agents
Part 7 – credentials and reporting
Summary
Further reading
Chapter 13: Advanced Wireless Penetration Testing
Technical requirements
Introduction to wireless networking
SISO and MIMO
Wireless security standards
Performing wireless reconnaissance
Determining the associated clients for a specific network
Compromising WPA and WPA2 networks
Performing AP-less attacks
Exploiting enterprise wireless networks
Part 1 – setting up for the attack
Part 2 – choosing the target
Part 3 – starting the attack
Part 4 – retrieving user credentials
Creating a Wi-Fi honeypot
Discovering WPA3 attacks
Performing a downgrade and dictionary attack
Securing your wireless network
SSID management
MAC filtering
Power levels for antennas
Strong passwords
Securing enterprise wireless networks
Summary
Further reading
Section 4: Social Engineering and Web Application Attacks
Chapter 14: Performing Client-Side Attacks – Social Engineering
Technical requirements
Fundamentals of social engineering
Elements of social engineering
Types of social engineering
Human-based
Computer-based
Mobile-based
Social networking
Defending against social engineering
Planning for each type of social engineering attack
Exploring social engineering tools and techniques
Creating a phishing website
Creating infectious media
Summary
Further reading
Chapter 15: Understanding Website Application Security
Technical requirements
Understanding web applications
Fundamentals of HTTP
Exploring the OWASP Top 10: 2021
Getting started with FoxyProxy and Burp Suite
Part one – setting up FoxyProxy
Part two – setting up Burp Suite
Part three – getting familiar with Burp Suite
Understanding injection-based attacks
Performing a SQL injection attack
Exploring broken access control attacks
Exploring broken access control
Discovering cryptographic failures
Exploiting cryptographic failures
Understanding insecure design
Exploring security misconfiguration
Exploiting security misconfigurations
Summary
Further reading
Chapter 16: Advanced Website Penetration Testing
Technical requirements
Identifying vulnerable and outdated components
Discovering vulnerable components
Exploiting identification and authentication failures
Discovering authentication failures
Understanding software and data integrity failures
Understanding security logging and monitoring failures
Performing server-side request forgery
Automating SQL injection attacks
Part 1 – discovering databases
Part 2 – retrieving sensitive information
Understanding cross-site scripting
Part 1 – discovering reflected XSS
Part 2 – discovering stored XSS
Performing client-side attacks
Summary
Further reading
Chapter 17: Best Practices for the Real World
Technical requirements
Guidelines for penetration testers
Gaining written permission
Being ethical
Penetration testing contract
Rules of engagement
Penetration testing checklist
Information gathering
Network scanning
Enumeration
Gaining access
Covering tracks
Report writing
Creating a hacker's tool bag
Setting up remote access
Next steps ahead
Summary
Further reading
Why subscribe?
Other Books You May Enjoy
Preface
When breaking into the field of ethical hacking and penetration testing in the cybersecurity industry, you will often hear about the famous Linux distribution known as Kali Linux. Kali Linux is a penetration testing Linux distribution that is built to support the needs of cybersecurity professionals during each phase of a penetration test. As an information security author, cybersecurity trainer, and lecturer, I've heard from many persons within the industry and even from students about the importance of finding a book that guides the reader to thoroughly understand how to perform penetration testing using a step-by-step approach with Kali Linux. This was the motivation and inspiration behind creating the ultimate book that will be easy to understand for everyone and help all readers to become proficient experts using the latest tools and techniques upon completion.
Over the years, I've researched and created a lot of cybersecurity-related content, and one of the most important things about being an ethical hacker and a penetration tester is always staying up to date on knowing how to discover the latest security vulnerabilities. As a result, ethical hackers and penetration testers need to be equipped with the latest knowledge, skills, and tools to efficiently discover and exploit hidden security vulnerabilities on their targets' systems and networks. During the writing process of this book, I've used a student-centric and learner-friendly approach, helping you to easily understand the most complex topics, terminologies, and why there is a need to test for security flaws on a system and network.
This book begins by introducing you to understanding the mindset of a threat actor such as a hacker and comparing a hacker's mindset to that of penetration testers. It's important to understand how a threat actor thinks and what is most valuable to them. While penetration testers may have a similar mindset, their objective is to discover and help resolve the security vulnerabilities before a real cyber attack occurs on an organization. Furthermore, you will learn how to create a lab environment using virtualization technologies to reduce the cost of buying equipment. The lab environment will emulate a network with vulnerable systems and web application servers. Additionally, a fully patched Windows Active Directory lab is created to demonstrate the security vulnerabilities found within a Windows domain.
You will soon learn how to perform real-world intelligence gathering on organizations using popular tools and strategies for reconnaissance and information gathering. Learning ethical hacking and penetration testing would not be complete without learning how to perform a vulnerability assessment using industry-standard tools. Furthermore, you will spend some time learning how to perform exploitation on common security vulnerabilities. Following the exploitation phase, you will be exposed to post-exploitation techniques and learn how to set up Command and Control (C2) operations to maintain access on a compromised network.
New topics such as Active Directory enumeration and exploitation are included in this edition as many organizations have a Windows environment running Active Directory. You will learn how to abuse the trust of Active Directory and take over the Windows domain. New wireless attacks are included to help aspiring penetration testers gain the skills to test for security vulnerabilities on wireless networks, such as exploiting the WPA3 wireless security standard. Finally, the last section includes techniques for discovering and exploiting web applications and performing social engineering techniques and attacks.
By completing this book, you will be taken through an amazing journey from beginner to expert in terms of learning, understanding, and developing your skills in ethical hacking and penetration testing as an aspiring cybersecurity professional within the industry.
Who this book is for
This book is designed for students, trainers, lecturers, IT professionals, and those who simply have an interest in learning ethical hacking, penetration testing, and cybersecurity. This book can be used as a self-study guide and within classroom-based training on topics including discovering and exploiting vulnerabilities, ethical hacking techniques, and penetration testing strategies.
Whether you are new to the field of cybersecurity or a seasoned professional within the industry, this book has something for everyone and lots to learn while gaining the hands-on experience to get started as an ethical hacker and a penetration tester.
What this book covers
Chapter 1, Introduction to Ethical Hacking, introduces you to the concepts of ethical hacking and penetration testing techniques and strategies.
Chapter 2, Building a Penetration Testing Lab, focuses on guiding you on how to use virtualization technologies to create a personalized virtual lab environment to practice your skills in a safe environment.
Chapter 3, Setting Up for Advanced Hacking Techniques, focuses on guiding you on how to set up both a Windows Active Directory lab and an enterprise wireless environment to perform advanced penetration testing techniques.
Chapter 4, Reconnaissance and Footprinting, introduces you to the importance of reconnaissance and techniques used during penetration testing.
Chapter 5, Exploring Active Information Gathering, focuses on performing active information gathering on targets and profiling devices.
Chapter 6, Performing Vulnerability Assessments, focuses on guiding you on how to perform vulnerability discovery using popular automation vulnerability assessment tools.
Chapter 7, Understanding Network Penetration Testing, focuses on exploring the fundamentals of network penetration testing, antimalware evasion techniques, and working with wireless network adapters.
Chapter 8, Performing Network Penetration Testing, focuses on discovering and exploiting security vulnerabilities that are commonly found in the real world.
Chapter 9, Advanced Network Penetration Testing – Post Exploitation, introduces you to post-exploitation techniques and strategies.
Chapter 10, Working with Active Directory Attacks, focuses on exploiting the trust on Windows Active Directory Domain Services on a network.
Chapter 11, Advanced Active Directory Attacks, focuses on performing an advanced exploitation of Active Directory, performing both lateral and vertical movement and taking over the domain.
Chapter 12, Delving into Command and Control Tactics, introduces you to the importance of, and techniques for, establishing C2 during penetration testing.
Chapter 13, Advanced Wireless Penetration Testing, focuses on understanding wireless communication, vulnerabilities, and exploitation techniques.
Chapter 14, Performing Client-Side Attacks – Social Engineering, introduces you to how to use social engineering techniques to compromise the human mind during a cyber attack.
Chapter 15, Understanding Website Application Security, focuses on discovering the web application security risks that are described in the OWASP Top 10 2021 list of security vulnerabilities.
Chapter 16, Advanced Website Penetration Testing, focuses on performing web application security testing to discover and exploit security flaws.
Chapter 17,Best Practices for the Real World, provides guidelines for aspiring ethical hackers and penetration testers to ensure that, after completing this book, you have a wealth of valuable knowledge and can adapt to good practices within the industry.
To get the most out of this book
To get the most out of this book, it's recommended to have a solid foundation on networking, such as understanding common network and application protocols of the TCP/IP, IP addressing, routing and switching concepts, and the roles and function of networking devices and security appliances. Knowing virtualization technologies such as hypervisors and their components will be beneficial as most labs are built within a virtualized environment to reduce the need to purchase additional systems.
All labs and exercises are built on a system running Windows 10 Home as the host operating system, a multicore processor with virtualization enabled, 16 GB of RAM, and 300 GB of free storage for the virtual machines. A dedicated GPU will be needed to perform password cracking using a GPU-based tool and two wireless network adapters that support packet injection and operate at 2.4 and 5 GHz.
Oracle VM VirtualBox was the preferred choice when choosing a hypervisor as it provides better virtual networking capabilities as compared to other solutions. However, if you prefer to use another hypervisor product such as VMware, you are free to do so, but please keep in mind the fact that all labs within this book were completed and tested using Oracle VM VirtualBox.
Note
While the content and labs found within this book are based on Kali Linux 2021, the concepts and exercises are applicable to later versions of Kali Linux that will be released in the future.
After completing this book, equipped with your imagination and newfound skills, attempt to create additional lab scenarios and even extend your lab environment by adding additional virtual machines to improve your skillset. This will help you to continue learning and further develop your skills as an aspiring ethical hacker and penetration tester.
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801818933_ColorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in the text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To power off the OWASP BWA virtual machine, use the sudo halt command."
A block of code is set as follows:
C:\Users\Slayer> cd .vagrant.d\boxes
C:\Users\Slayer\.vagrant.d\boxes> vagrant init metasploitable3-win2k8
C:\Users\Slayer\.vagrant.d\boxes> vagrant up
Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click Exit to close the Microsoft Azure Active Directory Connect window once the configuration is completed."
Tips or Important Notes
Appear like this.
Disclaimer
The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Neither Packt Publishing nor the author of this book takes any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorization from the appropriate persons responsible.
Share Your Thoughts
Once you've read The Ultimate Kali Linux Book, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.
Download a free PDF copy of this book
Thanks for purchasing this book!
Do you like to read on the go but are unable to carry your print books everywhere?
Is your eBook purchase not compatible with the device of your choice?
Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.
Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.
The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily
Follow these simple steps to get the benefits:
Scan the QR code or visit the link belowhttps://packt.link/free-ebook/9781801818933
Submit your proof of purchaseThat’s it! We’ll send your free PDF and other benefits to your email directlySection 1: Getting Started with Penetration Testing
In this section, you will learn about the importance of understanding the need for penetration testing within cybersecurity while learning to build an effective penetration testing lab environment.
This part of the book comprises the following chapters:
Chapter 1, Introduction to Ethical HackingChapter 2, Building a Penetration Testing LabChapter 3, Setting Up for Advanced Hacking TechniquesChapter 1: Introduction to Ethical Hacking
Cybersecurity is one of the most rapidly growing fields within the information technology (IT) industry. Each day security professionals are discovering new and emerging threats at a rapid rate and organizations' assets are becoming compromised by threat actors. Due to these threats in the digital world, new professions are being created within many organizations for people who can help protect and safeguard their assets. This book is designed with the intent to provide you with the knowledge, wisdom, and skills that an aspiring penetration tester needs in order to be super awesome within the cybersecurity industry. A penetration tester is a cybersecurity professional who has the skills of a hacker; they are hired by an organization to perform simulations of real-world cyber-attacks on the organization's network infrastructure with the objective of discovering and exploiting security vulnerabilities. This allows the organization to determine any security weaknesses and implement security controls to prevent and mitigate a real cyber-attack.
Throughout the course of this book, you will learn how to use one of the most popular Linux distributions within the cybersecurity industry to simulate real-world cyber-attacks in penetration testing exercises to discover and exploit security weaknesses on systems and networks. The Kali Linux operating system has tons of pre-installed Linux packages/applications that are widely used within the cybersecurity industry, hence it's an arsenal filled with everything you will need. We'll be using a student-centric approach, filled with a lot of hands-on exercises starting from beginner level to intermediate, to more advanced topics and techniques, including red team engagements.
In this chapter, you will gain an in-depth understanding of the various characteristics of various threat actors, their intentions, and the motives behind their cyber-attacks against their targets. Next, you will learn about key factors that are important to threat actors, which determine the level of complexity to compromise a system in comparison to cybersecurity professionals such as ethical hackers and penetration testers who are hired to discover and exploit hidden security weaknesses within a target organization. Furthermore, you will also discover the need for penetration testing, its phases, and approaches used by seasoned professionals within the industry. Lastly, you will explore the Cyber Kill Chain framework, how cybersecurity professionals use it to prevent cyber-attacks, and how each stage can be aligned with penetration testing.
In this chapter, we will cover the following topics:
Identifying threat actors and their intentUnderstanding what matters to threat actorsDiscovering cybersecurity terminologiesExploring the need for penetration testing and its phasesUnderstanding penetration testing approachesExploring hacking phasesUnderstanding the Cyber Kill Chain frameworkI hope you're as excited as I am to begin this journey. Let's dive in!
Identifying threat actors and their intent
All around the world, there is a huge demand for cybersecurity professionals as many organizations are beginning to understand the need for skilled professionals to help them secure and safeguard their assets. One of the most valuable assets to any organization is data. Threat actors such as hackers are improving their game plan and hacking has become a business on the dark web. Threat actors use advanced and sophisticated attacks and threats to compromise their target's systems and networks, steal their data using various techniques of exfiltration to bypass threat detection, and sell the stolen data on the dark web.
Years ago, hackers would manually perform these tasks; however, these days they have created advanced threats such as ransomware, which is a crypto-malware designed to compromise vulnerable systems. Once a system is infected with ransomware, it will encrypt all the data within the local drives except the operating system. Additionally, ransomware has the capabilities of also compromising any cloud storage that is linked to the infected system. For example, imagine a user's system has Google Drive, Microsoft OneDrive, or even Dropbox and data is constantly synchronized. If the system is infected, the infection could also affect the data within the cloud storage. However, some cloud providers have built-in protection against these types of threats.
Ransomware encrypts the data and holds it hostage while presenting a payment window on the victim's desktop requesting payment to recover the data. During this time, the responsible threat actor is also exfiltrating your data and selling it on the dark web.
Important note
It is not recommended to pay the ransom as there is no guarantee or reassurance the threat actors will release the data. If the threat actors provide a decryption key, it may not be the right one. Furthermore, former Microsoft Detection and Response Team (DART) member Mr. Rishalin Pillay mentioned during his time at Microsoft that he has seen how attackers "may" give the decryption key to victims, however, they 110% implant additional malware to return later for more cash gains. Essentially, the target organization becomes a "cash cow" for the threat actors (attacking group).
So far, we've only encountered one type of threat actor, the hacker. However, there are other types of threat actors involved in cyber-attacks. You'll be surprised at the variety of people involved in hacking. Let's look at a list of the most popular threat actors in the industry:
Script kiddie – The script kiddie is a common type of threat actor who is not necessarily a young adult or kid. Rather, they are someone who does not understand the technical details of cybersecurity to perform a cyber-attack on their own. However, a script kiddie usually follows the instructions or tutorials of real hackers to perform their own attacks against a system or network. While you may think a script kiddie is harmless because the person does not have the required knowledge and skills, they can create an equal amount of damage as a real hacker by following the instructions of malicious hackers on the internet. These types of hackers may make use of tools that they have no knowledge of how they work, thus causing more damage.Hacktivist – Across the world, there are many social and political agendas in many nations, and there are many persons and groups who are either supportive or not supportive of their agendas. You will commonly find protesters who will organize rallies, marches, or even perform illegal activities such as the defacement of public property. There is a type of threat actor who uses their hacking skills to perform malicious activities in support of a political or social agenda. This person is commonly referred to as a hacktivist. While some hacktivists use their hacking skills for good reasons, keep in mind hacking is still an illegal act and the threat actor can face legal action. Insider – Many threat actors have realized it's more challenging to break into an organization through the internet and it's easier to do it from the inside on the target's internal network. Some threat actors will create a fake identity and curriculum vitae with the intention of applying for a job within their target organization and becoming an employee. Once this type of threat actor becomes an employee, the person will have access to the internal network and gain better insights into the network architecture and security vulnerabilities. Therefore, this type of threat actor can implement network implants on the network and create backdoors for remote access to critical systems. This type of threat actor is known as an insider. State-sponsored – While many nations will send their army of soldiers to fight a war, many battles are now fought within cyberspace. This is known as cyber warfare. Many nations have realized the need to create defenses to protect their citizens and national assets from hackers and other nations with malicious intents. Therefore, a nation's government will hire state-sponsored hackers who are responsible for protecting their country from cyber-attacks and threats. Some nations use this type of threat actor to gather intelligence on other countries and even compromise the systems that control the infrastructure of public utilities or other critical resources needed by a country. Organized crime – Around the world, we commonly read and hear about many crime syndicates and organized crime groups. Within the cybersecurity industry, there are also crime organizations made up of a group of people with the same goals in mind. Each person within the group is usually an expert or has a few special skillsets, such as one person may be responsible for performing extensive reconnaissance on the target, while another is responsible for developing an Advanced Persistent Threat (APT). Within this organized crime group, there is usually a person who is responsible for financially funding the group to provide the best available resources money can buy to ensure the attack is successful. The intention of this type of threat actor is usually big, such as stealing their target's data and selling it for financial gain. Black hat – The black hat hacker is a threat actor who uses their skills for malicious reasons. These hackers can be anyone and their reason for performing a hack against a system or network can be random. Sometimes they may hack to destroy their target's reputation, steal data, or even as a personal challenge to prove a point for fun. White hat – White hat hackers are the industry's good guys and girls. This type of hacker uses their skills to help organizations and people secure their networks and safeguard their assets from malicious hackers. Ethical hackers and penetration testers are examples of white hat hackers as these people use their skills to help others in a positive and ethical manner.Gray hat – The gray hat hacker is a person who metaphorically sits between the white hat and the black hat. This means the gray hat hacker has a hacking skillset and can be a good guy/girl during the day as a cybersecurity professional and a bad guy/girl at night using their skills for malicious intentions.With the continuous development of new technologies, the curious minds of many will always find a way to gain a deeper understanding of the underlying technologies of a system. This often leads to discovering security flaws in the design and eventually allows a person to exploit the vulnerability. Having completed this section, you have discovered the characteristics of various threat actors and their intentions for performing a cyber-attack. In the next section, we will take a deep dive into understanding what matters to a threat actor.
Understanding what matters to threat actors
The concept of hacking into another system or network will always seem very fascinating to many, while for others it's quite concerning knowing the level of security is not acceptable if a system can be compromised by a threat actor. Threat actors, ethical hackers, or even penetration testers need to plan and evaluate the time, resources, complexity, and the hack's value before performing a cyber-attack on a target's systems or networks.
Time
Understanding how much time it will take from starting to gather information about the target to meeting the objectives of the attack is important. Sometimes, a cyber-attack can take a threat actor anything from days to a few months of careful planning to ensure each phase is successful when executed in the proper order. Threat actors have to also account for the possibility that an attack or exploit might not work on the target and this creates a speed bump during the process, which increases the time taken to meet the goals of the hack. This concept can be applied to penetration testers as they need to determine how long it will take to complete a penetration test for a customer and present the report with the findings and security recommendations.
Resources
Without the right set of resources, it will be a challenge to complete a task. Threat actors need to have the right set of resources, which can be software- and hardware-based tools. While skilled and seasoned hackers can manually discover and exploit security weaknesses on a system, it can be a time-consuming process. However, using the right set of tools can help automate these tasks and improve the time taken to find security flaws and exploit them. Additionally, without the right set of skills, a threat actor may face some challenges in being successful in performing the cyber-attack. This can lead to gaining the support of additional persons with the skills needed to assist and contribute to achieving the objectives of the cyber-attack. Once again, this concept can be applied to security professionals such as penetration testers within the industry. Not everyone has the same skills and a team may be needed for a penetration test engagement for a customer.
Financial factors
Another important resource is financial factors. Sometimes a threat actor does not need any additional resources and can perform a successful cyber-attack and compromise their targets. However, there may be times when an additional software- or hardware-based tool is needed to ensure the attack is successful. Having a budget allows the threat actors to purchase the additional resources needed. Similarly, penetration testers are well-funded by their employers to ensure they have access to the best tools within the industry to excel at their jobs.
Hack value
Lastly, the hack value is simply the motivation or the reason for performing a cyber-attack against a target's systems and network. For a threat actor, it's the value of accomplishing the objectives and goals of compromising the system. Threat actors may not target an organization if they think it's not worth the time, effort, or resources to compromise its systems. Other threat actors may target the same organization with another motive.
Having completed this section, you have learned about some of the important factors that matter to threat actors prior to performing a cyber-attack on an organization. In the next section, you will discover various key terminologies that are commonly used within the cybersecurity industry.
Discovering cybersecurity terminologies
Throughout your journey in the exciting field of cybersecurity, you will be exposed to various jargon and terminologies that are commonly found in various literature, discussions, and learning resources. As an aspiring penetration tester, it's important you are aware of and understand various key terminologies and how they are related to penetration testing.
The following is a list of the most common terminologies within the cybersecurity industry:
Asset – Within the field of cybersecurity, we define an asset as anything that has value to an organization or person. Assets are systems within a network that can be interacted with and potentially expose the network or organization to weaknesses that could be exploited and give hackers a way to escalate their privileges from standard user access to administrator-/root-level access or gain remote access to the network. It is important to mention that assets are not and should not be limited to technical systems. Other forms of assets include humans, physical security controls, and even data that resides within the networks we aim to protect.Assets can be broken down into three categories:
Tangible: These are physical things such as networking devices, computer systems, and appliances. Intangible: These are things that are not in a physical form, such as intellectual property, business plans, data, and records. People: These are the employees who drive the business or organization. Humans are one of the most vulnerable assets in the field of cybersecurity. Additionally, organizations need to protect their customers' data from being stolen by threat actors.As cybersecurity professionals, it's important to be able to identify assets and the potential threats that may cause harm to them.
Threat – In the context of cybersecurity, a threat is anything that has the potential to cause harm to a system, network, or person. Whether you're on the offensive or defensive side in cybersecurity, it's important to be able to identify threats. Many organizations around the world face various types of threats each day and their cybersecurity team works around the clock to ensure the organization's assets are safeguarded from threat actors and threats. One of the most exciting, but also overwhelming, aspects of cybersecurity is professionals within the industry always need to stay one step ahead of threat actors to quickly find security weaknesses in systems, networks, and applications, and implement countermeasures to mitigate any potential threats against those assets.All organizations have assets that need to be kept safe; an organization's systems, networks, and assets always contain some sort of security weakness that can be taken advantage of by a hacker. Next, we'll dive into understanding what a vulnerability is.
Vulnerability – A vulnerability is a weakness or security flaw that exists within technical, physical, or human systems that hackers can exploit in order to gain unauthorized access or control over systems within a network. Common vulnerabilities that exist within organizations include human error (the greatest of vulnerabilities on a global scale), misconfiguration of devices, using weak user credentials, poor programming practices, unpatched operating systems and outdated applications on host systems, using default configurations on systems, and so on.A threat actor will look for the lowest-hanging fruits such as the vulnerabilities that are the easiest to be taken advantage of. The same concept applies to penetration testing. During an engagement, the penetration tester will use various techniques and tools to discover vulnerabilities and will attempt to exploit the easy ones before moving to the more complex security flaws on a target system.
Exploit – An exploit is the thing, tool, or code that is used to take advantage of a vulnerability on a system. For example, take a hammer, a piece of wood, and a nail. The vulnerability is the soft, permeable nature of wood, and the exploit is the act of hammering the nail into the wood. Once a vulnerability is found on a system, the threat actor or penetration tester will either develop or search for an exploit that is able to take advantage of the security weakness. It's important to understand that the exploit should be tested on a system to ensure it has the potential to be successful when launched by the threat actor. Sometimes, an exploit may work on a system and may not work on another. Hence, seasoned penetration testers will ensure their exploits are tested and graded on their rate of success per vulnerability. Risk – While it may seem like penetration testers are hired to simulate real-world cyber-attacks on a target organization, the goal of such engagements is much deeper than it seems. At the end of the penetration test, the cybersecurity professional will present all the vulnerabilities and possible solutions to help the organization mitigate and reduce the risk of a potential cyber-attack.What is risk? Risk is the potential impact that a vulnerability, threat, or asset presents to an organization calculated against all other vulnerabilities, threats, and assets. Evaluating risk helps to determine the likelihood of a specific issue causing a data breach that will cause harm to an organization's finances, reputation, or regulatory compliance. Reducing risk is critical for many organizations. There are many certifications, regulatory standards, and frameworks that are designed to help companies understand, identify, and reduce risks.
Zero-day – A zero-day attack is an exploit that is unknown to the world, including the vendor of the product, which means it is unpatched by the vendor. These attacks are commonly used in nation-state attacks, as well as by large criminal organizations. The discovery of a zero-day exploit can be very valuable to ethical hackers and penetration testers, and can earn them a bug bounty. These bounties are fees paid by vendors to security researchers that discover unknown vulnerabilities in their applications.Today, many organizations have established a bug bounty program, which allows interested persons who discover a vulnerability within a system of a vendor to report it. The person who reports the vulnerability, usually a zero-day flaw, is given a reward. However, there are hackers who intentionally attempt to exploit a system or network for some sort of personal gain; this is known as the hack value.
During this section, you have discovered various key terminologies that are commonly used within the cybersecurity industry. In the next section, you will explore the various phases of penetration testing.
Exploring the need for penetration testing and its phases
Each day, cybersecurity professionals are always in a race against time with threat actors in discovering vulnerabilities in systems and networks. Imagine that a threat actor is able to exploit a vulnerability on a system before a cybersecurity professional can find it and implement security controls to mitigate the threat. The threat actor would have compromised the system. This would leave the cybersecurity professional to perform incident response (IR) strategies and plans to recover the compromised system back to an acceptable working state.
Organizations are realizing the need to hire white hat hackers such as penetration testers who have the skills to simulate real-world cyber-attacks on the organization's systems and networks with the intent of discovering and exploiting hidden vulnerabilities. These techniques allow the penetration tester to perform the same types of attacks as a real hacker; the difference is the penetration tester is hired by the organization and has been granted legal permission to conduct such intrusive security testing.
Important note
Penetration testers usually have a strong understanding of computers, operating systems, networking, and programming, as well as how they work together. Most importantly, you need creativity. Creative thinking allows a person to think outside the box and go beyond the intended uses of technologies and find exciting new ways to implement them.
At the end of the penetration test, a report is presented to the organization's stakeholders detailing all the findings, such as vulnerabilities and how each weakness can be exploited. The report also contains recommendations on how to mitigate and prevent a possible cyber-attack on each vulnerability found. This allows the organization to understand what a hacker will discover if they are a target and how to implement countermeasures to reduce the risk of a cyber-attack. Some organizations will even perform a second penetration test after implementing the recommendations outlined in the penetration test report to determine whether all the vulnerabilities have been fixed and the risk has been reduced.
Creating a penetration testing battle plan
While penetration testing is interesting, we cannot attack a target without a battle plan. Planning ensures that the penetration testing follows a sequential order of steps to achieve the desired outcome, which is identifying and exploiting vulnerabilities. Each phase outlines and describes what is required before moving onto the next steps. This ensures that all details about the work and target are gathered efficiently and the penetration tester has a clear understanding of the task ahead.
The following are the different phases of penetration testing:
Figure 1.1 – Penetration testing phases
As shown in the preceding diagram, penetration testing usually consists of the pre-engagement, information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and report writing phases. Each of these phases will be covered in more detail in the following sections.
Pre-engagement
During the pre-engagement phase, key personnel are selected. These individuals are key to providing information, coordinating resources, and helping the penetration testers to understand the scope, breadth, and rules of engagement in the assessment.
This phase also covers legal requirements, which typically include a Non-Disclosure Agreement (NDA) and a Consulting Services Agreement (CSA). The following is a typical process overview of what is required prior to the actual penetration testing:
Figure 1.2 – Pre-engagement
An NDA is a legal agreement that specifies that a penetration tester and their employer will not share or hold onto any sensitive or proprietary information that is encountered during the assessment. Companies usually sign these agreements with cybersecurity companies who will, in turn, sign them with employees working on the project. In some cases, companies sign these agreements directly with the penetration testers from the company carrying out the project.
The scope of a penetration test, also known as the rules of engagement, defines the systems the penetration tester can and cannot hack. This ensures the penetration tester remains within legal boundaries. This is a mutual agreement between the client (organization) and the penetration tester and their employer. It also defines sensitive systems and their IP addresses as well as testing times and which systems require special testing windows. It's incredibly important for penetration testers to pay close attention to the scope of a penetration test and where they are testing in order to always stay within the testing constraints.
The following are some sample pre-engagement questions to help you define the scope of a penetration test:
What is the size/class of your external network? (Network penetration testing) What is the size/class of your internal network? (Network penetration testing) What is the purpose and goal of the penetration test? (Applicable to any form of penetration testing) How many pages does the web application have? (Web application penetration testing) How many user inputs or forms does the web application have?This is not an extensive list of pre-engagement questions, and all engagements should be given thorough thought to ensure that you ask all the important questions so you don't underscope or underprice the engagement.
Now that we've understood the legal limitation stages of penetration testing, let's move on to learn about the information gathering phase and its importance.
Information gathering
Penetration testing involves information gathering, which is vital to ensure that penetration testers have access to key information that will assist them in conducting their assessment. Seasoned professionals normally spend a day or two conducting extensive reconnaissance on their target. The more knowledge that is known about the target will help the penetration tester to identify the attack surface such as points of entry in the target's systems and networks. Additionally, this phase also helps the penetration tester to identify the employees, infrastructure, geolocation for physical access, network details, servers, and other valuable information about the target organization.
Understanding the target is very important before any sort of attack as a penetration tester, as it helps in creating a profile of the potential target. Recovering user credentials/login accounts in this phase, for instance, will be vital to later phases of penetration testing as it will help us gain access to vulnerable systems and networks. Next, we will discuss the essentials of threat modeling.
Threat modeling
Threat modeling is a process used to assist penetration testers and network security defenders to better understand the threats that inspired the assessment or the threats that the application or network is most prone to. This data is then used to help penetration testers simulate, assess, and address the most common threats that the organization, network, or application faces.
The following are some threat modeling frameworks:
Spoofing, Tampering, Repudiation, Information disclosure, Denial of server and Elevation of privilege (STRIDE)Process for Attack Simulation and Threat Analysis (PASTA)Having understood the threats an organization faces, the next step is to perform a vulnerability assessment on the assets to further determine the risk rating and severity.
Vulnerability analysis
Vulnerability analysis typically involves the assessors or penetration testers running vulnerability or network/port scans to better understand which services are on the network or the applications running on a system and whether there are any vulnerabilities in any systems included in the scope of the assessment. This process often includes manual vulnerability discovery and testing, which is often the most accurate form of vulnerability analysis or vulnerability assessment.
There are many tools, both free and paid, to assist us in quickly identifying vulnerabilities on a target system or network. After discovering the security weaknesses, the next phase is to attempt exploitation.
Exploitation
Exploitation is the most commonly ignored or overlooked part of penetration testing, and the reality is that clients and executives don't care about vulnerabilities unless they understand why they matter to them. Exploitation is the ammunition or evidence that helps articulate why the vulnerability matters and illustrates the impact that the vulnerability could have on the organization. Furthermore, without exploitation, the assessment is not a penetration test and is nothing more than a vulnerability assessment, which most companies can conduct in-house better than a third-party consultant could.
To put it simply, during the information gathering phase, a penetration tester will profile the target and identify any vulnerabilities. Next, using the information about the vulnerabilities, the penetration tester will do their research and create specific exploits that will take advantage of the vulnerabilities of the target—this is exploitation. We use exploits (malicious code) to leverage a vulnerability (weakness) in a system, which will allow us to execute arbitrary code and commands on the target.
Often, after successfully exploiting a target system or network, we may think the task is done—but it isn't just yet. There are tasks and objectives to complete after breaking into the system. This is the post-exploitation phase in penetration testing.
Post-exploitation
Exploitation is the process of gaining access to systems that may contain sensitive information. The process of post-exploitation is the continuation of this step, where the foothold gained is leveraged to access data or spread to other systems via lateral movement techniques within the target network. During post-exploitation, the primary goal is typically to demonstrate the impact that the vulnerability and access gained can pose to the organization. This impact assists in helping executive leadership to better understand the vulnerabilities and the damage it could cause to the organization if a real cyber-attack was to occur.
Report writing
Report writing is exactly as it sounds and is one of the most important elements of any penetration test. Penetration testing may be the service, but report writing is the deliverable that the client sees and is the only tangible element given to the client at the end of the assessment. Reports should be given as much attention and care as the testing.
Report writing involves much more than listing a few vulnerabilities discovered during the assessment. It is the medium through which you convey risk and business impact, summarize your findings, and include remediation steps. A good penetration tester needs to be a good report writer, or the issues they find will be lost and may never be understood by the client who hired them to conduct the assessment.
Having completed this section, you are now able to describe each phase of a penetration test and have gained a better idea of the expectations of penetration testers in the industry. Next, we will dive into understanding various penetration testing approaches.
Understanding penetration testing approaches
A white box assessment is typical of web application testing but can extend to any form of penetration testing. The key difference between white, black, and gray box testing is the amount of information provided to the penetration testers prior to the engagement. In a white box assessment, the penetration tester will be provided with full information about the application and its technologies, and will usually be given credentials with varying degrees of access to quickly and thoroughly identify vulnerabilities in the applications, systems, or networks. Not all security testing is done using the white box approach; sometimes, only the target company's name is provided to the penetration tester.
Black box assessments are the most common form of network penetration assessment and are most typical among external network penetration tests and social engineering penetration tests. In a black box assessment, the penetration testers are given very little or no information about the target networks or systems they are testing. This particular form of testing is efficient when trying to determine what a real hacker will discover and their strategies to gain unauthorized access to the organization's network and compromise their systems.
Gray box assessments are a hybrid of white and black box testing and are typically used to provide a realistic testing scenario while also giving penetration testers enough information to reduce the time needed to conduct reconnaissance and other black box testing activities. In addition, it's important in any assessment to ensure you are testing all in-scope systems. In a true black box, it's possible to miss systems, and as a result, they are left out of the assessment.
Each penetration test approach is different from the others, and it's vital that you know about all of them. Imagine a potential client calling to request a black box test on their external network; as a penetration tester, we must be familiar with the terms and what is expected.
Types of penetration testing
As an aspiring penetration tester, it's important to understand the difference between a vulnerability assessment and penetration testing. In a vulnerability assessment, the cybersecurity professional uses a vulnerability scanner, which is used to help assess the security posture of the systems within the organization. These vulnerability scanners use various techniques to automate the process of discovering a wide range of security weaknesses on systems.
The downside of vulnerability scanning is its incapability to identify the issues that manual testing can, and this is the reason that an organization hires penetration testers to conduct these assessments. Within the industry, organizations may hire a cybersecurity professional to perform penetration testing on their infrastructure. However, if the cybersecurity professional delivers scans instead of manual testing, this is a form of fraud and is, in my opinion, highly unethical. If you can't cut it in penetration testing, then practice, practice, and practice some more. You will learn legal ways to improve your tradecraft later in this book.
Web application penetration testing
Web application penetration testing, hereafter referred to as WAPT, is the most common form of penetration testing and is likely to be the first penetration testing job most people reading this book will be involved in. WAPT is the act of conducting manual hacking or penetration testing against a web application to test for vulnerabilities that typical vulnerability scanners won't find. Too often, penetration testers submit web application vulnerability scans instead of manually finding and verifying issues within web applications.
Mobile application penetration testing
Mobile application penetration testing is similar to WAPT but is specific to mobile applications that contain their own attack vectors and threats. This is a rising form of penetration testing with a great deal of opportunity for those who are looking to break into penetration testing and have an understanding of mobile application development. As you may have noticed, the different types of penetration testing each have specific objectives.
Social engineering penetration testing
Social engineering penetration testing, in my opinion, is the most adrenaline-filled type of testing. Social engineering is the art of manipulating basic human psychology to find human vulnerabilities and get people to do things they may not otherwise do. During this form of penetration testing, you may be asked to do activities such as sending phishing emails, make vishing phone calls, or talk your way into secure facilities to determine what an attacker targeting their personnel could achieve. There are many types of social engineering attacks, which will be covered later on in this book.
Network penetration testing (external and internal)
Network penetration testing focuses on identifying security weaknesses in a targeted environment. The penetration test objectives are to identify the flaws in the target organization's systems, their networks (wired and wireless), and their networking devices such as switches and routers.
The following are some tasks that are performed using network penetration testing:
Bypassing an Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) Bypassing firewall appliances Password cracking Gaining access to end devices and servers Exploiting misconfigurations on switches and routersNow that you have a better idea of the objectives of network penetration testing, let's take a look at the purpose of cloud penetration testing.
Cloud penetration testing
Cloud penetration testing involves performing security assessments and penetration testing on risks to cloud platforms to discover any vulnerabilities that may expose confidential information to malicious users. Before attempting to directly engage a cloud platform, ensure you have legal permission from the cloud provider. For example, if you are going to perform penetration testing on the Microsoft Azure platform, you'll need legal permission from Microsoft as your actions may affect other users and services who are sharing the data center.
Physical penetration testing
Physical penetration testing focuses on testing the physical security access control systems in place to protect an organization's data. Security controls exist within offices and data centers to prevent unauthorized persons from entering secure areas of a company.
Physical security controls include the following:
Security cameras and sensors: Security cameras are used to monitor physical actions within an area. Biometric authentication systems: Biometrics are used to ensure that only authorized people are granted access to an area. Doors and locks: Locking systems are used to prevent unauthorized persons from entering a room or area. Security guards: Security guards are people who are assigned to protect something, someone, or an area.Having completed this section, you are now able to describe the various types of penetration testing. Your journey ahead won't be complete without understanding the phases of hacking. The different phases of hacking will be covered in the next section.
Exploring hacking phases
Since penetration testers are the white hats, the good guys and girls within the industry, it's important to understand the phases of hacking as it's also associated with penetration testing. During any penetration test training, you will encounter the five phases of hacking. These phases are as follows:
