[Home] [Articles, Categories, Tags] [Books, Quotes]
Mastering Kali Linux for Advanced Penetration Testing
Pub Year:
Read: 2017-01-06
Last Update: 2017-01-06

Five Sentence Abstract:

The first part deals with identifying a target and then performing active and passive reconnaissance to lookup DNS records, conduct port scans, and utilize various open source intelligence techniques, among many other options. Next, vulnerability databases and tools, like Metasploit and Veil Evasion, that give easy access to potential access points to a system are covered alongside a lighter look at things like shellcode. Less technical attack vectors are explored when looking at social engineering attacks, like spoofing a website, that can be quickly created with tools like SET, the Social Engineers Toolkit. The ubiquitousness of wireless access demands its inclusion but is only touched upon as a general introduction to a potentially detailed topic. Lastly, web application vulnerabilities are tested with frameworks like Beef with some minor asides into some of the specific vulnerabilities - like SQL injection.


A good general introduction to what you can do with Kali, for the most part out of the box, but I'd have to say "Mastering" and "Advanced" is a bit of a stretch. Given the breadth of topics covered, each of which can be explored in books of their own, the information is, although sometimes dated, top-notch.

For example, something like nmap is covered only in the most basic how to use sense. Although intrusion detection systems are mentioned, and the noisiness of scans also mentioned, there is nothing that would be considered advanced. There is a small library of books written on nmap alone while it is only one of dozens of programs highlighted in this one.

Exceptional Excerpts:


// designates my notes.

designates important.

Chapter 1: Starting with Kali Linux

page 36:

Chapter 2: Identifying the Target – Passive Reconnaissance

page 45:
page 46:
page 47:
page 51:

page 54:
page 55:
page 56:

Chapter 3: Active Reconnaissance and Vulnerability Scanning

page 67:
page 68:
page 69:
page 74:
page 82:
page 85:
page 88:

Chapter 4: Exploit

page 94:
page 95:
page 106:
page 111:

Chapter 5: Post Exploit – Action on the Objective

page 123:
page 126:
page 127:
page 129:
page 130:
page 131:
page 138:
page 139:
page 140:

Chapter 6: Post Exploit – Persistence

Chapter 7: Physical Attacks and Social Engineering

page 187:
page 188:
page 194:

Chapter 8: wireless

page 205:
page 206:
page 208:
page 209:
page 210:
page 211:
page 212:
page 213:
page 214:
page 218:
page 220:
page 222:
page 223:
page 224:
page 226:

Chapter 9: Reconnaissance and Exploitation of Web-based Applications

page 232:
page 233:
page 234:
page 238:
page 240:

page 241:

page 242:
page 243:
page 244:
page 250:
page 252:
page 254:

Chapter 10: Exploiting Remote Access Communications

page 258:
page 259:
page 260:
page 261:
page 262:
page 267:
page 271:
page 274:
page 275:
page 278:
page 283:

Chapter 11: Client-side Exploitation

page 286:
page 289:
page 292:
page 299:


page 316:
page 325:

[About] [Contact]