Confiure the most effective Kali Linux tools to test infrastructure security Employ stealth to avoid detection in the infrastructure being tested Recognize when stealth attacks are being used against your infrastructure Exploit networks and data systems using wired and wireless networks as well as web services Identify and download valuable data from target systems Maintain access to compromised systems Use social engineering to compromise the weakest part of the network - the end users This book takes you, as a tester or security practitioner, through the reconnaissance, vulnerability assessment, exploitation, privilege escalation, and post-exploitation activities used by pentesters. To start with, you'll use a laboratory environment to validate tools and techniques, along with an application that supports a collaborative approach for pentesting. You'll then progress to passive reconnaissance with open source intelligence and active reconnaissance of the external and internal infrastructure. You'll also focus on how to select, use, customize, and interpret the results from different vulnerability scanners, followed by examining specific routes to the target, which include bypassing physical security and the exfiltration of data using a variety of techniques. You'll discover concepts such as social engineering, attacking wireless networks, web services, and embedded devices. Once you are confident with these topics, you'll learn the practical aspects of attacking user client systems by backdooring with fileless techniques, followed by focusing on the most vulnerable part of the network – directly attacking the end user. By the end of this book, you'll have explored approaches for carrying out advanced pentesting in tightly secured environments, understood pentesting and hacking techniques employed on embedded peripheral devices. Employ advanced pentesting techniques with Kali Linux to build highly secured systems Discover various stealth techniques to remain undetected and defeat modern infrastructures Explore red teaming techniques to exploit secured environment Table of contents 1 Goal-Based Penetration Testing Conceptual overview of security testing Misconceptions of vulnerability scanning, penetration testing, and red team exercises Objective-based penetration testing The testing methodology Introduction to Kali Linux – features Installing and updating Kali Linux Organizing Kali Linux Building a verification lab Managing collaborative penetration testing using Faraday Summary 2 Open Source Intelligence and Passive Reconnaissance Basic principles of reconnaissance Google Hacking Database Creating custom wordlists for cracking passwords Summary 3 Active Reconnaissance of External and Internal Networks Stealth scanning strategies DNS reconnaissance and route mapping Employing comprehensive reconnaissance applications Identifying the external network infrastructure Mapping beyond the firewall IDS/IPS identification Enumerating hosts Port, operating system, and service discovery Writing your own port scanner using netcat Large-scale scanning Summary 4 Vulnerability Assessment Vulnerability nomenclature Local and online vulnerability databases Vulnerability scanning with Nmap Web application vulnerability scanners Vulnerability scanners for mobile applications The OpenVAS network vulnerability scanner Commercial vulnerability scanners Specialized scanners Threat modeling Summary 5 Advanced Social Engineering and Physical Security Methodology and attack methods Physical attacks at the console Creating a rogue physical device The Social Engineering Toolkit (SET) Hiding executables and obfuscating the attacker's URL Escalating an attack using DNS redirection Launching a phishing attack Using bulk transfer as a mode of phishing Summary 6 Wireless Attacks Configuring Kali for wireless attacks Wireless reconnaissance Bypassing a hidden SSID Bypassing the MAC address authentication and open authentication Attacking WPA and WPA2 Denial-of-service (DoS) attacks against wireless communications Compromising enterprise implementations of WPA/WPA2 Working with Ghost Phisher Summary 7 Exploiting Web-Based Applications Web application hacking methodology The hacker's mind map Reconnaissance of web apps Client-side proxies Application-specific attacks Summary 8 Client-Side Exploitation Backdooring executable files Attacking a system using hostile scripts The Cross-Site Scripting framework The Browser Exploitation Framework (BeEF) Understanding BeEF Browser Summary 9 Bypassing Security Controls Bypassing Network Access Control (NAC) Bypassing the antivirus with files Going fileless and evading antivirus Bypassing application-level controls Bypassing Windows operating system controls Summary 10 Exploitation The Metasploit Framework Exploiting targets using MSF Exploiting multiple targets using MSF resource files Exploiting multiple targets with Armitage Using public exploits Developing a Windows exploit Summary 11 Action on the Objective and Lateral Movement Activities on the compromised local system Horizontal escalation and lateral movement Summary 12 Privilege Escalation Overview of the common escalation methodology Escalating from domain user to system administrator Local system escalation Escalating from administrator to system Credential harvesting and escalation attacks Escalating access rights in Active Directory Compromising Kerberos – the golden-ticket attack Summary 13 Command and Control Persistence Using persistent agents Domain fronting Exfiltration of data Hiding evidence of an attack Summary 14 Embedded Devices and RFID Hacking Embedded systems and hardware architecture Firmware unpacking and updating Introduction to RouterSploit Framework UART Cloning RFID using Chameleon Mini Summary