Master the art of identifying and exploiting vulnerabilities with Metasploit, Empire, PowerShell, and Python, turning Kali Linux into your fighter cockpit

Key Features

• Map your client's attack surface with Kali Linux
• Discover the craft of shellcode injection and managing multiple compromises in the environment
• Understand both the attacker and the defender mindset

Book Description

Let's be honest―security testing can get repetitive. If you're ready to break out of the routine and embrace the art of penetration testing, this book will help you to distinguish yourself to your clients.

This pen testing book is your guide to learning advanced techniques to attack Windows and Linux environments from the indispensable platform, Kali Linux. You'll work through core network hacking concepts and advanced exploitation techniques that leverage both technical and human factors to maximize success. You'll also explore how to leverage public resources to learn more about your target, discover potential targets, analyze them, and gain a foothold using a variety of exploitation techniques while dodging defenses like antivirus and firewalls. The book focuses on leveraging target resources, such as PowerShell, to execute powerful and difficult-to-detect attacks. Along the way, you'll enjoy reading about how these methods work so that you walk away with the necessary knowledge to explain your findings to clients from all backgrounds. Wrapping up with post-exploitation strategies, you'll be able to go deeper and keep your access.

By the end of this book, you'll be well-versed in identifying vulnerabilities within your clients' environments and providing the necessary insight for proper remediation.

What you will learn

• Get to know advanced pen testing techniques with Kali Linux
• Gain an understanding of Kali Linux tools and methods from behind the scenes
• Get to grips with the exploitation of Windows and Linux clients and servers
• Understand advanced Windows concepts and protection and bypass them with Kali and living-off-the-land methods
• Get the hang of sophisticated attack frameworks such as Metasploit and Empire
• Become adept in generating and analyzing shellcode
• Build and tweak attack scripts and modules

Who this book is for

This book is for penetration testers, information technology professionals, cybersecurity professionals and students, and individuals breaking into a pentesting role after demonstrating advanced skills in boot camps. Prior experience with Windows, Linux, and networking is necessary.

Table of Contents

1. Open Source Intelligence
2. Bypassing Network Access Control
3. Sniffing and Spoofing
4. Windows Passwords on the Network
5. Assessing Network Security
6. Cryptography and the Penetration Tester
7. Advanced Exploitation with Metasploit
8. Python Fundamentals
9. PowerShell Fundamentals
10. Shellcoding - The Stack
11. Shellcoding - Bypassing Protections
12. Shellcoding - Evading Antivirus
13. Windows Kernel Security
14. Fuzzing Techniques
15. Going Beyond the Foothold
16. Escalating Privileges
17. Maintaining Access
18. Answers

About the Author

Phil Bramwell, CISSP has been tinkering with gadgets since he was a kid in the 1980s. After obtaining the Certified Ethical Hacker and Certified Expert Penetration Tester certifications in 2004 and a Bachelors of Applied Science in Computer Security from Davenport University in 2007, Phil was a security engineer and consultant who conducted Common Criteria, FIPS, and PCI-DSS assessments, GDPR consulting for a firm in the UK, and social engineering and penetration testing for banks, governments, and universities throughout the USA. After specializing in antimalware analysis and security operations, Phil is now a penetration tester for a Fortune 100 automobile manufacturer. Phil is based in the Metro Detroit area.