Penetration Testing: A Survival Guide oleh Mohammed A. Imran

Key FeaturesConduct network testing, surveillance, pen testing and forensics on MS Windows using Kali LinuxGain a deep understanding of the flaws in web applications and exploit them in a practical mannerPentest Android apps and perform various attacks in the real world using real case studiesBook DescriptionThe need for penetration testers has grown well over what the IT industry ever anticipated. Running just a vulnerability scanner is no longer an effective method to determine whether a business is truly secure. This learning path will help you develop the most effective penetration testing skills to protect your Windows, web applications, and Android devices.The first module focuses on the Windows platform, which is one of the most common OSes, and managing its security spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Employs the most advanced tools and techniques to reproduce the methods used by sophisticated hackers. In this module first,youll be introduced to Kalis top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities so you can exploit a system remotely. Youll not only learn to penetrate in the machine, but will also learn to work with Windows privilege escalations.The second module will help you get to grips with the tools used in Kali Linux 2.0 that relate to web application hacking. You will get to know about scripting and input validation flaws, AJAX, and security issues related to AJAX. You will also use an automated technique called fuzzing so you can identify flaws in a web application. Finally, youll understand the web application vulnerabilities and the ways they can be exploited.In the last module, youll get started with Android security. Android, being the platform with the largest consumer base, is the obvious primary target for attackers. Youll begin this journey with the absolute basics and will then slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. Youll gain the skills necessary to perform Android application vulnerability assessments and to create an Android pentesting lab.This Learning Path is a blend of content from the following Packt products:Kali Linux 2: Windows Penetration Testing by Wolf Halton and Bo WeaverWeb Penetration Testing with Kali Linux, Second Edition by Juned Ahmed AnsariHacking Android by Srinivasa Rao Kotipalli and Mohammed A. ImranWhat you will learnExploit several common Windows network vulnerabilitiesRecover lost files, investigate successful hacks, and discover hidden data in innocent-looking filesExpose vulnerabilities present in web servers and their applications using server-side attacksUse SQL and cross-site scripting (XSS) attacksCheck for XSS flaws using the burp suite proxyAcquaint yourself with the fundamental building blocks of Android Apps in the right wayTake a look at how your personal data can be stolen by malicious attackersSee how developers make mistakes that allow attackers to steal data from phonesAbout the AuthorWolf Halton is a widely recognized authority on computer and internet security, an Amazon bestselling author on computer security, and the CEO of Atlanta Cloud Technology. He specializes in business continuity, security engineering, open source consulting, marketing automation, virtualization and datacenter restructuring, and Linux evangelism. Bo Weaver is an old-school ponytailed geek whose first involvement with networks was in 1972, while working on an R&D project called ARPANET in the US Navy. He is now the senior penetration tester for Compliancepoint, an Atlanta-based security consulting company, where he works remotely from under a tree in the North Georgia mountains.Juned Ahmed Ansari (@junedlive) is a cyber-security researcher based out of Mumbai. He currently leads the penetration testing and offensive security team of a large MNC. His primary focus areas are penetration testing, threat intelligence, and application security research. He holds leading security certifications such as GXPN, CISSP, CCSK, and CISA.Srinivasa Rao Kotipalli (@srini0x00) is a security researcher from India. Through responsible disclosure programs, he has reported vulnerabilities in many top-notch organizations. He has extensive hands-on experience in performing web application, infrastructure, and mobile security assessments.Mohammed A. Imran (@secfigo) has more than 6 years of experience in product security and consulting, he spends most of his time on penetration testing, vulnerability assessments, and source code reviews of web and mobile applications. He has helped telecom, banking, and software development houses create and maintain secure SDLC programs.Table of ContentsSharpening the SawInformation Gathering and Vulnerability AssessmentExploitation Tools (Pwnage)Web Application ExploitationSniffing and SpoofingPassword AttacksWindows Privilege EscalationMaintaining Remote AccessReverse Engineering and Stress TestingForensicsIntroduction to Penetration Testing and Web ApplicationsSetting up Your Lab with Kali LinuxReconnaissance and Profiling the Web ServerMajor Flaws in Web ApplicationsAttacking the Server Using Injection-based FlawsExploiting Clients Using XSS and CSRF FlawsAttacking SSL-based WebsitesExploiting the Client Using Attack FrameworksAJAX and Web Services – Security IssuesFuzzing Web ApplicationsSetting Up the LabAndroid RootingFundamental Building Blocks of Android AppsOverview of Attacking Android AppsData Storage and Its SecurityServer-Side AttacksClient-Side Attacks – Static Analysis TechniquesClient-Side Attacks – Dynamic Analysis TechniquesAndroid MalwareAttacks on Android DevicesBibliography