Uncover security vulnerabilities and harden your system against attacks! With this guide you'll learn to set up a virtual learning environment where you can test out hacking tools, from Kali Linux to hydra and Wireshark. Then expand your understanding of offline hacking, external safety checks, penetration testing in networks, and other essential security techniques, with step-by-step instructions. With information on mobile, cloud, and IoT security you can fortify your system against any threat!

Master pen testing with tools like Metaspolit, Kali Linux, hydra, OpenVAS, Empire, Pwnagotchi, and more

· ... Preface ... 33· ... What Hacking Has to Do with Security ... 33· ... About this Book ... 34· ... What's New in the Third Edition ... 35· ... Target Group ... 35· ... Let's Go! ... 35· ... Foreword by Klaus Gebeshuber ... 36· ... Foreword by Stefan Kania ... 36· ... Greeting ... 36· Introduction ... 39· 1.1 ... Hacking ... 39· 1.2 ... Security ... 47· 1.3 ... Exploits ... 58· 1.4 ... Authentication and Passwords ... 65· 1.5 ... Security Risk IPv6 ... 70· 1.6 ... Legal Framework ... 72· 1.7 ... Security Organizations and Government Institutions ... 75· 2 ... Kali Linux ... 77· 2.1 ... Kali Alternatives ... 77· 2.2 ... Trying Out Kali Linux without Installation ... 78· 2.3 ... Installing Kali Linux in VirtualBox ... 84· 2.4 ... Kali Linux and Hyper-V ... 91· 2.5 ... Kali Linux in the Windows Subsystem for Linux ... 93· 2.6 ... Kali Linux on Raspberry Pi ... 96· 2.7 ... Running Kali Linux on Apple PCs with ARM CPUs ... 97· 2.8 ... Simple Application Examples ... 99· 2.9 ... Internal Details of Kali ... 103· 3 ... Setting Up the Learning Environment: Metasploitable, Juice Shop ... 109· 3.1 ... Honeypots ... 110· 3.2 ... Metasploitable 2 ... 110· 3.3 ... Metasploitable 3 (Ubuntu Variant) ... 116· 3.4 ... Metasploitable 3 (Windows Variant) ... 123· 3.5 ... Juice Shop ... 133· 4 ... Hacking Tools ... 137· 4.1 ... nmap ... 138· 4.2 ... hydra ... 142· 4.3 ... sslyze, sslscan, and testssl ... 148· 4.4 ... whois, host, and dig ... 151· 4.5 ... Wireshark ... 154· 4.6 ... tcpdump ... 159· 4.7 ... Netcat (nc) ... 163· 4.8 ... OpenVAS ... 166· 4.9 ... Metasploit Framework ... 176· 4.10 ... Empire Framework ... 187· 4.11 ... The Koadic Postexploitation Framework ... 197· 4.12 ... Social Engineer Toolkit ... 205· 4.13 ... Burp Suite ... 212· 4.14 ... Sliver ... 219· 5 ... Offline Hacking ... 227· 5.1 ... BIOS/EFI: Basic Principles ... 228· 5.2 ... Accessing External Systems ... 230· 5.3 ... Accessing External Hard Drives or SSDs ... 236· 5.4 ... Resetting the Windows Password ... 237· 5.5 ... Resetting Linux and macOS Passwords ... 244· 5.6 ... Encrypting Hard Drives ... 246· 6 ... Passwords ... 255· 6.1 ... Hash Procedures ... 256· 6.2 ... Brute-Force Password Cracking ... 259· 6.3 ... Rainbow Tables ... 260· 6.4 ... Dictionary Attacks ... 262· 6.5 ... Password Tools ... 263· 6.6 ... Default Passwords ... 271· 6.7 ... Data Breaches ... 272· 6.8 ... Multifactor Authentication ... 275· 6.9 ... Implementing Secure Password Handling ... 276· IT Forensics ... 279· 7.1 ... Methodical Analysis of Incidents ... 281· 7.2 ... Postmortem Investigation ... 284· 7.3 ... Live Analysis ... 300· 7.4 ... Forensic Readiness ... 303· 7.5 ... Summary ... 305· 8 ... Wi-Fi, Bluetooth, and SDR ... 307· 8.1 ... 802.11x Systems: Wi-Fi ... 307· 8.2 ... Collecting WPA-2 Handshakes with Pwnagotchi ... 325· 8.3 ... Bluetooth ... 332· 8.4 ... Software-Defined Radios ... 349· 9 ... Attack Vector USB Interface ... 359· 9.1 ... USB Rubber Ducky ... 360· 9.2 ... Digispark: A Wolf in Sheep's Clothing ... 367· 9.3 ... Bash Bunny ... 375· 9.4 ... P4wnP1: The Universal Talent ... 396· 9.5 ... MalDuino W ... 406· 9.6 ... Countermeasures ... 412· 10 ... External Security Checks ... 419· 10.1 ... Reasons for Professional Checks ... 419· 10.2 ... Types of Security Checks ... 420· 10.3 ... Legal Protection ... 430· 10.4 ... Objectives and Scope ... 432· 10.5 ... Implementation Methods ... 433· 10.6 ... Reporting ... 434· 10.7 ... Selecting the Right Provider ... 437· 11 ... Penetration Testing ... 441· 11.1 ... Gathering Information ... 442· 11.2 ... Initial Access with Code Execution ... 459· 11.3 ... Scanning Targets of Interest ... 463· 11.4 ... Searching for Known Vulnerabilities Using nmap ... 470· 11.5 ... Exploiting Known Vulnerabilities Using Metasploit ... 472· 11.6 ... Attacking Using Known or Weak Passwords ... 478· 11.7 ... Email Phishing Campaigns for Companies ... 481· 11.8 ... Phishing Attacks with Office Macros ... 490· 11.9 ... Phishing Attacks with ISO and ZIP Files ... 494· 11.10 ... Attack Vector USB Phishing ... 504· 11.11 ... Network Access Control and 802.1X in Local Networks ... 506· 11.12 ... Extending Rights on the System ... 509· 11.13 ... Collecting Credentials and Tokens ... 517· 11.14 ... SMB Relaying Attack on Ordinary Domain Users ... 540· 12 ... Securing Windows Servers ... 543· 12.1 ... Local Users, Groups, and Rights ... 544· 12.2 ... Manipulating the File System ... 553· 12.3 ... Server Hardening ... 558· 12.4 ... Microsoft Defender ... 561· 12.5 ... Windows Firewall ... 564· 12.6 ... Windows Event Viewer ... 568· 13 ... Active Directory ... 579· 13.1 ... What Is Active Directory? ... 579· 13.2 ... Manipulating the Active Directory Database or its Data ... 592· 13.3 ... Manipulating Group Policies ... 596· 13.4 ... Domain Authentication: Kerberos ... 603· 13.5 ... Attacks against Authentication Protocols and LDAP ... 611· 13.6 ... Pass-the-Hash Attacks: mimikatz ... 612· 13.7 ... Golden Ticket and Silver Ticket ... 624· 13.8 ... Reading Sensitive Data from the Active Directory Database ... 628· 13.9 ... Basic Coverage ... 631· 13.10 ... More Security through Tiers ... 635· 13.11 ... Protective Measures against Pass-the-Hash and Pass-the-Ticket Attacks ... 639· 14 ... Securing Linux ... 649· 14.1 ... Other Linux Chapters ... 649· 14.2 ... Installation ... 650· 14.3 ... Software Updates ... 654· 14.4 ... Kernel Updates: Live Patches ... 658· 14.5 ... Securing SSH ... 661· 14.6 ... 2FA with Google Authenticator ... 665· 14.7 ... 2FA with YubiKey ... 670· 14.8 ... Fail2ban ... 673· 14.9 ... Firewall ... 679· 14.10 ... SELinux ... 693· 14.11 ... AppArmor ... 699· 14.12 ... Kernel Hardening ... 704· 14.13 ... Apache ... 706· 14.14 ... MySQL and MariaDB ... 712· 14.15 ... Postfix ... 719· 14.16 ... Dovecot ... 724· 14.17 ... Rootkit Detection and Intrusion Detection ... 726· 15 ... Security of Samba File Servers ... 735· 15.1 ... Preliminary Considerations ... 735· 15.2 ... Basic CentOS Installation ... 737· 15.3 ... Basic Debian Installation ... 741· 15.4 ... Configuring the Samba Server ... 743· 15.5 ... Samba Server in Active Directory ... 746· 15.6 ... Shares on the Samba Server ... 750· 15.7 ... Changes to the Registry ... 755· 15.8 ... Samba Audit Functions ... 758· 15.9 ... Firewall ... 760· 15.10 ... Attack Scenarios on Samba File Servers ... 765· 15.11 ... Checking Samba File Servers ... 768· 16 ... Intrusion Detection Systems ... 775· 16.1 ... Intrusion Detection Methods ... 775· 16.2 ... Host-Based versus Network-Based Intrusion Detection ... 778· 16.3 ... Responses ... 783· 16.4 ... Bypassing and Manipulating Intrusion Detection ... 785· 16.5 ... Snort ... 787· 16.6 ... Snort Rules ... 793· 17 ... Security of Web Applications ... 803· 17.1 ... Architecture of Web Applications ... 803· 17.2 ... Attacks against Web Applications ... 806· 17.3 ... Practical Analysis of a Web Application ... 837· 17.4 ... Protection Mechanisms and Defense against Web Attacks ... 859· 17.5 ... Security Analysis of Web Applications ... 867· 18 ... Software Exploitation ... 871· 18.1 ... Software Vulnerabilities ... 871· 18.2 ... Detecting Security Gaps ... 874· 18.3 ... Executing Programs on x86 Systems ... 874· 18.4 ... Exploiting Buffer Overflows ... 884· 18.5 ... Structured Exception Handling ... 899· 18.6 ... Heap Spraying ... 901· 18.7 ... Protective Mechanisms against Buffer Overflows ... 903· 18.8 ... Bypassing Protective Measures against Buffer Overflows ... 907· 18.9 ... Preventing Buffer Overflows as a Developer ... 914· 18.10 ... Spectre and Meltdown ... 915· 19 ... Bug Bounty Programs ... 923· 19.1 ... The Idea Behind Bug Bounties ... 923· 19.2 ... Reporting Vulnerabilities ... 926· 19.3 ... Tips and Tricks for Analysts ... 927· 19.4 ... Tips for Companies ... 930· 20 ... Security in the Cloud ... 931· 20.1 ... Overview ... 931· 20.2 ... Amazon Simple Storage Service ... 935· 20.3 ... Nextcloud and ownCloud ... 943· 21 ... Securing Microsoft 365 ... 953· 21.1 ... Identities and Access Management ... 954· 21.2 ... Security Assessment ... 960· 21.3 ... Multifactor Authentication ... 961· 21.4 ... Conditional Access ... 969· 21.5 ... Identity Protection ... 975· 21.6 ... Privileged Identities ... 976· 21.7 ... Detecting Malicious Code ... 982· 21.8 ... Security in Data Centers ... 992· 22 ... Mobile Security ... 997· 22.1 ... Android and iOS Security: Basic Principles ... 997· 22.2 ... Threats to Mobile Devices ... 1003· 22.3 ... Malware and Exploits ... 1014· 22.4 ... Technical Analysis of Apps ... 1025· 22.5 ... Protective Measures for Android and iOS ... 1036· 22.6 ... Apple Supervised Mode and Apple Configurator ... 1048· 22.7 ... Enterprise Mobility Management ... 1055· 23 ... Internet of Things Security ... 1065· 23.1 ... What Is the Internet of Things? ... 1065· 23.2 ... Finding IoT Vulnerabilities ... 1067· 23.3 ... Securing IoT Devices in Networks ... 1085· 23.4 ... IoT Protocols and Services ... 1086· 23.5 ... Wireless IoT Technologies ... 1097· 23.6 ... IoT from the Developer's Perspective ... 1102· 23.7 ... Programming Languages for Embedded Controllers ... 1107· 23.8 ... Rules for Secure IoT Programming ... 1109· ... The Authors ... 1121· ... Index ... 1123