What this book covers

Chapter 1, Kali - An Introduction, explains that while Kali is already pre-equipped with hundreds of amazing tools and utilities to help penetration testers around the globe perform their job efficiently, in this chapter, we will primarily cover some custom tweaks that can be used to facilitate an even better pentesting experience for the users.

Chapter 2, Gathering Intel and Plan Attack Strategies, dives a little deeper into the content from the previous chapter and looks at a number of different tools available for gathering intel on our target. We start by using the infamous tools of Kali Linux. Gathering information is a very crucial stage of performing a penetration test, as every subsequent step we take after this will be the outcome of all the information we gather during this stage. So it is very important that we gather as much information as possible before jumping into the exploitation stage.

Chapter 3, Vulnerability Assessment – Poking for Holes, explains that we need to start hunting for vulnerabilities. To become a good pentester, we need to make sure no small details are overlooked.

Chapter 4, Web App Exploitation - Beyond OWASP Top 10, explains that in the OWASP Top 10, we usually see the most common ways of finding and exploiting vulnerabilities. In this chapter, we will cover some of the uncommon cases you might come across while hunting for bugs in a web application.

Chapter 5, Network Exploitation, covers some of the uncommon ways in which we can pentest a network and successfully exploit the services we find.

Chapter 6, Wireless Attacks - Getting Past Aircrack-ng, focuses on different areas of Wi-Fi security from the point of view of monitoring, packet capture, and exporting of data to text files for further processing by third-party tools; from the point of view of attacking, replay attacks, deauthentication, fake access points, and others via packet injection testing. From the point of view of checking, Wi-Fi cards and driver capabilities (capture and injection); and finally, from the point of view of cracking, WEP, and WPA PSK (WPA 1 and 2).

Chapter 7, Password Attacks - the Fault in Their Stars, explains how a weak password is a well-known scenario where most corporates are compromised. A lot of people use weak passwords that can be brute forced and plaintext can be obtained. In this chapter, we will talk about different ways in which we can crack a password hash obtained during a pentest activity performed on a web app/network, among others.

Chapter 8, Have Shell, Now What? covers the different ways of escalating our privileges on Linux and Windows systems as well as pivoting to the internal network.

Chapter 9, Buffer Overflows, introduces the basics of assembly, exploiting buffer overflows, bypassing SEH, egg hunting, and a little bit about ASLR Bypass.

Chapter 10, Elementary, My Dear Watson - Digital Forensics, explains how memory forensics (sometimes referred to as memory analysis) refers to the analysis of volatile data in a computer's memory dump. It is used to investigate attacks on the system that are stealthy and do not leave data on the hard drive of the computer. In this chapter, we will cover some of the tools that can be used to analyze memory dumps and malicious files, and extract useful information from them.

Chapter 11, Playing with Software-Defined Radios, explains how the term software-defined radio means the implementation of hardware-based radio components, including modulators, demodulators, and tuners, using software. In this chapter, we will cover different recipes and look at multiple ways that RTLSDR can be used to play around with frequencies and the data being transported through it.

Chapter 12, Kali in Your Pocket - NetHunters and Raspberries, talks about setting up Kali Linux on Raspberry Pi and compatible cell phones and using it to perform a number of cool attacks on the network.

Chapter 13, Writing Reports, goes through one of the most important steps of a pentesting project – the report. A good report must contain every detail of the vulnerability. Our agenda is to keep it as detailed as possible, which may help the right person in the department understand all the details and work around it with a perfect patch. There are different ways to create a pentesting report. In this chapter, you will learn a few tools that we can use to generate a good report that covers everything in detail.