First, we’re going to start with the Introduction to Linux, you that you have a general idea what it this Operating System is about. Next, we are going to look at same Software & Hardware Recommendations for Ethical Hackers, and jump right into the installation of Vitrual Box & Kali Linux. This book is mainly about Kali Linux tools and how to deploy them, yet first we have to look at understanding penetration testing, and how it works with reconnaissance and footprinting. We will look at each and every step you
should take as a penetration tester which include Stage 1, Stage 2 and Stage This is important so you understand how to take on a job as an ethical hacker. For example what kind of questions you should ask when getting hired by a client. So in this section, we are going to include the what, the when, the how but all legal requirements as well so you can cover your back.
We are also going to look at Penetration Testing Standards so you can decide which one suits you best. Next, we are going to begin more practical by understanding Footprinting and Host discovery with Port Scanning. After that, we are going to get dirty by understanding how you can discover devices with Hping3, how to setup a proxy for Burp Suite and how to target devices with Burp Scanner. Next we are going to look at some Application testing such as Randomizing Sessions Tokens, Spidering & SQL Injection with SQLmap. Then we move on and start looking at both wired and wireless attacks using Kali Linux. We are going to look at Dictionary Attack with Airodump-ng, ARP Poisoning with EtterCAP, and implementing Passive Reconnaissance. Next, we are going to look at capturing both wired and wireless traffic using Port Mirroring, deploying SYN Scan Attack and using Xplico. Next, we are going to deploy MITM Attack in various ways such as using Ettercap or SSLscript. Moving on, you will learn how to manipulate Packet using the tool called Scapy, and how to capture IPv6 Traffic with Parasite6. Next we are going to implement DoS attacks in various ways, by either using a Deauthentication Attack, or creating a Rogue Access Point or and Evil Twin with a tool called MKD3. Next, we are going to look at
implementing a Brute Force Attack with TCP Hydra, but then we will look at implementing various attacks at the same time on demand, with some very powerful and dangerous tools such as Armitage’s Hail Mary, The Metasploit Framework or SET (Social-Engineering Toolkit). These tools are available
for both white hat and black hat hacking. Once applied the outcome will be the same in both cases. What you must understand, is that it can lead to a dreadful situation for the person using such hacking tools in any unauthorized manner, which might cause system damage or any system outage. If youattempt to use any of this tools on a wired or wireless network without being authorized and you disturb or damage any systems, that would be considered illegal black hat hacking. Therefore, I would like to encourage all readers to implement any tool described in this book for WHITE HAT USE ONLY.
Anything legally authorized to help individuals or companies to findvulnerabilities and identify potential risks is fine. All tools I will describe,you should use for improving security posture only. If you are eager to learnabout hacking and penetration testing, it’s recommended to build a home lab and practice using these tools in an isolated network that you have full control over, and it’s not connected to any production environment or theinternet. If you use these tools for black hat purposes and you get caught, it will be entirely on you, and you will have no one to blame. So, again I would highly recommend you stay behind the lines, and anything you do should be completely legit and fully authorized. If you are not sure about anything that you are doing and don’t have a clue on the outcome, ask your manager or DO NOT DO IT. This book is for education purposes. It is for those who are interested in learning and knowing what is behind the curtains and would like to become an Ethical hacker or Penetration Tester. Besides to legal issues, before using any of the tools, it is recommended that you have the fundamental knowledge of networking concepts.