You're reading from The Ultimate Kali Linux Book Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting

Product type Paperback

Published in Apr 2024

Publisher Packt

ISBN-13 9781835085806

Length 828 pages

Edition 3rd Edition

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Glen D. Singh

View More author details

Table of Contents (21) Chapters

Preface

1. Introduction to Ethical Hacking FREE CHAPTER

2. Building a Penetration Testing Lab

3. Setting Up for Advanced Penetration Testing Techniques

4. Passive Reconnaissance

5. Exploring Open-Source Intelligence

6. Active Reconnaissance

7. Performing Vulnerability Assessments

8. Understanding Network Penetration Testing

9. Performing Network Penetration Testing

10. Post-Exploitation Techniques

11. Delving into Command and Control Tactics

12. Working with Active Directory Attacks

13. Advanced Active Directory Attacks

14. Advanced Wireless Penetration Testing

15. Social Engineering Attacks

16. Understanding Website Application Security

17. Advanced Website Penetration Testing

18. Best Practices for the Real World

19. Index

Appendix

Exploring cybersecurity terminology

During your journey in the field of cybersecurity, you’ll discover the jargon and terminology that is commonly used within various research papers, articles, literature, discussions, and learning resources. As an aspiring cybersecurity professional, it’s important to be aware of and gain a solid understanding of common terminology and how it is related to ethical hacking and penetration testing.

The following are the most common terms used within the cybersecurity industry:

Asset – Within the field of cybersecurity, we usually define an asset to be anything that has value to an organization or person. For instance, assets are systems within a network that can be interacted with and potentially expose an organization’s network infrastructure to security weaknesses that could be compromised and enable unauthorized access to a cyber criminal, while providing a way to escalate their privileges on the compromised system from standard user to administrator-/root-level privileges. However, it’s important to mention that assets are not and should not be limited to technical systems. In addition, other forms of assets include people (humans), physical security controls, and even the data that resides within the network and systems we aim to protect. Assets are commonly categorized as follows:
- Tangible – Tangible assets are simply described as any physical object with value, such as computers, servers, networking devices (routers, switches, etc.), and security appliances (firewalls). Computers and other end devices help typical users and employees access the resources on a network and perform their daily duties within an organization. Servers are typically used to store and host applications and provide services that are needed within typical network infrastructures. Networking devices contain configurations that are used to forward network traffic between systems, and security appliances are implemented to filter unwanted traffic and prevent threats between networks and systems. If these systems and devices are compromised, cyber criminals will be able to redirect network traffic to malicious websites that are owned by malicious actors and expand their operations.
- Intangible – Intangible assets are things without a physical form that have value, such as applications, software license keys, intellectual property, business plans and models, and data.
- People – This type of asset is the customers and employees of an organization. Protecting customers’ data from being stolen and leaked on the Dark Web, and safeguarding employees from various types of threats are of paramount importance. It is important to identify all the assets of an organization and potential threats that can cause harm and damage to them.
Threat – In the context of cybersecurity, a threat is anything that has the potential to cause harm or damage to a system, network, or person. Whether you’re focusing on the offensive or defensive path in cybersecurity, it’s important to identify various types of threats. Many organizations around the world encounter different types of threats each day, and cybersecurity teams work around the clock to ensure their company’s assets are safeguarded from cyber criminals.
One of the most exciting but also overwhelming aspects of cybersecurity is industry professionals always need to stay one step ahead of threat actors to quickly find security weaknesses in systems, networks, and applications and implement countermeasures to mitigate any potential threats those assets.

Vulnerability – A vulnerability is a security weakness or flaw that exists within a system that enables hackers to exploit it in order to gain unauthorized access or control over systems within a network. Common vulnerabilities that exist within organizations include human error (the greatest of vulnerabilities on a global scale), misconfiguration of devices, weak user credentials, poor programming practices, unpatched operating systems, outdated applications on host systems, default against configurations on systems, and so on.
A threat actor usually looks for the lowest-hanging fruits such as the vulnerabilities that are the easiest to exploit on a targeted system. The same concept applies to penetration testing. During a security assessment, the penetration tester will use various techniques and tools to discover vulnerabilities and will attempt to exploit the easy ones before moving on to more complex security flaws on a targeted system.

Exploit – An exploit is anything such as a tool or code that is used to take advantage of security vulnerabilities on a system. For instance, take a hammer, a piece of wood, and a nail. The vulnerability is the soft, permeable nature of the wood, the exploit is the act of hammering the nail into the piece of the wood, while the hammer is the threat. Once a security vulnerability is found on a targeted system, the threat actor or penetration tester will either acquire an exploit from various online sources or develop one on their own that has the capability of taking advantage of the security weakness.
If you’ve acquired or developed an exploit, it’s important that you test the exploit on a system to ensure it has the capabilities to compromise the targeted system and works as expected. Sometimes, an exploit may work on one system and not on another. Hence, it’s a common practice that seasoned penetration testers will test and ensure their exploits are working as expected and graded on their rate of success for a vulnerability.

Attack – An attack is simply a method or technique that is used by a threat actor to take advantage of (exploit) a security vulnerability (weakness) within a system. There are various types of attacks that are commonly used by cyber criminals to compromise the confidentiality, integrity, and/or availability of a targeted system. For instance, the LockBit 3.0 ransomware focuses on exploiting the security vulnerabilities that are found on internet-facing systems that do not have their language settings configured to match a specific exclusion list. The attack launches ransomware on the internet; it will automatically seek and compromise vulnerable systems.
NOTE

To learn more about the LockBit 3.0 ransomware, please see the official Cybersecurity and Infrastructure Security Agency (CISA) advisory at Attack vector – An attack vector is simply an area or pathway through which a targeted system, network, or organization can be compromised by a threat actor.
The following are common attack vectors:
- Direct access – Physical access to the targeted computer or network
- Wireless – Exploiting security vulnerabilities found within the target’s wireless network infrastructure
- Email – Sending malicious email messages containing links to malware-infected services, fake websites, and malicious attachments
- Supply chain – Compromising the security of a vendor or supplier to gain access to a target
- Social media – Using deceptive messages or malicious advertising (malvertising) to trick the target into revealing sensitive information or downloading a malicious file
- Removable media – Connecting malware-infected media to the targeted system
- Cloud – Exploiting security vulnerabilities within cloud services and its infrastructure
These are the infrastructures in which an attacker can deliver a malicious payload to a target.

Risk – Risk is the potential impact that a vulnerability, threat, or attack presents to the assets of an organization and the likelihood an attack or threat has to cause harm systems. Evaluating risk helps to determine the likelihood of a specific issue causing a data breach that will cause harm to an organization’s finances, reputation, or regulatory compliance. Reducing risk is critical for many organizations. There are many certifications, regulatory standards, and frameworks that are designed to help companies understand, identify, and reduce risks.
While it may seem like ethical hackers and penetration testers are hired to simulate real-world cyber-attacks on a target organization, the goal of such engagements is much deeper than it seems. At the end of the penetration test, the cybersecurity professional will present all the vulnerabilities and possible solutions to help the organization mitigate and reduce the risk of a potential cyber-attack while reducing the attack surface of the company.

Attack surface – This is all the vulnerable points of entry into a system, network, or organization that can be exploited by a threat actor to gain unauthorized access and expand their foothold on the network. Ethical hackers and penetration testers focus on identifying these vulnerability points of entry to determine the attack surface of an organization and how a cyber criminal would potentially exploit those weaknesses to compromise their target.
Zero-day – A zero-day is when a threat actor discovers a security vulnerability within a product or application and is able to exploit it before the vendor is either aware of the vulnerability or has time to develop a security patch to resolve the issue. These attacks are commonly used in nation-state attacks, Advanced Persistent Threat (APT) groups, and large criminal organizations. The discovery of a zero-day vulnerability can be very valuable to ethical hackers and penetration testers and can earn them a bug bounty. These bounties are fees paid by vendors to security researchers who discover unknown vulnerabilities in their applications.
There are many bug bounty programs that allow security researchers, professionals, and anyone with the right skill set to discover security vulnerabilities within an application or system owned by a vendor and report them for a reward. The person who reports the security vulnerability, usually a zero-day flaw, is often given a financial reward. However, there are threat actors who intentionally attempt to exploit the targeted system for personal gain, which is commonly referred to as the hack value of the target.

So far, you have learned about the importance and need for cybersecurity within various industries around the world. Next, let’s learn about various types of threat actors and the motives behind their cyber-attacks.

Tech Concepts

Programming languages

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

You have been reading a chapter from

The Ultimate Kali Linux Book - Third Edition

Published in: Apr 2024

Publisher: Packt

ISBN-13: 9781835085806

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Glen D. Singh

Glen D. Singh is a cybersecurity author, educator and SecOps professional. His areas of expertise are cybersecurity operations, offensive security tactics and techniques, and enterprise networking. He holds a Master of Science (MSc) in cybersecurity and many industry certifications from top awarding bodies such as EC-Council, Cisco, and Check Point. Glen loves teaching and mentoring others while sharing his wealth of knowledge and experience as an author. He has written many books, which focus on vulnerability discovery and exploitation, threat detection, intrusion analysis, incident response, network security, and enterprise networking. As an aspiring game changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.

See other products by Glen D. Singh