Sep 15 2022

5 Kali Linux books you should read this year

Advanced Security Testing with Kali Linux

Independently published / Author: Daniel Dieterle

Kali Linux books

This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like:

  • The MITRE ATT@CK Framework
  • Command & Control (C2) frameworks
  • In-depth network scanning
  • Web app pentesting
  • Advanced techniques like “Living off the Land”
  • AV bypass tools
  • Using IoT devices in security

Kali Linux Penetration Testing Bible

Wiley / Author: Gus Khawaja

Kali Linux books

This book is the hands-on and methodology guide for pentesting with Kali Linux. You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.

  • Build a modern dockerized environment
  • Discover the fundamentals of the bash language in Linux
  • Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
  • Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
  • Apply practical and efficient pentesting workflows
  • Learn about Modern Web Application Security Secure SDLC
  • Automate your penetration testing with Python

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

No Starch Press / Author: OccupyTheWeb

Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali

If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.

First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:

  • Cover your tracks by changing your network information and manipulating the rsyslog logging utility
  • Write a tool to scan for network connections, and connect and listen to wireless networks
  • Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
  • Write a bash script to scan open ports for potential targets
  • Use and abuse services like MySQL, Apache web server, and OpenSSH
  • Build your own hacking tools, such as a remote video spy camera and a password cracker

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

Packt Publishing / Author: Vijay Kumar Velu

Mastering Kali Linux for Advanced Penetration Testing, 4th Edition

In this book you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You’ll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances.

This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.

For more information about this book, we have a video with the author you can watch here.

The Ultimate Kali Linux Book – 2nd Edition

Packt Publishing / Author: Glen D. Singh

Kali Linux books

This is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.

Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks.

Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.

Hacking Handbooks

DISC InfoSec

#InfoSecTools and #InfoSectraining



Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

Tags: Kali Linux, Kali Linux books

Aug 11 2022

Black Hat 2022 Trip Report

Category: Black HatDISC @ 11:16 pm
Black Hat Vegas

by Mike Rothman 

It felt like I had stepped out of a time machine and it was 2019. I was walking about a mile between meetings on different sides of the Mandalay Bay hotel. Though seeing some folks with face masks reminded me that it was, in fact, 2022. But I was in Las Vegas, and the badge around my neck indicated I was there for the Black Hat U.S. 2022 show.

It’s been a long time since I’ve been to a large security conference. Or any conference at all, for that matter. I couldn’t attend the RSA Conference back in June, so it had been 30 months since I’ve seen the security community in person. As I fly over Arkansas on my way back to Atlanta, here are a few thoughts about the show.

1. Security conferences are back: Well, kind of. There were a lot of people at Black Hat. Lots of vendor personnel on the show floor and lots of practitioners at the sessions. Sometimes the practitioners even made it to the show floor, given that most of the companies said they had a steady stream of booth traffic. It was nice to see people out and about, and I got to connect with so many good friends and got lots of hugs. It was good for my soul.
2. There was no theme: I went in expecting to see a lot of zero-trust and XDR and DevSecOps. I saw some of the buzzword bingo, but it was muted. That doesn’t mean I understood what most of the companies did, based on their booth. I didn’t. Most had some combination of detection, cloud and response as well as a variety of Gartner-approved category acronyms. I guess the events marketing teams are a bit rusty.
3. Booth size doesn’t correlate to company size: Some very large public companies had small booths. Some startups that I’d never heard of had large booths. Does that mean anything? It means some companies burned a lot of their VC money in Vegas this week, and public company shareholders didn’t.
4. Magicians still fill the booth, and you can get very caffeinated: Whenever I saw a crowd around a booth, there was typically some kind of performer doing some kind of show. Not sure how having some guy do magic tricks helped create demand for a security product, but it did fill the booths. So, I guess event marketing folks get paid by the badge scan, as well. Moreover, every other booth had an espresso machine. So if you needed a shot of energy after a long night at the tables or in a club, Black Hat was there for you.

I asked practitioners about budgets and vendors about sales cycles. Some projects are being scrutinized, but the “must-haves” like CSPM, CNAPP, and increasingly, API security are still growing fast. Managed detection and response remains very hot as organizations realize they don’t have the resources to staff their SOC. Same as it ever was.

Overall, the security business seems very healthy, and I couldn’t be happier to be back at Black Hat.

Tags: Black Hat 2022

Aug 09 2022

Dark Reading News Desk: Live at Black Hat USA 2022

Category: Black HatDISC @ 12:34 pm

The livestream for Dark Reading News Desk at Black Hat USA 2022 will go live on August 10 at 9:50 AM

Welcome to the Dark Reading News Desk, which will be livestreamed from Black Hat USA at Mandalay Bay in Las Vegas. Dark Reading editors Becky Bracken, Fahmida Rashid, and Kelly Jackson Higgins will host Black Hat newsmakers ranging from independent researchers and threat hunters to reverse engineers and other top experts in security, on Wednesday, Aug. 10, and Thursday, Aug. 11, from 11 a.m. until 3 p.m. Pacific Time.

Among the highlights: On Wednesday, Dark Reading will be joined at the Black Hat News Desk by Allison Wikoff from PwC, to talk about the latest in job-themed APT social engineering scams; Brett Hawkins from IBM, to discuss supply chain management systems abuse; and many more. Dr. Stacy Thayer, a researcher specializing in burnout, will also be on hand to offer her best tips for helping cybersecurity professionals manage stress.

On Thursday, Martin Doyhenard joins the Dark Reading News Desk to unpack his research on exploiting inter-process communication in SAP’s HTTP server; Kyle Tobener, head of security with Copado, will explain his new framework for “effective and compassionate security guidance”; and Zhenpeng Lin, a PhD student at Northwestern University, will walk us through his work on the so-called Dirty Pipe Linux kernel exploit.

So don’t miss any of the action from Black Hat and join Dark Reading’s News Desk broadcast for some of the biggest headlines and the latest cybersecurity research from around the globe.

Tune in to this page on Wednesday and the livestream will appear at the top of the page.

Tags: BlackHat2022, Live at Black Hat USA 2022