[Hack]in(sight) Vol.2 No.12
Penetration Testing with Kali Linux (PWK) is the industry standard for practical, hands-on, information security training. Created and taught by the creators of Kali Linux, this publication is designed to provide the knowledge that you need for a career in penetration testing. Guiding you from the basics of automation of standard security tasks all the way to discovering, fuzzing and writing your own buffer overflow.
In this release we prepared a 3-part article describing the methodology of PenTesting with Kali Linux. Moreover, Mr. Dan W. Dieterle prepared technical content covering Kali Linux usage. The creators of Cyber Arms Security will introduce you to Automatic Web App Security Testing with OWASP Zap, Grabbing Passwords from Memory using Procdump and Mimikatz and more.
Page 7: Automatic Web App Security Testing with OWASP ZAP
Introduction: OWASP Zed Attack Proxy (ZAP) or ZaProxy, as it is also called, is an exceptional tool for both security testers and developers to test web application security. In this tutorial we will take a quick look at how to use a couple common features in the latest version of ZAP, including the quick attack and the Man-in-the- Middle Proxy scan and fuzzing features.
Page 12: Grabbing Passwords from Memory using Procdump and Mimikatz
Introduction: When I was working on my Pulling Remote Word Documents from RAM using Kali Linux article, I was curious if you could use the same technique to pull the system passwords, and you can… With the help of Mimikatz! I tried grabbing the lsass.exe process with procdump, just like I did in the previous article, but when I ran strings I didn’t see any passwords. Well, silly me, you wouldn’t! But as the Zena Forensics blog explains, just take the lsass.exe procdump and run Mimikatz on it!
Page 14: Understanding Systemd
Introduction: systemd is a suite of system management daemons, libraries, and utilities designed as a central management and configuration platform for the Linux computer operating system. Described by its authors as a “basic building block” for an operating system, systemd primarily aims to replace the Linux init system (the first process executed in user space during the Linux startup process) inherited from UNIX System V and Berkeley Software Distribution (BSD). The name systemd adheres to the Unix convention of making daemons easier to distinguish by having the letter d as the last letter of the filename.
Page 85: Methodology for Penetration Testing with Kali Linux
Part 1: In this part we covered methodologies that can be used during penetration testing processes. We also learned a bit more about NIST 800-115 and how it tools within Kali can be mapped to the Discovery and Planning phases of NIST 800-115. In part 2 we are going to continue our focus on NIST 800-115 and Kali by covering the final stages of our methodology the Attack and Reporting phases.
Part 2: In part two of this series laid the groundwork for leveraging Kali Linux with a structured methodology such as NIST 800-115.
Part 3: Now let’s put everything together with an example penetration test. In this example we will sample a few Kali tools while following the penetration test methodology discussed in NIST 800-115.
Page 109: Pulling Remote Word Documents from RAM using Kali Linux
Introduction: In this tutorial we will see how to pull a Word document from a remote machine’s memory, parse it for text and view it in Kali Linux. The target system is a Windows 7 PC running Office 2010. We will start with a remote metasploit meterpreter shell session already active. So basically we tricked our test system into running our booby trapped file which created a back door to our Kali system.
For more technical articles available on our website, subscribe to Hack Insight and receive:
--> 24 unique magazine editions per one year.
--> Access to all the previous releases from the archives.
--> Access to special publications, workshops and video tutorials.