Explore the fundamentals of ethical hacking Learn how to install and configure Kali Linux Get up to speed with performing wireless network pentesting Gain insights into passive and active information gathering Understand web application pentesting Decode WEP, WPA, and WPA2 encryptions using a variety of methods, such as the fake authentication attack, the ARP request replay attack, and the dictionary attack The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects. Through real-world examples, you’ll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you’ll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you’ll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You’ll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment. By the end of this book, you’ll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity. Get up and running with Kali Linux 2019.2 Gain comprehensive insights into security concepts such as social engineering, wireless network exploitation, and web application attacks Learn to use Linux commands in the way ethical hackers do to gain control of your environment Table of contents 1 Introduction to Hacking Who is a hacker? Exploring important terminology Penetration testing phases Penetration testing methodologies Penetration testing approaches Types of penetration testing Hacking phases Summary Questions Further reading 2 Setting Up Kali - Part 1 Technical requirements Lab overview Building our lab Summary Questions Further reading 3 Setting Up Kali - Part 2 Technical requirements Installing Windows as a VM Installing Ubuntu 8.10 Troubleshooting Kali Linux Summary Further reading 4 Getting Comfortable with Kali Linux 2019 Technical requirements Understanding Kali Linux What's new in Kali Linux 2019? Basics of Kali Linux Summary Questions Further reading 5 Passive Information Gathering Technical requirements Reconnaissance and footprinting Understanding passive information gathering Understanding OSINT Using the top OSINT tools Identifying target technology and security controls Finding data leaks in cloud resources Understanding Google hacking and search operators Leveraging whois and copying websites with HTTrack Finding subdomains using Sublist3r Summary Questions Further reading 6 Active Information Gathering Technical requirements Understanding active information gathering DNS interrogation Scanning Nmap NSE scripts Zenmap Hping3 SMB, LDAP enumeration, and null sessions User enumeration through noisy authentication controls Web footprints and enumeration with EyeWitness Metasploit auxiliary modules Summary Questions Further reading 7 Working with Vulnerability Scanners Technical requirements Nessus and its policies Scanning with Nessus Exporting Nessus results Analyzing Nessus results Using web application scanners Summary Questions Further reading 8 Understanding Network Penetration Testing Technical requirements Introduction to network penetration testing Understanding the MAC address Connecting a wireless adapter to Kali Linux Managing and monitoring wireless modes Summary Questions Further reading 9 Network Penetration Testing - Pre-Connection Attacks Technical requirements Getting started with packet sniffing using airodump-ng Targeted packet sniffing using airodump-ng Deauthenticating clients on a wireless network Creating a rogue AP/evil twin Performing a password spraying attack Setting up watering hole attacks Exploiting weak encryption to steal credentials Summary Questions Further reading 10 Network Penetration Testing - Gaining Access Technical requirements Gaining access WEP cracking WPA cracking Securing your network from the aforementioned attacks Configuring wireless security settings to secure your network Exploiting vulnerable perimeter systems with Metasploit Penetration testing Citrix and RDP-based remote access systems Plugging PWN boxes and other tools directly into a network Bypassing NAC Summary Questions Further reading 11 Network Penetration Testing - Post-Connection Attacks Technical requirements Gathering information MITM attacks Session hijacking DHCP attacks Exploiting LLMNR and NetBIOS-NS WPAD protocol attacks Wireshark Escalating privileges Lateral movement tactics PowerShell tradecraft Launching a VLAN hopping attack Summary Questions Further reading 12 Network Penetration Testing - Detection and Security Technical requirements Using Wireshark to understand ARP Detecting ARP poisoning attacks Detecting suspicious activity MITM remediation techniques Summary Questions Further reading 13 Client-Side Attacks - Social Engineering Technical requirements Basics of social engineering Types of social engineering Defending against social engineering Recon for social engineering (doxing) Planning for each type of social engineering attack Social engineering tools Summary Questions Further reading 14 Performing Website Penetration Testing Technical requirements Information gathering Cryptography File upload and file inclusion vulnerabilities Exploiting file upload vulnerabilities Exploiting code execution vulnerabilities Exploiting LFI vulnerabilities Preventing vulnerabilities Summary Questions Further reading 15 Website Penetration Testing - Gaining Access Technical requirements Exploring the dangers of SQL injection SQL injection vulnerabilities and exploitation Cross-Site Scripting vulnerabilities Discovering vulnerabilities automatically Summary Questions Further reading 16 Best Practices Technical requirements Guidelines for penetration testers Web application security blueprints and checklists Summary Questions Further reading

Linux za mreže: Bezbedno konfigurišite i koristite Linux za mrežne usluge Upoznajte se sa najčešćim i složenim Linux mrežnim konfiguracijama, alatkama i uslugama da biste poboljšali svoje profesionalne veštine Ključne funkcije Naučite kako da rešite kritične probleme umrežavanja korišćenjem primera iz stvarnog sveta Konfigurišite uobičajene mrežne usluge „korak po korak“ u poslovnom okruženju Otkrijte kako da izgradite infrastrukturu u svrhu odbrane od uobičajenih napada Opis knjige Kako Linux nastavlja da dobija na značaju, tako dolazi do porasta mrežnih usluga koje se primenjuju u Linux-u zbog troškova i fleksibilnosti. Ako ste profesionalac za umrežavanje ili inženjer za mrežnu infrastrukturu, neophodno je da detaljno poznajete Linux umrežavanje. Ova knjiga je vaš vodič za izgradnju čvrste osnove Linux mrežnih koncepata. Na početku knjige se razmatraju različite glavne distribucije, načini za odabir prave distribucije i osnovne konfiguracije Linux mreže. Zatim ćete preći na dijagnostiku mreže za Linux, postavljanje Linux firewall-a i korišćenje Linuxa kao hosta za mrežne usluge. Otkrićete veliki broj mrežnih usluga, zašto su važne i kako da ih konfigurišete u poslovnom okruženju. Na kraju, korišćenjem primera iz ove knjige o Linux-u naučićete da konfigurišete različite usluge za odbranu od uobičajenih napada. Kako budete prelazili na poslednja poglavlja, bićete na dobrom putu da izgradite osnovu za centar podataka koji se sastoji od celog Linux-a. Nakon što pročitate knjigu u celosti, moći ćete ne samo da pouzdano konfigurišete uobičajene Linux mrežne usluge, već i da koristite isprobane i testirane metodologije za buduće instalacije Linux-a. Šta ćete naučiti: Koristite Linux kao platformu za rešavanje problema i dijagnostiku Istražite mrežne usluge zasnovane na Linux-u Konfigurišite Linux firewall i podesite ga za mrežne usluge Bezbedno primenite i konfigurišite usluge Domain Name System (DNS) i Dynamic Host Configuration Protocol (DHCP) Konfigurišite Linux za usluge raspoređivanja opterećenja, autentikacije i autorizacije Koristite Linux kao platformu za evidentiranje nadzora mreže Primenite i konfigurišite Intrusion Prevention Services (IPS) Podesite Honeypot rešenja za otkrivanje i sprečavanje napada Kome je namenjena ova knjiga Ova knjiga je namenjena IT i Windows profesionalcima i administratorima koji traže uputstva za upravljanje mrežama zasnovanim na Linux-u. Osnovno znanje o umrežavanju je neophodno da biste započeli umrežavanje pomoću ove knjige. Sadržaj Dobrodošli u Linux porodicu Osnovna Linux mrežna konfiguracija i operacije – korišćenje lokalnih interfejsa Korišćenje Linux-a i Linux alatki za dijagnostiku mreže Linux firewall Linux bezbednosni standardi sa primerima iz stvarnog života DNS usluge u Linux-u DHCP usluge u Linux-u Sertifikacione usluge u Linux-u RADIUS usluge za Linux Usluge raspoređivača opterećenja za Linux Hvatanje i analiza paketa u Linux-u Nadzor mreže pomoću Linux-a Sistemi za sprečavanje upada u Linux-u Honeypot usluge u Linux-u

BLAGOVREMENA REŠENJA Objašnjavaju nijanse administracije glavnih varijanti UNIX-a Detaljno pregledaju SVR4, HP-UX, Solaris, AIX, IRIX, SunOS, i Linux Daju rešenja koja će ljuska nabolje raditi za vas: Bourne, Bourne Again, Korn, ili C Novo u ovoj ediciji: dodatni UNIX resursi, konfigurisanje jezgra, statistika korišćenja sistema, i FTP administracija, plus saveti za bekapiranje i restauriranje vaših podataka EKSPERTSKI SOFTVER FreeBSD 2.2.5, kompletna binarna distribucija Linux Red Hat 4.2, kompletna binarna distribucija (samo x86 platforma) Izvorni kodovi i dokumentacija za Perl 5.x BONUS - ELEKTRONSKA BIBLIOTEKA Dve UNIX reference u elektronskom formatu: UNIX - DO KRAJA : Edicija za Administratore Sistema UNIX - DO KRAJA : Internet Edicija OBIMAN PAKET SA REŠENJIMA ! Šta je novo ili poboljšano u ovoj Ediciji Proverite vaš brzi vodič za dodatne UNIX izvore, takve kao stranice za pomoć, Web lokacije, diskusione grupe, korisničke grupe, profesionalna udruženja, i autoritativne publikacije. Poglavlje 3. Istražite karakteristike i sintaksu Bourne Again ljuske, naučite kako da je instalirate i pozovete, upoznajte njene fajlove za inicijalizaciju, radite sa njegovom komandnom linijom i istorijom. Poglavlje 10. Za nove administratore: pregled koncepata administracije sistema, zadataka, resursa i alata, uključujući povezivanje u mrežu, heterogenost, podržavanje korisnika i sistema. Poglavlje 14. Shvatite osnove jezgra i konfigurisanja: servisi; proces, upravljanje memorijom i I/O; podsistem za upravljanje fajl sistemom; i proces konfigurisanja jezgra za popularne varijante UNIX-a. Poglavlje 19. Administrirajte FTP servise: pregled, primer FTP sesije, interne komande i odgovori, transferi sa trećom stranom, anonimni i bez nadgledanja FTP transferi, otklanjanje problema. Poglavlje 27. Brzo potražite značenje UNIX žargona dok čitate. Glosar Opšte UNIX Komande su sada pristupačnije, sa obimnom obradom sintakse i upotrebe, sa primerima. Poglavlje 5. Poređenje ljuski sada se proširuje na POSIX, Bash, TC, Z ljuske, i sadrži i poređenje interaktivnih karakteristika ljuski. Poglavlje 13. Osnove instalacije sada se bave zahtevima za prostorom, nekim varijantama, i obuhvataju dodatne alate. Poglavlje 15. Naučite specifičnosti startovanja i zaustavljanja HP-UX, Solaris, IRIX i Linux sistema. Poglavlje 16. Administracija fajl sistema i diskova je ažurirana da obuhvati Solaris, IRIX, SunOS, Linux i SVR4 sisteme. Poglavlje 18. Zajedno sa osnovom za TCP/IP i konfigurisanjem za UNIX, kao i NFS zajedničkim korišćenjem datoteka, Povezivanje u Mrežu sada nudi DNS implementaciju, kao i detaljnije otklanjanje problema. Poglavlje 20. Glavna UNIX statistika korišćenja sistema: osnove, definicije komandi, procedure za konfigurisanje, struktura direktorijuma, kao i generisanje izveštaja za AIX, HP-UX i Solaris. Poglavlje 21. Administrcija Uređaja obuhvata specifičnosti Solaris, BSD, Linux i SVR4 sistema (Svojstvo pristupa servisu). Poglavlje 23. Administracija Pošte obezbeđuje pregled pošte i obrađuje elm i pine. Poglavlje 24. Bekapiranje i Restauriranje ulazi u osobenosti HP-UX, AIX, Solaris, SVR4, BSD, IRIX i Linux sistema. Poglavlje 28. Fajl sistem, šta je ljuska, kao i Administracija korisnika u najvećoj meri su ponovo napisani i ažurirani. Poglavlja 4, 8 i 17.

What You Will Learn Install and tune Kali Linux 2 on a Raspberry Pi 3 for hacking Learn how to store and offload pentest data from the Raspberry Pi 3 Plan and perform man-in-the-middle attacks and bypass advanced encryption techniques Compromise systems using various exploits and tools using Kali Linux 2 Bypass security defenses and remove data off a target network Develop a command and control system to manage remotely placed Raspberry Pis Turn a Raspberry Pi 3 into a honeypot to capture sensitive information Book Description This book will show you how to utilize the latest credit card sized Raspberry Pi 3 and create a portable, low-cost hacking tool using Kali Linux 2. You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security, scanning network packets in order to detect any issues in the network, and capturing sensitive data. You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more. Finally, you’ll see how to bypass security defenses and avoid detection, turn your Pi 3 into a honeypot, and develop a command and control system to manage a remotely-placed Raspberry Pi 3. By the end of this book you will be able to turn Raspberry Pi 3 into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux 2.0. Authors Michael McPhee Michael McPhee is a Systems Engineer working for Cisco, based in Upstate NY, where he has worked for 4 years. Prior to joining Cisco, Michael spent 6 years in the U.S. Navy and another 10 working on communications systems, and has obtained the following certifications along the way: CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He has a BS in Electrical Engineering Technology from Rochester Institute of Technology and a Masters of Business Administration from University of Massachusetts - Amherst. Michael's current role sees him consulting on security and network infrastructures. Before joining Cisco, Michael was a Network Operations Team Lead at a major regional insurance company. Prior to entering IT, he spent 11 years as a systems engineer and architect for defense contractors, where he helped propose, design, and develop command and control and electronic warfare systems for the US DoD and NATO allies. Michael’s diverse experience helps customers keep things in perspective and achieve their goals securely. Jason Beltrame Jason Beltrame is a Systems Engineer for Cisco, living in the Eastern Pennsylvania Area. He has worked in the Network and Security field for 18 years, with the last 2 years as a Systems Engineer, and the prior 16 years on the operational side as a Network Engineer. During that time, Jason has achieved the following certifications: CISSP, CCNP, CCNP Security, CCDP, CCSP, CISA, ITILv2, and VCP5. He is a graduate from DeSales University in BS in Computer Science. He has a passion for security and loves learning. In his current role at Cisco, Jason focuses on Security and Enterprise Networks, but as a generalist SE, he covers all aspects of technology. Jason works with commercial territory customers, helping them achieve their technology goals based on their individual business requirements. His 16 years of real-world experience allows him to relate with his customers and understand both their challenges and desired outcomes. Table of Contents

What You Will Learn Set up Kali Linux for pen testing Map and enumerate your Windows network Exploit several common Windows network vulnerabilities Attack and defeat password schemes on Windows Debug and reverse-engineer Windows programs Recover lost files, investigate successful hacks and discover hidden data in innocent-looking files Catch and hold admin rights on the network, and maintain backdoors on the network after your initial testing is done Book Description Microsoft Windows is one of the two most common OS and managing its security has spawned the discipline of IT security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on using the network penetration, password cracking, forensics tools and not the OS. This book has the most advanced tools and techniques to reproduce the methods used by sophisticated hackers to make you an expert in Kali Linux penetration testing. First, you are introduced to Kali's top ten tools and other useful reporting tools. Then, you will find your way around your target network and determine known vulnerabilities to be able to exploit a system remotely. Next, you will prove that the vulnerabilities you have found are real and exploitable. You will learn to use tools in seven categories of exploitation tools. Further, you perform web access exploits using tools like websploit and more. Security is only as strong as the weakest link in the chain. Passwords are often that weak link. Thus, you learn about password attacks that can be used in concert with other approaches to break into and own a network. Moreover, you come to terms with network sniffing, which helps you understand which users are using services you can exploit, and IP spoofing, which can be used to poison a system's DNS cache. Once you gain access to a machine or network, maintaining access is important. Thus, you not only learn penetrating in the machine you also learn Windows privilege’s escalations. With easy to follow step-by-step instructions and support images, you will be able to quickly pen test your system and network. Authors Wolf Halton Wolf Halton is a widely recognized authority on computer and internet security, an Amazon best selling author on computer security, and the CEO of Atlanta Cloud Technology. He specializes in business continuity, security engineering, open source consulting, marketing automation, virtualization and datacenter restructuring, and Linux evangelism. Wolf started hacking Windows in 1993 and loaded Linux for the first time in 2002. Wolf attributes whatever successes he has had to his darling bride, Helen, without whose tireless encouragement he would have never come so far so fast. To contact Wolf, e-mail him at [email protected]. Bo Weaver Bo Weaver is an old-school ponytailed geek who misses the old days of black screens and green text, when mice were only found under the subflooring and monitors only had eight colors. His first involvement with networks was in 1972, while working on an R&D project called ARPANET in the US Navy. Here, he also learned the power of Unix and how to "outsmart" the operating system. In the early days of BBS systems, he helped set up, secure, and maintain these systems in the South. He later worked with many in the industry to set up Internet providers and secured these environments. Bo has been working with and using Linux daily since the 1990s, and he is a promoter of open source (yes, Bo runs on Linux). He has also worked in physical security fields as a private investigator and in executive protection. Bo is now the senior penetration tester for Compliancepoint, an Atlanta-based security consulting company, where he works remotely from under a tree in the North Georgia mountains. Bo is Cherokee and works with Native American youth to help keep their traditions alive and strong. He is also the father of a geek son, Ross, a hacker in his own right, and the grandfather of two grandchildren, Rachel and Austin, who at their young age can Nmap a network. To contact Bo, e-mail him at [email protected]. Table of Contents Chapter 1: Sharpening the Saw Chapter 2: Information Gathering and Vulnerability Assessment Chapter 3: Exploitation Tools (Pwnage) Chapter 4: Web Application Exploitation Chapter 5: Sniffing and Spoofing Chapter 6: Password Attacks Chapter 7: Windows Privilege Escalation Chapter 8: Maintaining Remote Access Chapter 9: Reverse Engineering and Stress Testing Chapter 10: Forensics

What You Will Learn Develop a network-testing environment that can be used to test scanning tools and techniques Understand the underlying principles of network scanning technologies by building custom scripts and tools Identify distinct vulnerabilities in both web applications and remote services and understand the techniques that are used to exploit them Perform comprehensive scans to identify listening on TCP and UDP sockets Get an overview of the different desktop environments for Kali Linux such as KDE, MATE, LXDE, XFC, and so on Use Sparta for information gathering, port scanning, fingerprinting, vulnerability scanning, and more Evaluate Denial of Service threats and develop an understanding of how common Denial of Service attacks are performed Learn how to use Burp Suite to evaluate web applications Book Description With the ever-increasing amount of data flowing in today’s world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools. Starting with the fundamentals of installing and managing Kali Linux, this book will help you map your target with a wide range of network scanning tasks, including discovery, port scanning, fingerprinting, and more. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. The book offers expanded coverage of the popular Burp Suite and has new and updated scripts for automating scanning and target exploitation. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. You will cover the latest features of Kali Linux 2016.2, which includes the enhanced Sparta tool and many other exciting updates. This immersive guide will also encourage the creation of personally scripted tools and the skills required to create them. Authors Michael Hixon Michael Hixon is a former Marine Corps veteran; he worked as an infantryman and counterintelligence agent. After the military, he worked as a programmer before changing his focus to IT security. Michael has worked for the Red Cross, Department of Defense, Department of Justice, and numerous intelligence agencies in his career. Michael currently runs the Baltimore chapter of OWASP, and oversees security for a number of the FAA’s web sites, CISSP, CEH, and eCPPT. Table of Contents

About This Book Familiarize yourself with the terminal by learning about powerful shell features Automate tasks by writing shell scripts for repetitive work Packed with easy-to-follow, hands-on examples to help you write any type of shell script with confidence Who This Book Is For This book is aimed at administrators and those who have a basic knowledge of shell scripting and who want to learn how to get the most out of writing shell scripts. What You Will Learn Write effective shell scripts easily Perform search operations and manipulate large text data with a single shell command Modularize reusable shell scripts by creating shell libraries Redirect input, output, and errors of a command or script execution to other streams Debug code with different shell debugging techniques to make your scripts bug-free Manage processes, along with the environment variables needed to execute them properly Execute and embed other languages in your scripts Manage creation, deletion, and search operations in files In Detail Shell scripting is a quick method to prototype complex applications or problems. Shell scripts are a collection of commands to automate tasks, usually those for which the user has a repeated need, when working on Linux-based systems. Using simple commands or a combination of them in a shell can solve complex problems easily. This book starts with the basics, including essential commands that can be executed on Linux systems to perform tasks within a few nanoseconds. You’ll learn to use outputs from commands and transform them to show the data you require. Discover how to write shell scripts easily, execute script files, debug, and handle errors. Next, you’ll explore environment variables in shell programming and learn how to customize them and add a new environment. Finally, the book walks you through processes and how these interact with your shell scripts, along with how to use scripts to automate tasks and how to embed other languages and execute them. Authors Sinny Kumari Sinny Kumari has been a GNU/Linux user since the beginning of her college days. Her passion is to contribute to free software that benefits millions of people. She is a KDE contributor, KDE e.V. member, Fedora packager, and a Google Summer of Code mentor. To keep up her passion in open source, she has been working as a software engineer at Red Hat after completing her bachelor's degree in computer science in 2012. As part of her work, she contributes to the Libabigail project that helps with ABI analysis on ELF binaries. She also loves going to technical conferences and sharing her experiences by giving talks. Her blogs about almost all of these activities can be found at http://sinny.io/. Table of Contents Chapter 1: The Beginning of the Scripting Journey Chapter 2: Getting Hands-on with I/O, Redirection Pipes, and Filters Chapter 3: Effective Script Writing Chapter 4: Modularizing and Debugging Chapter 5: Customizing the Environment Chapter 6: Working with Files Chapter 7: Welcome to the Processes Chapter 8: Scheduling Tasks and Embedding Languages in Scripts

About This Book Learn the fundamentals behind commonly used scanning techniques Deploy powerful scanning tools that are integrated into the Kali Linux testing platform A step-by-step guide, full of recipes that will help you use integrated scanning tools in Kali Linux, and develop custom scripts for making new and unique tools of your own Who This Book Is For "Kali Linux Network Scanning Cookbook" is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience. What You Will Learn Develop a network-testing environment that can be used to test scanning tools and techniques Understand the underlying principles of network scanning technologies by building custom scripts and tools Perform comprehensive scans to identify listening on TCP and UDP sockets Examine remote services to identify type of service, vendor, and version Evaluate denial of service threats and develop an understanding of how common denial of service attacks are performed Identify distinct vulnerabilities in both web applications and remote services and understand the techniques that are used to exploit them In Detail Kali Linux Network Scanning Cookbook will introduce you to critical scanning concepts. You will be shown techniques associated with a wide range of network scanning tasks that include discovery scanning, port scanning, service enumeration, operating system identification, vulnerability mapping, and validation of identified findings. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. This immersive guide will also encourage the creation of personally scripted tools and the development of skills required to create them. Read an extract of the book UDP scanning with Scapy Scapyis a tool that can be used to craft and inject custom packets into a network. In this specific recipe, Scapy will be used to scan for active UDP services. This can be done by sending an empty UDP packet to destination ports and then identifying the ports that do not respond with an ICMP port-unreachable response. Getting ready To use Scapy to perform UDP scanning, you will need to have a remote system that is running network services over UDP. In the examples provided, an instance of Metasploitable2 is used to perform this task. Additionally, this section will require a script to be written to the filesystem using a text editor, such as VIM or Nano. How to do it… Using Scapy, we can quickly develop an understanding of the underlying principles behind how UDP scanning works. To positively confirm the existence of a UDP service on any given port, we will need to solicit a reply from that service. This can prove to be very difficult, as many UDP services will only reply to service-specific requests. Knowledge of any particular service can make it easier to positively identify that service; however, there are general techniques that can be used to determine, with a reasonable amount of accuracy, whether a service is running on a given UDP port. The technique that we will use with Scapy is to identify closed UDP ports with ICMP port-unreachable replies. To send a UDP request to any given port, we first need to build layers of that request. The first layer that we will need to construct is the IP layer: root@KaliLinux:~# scapy Welcome to Scapy (2.2.0) >>> i = IP() >>> i.display() ###[ IP ]### version= 4 ihl= None tos= 0x0 len= None id= 1 flags= frag= 0 ttl= 64 proto= ip chksum= None src= 127.0.0.1 dst= 127.0.0.1 \options\ >>> i.dst = "172.16.36.135" >>> i.display() ###[ IP ]### version= 4 ihl= None tos= 0x0 len= None id= 1 flags= frag= 0 ttl= 64 proto= ip chksum= None src= 172.16.36.180 dst= 172.16.36.135 \options\ To build the IP layer of our request, we need to assign the IP object to the variable i. By calling the display function, we can identify the attribute configurations for the object. By default, both the sending and receiving addresses are set to the loopback address, 127.0.0.1. These values can be modified by changing the destination address, by setting i.dst to be equal to the string value of the address that we wish to scan. On calling the display function again, we see that not only has the destination address been updated, but Scapy also automatically updates the source IP address to the address associated with the default interface. Now that we have constructed the IP layer of the request, we can proceed to the UDP layer: >>> u = UDP() >>> u.display() ###[ UDP ]### sport= domain dport= domain len= None chksum= None >>> u.dport 53 To build the UDP layer of our request, we use the same technique that we used for the IP layer. In the example provided, the UDP object was assigned to the u variable. As mentioned previously, the default configurations can be identified by calling the display function. Here, we can see that the default value for both the source and destination ports are listed as domain. As you might likely suspect, this is to indicate the Domain Name System (DNS) service associated with port 53. DNS is a common service that can often be discovered on networked systems. To confirm this, one can call the value directly by referencing the variable name and attribute. This can then be modified by setting the attribute equal to the new port destination value as follows: >>> u.dport = 123 >>> u.display() ###[ UDP ]### sport= domain dport= ntp len= None chksum= None In the preceding example, the destination port is set to 123, which is the Network Time Protocol (NTP) port. Now that we have created both the IP and UDP layers, we need to construct the request by stacking these layers: >>> request = (i/u) >>> request.display() ###[ IP ]### version= 4 ihl= None tos= 0x0 len= None id= 1 flags= frag= 0 ttl= 64 proto= udp chksum= None src= 172.16.36.180 dst= 172.16.36.135 \options\ ###[ UDP ]### sport= domain dport= ntp len= None chksum= None We can stack the IP and UDP layers by separating the variables with a forward slash. These layers can then be set equal to a new variable that will represent the entire request. We can then call the display function to view the configurations for the request. Once the request has been built, it can be passed to the sr1 function so that we can analyze the response: >>> response = sr1(request) Begin emission: ......Finished to send 1 packets. ....* Received 11 packets, got 1 answers, remaining 0 packets >>> response.display() ###[ IP ]### version= 4L ihl= 5L tos= 0xc0 len= 56 id= 63687 flags= frag= 0L ttl= 64 proto= icmp chksum= 0xdfe1 src= 172.16.36.135 dst= 172.16.36.180 \options\ ###[ ICMP ]### type= dest-unreach code= port-unreachable chksum= 0x9e72 unused= 0 ###[ IP in ICMP ]### version= 4L ihl= 5L tos= 0x0 len= 28 id= 1 flags= frag= 0L ttl= 64 proto= udp chksum= 0xd974 src= 172.16.36.180 dst= 172.16.36.135 \options\ ###[ UDP in ICMP ]### sport= domain dport= ntp len= 8 chksum= 0x5dd2 This same request can be performed without independently building and stacking each layer. Instead, we can use a single, one-line command by calling the functions directly and passing them the appropriate arguments as follows: >>> sr1(IP(dst="172.16.36.135")/UDP(dport=123)) ..Begin emission: ...*Finished to send 1 packets. Received 6 packets, got 1 answers, remaining 0 packets >>> Note that the response for these requests includes an ICMP packet that has type indicating that the host is unreachable and code indicating that the port is unreachable. This response is commonly returned if the UDP port is closed. Now, we should attempt to modify the request so that it is sent to a destination port that corresponds to an actual service on the remote system. To do this, we change the destination port back to port 53 and then send the request again, as follows: >>> response = sr1(IP(dst="172.16.36.135")/UDP(dport=53),timeout=1,verbose=1) Begin emission: Finished to send 1 packets. Received 8 packets, got 0 answers, remaining 1 packets When the same request is sent to an actual service, no reply is received. This is because the DNS service running on the system's UDP port 53 will only respond to service-specific requests. Knowledge of this discrepancy can be used to scan for ICMP host-unreachable replies, and we can then identify potential services by flagging the nonresponsive ports: #!/usr/bin/python import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) from scapy.all import * import time import sys if len(sys.argv) != 4: print "Usage - ./udp_scan.py [Target-IP] [First Port] [Last Port]" print "Example - ./udp_scan.py 10.0.0.5 1 100" print "Example will UDP port scan ports 1 through 100 on 10.0.0.5" sys.exit() ip = sys.argv[1] start = int(sys.argv[2]) end = int(sys.argv[3]) for port in range(start,end): ans = sr1(IP(dst=ip)/UDP(dport=port),timeout=5,verbose=0) time.sleep(1) if ans == None: print port else: pass The provided Python script sends a UDP request to each of the first hundred ports in sequence. In the case that no response is received, the port is identified as being open. By running this script, we can identify all of the ports that don't return an ICMP host-unreachable reply: root@KaliLinux:~# chmod 777 udp_scan.py root@KaliLinux:~# ./udp_scan.py Usage - ./udp_scan.py [Target-IP] [First Port] [Last Port] Example - ./udp_scan.py 10.0.0.5 1 100 Example will UDP port scan ports 1 through 100 on 10.0.0.5 root@KaliLinux:~ # ./udp_scan.py 172.16.36.135 1 100 53 68 69 A timeout of 5 seconds is used to adjust for latent responses that result from ICMP hostunreachable rate limiting. Even with this rather large response acceptance window, scanning in this fashion can still be unreliable at times. It is for this reason that UDP probing scans are often a more effective alternative. How it works… In this recipe, UDP scanning is performed by identifying the ports that do not respond with ICMP port-unreachable responses. This process can be highly time consuming as ICMP port-unreachable responses are often throttled. It can also, at times, be an unreliable approach as some systems do not generate these responses, and ICMP is often filtered by firewalls. An alternative approach is to use service-specific probes that attempt to solicit a positive response. Authors Justin Hutchens Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force where he worked as an intrusion detection specialist, network vulnerability analyst and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He currently holds a Bachelor’s degree in Information Technology and multiple professional information security certifications, to include CISSP (Certified Information Systems Security Professional), OSCP (Offensive Security Certified Professional), eWPT (eLearnSecurity Web-Application Penetration Tester), GCIH (GIAC Certified Incident Handler), CNDA (Certified Network Defense Architect), CEH (Certified Ethical Hacker), ECSA (EC-Council Certified Security Analyst) and CHFI (Computer Hacking Forensic Investigator). He was also the writer and producer of the Packt eLearning video course “Kali Linux - Backtrack Evolved”. Table of Contents Chapter 1: Getting Started Chapter 2: Discovery Scanning Chapter 3: Port Scanning Chapter 4: Fingerprinting Chapter 5: Vulnerability Scanning Chapter 6: Denial of Service Chapter 7: Web Application Scanning Chapter 8: Automating Kali Tools

What You Will Learn Install and set up Kali Linux on multiple platforms Customize Kali Linux to your individual needs, install necessary drivers, and learn basic Kali Linux commands Set up advanced testing and configure Windows and Linux targets Get to grips with information gathering and exploitation techniques Locate vulnerabilities with Nessus and OpenVAS and exploit them with Metasploit Discover multiple solutions to escalate privileges on a compromised machine Crack WEP/WPA/WPA2 Wi-Fi encryption Understand how to use Kali Linux in all phases of a penetration test Book Description Kali Linux is an open source Linux distribution for security, digital forensics, and penetration testing tools, and is now an operating system for Linux users. It is the successor to BackTrack, the world’s most popular penetration testing distribution tool. In this age, where online information is at its most vulnerable, knowing how to execute penetration testing techniques such as wireless and password attacks, which hackers use to break into your system or network, help you plug loopholes before it's too late and can save you countless hours and money. Kali Linux Cookbook, Second Edition is an invaluable guide, teaching you how to install Kali Linux and set up a virtual environment to perform your tests. You will learn how to eavesdrop and intercept traffic on wireless networks, bypass intrusion detection systems, attack web applications, check for open ports, and perform data forensics. This book follows the logical approach of a penetration test from start to finish with many screenshots and illustrations that help to explain each tool in detail. This book serves as an excellent source of information for security professionals and novices alike. Authors Willie Pritchett Willie Pritchett, MBA, is a seasoned developer and security enthusiast who has over 20 years of experience in the IT field. He is currently the Chief Executive at Mega Input Data Services, Inc., a full service database management firm specializing in secure, data-driven application development and staffing services. He has worked with State and local Government agencies as well as having helped many small businesses reach their goals through technology. He has several industry certifications and currently trains students on various topics including ethical hacking and penetration testing. David De Smet David De Smet has worked in the software industry since 2007 and is the founder and CEO of iSoftDev Co., where he is responsible for many varying tasks, including but not limited to consultancy, customer requirements specification analysis, software design, software implementation, software testing, software maintenance, database development, and web design. He is very passionate about what he does and spends inordinate amounts of time in the software development area. He also has a keen interest in the hacking and network security field and provides network security assessments to several companies. Table of Contents 1: INSTALLING KALI AND THE LAB SETUP 2: RECONNAISSANCE AND SCANNING 3: VULNERABILITY ANALYSIS 4: FINDING EXPLOITS IN THE TARGET 5: SOCIAL ENGINEERING 6: PASSWORD CRACKING 7: PRIVILEGE ESCALATION 8: WIRELESS SPECIFIC RECIPES 9: WEB AND DATABASE SPECIFIC RECIPES 10: MAINTAINING ACCESS

About This Book Implement KVM on the Linux Box and become the go-to person for Linux virtualization in your organization Acquire the key skills needed to migrate your application from datacenter virtualization to the cloud Understand how Linux virtualization can be used to build large scale, centralized, enterprise grade virtualization Who This Book Is For If you’re a minimum of advanced novice or intermediate level administrator in Linux, with reasonable knowledge level and understanding of core elements and applications, then this book is for you. What You Will Learn Get to grips with Linux virtualization and the technology available in this arena See why KVM offers a better virtualization platform Implement KVM virtualization using oVirt Understand the KVM architecture Migrate from datacenter virtualization to the cloud Grasp the concepts of OpenStack and its various service offerings In Detail Linux is the leading OS on the enterprise market. One of the major technologies used to achieve this is Kernal Virtual Machine (KVM). KVM is an integral part of the Linux OS, and you don’t need to use an external hypervisor like Xen or VMWare. Through this book, you will develop the skills to implement KVM as datacenter virtualization, and have you a better understanding of the current Linux virtualization market and the KVM architecture. The book starts by giving you an insight into the prevailing technologies in Linux virtualization, and then explains how to set up a standalone KVN virtualization platform and libvirt-based management tools to manage it. Next, you will deep dive into using KVM virtualization with virt-manager and kimchi-project, along with various advanced settings and features provided by virt-manager to help you efficiently manage virtual machines. Moving on, the book provides well-tested backup and recovery strategies for KVM virtual machines, and explains how the performance of Microsoft Windows and RHEL virtual machines can be improved. It will help you understand how Linux virtualization can be used to build large scale, centralized, enterprise grade virtualization, and also teach you about oVirt’s features, such as oVirt node scalability, performance, and security, and their implementation. Next, you will learn to integrate KVM with OpenStack and find out how SDN and existing standards are integrated with OpenStack. Finally, you will find out how to migrate your existing physical machines to the cloud, as well as the various tools available to perform this migration. Authors Prasad Mukhedkar Prasad Mukhedkar is a Senior Technical Support Engineer at Red Hat. His particular area of expertise is in designing, building, and supporting IT Infrastructure for workloads, especially large virtialization environments and cloud IaaS, using open source technologies. Skilled in KVM Virtualizatuon with continuous working experience starting with its very early version, Possess extensive hands and technical knowledge of Red Hat Enterprise Virtualization. These days his is primarily concentrating on Openstack and Cloudforms Platforms. His other area of interest includes Linux Performance Tuning, Designing highly scalable open source identity management solutions and enterprise IT security. He is a huge fan of linux "GNU Screen" utility. Anil Vettathu Anil Vettathu started his interaction with Linux in college. He started his career in 2006 as a Linux System Administrator. He has specialized in Open Source Virtualization technologies, especially KVM. He had the opportunity to work on Ovirt & RHEV from its very early versions. Currently, he is working as a TAM for Red Hat. Table of Contents

What You Will Learn Set up a penetration testing laboratory in a secure way Find out what information is useful to gather when performing penetration tests and where to look for it Use crawlers and spiders to investigate an entire website in minutes Discover security vulnerabilities in web applications in the web browser and using command-line tools Improve your testing efficiency with the use of automated vulnerability scanners Exploit vulnerabilities that require a complex setup, run custom-made exploits, and prepare for extraordinary scenarios Set up Man in the Middle attacks and use them to identify and exploit security flaws within the communication between users and the web server Create a malicious site that will find and exploit vulnerabilities in the user's web browser Repair the most common web vulnerabilities and understand how to prevent them becoming a threat to a site's security Book Description Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform and operating system that provides a huge array of testing tools, many of which can be used specifically to execute web penetration testing. This book will teach you, in the form step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure, for you and your users. Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. Finally, we will put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities. Authors Gilberto Nájera-Gutiérrez Gilberto Nájera-Gutiérrez leads the Security Testing Team (STT) at Sm4rt Security Services, one of the top security firms in Mexico. He is also an Offensive Security Certified Professional (OSCP), an EC-Council Certified Security Administrator (ECSA), and holds a master's degree in computer science with specialization in artificial intelligence. He has been working as a Penetration Tester since 2013 and has been a security enthusiast since high school; he has successfully conducted penetration tests on networks and applications of some of the biggest corporations in Mexico, such as government agencies and financial institutions. Table of Contents Chapter 1: Setting Up Kali Linux Chapter 2: Reconnaissance Chapter 3: Crawlers and Spiders Chapter 4: Finding Vulnerabilities Chapter 5: Automated Scanners Chapter 6: Exploitation – Low Hanging Fruits Chapter 7: Advanced Exploitation Chapter 8: Man in the Middle Attacks Chapter 9: Client-Side Attacks and Social Engineering Chapter 10: Mitigation of OWASP Top 10

What You Will Learn Make, execute, and debug your first Bash script Create interactive scripts that prompt for user input Foster menu structures for operators with little command-line experience Develop scripts that dynamically edit web configuration files to produce a new virtual host Write scripts that use AWK to search and reports on log files Draft effective scripts using functions as building blocks, reducing maintenance and build time Make informed choices by comparing different script languages such as Python with BASH Book Description In this book, you’ll discover everything you need to know to master shell scripting and make informed choices about the elements you employ. Grab your favorite editor and start writing your best Bash scripts step by step. Get to grips with the fundamentals of creating and running a script in normal mode, and in debug mode. Learn about various conditional statements' code snippets, and realize the power of repetition and loops in your shell script. You will also learn to write complex shell scripts. This book will also deep dive into file system administration, directories, and system administration like networking, process management, user authentications, and package installation and regular expressions. Towards the end of the book, you will learn how to use Python as a BASH Scripting alternative. By the end of this book, you will know shell scripts at the snap of your fingers and will be able to automate and communicate with your system with keyboard expressions. Authors Mokhtar Ebrahim Mokhtar Ebrahim started working as a Linux system administrator in 2010. He is responsible for maintaining, securing, and troubleshooting Linux servers for multiple clients around the world. He loves writing shell and Python scripts to automate his work. He writes technical articles on the Like Geeks website about Linux, Python, web development, and server administration. He is a father to a beautiful girl and a husband to a faithful wife. Andrew Mallett Andrew Mallett is the owner of The Urban Penguin, and he is a comprehensive provider of professional Linux software development, training, and services. Having always been a command-line fan, he feels that so much time can be saved through knowing command-line shortcuts and scripting. TheUrbanPenguin YouTube channel, maintained by Andrew, has well over 800 videos to support this, and he has authored four other Packt titles. Table of Contents Chapter 1: The What and Why of Scripting with Bash Technical requirements Types of Linux shells What is bash scripting? The bash command hierarchy Preparing text editors for scripting Creating and executing scripts Declaring variables Variable scope Command substitution Debugging your scripts Summary Questions Further reading Chapter 2: Creating Interactive Scripts Technical requirements Using echo with options Basic script using read Script comments Enhancing scripts with read prompts Limiting the number of entered characters Controlling the visibility of the entered text Passing options Try to be standard Enhancing learning with simple scripts Summary Questions Further reading Chapter 3: Conditions Attached Technical requirements Simple decision paths using command-line lists Verifying user input with lists Using the test shell built-in Creating conditional statements using if Extending if with else Test command with the if command More conditions with elif Using case statements Recipe – building a frontend with grep Summary Questions Further reading Chapter 4: Creating Code Snippets Technical requirements Abbreviations Using code snippets Creating snippets using VS Code Summary Questions Further reading Chapter 5: Alternative Syntax Technical requirement Recapping the test command Providing parameter defaults When in doubt – quote! Advanced tests using [[ Arithmetic operations using (( Summary Questions Further reading Chapter 6: Iterating with Loops Technical requirement for loops Advanced for loops The IFS Counting directories and files C-style for loops Nested loops Redirecting loop output while loops and until loops Reading input from files Creating operator menus Summary Questions Further reading Chapter 7: Creating Building Blocks with Functions Technical requirements Introducing functions Passing parameters to functions Variable scope Returning values from functions Recursive functions Using functions in menus Summary Questions Further reading Chapter 8: Introducing the Stream Editor Technical requirements Using grep to display text Understanding the basics of sed Other sed commands Multiple sed commands Summary Questions Further reading Chapter 9: Automating Apache Virtual Hosts Technical requirements Apache name-based Virtual Hosts Automating virtual host creation Summary Questions Further reading Chapter 10: AWK Fundamentals Technical requirements The history behind AWK Displaying and filtering content from files AWK variables Conditional statements Formatting output Further filtering to display users by UID AWK control files Summary Questions Further reading Chapter 11: Regular Expressions Technical requirements Regular expression engines Defining BRE patterns Defining ERE patterns Using grep Summary Questions Further reading Chapter 12: Summarizing Logs with AWK Technical requirements The HTTPD log file format Displaying data from web logs Displaying the highest ranking IP address Displaying the browser data Working with email logs Summary Questions Further reading Chapter 13: A Better lastlog with AWK Technical requirements Using AWK ranges to exclude data Conditions based on the number of fields Manipulating the AWK record separator to report on XML data Summary Questions Further reading Chapter 14: Using Python as a Bash Scripting Alternative Technical requirements What is Python? Saying Hello World the Python way Pythonic arguments Supplying arguments Counting arguments Significant whitespace Reading user input Using Python to write to files String manipulation Summary Questions Further reading

What You Will Learn Explore the ecosystem of tools that support Linux virtualization Find out why KVM offers you a smarter way to unlock the potential of virtualization Implement KVM virtualization using oVirt Explore the KVM architecture – so you can manage, scale and optimize it with ease Migrate your virtualized datacenter to the cloud for truly resource-efficient computing Find out how to integrate OpenStack with KVM to take full control of the cloud Book Description A robust datacenter is essential for any organization – but you don’t want to waste resources. With KVM you can virtualize your datacenter, transforming a Linux operating system into a powerful hypervisor that allows you to manage multiple OS with minimal fuss. This book doesn’t just show you how to virtualize with KVM – it shows you how to do it well. Written to make you an expert on KVM, you’ll learn to manage the three essential pillars of scalability, performance and security – as well as some useful integrations with cloud services such as OpenStack. From the fundamentals of setting up a standalone KVM virtualization platform, and the best tools to harness it effectively, including virt-manager, and kimchi-project, everything you do is built around making KVM work for you in the real-world, helping you to interact and customize it as you need it. With further guidance on performance optimization for Microsoft Windows and RHEL virtual machines, as well as proven strategies for backup and disaster recovery, you’ll can be confident that your virtualized data center is working for your organization – not hampering it. Finally, the book will empower you to unlock the full potential of cloud through KVM. Migrating your physical machines to the cloud can be challenging, but once you’ve mastered KVM, it’s a little easie. Authors Humble Devassy Chirammal Humble Devassy Chirammal works as a senior software engineer at Red Hat in the Storage Engineering team. He has more than 10 years of IT experience and his area of expertise is in knowing the full stack of an ecosystem and architecting the solutions based on the demand. These days, he primarily concentrates on GlusterFS and emerging technologies, such as IaaS, PaaS solutions in Cloud, and Containers. He has worked on intrusion detection systems, clusters, and virtualization. He is an Open Source advocate. He actively organizes meetups on Virtualization, CentOS, Openshift, and GlusterFS. His Twitter handle is @hchiramm and his website is http://www.humblec.com/. Prasad Mukhedkar Prasad Mukhedkar is a senior technical support engineer at Red Hat. His area of expertise is designing, building, and supporting IT infrastructure for workloads, especially large virtualization environments and cloud IaaS using open source technologies. He is skilled in KVM virtualization with continuous working experience from its very early stages, possesses extensive hands-on and technical knowledge of Red Hat Enterprise Virtualization. These days, he concentrates primarily on OpenStack and Cloudforms platforms. His other area of interest includes Linux performance tuning, designing highly scalable open source identity management solutions, and enterprise IT security. He is a huge fan of the Linux "GNU Screen" utility. Continue reading Anil Vettathu Anil Vettathu started his association with Linux in college and began his career as a Linux System Administrator soon after. He is a generalist and is interested in Open Source technologies. He has hands on experience in designing and implementing large scale virtualization environments using open source technologies and has extensive knowledge in libvirt and KVM. These days he primarily works on Red Hat Enterprise Virtualization, containers and real time performance tuning. Currently, he is working as a Technical Account Manager for Red Hat. His website is http://anilv.in. Table of Contents Chapter 1: Understanding Linux Virtualization Chapter 2: KVM Internals Chapter 3: Setting Up Standalone KVM Virtualization Chapter 4: Getting Started with libvirt and Creating Your First Virtual Machines Chapter 5: Network and Storage Chapter 6: Virtual Machine Lifecycle Management Chapter 7: Templates and Snapshots Chapter 8: Kimchi – An HTML5-Based Management Tool for KVM/libvirt Chapter 9: Software-Defined Networking for KVM Virtualization Chapter 10: Installing and Configuring the Virtual Datacenter Using oVirt Chapter 11: Starting Your First Virtual Machine in oVirt Chapter 12: Deploying OpenStack Private Cloud backed by KVM Virtualization Chapter 13: Performance Tuning and Best Practices in KVM Chapter 14: V2V and P2V Migration Tools

What You Will Learn Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization Proxy web transactions through tools such as Burp Suite, OWASP's ZAP tool, and Vega to uncover application weaknesses and manipulate responses Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do Book Description You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess. By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications. Authors Michael McPhee Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mike’s current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay. Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies. Prior publication: Penetration Testing with the Raspberry Pi – Second Edition (with Jason Beltrame), Packt Publishing, November 2016. Table of Contents

What You Will Learn Interact with websites via scripts Write shell scripts to mine and process data from the Web Automate system backups and other repetitive tasks with crontab Create, compress, and encrypt archives of your critical data. Configure and monitor Ethernet and wireless networks Monitor and log network and system activity Tune your system for optimal performance Improve your system's security Identify resource hogs and network bottlenecks Extract audio from video files Create web photo albums Use git or fossil to manage revision control and interact with FOSS projects Create and maintain Linux containers and Virtual Machines Run a private Cloud server Book Description The shell is the most powerful tool your computer provides. Despite having it at their fingertips, many users are unaware of how much the shell can accomplish. Using the shell, you can generate databases and web pages from sets of files, automate monotonous admin tasks such as system backups, monitor your system's health and activity, identify network bottlenecks and system resource hogs, and more. This book will show you how to do all this and much more. This book, now in its third edition, describes the exciting new features in the newest Linux distributions to help you accomplish more than you imagine. It shows how to use simple commands to automate complex tasks, automate web interactions, download videos, set up containers and cloud servers, and even get free SSL certificates. Starting with the basics of the shell, you will learn simple commands and how to apply them to real-world issues. From there, you'll learn text processing, web interactions, network and system monitoring, and system tuning. Software engineers will learn how to examine system applications, how to use modern software management tools such as git and fossil for their own work, and how to submit patches to open-source projects. Finally, you'll learn how to set up Linux Containers and Virtual machines and even run your own Cloud server with a free SSL Certificate from letsencrypt.org. Authors Clif Flynt Clif Flynt has been programming computers since 1970, administering Linux/Unix systems since 1985, and writing since he was 9 years old. He's active in the Tcl/Tk and Linux user communities. He speaks frequently at technical conferences and user groups. He owns and runs Noumena Corporation, where he develops custom software and delivers training sessions. His applications have been used by organizations ranging from one man startups to the US Navy. These applications range from distributed simulation systems to tools to help fiction authors write better (Editomat). He has trained programmers on four continents. When not working with computers, Clif plays guitar, writes fiction experiments with new technologies, and plays with his wife's cats. He's the author of Tcl/Tk: A Developer's Guide by Morgan Kauffman, 2012, as well as several papers, and magazine articles. His poetry and fiction have been published in small journals, including Write to Meow by Grey Wolfe Press, 2015. Sarath Lakshman Sarath Lakshman is a 27 year old who was bitten by the Linux bug during his teenage years. He is a software engineer working in ZCloud engineering group at Zynga, India. He is a life hacker who loves to explore innovations. He is a GNU/Linux enthusiast and hactivist of free and open source software. He spends most of his time hacking with computers and having fun with his great friends. Sarath is well known as the developer of SLYNUX (2005) - a user friendly GNU/Linux distribution for Linux newbies. The free and open source software projects he has contributed to are PiTiVi Video editor, SLYNUX GNU/Linux distro, Swathantra Malayalam Computing, School-Admin, Istanbul, and the Pardus Project. He has authored many articles for the Linux For You magazine on various domains of FOSS technologies. He had made a contribution to several different open source projects during his multiple Google Summer of Code projects. Currently, he is exploring his passion about scalable distributed systems in his spare time. Sarath can be reached via his website. Continue reading Shantanu Tushar Shantanu Tushar is an advanced GNU/Linux user since his college days. He works as an application developer and contributes to the software in the KDE projects. Shantanu has been fascinated by computers since he was a child, and spent most of his high school time writing C code to perform daily activities. Since he started using GNU/Linux, he has been using shell scripts to make the computer do all the hard work for him. He also takes time to visit students at various colleges to introduce them to the power of Free Software, including its various tools. Shantanu is a well-known contributor in the KDE community and works on Calligra, Gluon and the Plasma subprojects. He looks after maintaining Calligra Active - KDE's offie document viewer for tablets, Plasma Media Center, and the Gluon Player. One day, he believes, programming will be so easy that everybody will love to write programs for their computers. Shantanu can be reached by e-mail on [email protected], shantanutushar on Identi.ca/Twitter, or his website. Table of Contents Chapter 1: Shell Something Out Chapter 2: Have a Good Command Chapter 3: File In, File Out Chapter 4: Texting and Driving Chapter 5: Tangled Web? Not At All! Chapter 6: Repository Management Chapter 7: The Backup Plan Chapter 8: The Old-Boy Network Chapter 9: Put On the Monitors Cap Chapter 10: Administration Calls Chapter 11: Tracing the Clues Chapter 12: Tuning a Linux System Chapter 13: Containers, Virtual Machines, and the Cloud

About This Book Master the art of using Linux and administering network services for enterprise environments Perform hands-on activities to reinforce expert-level knowledge Get full coverage of both the CentOS and Debian systems, including how networking concepts differ for each Who This Book Is For Mastering Linux Network Administration is recommended for those who already understand the basics of using Linux and networking, and would like to push those skills to a higher level through real-world Linux networking scenarios. Whether you intend to run a home office consisting of Linux nodes or a rollout of a Linux network within your organization, this book is a great fit for those that desire to learn how to manage networked systems with the power of Linux. What You Will Learn Install and configure the Debian and CentOS systems Set up and configure file servers Administer networked nodes remotely Discover how to monitor system performance for peak health Configure network services such as DNS and DHCP Host HTTP content via Apache Troubleshoot Linux networking issues In Detail Linux is everywhere. Whether you run a home office, a small business, or manage enterprise systems, Linux can empower your network to perform at its very best. Armed with the advanced tools and best practice guidance of this practical guide, you'll be able to mold Linux networks to your will, empowering your systems and their users to take advantage of all that Linux-based networks have to offer. Understand how Linux networks function and get to grips with essential tips and tricks to manage them - whether you're already managing a networks, or even just starting out. With Debian and CentOS as its source, this book will divulge all the details you need to manage a real Linux-based network. With detailed activities and instructions based on real-world scenarios, this book will be your guide to the exciting world of Linux networking. Authors Jay LaCroix Jay LaCroix is a Michigan-born technologist with a focus on Linux and open source software. He has over 13 years of experience working with Linux, including servers, networking, scripting, programming, virtualization, and any open source technology he can get his hands on. He is currently working as a Linux systems engineer and enjoys writing, training, and empowering others to use Linux. He is also the author of Linux Mint Essentials. Table of Contents Chapter 1: Setting up Your Environment Chapter 2: Revisiting Linux Network Basics Chapter 3: Communicating Between Nodes via SSH Chapter 4: Setting up a File Server Chapter 5: Monitoring System Resources Chapter 6: Configuring Network Services Chapter 7: Hosting HTTP Content via Apache Chapter 8: Understanding Advanced Networking Concepts Chapter 9: Securing Your Network Chapter 10: Troubleshooting Network Issues

Efikasno podesite i upravljajte bilo kojom verzijom Linuxa na posebnim serverima ili celom mrežom koristeći praktični izvor. Knjiga Linux administracija: Vodič za početnike, Sedmo izdanje je u potpunosti ažurirana i obuhvata najnovije alate i tehnike, i sadrži jasna objašnjenja, instrukcije korak po korak i primere iz stvarnog sveta. Saznajte kako da konfigurišete hardver i softver, kako da radite iz GUI-a ili komandne linije, da održavate Internet i mrežne servise i obezbedite podatke. Detaljno su opisani poboljšanja performanse, virtuelizacija, kontejneri, upravljanje softverom i rešenja za kreiranje rezervnih kopija. • Instaliranje i konfigurisanje Linuxa, uključujući najnovije distribucije: Fedora, Ubuntu, CentOS, openSUSE, Debian i RHEL • Upravljanje korisnicima, dozvolama, fajlovima, direktorijumima i aplikacijama • Podešavanje i administriranje sistemskih servisa i usluga • Upravljanje softverom iz izvornog koda ili binarnih paketa • Prilagođavanje, izgradnja ili krpljenje Linux kernela • Rad sa fizičkim i virtuelnim fajl sistemima, kao što su proc, SysFS i cgroup • Razumevanje mrežnih protokola, uključujući TCP/IP, ARP, IPv4 i IPv6 • Izgradnja pouzdanog zaštitnog zida i rutera pomoću Netfiltera (iptables i nftables) i Linuxa • Nadgledanje i testiranje mrežnih aktivnosti i minimiziranje bezbednosnih pretnji • Kreiranje i održavanje DNS, FTP, web, e-mail, print, LDAP i VoIP servera • Deljenje resursa pomoću GlusterFS-a, NFS-a i Samba-e • Implementanje popularnih cloud tehnologija pomoću Linux virtuelizacije i kontejnera pomoću KVM-a i Docker-a Sadržaj Deo I: Uvod, instalacija i upravljanje softverom Poglavlje 1: Tehnički rezime Linux distribucija Poglavlje 2: Instaliranje Linuxa u konfiguraciji servera Poglavlje 3: Komandna linija Poglavlje 4: Upravljanje softverom Deo II: Administracija jednog hosta Poglavlje 5: Upravljanje korisnicima i grupama Poglavlje 6: Podizanje sistema i isključivanje Poglavlje 7: Fajl sistemi Poglavlje 8: Osnovni sistemski servisi Poglavlje 9: Linux kernel Poglavlje 10: Knobs and Dials: Virtualni fajl sistemi Deo III: Umrežavanje i bezbednost Poglavlje 11: TCP/IP za sistemske administratore Poglavlje 12: Mrežna konfiguracija Poglavlje 13: Linux zaštitni zid Poglavlje 14: Lokalna bezbednost Poglavlje 15: Bezbednost mreže Deo IV: Internet servisi Poglavlje 16: DNS Poglavlje 17: File Transfer Protocol (FTP) Poglavlje 18: Apache Web Server Poglavlje 19: SMTP Poglavlje 20: POP i IMAP Poglavlje 21: Voice Over IP Poglavlje 22: The Secure Shell Part V: Intranet servisi Poglavlje 23: Network File System Poglavlje 24: Samba Poglavlje 25: Distributed File Systems Poglavlje 26: Network Information Service Poglavlje 27: LDAP Poglavlje 28: Printing Poglavlje 29: DHCP Poglavlje 30: Virtualization Poglavlje 31: Backups Deo VI: Dodaci Dodatak A: Kreiranje Linux instalera na Flash/USB uređajima Dodatak B: Demo virtuelna mašina

What You Will Learn Find out to download and install your own copy of Kali Linux Properly scope and conduct the initial stages of a penetration test Conduct reconnaissance and enumeration of target networks Exploit and gain a foothold on a target system or network Obtain and crack passwords Use the Kali Linux NetHunter install to conduct wireless penetration testing Create proper penetration testing reports Book Description Kali Linux 2 (aka Sana) is considered as the most significant release of Kali since 2013. You can use it to practice reconnaissance, social engineering, exploitation, and maintain access to your target. You can also document and report verified test results as well as perform a complete Kali Linux testing methodology. In the third edition of this book, we focus on the use of Kali Linux 2, a free Linux distribution that contains a number of tools related to penetration testing. This book will provide you with the skills needed so you can conduct penetration testing effectively. We’ll start by showing you how to install Kali Linux then walk you through the steps of using Kali Linux to penetration test, and finally guide you through proper reporting. Authors Gerard Johansen Gerard Johansen is an information security professional who is currently employed by a consultancy servicing fortune 500 clients throughout North America. He has performed a number of functions including threat and risk assessments, incident response, vulnerability assessment and analysis, and penetration testing. He is a graduate of Norwich University’s Masters of Science in Information Assurance and holds the Certified Information Systems Security Professional certification. Table of Contents 1: BEGINNING WITH KALI LINUX 2: PENETRATION TESTING METHODOLOGY 3: TARGET SCOPING 4: INFORMATION GATHERING 5: TARGET DISCOVERY 6: ENUMERATING TARGET 7: VULNERABILITY MAPPING 8: SOCIAL ENGINEERING 9: TARGET EXPLOITATION 10: PRIVILEGE ESCALATION 11: MAINTAINING ACCESS 12: DOCUMENTATION AND REPORTING

Ova knjiga obezbeđuje detaljne informacije o instaliranju, korišćenju i administriranju SUSE Linuxa. Naučićete kako da oslobodite širok raspon programa uključenih u SUSE Linux da biste mogli da ga koristite kao desktop računar, kao profesionalnu radnu stanicu ili kao moćan server. SUSE Linux 10 - bez tajni sadrži veliki broj tema: od upotrebe softvera koji su svakodnevno potrebni, kao što su klijenti za poštu, Web pretraživači i produktivni programi, uključujući OpenOffice.org kancelarijski paket, pa sve do konfigurisanja i administriranja širokog raspona mrežnih i serverskih proizvoda, kao što su Apache Web server i MySQL baza podataka. O autoru Michael McAllister radi u SUSE Linuxu od verzije 5.3. On je član tima za tehničku podršku u Mijenixu, novinar zadužen za tehnologiju u nedeljniku Isthmus u Madisonu, WI, računarski novinar “slobodnjak” i tehnički pisac za Ontrack. Njegove priče o tehnologiji objavljivali su Linux business Week, Java Developers Journal, Internet Voyager i Isthmus. On je bivši NetWare sistem administrator, a ima iskustva i sa drugim Novellovim proizvodima. U njegova profesionalna članstva spadaju Society for Technical Communication, Milwaukee Linux Users Group i National Writers Union. DVD sadrži: Binarnu distribuciju SUSE Linuxa 10 - ekvivalentnu sadržaju 5 CD-ova, napunjenih hiljadama programa, uključujući: Najnoviji Apache Web server Sambu za Windows zasnovane fajlove i deljenje štampača Besplatni OpenOffice.org kancelarijski paket Igre za desktop Stotine dodatnih programa i pomoćnih i razvojnih alata Planirajte svoju SUSE Linux instalaciju na osnovu Vaših računarskih potreba Konfigurišite i koristite X Window System, Linux grafički interfejs i dva primarna desktop okruženja za Linux - KDE i GNOME Radite u OpenOfficeu i drugim produktivnim alatima Kreirajte sopstvene Web sajtove i Weblogove Upravljajte kernelom i njegovim modulima Podešavajte mreže Pokrenite Apache Web server Koristite LAMP pakete za Web programiranje: Linux, Apache, MySQL i jezike skriptovanja Perl, Python i PHP Puštajte muziku, filmove i igre Sačuvajte postojeću Windows instalaciju za dvostruko butovanje Kratak sadržaj Uvod Deo I Instaliranje i konfigurisanje 1 Dobro došli u SUSE Linux 2 Priprema za instaliranje SUSE Linuxa 3 Instaliranje SUSE Linuxa 4 Dalje konfigurisanje pomoću YaST2 i SaX2 Deo II Upotreba SUSE Linuxa 5 Počinjanje sa SUSE Linuxom 6 Pokretanje desktopa 7 Štampanje sa SUSE Linuxom 8 “Sprijateljite” se sa shellom 9 Biti produktivan: kompleti za kancelariju i ostali alati 10 Prizori, zvuci i ostale interesantne ”stvari” 11 Prelazak na višeplatformski rad Deo III Upotreba Interneta 12 Konektovanje na Internet 13 Upotreba Interneta: pretraživanje Weba i pisanje elektronske pošte 14 Kreiranje osnovnih Web sajtova 15 Upravljanje serverima za poštu 16 Saradnja sa drugima 17 Bezbedan transfer fajlova Deo IV Osnovna administracija sistema 18 Upravljanje fajlovima, volumenima i drajvovima 19 Upravljanje korisnicima, upravljanje bezbednošću 20 Upravljanje podacima: rezervne kopije, vraćanje i obnavljanje 21 Održavanje sistema aktuelnim: upravljanje paketima Deo V Napredna administracija sistema 22 Upravljanje procesom butovanja i drugim servisima 23 Obezbeđivanje mašina 24 Upravljanje kernelom i modulom 25 Podešavanje mreža i Sambe 26 Upravljanje Apache Web serverom 27 Upravljanje nazivima domena Deo VI Programiranje 28 Upotreba kolekcije GNU komapjlera i drugih alata za programiranje 29 Upravljanje bazama podataka 30 Upotreba Perla i Pythona 31 Kreiranje dinamičkih Web sajtova 32 Podešavanje performansi 33 Viši razred komandne linije VII deo Dodaci A Verzije Novellovog SUSE Linuxa B SUSE i Linux Internet resursi Indeks

What You Will Learn Use embedded systems to implement your projects Access and manage peripherals for embedded systems Program embedded systems using languages such as C, Python, Bash, and PHP Use a complete distribution, such as Debian or Ubuntu, or an embedded one, such as OpenWrt or Yocto Harness device driver capabilities to optimize device communications Access data through several kinds of devices such as GPIO’s, serial ports, PWM, ADC, Ethernet, WiFi, audio, video, I2C, SPI, One Wire, USB and CAN Practical example usage of several devices such as RFID readers, Smart card readers, barcode readers, z-Wave devices, GSM/GPRS modems Usage of several sensors such as light, pressure, moisture, temperature, infrared, power, motion Book Description Embedded computers have become very complex in the last few years and developers need to be able to easily manage embedded computer projects by focusing on problem solving; they should not have to waste time finding supported peripherals or learning how to manage them. This book shows you how to interact with external environments through specific peripherals used in the industry. It focuses on the latest Linux kernel release 4 and Debian/Ubuntu distributions (with embedded distributions such as OpenWRT and Yocto). This book presents popular and user-friendly boards in the industry – such as Beaglebone Black, Atmel Xplained, Wandboard, and system-on-chip manufacturers – and lets you explore corresponding projects that make use of these boards. You will first program the embedded platforms using the C, Bash, and Python/PHP languages in order to get access to the external peripherals. You will gain a strong foundation in using embedded systems by learning how to program the device driver and access the peripherals. You will also learn how to read and write data from/to the external environment by using C programs or a scripting language (such as Bash/PHP/Python) and see how to configure a device driver for specific hardware. The final chapter shows you how to use a micro-controller board – based on the most used microcontroller – to implement real-time or specific tasks that are normally not carried out on the GNU/Linux system. After finishing this book, you will be capable of applying these skills to your personal and professional projects. Authors Rodolfo Giometti Rodolfo Giometti is an engineer, IT specialist, GNU/Linux expert and software libre evangelist. Author of the books BeagleBone Essentials and BeagleBone Home Automation Blueprints by Packt Publishing and maintainer of the LinuxPPS projects (the Linux's Pulse Per Second subsystem) he still actively contributes to the Linux source code with several patches and new device drivers for industrial applications devices. During his twenty-year+ experience, he, worked with x86, ARM, MIPS, & PowerPC-based platform. Now, Rodolfo is the Co-Chief at HCE Engineering S.r.l. and he is the Co-Founder of the Cosino Project, which involves new hardware and software systems for the quick prototyping in industry environment, control automation, and remote monitoring. Table of Contents Chapter 1: Installing the Developing System Chapter 2: Managing the System Console Chapter 3: C Compiler, Device Drivers, and Useful Developing Techniques Chapter 4: Quick Programming with Scripts and System Daemons Chapter 5: Setting Up an Embedded OS Chapter 6: General Purposes Input Output signals – GPIO Chapter 7: Serial Ports and TTY Devices - TTY Chapter 8: Universal Serial Bus - USB Chapter 9: Inter-Integrated Circuits - I2C Chapter 10: Serial Peripheral Interface - SPI Chapter 11: 1-Wire - W1 Chapter 12: Ethernet Network Device - ETH Chapter 13: Wireless Network Device - WLAN Chapter 14: Controller Area Network - CAN Chapter 15: Sound Devices - SND Chapter 16: Video devices - V4L Chapter 17: Analog-to-Digital Converters - ADC Chapter 18: Pulse-Width Modulation - PWM Chapter 19: Miscellaneous Devices

Scott Granneman has completely updated his best-selling Linux Phrasebook to reflect the newest distributions, incorporate feedback from hundreds of active Linux users, and cover today's newest tools and techniques -- including an entirely new chapter on text file manipulation. Linux Phrasebook, Second Edition offers a concise, handy reference to the Linux commands that, like a language phrasebook, can be used on the spot on moment's notice. Don't waste a minute on non-essentials: this straight-to-the-point reference delivers specific information and tested commands designed to work with any modern Linux distribution. Portable enough to take anywhere, it starts with a quick introduction to essential command line concepts, and then delivers all the modern Linux command examples, variations, and parameters you need to: view, manipulate, archive, and compress files… control file ownership and permission… find anything on your system… efficiently use the Linux shell… monitor system resources… install software… test, fix, and work with networks… integrate with Windows networks, and much more. Linux Phrasebook, Second Edition is the perfect quick command line reference for millions of Linux users and administrators at all levels of experience: people who want to get reliable information they can use right now -- with no distractions and no diversions! The quick, functional, portable, and practical Linux command line reference: straight-to-the-point information that can be used anytime, anywhere The most popular title in the Developer's Library Phrasebook series, now fully updated to reflect new Linux tools, commands, and utilities, and feedback from hundreds of readers Contains an all-new chapter on manipulating text files Table of contents Introduction Part I: Getting Started 1. Things to Know About Your Command Line 2. The Basics 3. Learning About Commands 4. Building Blocks Part II: Working With Files 5. Viewing Files 6. Manipulating Text Files 7. Ownership and Permissions 8. Archiving and Compression Part III: Finding Stuff 9. Finding Stuff: Easy 10. The find Command Part IV: Environment 11. Your Shell 12. Monitoring System Resources 13. Installing Software Part V: Networking 14. Connectivity 15. Working on the Network 16. Windows Networking

Upoznaćete se i s poslovnim paketom OpenOffice.org. kao i s poboljšanim grafičkim okruženjem GNOME 2.0. Uputstva, tehnički saveti i odgovori na najčešća pitanja izneti u knjizi svakako će vam koristiti bez obzira na to da li ste novi korisnik Linuxa ili već imate iskustva s ranijim verzijama. Dva prateća kompakt diska sadrže verziju Red Hat Linux 8. - Ovladajte tehnologijom Red Hat Linuxa - Potpuno prilagodite instalaciju Linuxa svojim potrebama - Rešavajte probleme tokom instalacije i učite na greškama - Saznajte kako se podešava grafičko radno okruženje - Otkrijte kako se dodaju i ažuriraju sistemski programski paketi - Povežite se na Internet iz Mozille i poigrajte se sa slikama u programu GIMP - Postavite barijeru da biste se zaštitili od hakera - Naučite da koristite program RPM Sadržaj Predgovor Poglavlje 1: Vrste instalacija i sistemski zahtevi Poglavlje 2: Instaliranje Red Hat Linuxa Poglavlje 3: Nadograđivanje postojećeg sistema Poglavlje 4: Nakon instalacije... Poglavlje 5: Počinjemo Poglavlje 6: Korišćenje grafičkog okruženja Poglavlje 7: Diskete i kompakt diskovi Poglavlje 8: Osnove komandnog režima Poglavlje 9: Rad s datotekama i direktorijumima Poglavlje 10: Upravljanje korisnicima i grupama Poglavlje 11: Rad s dokumentima Poglavlje 12: Umrežavanje Poglavlje 13: Programi za Internet Poglavlje 14: Audio, video i ostala zabava Poglavlje 15: Rad sa slikama Poglavlje 16: Podešavanje štampača Poglavlje 17: Osnovno podešavanje zaštitne barijere Poglavlje 18: Zadavanje vremena i datuma Poglavlje 19: Rad s paketima Poglavlje 20: Sistem RPM Poglavlje 21: Često postavljana pitanja Poglavlje 22: Prečice s tastature i skraćenice komandnog okruženja Poglavlje 23: Sistemski direktorijumi Poglavlje 24: Slične komande DOS-a i Linuxa Poglavlje 25: Prikupljanje podataka o sistemu Dodatak A: Režim za oporavak Dodatak B: Okruženje KDE Dodatak C: Podešavanje sistema za dvojno podizanje Dodatak D: Osnove particionisanja diska Dodatak E: Sistem X Window Dodatak F: Prateći CD-ovi Indeks O autorima Tim za dokumentaciju kompanije Red Hat čine stručnjaci s dugogodišnjim iskustvom u razvoju, programiranju i administriranju Linuxa. Isti autori su napisali još nekoliko knjiga o Linuxu, uključujući i Official Red Hat Linux Administrator's Guide.

Learn command line tricks, programs, and hacks you can use day to day as a Linux user, programmer, and system administrator. When you interact with the digital world, you can’t go far without interacting with Linux systems. This book shows you how to leverage its power to serve your needs. Many users know "top" is installed on almost all Linux machines, but did you know with a few keystrokes you can customize it specifically for your needs? Stuck using `cd` and `ls` commands for navigating file systems? This book looks at how you can use Ranger to quickly navigate through multiple levels of folders, and quickly run bash commands without ever leaving the terminal. We also suggest programs that can be used for common tasks such as finding which programs are using the most processing, data download/upload, and file space. You’ll know how to quickly connect to remote machines and run your commonly needed jobs in a keystroke or even on auto-pilot. With Basic Linux Terminal Tips and Tricks you'll be equipped with a wide range of tools that can be used for daily work and maintenance on all sorts of Linux systems including servers, desktops, and even embedded devices. What You Will Learn Work with common tools on your local network. Techniques for efficient use of command line. Easily manipulate text files for processing. Monitor the state of a system with a handful of popular programs. Combine programs to create useful processes. Who This Book Is For Anyone who is interested in Linux and Unix based operating systems as a hobby or for work. Table of contents Linux Primer File/Folder Navigation History and Shortcuts Scripts and Pipes Using SSH File Transfer Network Scanning System Monitoring Hardware Details and /dev Parsing Text systemd Vim Emacs Configure Bash Tmux Workflow Terminal Tools for Working with Images and Videos Extras

Istražite metode i alatke etičkog hakovanja pomoću Kali Linuxa. Šta ćete naučiti Naučite kako da podesite svoju laboratoriju pomoću Kali Linuxa Naučite osnovne koncepte testiranja neprobojnosti Veba Upoznajte alate i tehnike koje treba da upotrebite sa Kali Linuxom Identifikujte razliku između hakovanja veb aplikacije i mrežnog hakovanja Otkrijte „ranjivosti“ koje su prisutne u veb serverima i njihovim aplikacijama pomoću napada na strani servera Naučite različite tehnike koje se koriste za identifikovanje različitih tipova veb aplikacija Pregledajte standardne napade, kao što je eksploatisanje falsifikovanja unakrsnih zahteva i unakrsnih grešaka skripta Pregledajte umetnost napada na strani klijenta Istražite automatizovane napade, kao što je fuzzing veb aplikacija Opis sadržaja knjige Testiranje neprobojnosti Veba pomoću Kali Linuxa (treće izdanje) prikazuje kako da podesite laboratoriju, pomaže vam da razumete prirodu i mehaniku napada na veb sajtove i detaljno opisuje klasične napade. Ovo izdanje je ažurirano za najnovije promene Kali Linuxa i najnovije napade. Kali Linux se ističe kada je reč o napadima na strani klijenta i fuzzingu. Na početku knjige ćete upoznati detaljno osnovne koncepte hakovanja i testiranja neprobojnosti i alatke koje se koriste u Kali Linuxu, a odnose se na hakovanje veb aplikacija. Detaljno smo opisali classicalSQL, nedostatak komandnog injektiranja i mnoge načine na koje možete da eksploatišete ove nedostatke. Testiranje neprobojnosti Veba takođe zahteva osnovni pregled napada na strani klijenta, što je zaokruženo našim dugim razmatranjem grešaka u skriptovanju i validaciji unosa. Takođe postoji važno poglavlje o nedostacima implementacije kriptografije, u kojem ćemo opisati najčešće probleme u vezi sa slojevima kriptografije u mrežnom steku. Važnost ovih napada ne može da bude previše naglašena, a zaštita od njih je relevantna za većinu internet korisnika i, naravno, za programere koji testiraju neprobojnost. Na kraju knjige ćete upotrebiti automatizovanu tehniku fuzzing za identifikovanje nedostataka u veb aplikaciji. Na kraju, razumećete „ranjivosti“ veb aplikacije i načine na koji one mogu da budu eksploatisane pomoću alata u Kali Linuxu. Autori Gilberto Najera-Gutierrez Gilberto Najera-Gutierrez je iskusni ispitivač neprobojnosti, koji trenutno radi za jednog od najboljih provajdera servisa testiranja bezbednosti u Australiji. Stekao je sve važne sertifikate za testiranje bezbednosti i neprobojnosti, odnosno Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA) i GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); takođe je magistrirao u oblasti računarstva, sa specijalizacijom u oblasti veštačke inteligencije. Gilberto radi kao ispitivač neprobojnosti od 2013. godine i skoro se 20 godina bavio ispitivanjem bezbednosti. Uspešno je sproveo testiranja neprobojnosti na mrežama i aplikacijama nekih najvećih korporacija, vladinih agencija i finansijskih institucija u Meksiku i Australiji. Juned Ahmed Ansari Juned Ahmed Ansari (@junedlive) je istraživač sajber bezbednosti. On trenutno vodi testiranje neprobojnosti i tim za bezbednost u MNC-u. Radio je kao savetnik za velika preduzeća privatnog sektora i vodio njihov program sajber bezbednosti. Takođe je radio sa početnicima i pomagao im da obezbede svoj finalni proizvod. Juned je vodio nekoliko treninga za testiranje neprobojnosti koji su bili fokusirani na učenje tehnika prikrivanja i izbegavanja u visoko bezbednim okruženjima. On se primarno fokusira na testiranje neprobojnosti, inteligenciju pretnje i istraživanje bezbednosti aplikacija. Tabela sadržaja Poglavlje 1: Uvod u testiranje neprobojnosti i veb aplikacija Poglavlje 2: Podešavanje laboratorije pomoću Kali Linuxa Poglavlje 3: Izviđanje i profilisanje veb servera Poglavlje 4: Nedostaci provere identiteta i upravljanja sesijom Poglavlje 5: Detektovanje i eksploatisanje nedostataka zasnovanih na injektiranju Poglavlje 6: Pronalaženje i eksploatisanje „ranjivosti“ skriptovanja dinamički generisanih veb strana (XSS) Poglavlje 7: Falsifikovanje, identifikacija i eksploatacija zahteva između sajtova Poglavlje 8: Napadi na nedostatke u kriptografskim implementacijama Poglavlje 9: AJAX, HTML5 i napadi na strani klijenta Poglavlje 10: Ostali uobičajeni bezbednosni nedostaci u veb aplikacijama Poglavlje 11: Upotreba automatizovanih skenera u veb aplikacijama Preuzimanje fajlova primera koda Fajlove sa primerima koda možete da preuzmete za ovu knjigu sa našeg sajta: http://bit.ly/2HaoZyp Preuzimanje kolornih slika Takođe smo obezbedili PDF fajl koji ima kolorne snimke ekrana/dijagrama koji su upotrebljeni u ovoj knjizi. Možete da ga preuzmete na adresi: http://bit.ly/2vuBVub

Istražite najnovije etičke hakerske alate i tehnike da biste vršili penetraciono testiranje (pen test) od nule Ključne karakteristike - Naučite da kompromitujete mreže preduzeća pomoću Kali Linuxa - Steknite sveobuhvatan uvid u bezbednosne koncepte pomoću naprednih hakerskih tehnika iz stvarnog života - Koristite Kali Linux na isti način kao etički hakeri i pen testeri da biste stekli kontrolu nad svojim okruženjem Opis knjige Kali Linux je najpopularnija i najnaprednija Linux distribucija za penetraciono testiranje u industriji sajber bezbednosti. Pomoću Kali Linuxa profesionalac za sajber bezbednost će moći da otkrije i iskoristi različite propuste i izvrši napredno pen testiranje, kako na žičanim tako i na bežičnim mrežama preduzeća. Ova knjiga je sveobuhvatan vodič za nove korisnike Kali Linuxa i penetracionog testiranja, koji će vas u najkraćem roku osposobiti za rad. Pomoću scenarija iz stvarnog sveta razumećete kako da postavite laboratoriju i istražite osnovne koncepte penetracionog testiranja. U ovoj knjizi ćete se fokusirati na prikupljanje informacija, pa čak i otkriti različite alate za procenu ranjivosti u paketu Kali Linuxa. Naučićete da otkrijete ciljne sisteme na mreži, da identifikujete bezbednosne propuste na uređajima, da iskoristite bezbednosne slabosti i dobijete pristup mrežama, da podesite operacije Command i Control (C2) i da izvršite penetraciono testiranje veb aplikacija. Uz ovo ažurirano drugo izdanje, moći ćete da kompromitujete Active Directory i da koristite mreže preduzeća. Na kraju ove knjige predstavljena je najbolja praksa za izvršavanje kompleksnih tehnika penetracionog testiranja veba u visoko bezbednom okruženju. Do kraja ove knjige steći ćete veštine za obavljanje naprednog penetracionog testiranja na mrežama preduzeća pomoću Kali Linuxa. Šta ćete naučiti - Osnove etičkog hakovanja - Instalaciju i konfiguraciju Kali Linuxa - Tehnike otkrivanja elemenata postavke i mreže - Da vršite procenu ranjivosti - Da koristite poverenje u servise domena Active Directory - Da vršite naprednu eksploataciju pomoću tehnika Command and Control (C2). - Primenu naprednih tehnika bežičnog hakovanja - Bićete dobro upućeni u korišćenje ranjivih veb aplikacija Kome je ova knjiga namenjena Ova knjiga za pen testiranje je namenjena studentima, trenerima, profesionalcima za sajber bezbednost, sajber entuzijastima, profesionalcima za bezbednost mreže, etičkim hakerima, pen testerima i bezbednosnim inženjerima. Ako nemate nikakvo prethodno znanje, a želite da postanete stručnjak za penetraciono testiranje korišćenjem Kali Linux operativnog sistema (OS), onda je ovo knjiga za vas. Sadržaj Uvod u etičko hakovanje Izgradnja laboratorije za penetraciono testiranje Podešavanje za napredne tehnike hakovanja Izviđanje i snimanje sistema Istraživanje aktivnog prikupljanja informacija Izvršenje procene ranjivosti Razumevanje penetracionog testiranja mreže Izršenje penetracionog testiranja mreže Napredno penetraciono testiranje mreže – posle eksploatacije Active Directory napadi Napredni Active Directory napadi Command and Control taktike Napredno bežično penetraciono testiranje Izvođenje napada na strani klijenta – društveni inženjering Razumevanje bezbednosti aplikacija na veb sajtu Napredno penetraciono testiranje veb sajta Najbolja praksa za stvarni svet