Learning Kali Linux Security Testing, Penetration Testing, and Ethical Hacking

With more than 600 security tools in its arsenal, the Kali Linux distribution can be overwhelming. Experienced and aspiring security professionals alike may find it challenging to select the most appropriate tool for conducting a given test. This practical book covers Kali's expansive security capabilities and helps you identify the tools you need to conduct a wide range of security tests and penetration tests. You'll also explore the vulnerabilities that make those tests necessary.

Author Ric Messier takes you through the foundations of Kali Linux and explains methods for conducting tests on networks, web applications, wireless security, password vulnerability, and more. You'll discover different techniques for extending Kali tools and creating your own toolset.

Learn tools for stress testing network stacks and applications
Perform network reconnaissance to determine what's available to attackers
Execute penetration tests using automated exploit tools such as Metasploit
Use cracking tools to see if passwords meet complexity requirements
Test wireless capabilities by injecting frames and cracking passwords
Assess web application vulnerabilities with automated or proxy-based tools
Create advanced attack techniques by extending Kali tools or developing your own
Use Kali Linux to generate reports once testing is complete

Ric Messier (GCIH, GSEC, CEH, CISSP) had his first experience on a global network called the BITNET in the early 1980s. Since that time, he has been deeply involved in networking from small enterprises up to the largest Internet Service Providers. He has also got hooked on security at the same time as his experience on the BITNET, after unexpectedly exploiting a hole in a mail program on an IBM mainframe. Ric has also spent several years working on Voice Over IP solutions both at the network and the application level. His first experience with a forensic investigation was in the late 1990s and he has been involved periodically with investigations and incident response teams since then. While working at Genuity, a Tier 1 ISP in the late 1990s and early 2000s, he had regular interaction with law enforcement on their investigations. Ric was the security lead for a team of professionals working on a next generation data center at Genuity. He also lead a team developing a managed intrusion detection system offering at Genuity. After Genuity was acquired by Level 3 Communications, he provided security expertise to the implementation and use of session border controllers in their VoIP network. He spent several years performing penetration tests on the products of a leading VoIP products vendor. Ric is currently the Program Director for online Cybersecurity programs at Champlain College. In 2009, he opened his own consulting company, WasHere Consulting, Inc, and has been doing penetration testing, Web application testing, security assessments and other networking and security consulting work. This includes developing a network architecture for a large regional bank to support efforts to maintain FFIEC compliance as well as assisting with PCI assessments for other clients. He has also worked with law firms on patent research for legal efforts to monetize the patents. Recently, Ric has been teaching undergraduate and graduate classes on networking, security, programmin