book

Learning Kali Linux, 2nd Edition

by Ric Messier

August 2024

Intermediate to advanced

542 pages

16h 10m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Includes

Includes Quizzes

What This Book CoversNew in This EditionWho This Book Is ForThe Value and Importance of EthicsConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
Heritage of LinuxAbout LinuxAcquiring and Installing Kali LinuxVirtual MachinesLow-Cost ComputingWindows Subsystem for LinuxDesktopsXfce DesktopGNOME DesktopLogging In Through the Desktop ManagerCinnamon and MATEUsing the Command LineFile and Directory ManagementProcess ManagementOther UtilitiesUser ManagementService ManagementPackage ManagementRemote AccessLog ManagementSummaryUseful Resources
Security TestingNetwork Security TestingMonitoringLayersStress TestingDenial-of-Service ToolsEncryption TestingPacket CapturesUsing tcpdumpBerkeley Packet FiltersWiresharkPoisoning AttacksARP SpoofingDNS SpoofingSummaryUseful Resources
What Is Reconnaissance?Open Source IntelligenceGoogle HackingAutomating Information GrabbingRecon-ngMaltegoDNS Reconnaissance and whoisDNS ReconnaissanceRegional Internet RegistriesPassive ReconnaissancePort ScanningTCP ScanningUDP ScanningPort Scanning with nmapHigh-Speed ScanningService ScanningManual InteractionSummaryUseful Resources
Understanding VulnerabilitiesVulnerability TypesBuffer OverflowRace ConditionInput ValidationAccess ControlVulnerability ScanningLocal VulnerabilitiesUsing lynis for Local ChecksOpenVAS Local ScanningRoot KitsRemote VulnerabilitiesQuick Start with OpenVASCreating a ScanOpenVAS ReportsNetwork Device VulnerabilitiesAuditing DevicesDatabase VulnerabilitiesIdentifying New VulnerabilitiesSummaryUseful Resources
What Is an Exploit?Cisco AttacksManagement ProtocolsOther DevicesExploit DatabaseMetasploitStarting with MetasploitWorking with Metasploit ModulesImporting DataExploiting SystemsArmitageSocial EngineeringSummaryUseful Resources
Scanning for TargetsPort ScanningSMB ScanningVulnerability ScanningExploiting Your TargetUsing MeterpreterMeterpreter BasicsUser InformationProcess ManipulationPrivilege EscalationPivoting to Other NetworksMaintaining AccessCleaning UpSummaryUseful Resources
The Scope of Wireless802.11BluetoothZigbeeWiFi Attacks and Testing Tools802.11 Terminology and FunctioningIdentifying NetworksWPS AttacksAutomating Multiple TestsInjection AttacksPassword Cracking on WiFibesside-ngcoWPAttyAircrack-ngFernGoing RogueHosting an Access PointPhishing UsersWireless HoneypotBluetooth TestingScanningService IdentificationOther Bluetooth TestingHome Automation TestingSummaryUseful Resources
Web ArchitectureFirewallLoad BalancerWeb ServerApplication ServerDatabase ServerCloud-Native DesignWeb-Based AttacksSQL InjectionXML Entity InjectionCommand InjectionCross-Site ScriptingCross-Site Request ForgerySession HijackingUsing ProxiesBurp SuiteZed Attack ProxyWebScarabParos ProxyAutomated Web AttacksReconniktowapitidirbuster and gobusterJava-Based Application ServersSQL-Based AttacksContent Management System TestingAssorted TasksSummaryUseful Resources
Password StorageSecurity Account ManagerPAM and CryptAcquiring PasswordsOffline CrackingJohn the RipperRainbow TablesHashCatOnline CrackingHydraPatatorWeb-Based CrackingSummaryUseful Resources

Programming BasicsCompiled LanguagesInterpreted LanguagesIntermediate LanguagesCompiling and BuildingProgramming ErrorsBuffer OverflowsHeap OverflowsReturn to libcWriting Nmap ModulesExtending MetasploitMaintaining Access and CleanupMetasploit and CleanupMaintaining AccessSummaryUseful Resources
Memory ManagementProgram and Process StructuresPortable ExecutableExecutable and Linkable FormatDebuggingDisassemblyJava DecompilationReverse EngineeringRadare2CutterGhidraSummaryResources
Disks, Filesystems, and ImagesFilesystemsAcquiring Disk ImagesIntroducing The Sleuth KitUsing AutopsyFile AnalysisFile from Disk ImagesRecovering Deleted FilesData SearchesHidden DataPDF AnalysisSteganographyMemory ForensicsSummaryResources
Determining Threat Potential and SeverityWriting ReportsAudienceExecutive SummaryMethodologyFindingsManaging ResultsText EditorsGUI-Based EditorsNotesCherry TreeCapturing DataOrganizing Your DataDradis FrameworkCaseFileSummaryUseful Resources

Content preview from Learning Kali Linux, 2nd Edition

Chapter 11. Reverse Engineering and Program Analysis

There are a lot of reasons you may want to understand how a program is put together and how it operates as a process. One of these is to understand how to identify potential vulnerabilities and exploits in the application. Another reason, which may come easily to mind when you hear the term reverse engineering, is to look at malicious software to understand what it does. While there are other ways of handling malware investigations, it can be highly rewarding to dig into the guts of the program to understand what it does at the machine code level. This isn’t very straightforward, though—at least not as straightforward as looking at a more common type of software.

As with so many other security-related functions, Kali has tools available for reverse engineering. However, using the tools will probably be easier if you understand some of the underlying concepts, such as how the operating system manages memory used by programs, then how programs are put together in memory to become processes.

Along the way, we will also touch on other tools that are useful not only for reverse engineering but also for other more common practices like software development, simply because they are good for observing the programs in operation. This can help us understand where there are issues in a program, including vulnerabilities, as well as nonsecurity-related bugs. Knowing how to use a debugger is a useful skill to have, whether you are trying ...