Tuesday, 26 September 2017

Kali Linux CTF Blueprints by Cameron Buchanan

Kali Linux CTF Blueprints by Cameron Buchanan Build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux.

Kali Linux CTF Blueprints is a six chapter book where each chapter details a different kind of Capture the Flag style challenges. Each chapter will deal with a number of basic setups while suggesting a variety of different alternatives to allow reuse of fundamental concepts. The book is designed to allow individuals to create their own challenging environments to push their colleagues, friends, and own skills to the next level of testing prowess.

What this book covers:
Chapter 1, Microsoft Environments, contains instructions to create vulnerable servers and desktops, covers the most prevalent vulnerabilities, and contains suggestions on more complicated scenarios for advanced users of Microsoft environments.
  • Microsoft Environments
  • Creating a vulnerable machine, Securing a machine, Creating a secure network
  • Basic requirements, Setting up a Linux network, Setting up a Windows network
  • Hosting vulnerabilities
  • Scenario 1 – warming Adobe ColdFusion, Setup, Variations
  • Scenario 2 – making a mess with MSSQL, Setup, Variations
  • Scenario 3 – trivializing TFTP, Vulnerabilities, Flag placement and design, Testing your ?ags, Making the ?ag too easy, Making your finding too hard, Alternate ideas, Post exploitation and pivoting, Exploitation guides
  • Scenario 1 – traverse the directories like it ain't no thing
  • Scenario 2 – your database is bad and you should feel bad
  • Scenario 3 – TFTP is holier than the Pope

Chapter 2, Linux Environments, similar to the frst chapter, is focused on generating generic vulnerabilities in Linux environments, providing the basic concepts of CTF creation along with suggestions for more advanced setups.
  • Linux Environments
  • Differences between Linux and Microsoft, Setup
  • Scenario 1 – learn Samba and other dance forms, Setup, Configuration,Testing,Variations,Information disclosure, File upload, 
  • Scenario 2 – turning on a LAMP, Setup, The PHP, Variations, Out-of-date versions, Login bypass, SQL injection, Dangerous PHP, PHPMyAdmin
  • Scenario 3 – destructible distros, Setup, Variations
  • Scenario 4 – tearing it up with Telnet, Setup, Variations, Default credentials, Buffer over?ows,Flag placement and design, Exploitation guides
  • Scenario 1 – smashing Samba
  • Scenario 2 – exploiting XAMPP
  • Scenario 3 – liking a privilege
  • Scenario 4 – tampering with Telnet
Chapter 3, Wireless and Mobile, contains projects targeting Wi-Fi-enabled devices, including a section specifcally targeting portable devices such as tablets and smartphones.
  • Wireless and Mobile, Wireless environment setup, Software, Hardware
  • Scenario 1 – WEP, that's me done for the day, Code setup, Network setup
  • Scenario 2 – WPA-2, Setup
  • Scenario 3 – pick up the phone, Setup
Chapter 4, Social Engineering, contains scenarios ranging from the creation of XSS attackable pages to unmask online personas through social media and e-mail accounts.
  • Social Engineering
  • Scenario 1 – maxss your haxss,Code setup
  • Scenario 2 – social engineering: do no evil,Setup, Variations
  • Scenario 3 – hunting rabbits,Core principles,Potential avenues,Connecting methods,Creating an OSINT target
  • Scenario 4 – I am a Stegosaurus,Visual steganography, Exploitation guides
  • Scenario 1 – cookie theft for fun and proft
  • Scenario 2 – social engineering tips
  • Scenario 3 – exploitation guide
  • Scenario 4 – exploitation guide
Chapter 5, Cryptographic Projects, contains attacks against encryption deployments such as ?awed encryption, deciphering encoded text, and replication of the well-known Heartbleed attack.
  • Cryptographic Projects, Crypto jargon
  • Scenario 1 – encode-ageddon, Generic encoding types, Random encoding types
  • Scenario 2 – encode + Python = merry hell, Setup, Substitution cipher variations
  • Scenario 3 – RC4, my god, what are you doing?, Setup, Implementations
  • Scenario 4 – Hishashin, Setup, Hashing variations
  • Scenario 5 – because Heartbleed didn't get enough publicity as it is, Setup,Variations,Exploitation guides
  • Scenario 1 – decode-alypse now
  • Scenario 2 – trans subs and other things that look awkward in, your history Automatic methods
  • Scenario 3 – was that a 1 or a 0 or a 1?
  • Scenario 4 – hash outside of Colorado
  • Scenario 5 – bleeding hearts
Chapter 6, Red Teaming, contains two full-scale vulnerable deployments designed to test all areas covered in the previous chapters, mimicking corporate environments encountered across the world.

  •  Red Teaming, Chapter guide, Scoring systems, Setting scenarios, Reporting, Reporting example, Reporting explanation, CTF-style variations, DEFCON game, Physical components, Attack and defense, Jeopardy
  • Scenario 1 – ladders, why did it have to be ladders?, Network diagram, Brief, Setting up virtual machines, DMZ, missileman, secret1, secret2,secret3, Attack guide,Variations[ v ],Dummy devices,Combined OSINT trail, The missile base scenario summary
  • Scenario 2 – that's no network, it's a space station ,Network diagram, Brief, Setting up a basic network, Attack of the clones, Customizing cloned VMs, Workstation1, Workstation2, Workstation3, Workstation4, Workstation5, Attack guide, Variations, The network base scenario summary

What you need for this book?
The requirements for individual projects are detailed in their setup sections; however, it is assumed that you have the following:
• A copy of Kali Linux
• At least one machine or virtual machine that can be set up as a target

Who this book is for?
Kali Linux CTF Blueprints is aimed at individuals who are aware of the concepts of penetration testing, ideally with some practice with one or more types of tests. It is also suitable for testers with years of experience who want to explore a new field or educate their colleagues. The assumption will be that these projects are being created to be completed by other penetration testers and will contain exploitation guides to each project. If you are setting these challenges for yourself, try and exploit them without reading the exploitation methods first. The suggested methods are just that; there are many ways to climb a tree.

To download this book just click the below link and download this book for free from mediafire.


This book will surely help us to learn about Penetration Testing by usign Kali linux.

This is one of the best articles i have ever read about Kali linux. Thanks

I love ebspac for writing best articles

I love ebspac for writing best articles

in this book more useful list to us most expansible book

This is one of the best articles i have ever read about Kali linux .
Thanks my brother for the effort .

always get my interest thank you ebspac

books are very useful. The complete information thus enhances the knowledge of Kali linux

very useful article. thanks for share this article.

Wonderful book I love this book.

this is the most awesome site with most important books and information.this article is really helpful.

This is one of the best articles.The books are very useful. I love this book.

This is one of the best articles. its so nice creation.

the book is very useful.I do love it

this the well text and good understanding artical and easy to use instruction........all good artical

This is the best book I've read so far showing blueprints of Linux Kali. This is a website to bookmark.

it helps me a lot to understand security network. thanks

I love ebspac for writing best articles

This book will surely help us to learn about useful information Penetration Testing by usign Kali linux.

Very nice and informative article. Like this article very much.

This book helped me a lot to understand security network. Thank you

If you have a habit of reading book plz read this article. Really very poitive

Express Your Opinions in comments