What do you think?
Rate this book
Kali Linux Ctf Blueprints
Taking a highly practical approach and a playful tone, Kali Linux CTF Blueprints provides step-by-step guides to setting up vulnerabilities, in-depth guidance to exploiting them, and a variety of advice and ideas to build and customising your own challenges. If you are a penetration testing team leader or individual who wishes to challenge yourself or your friends in the creation of penetration testing assault courses, this is the book for you. The book assumes a basic level of penetration skills and familiarity with the Kali Linux operating system.
190 pages, ebook
First published January 1, 2014
8 people are currently reading
50 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
August 26, 2014
The Kali Linux CTF Blueprints book written by Cameron Buchanan who is a penetration tester by trade – so he knows what he’s talking about. So, what is this book about? It covers ‘Capture the Flag’ style challenges. It has 6 chapters covering:
‘Microsoft Environments’ – create a vulnerable servers and desktop PC and covers the most prevalent vulnerabilities.
‘Linux Environments’ – focused on generating generic vulnerabilities in Linux Environments
‘Wireless and Mobile’ – contains projects targeting WIfI enabled devices such as Tablets and Smartphones.
‘Social Engineering’ – Scenarios including XSS Attackable pages and unmask online personas.
‘Cryptographic Projects’ such as encryption, deciphering and replication of the well-known Heartbleed attack.
‘Red teaming’ – two full scale vulnerable deployments designed to test areas covered in previous chapters.
It covers a lot of things that you won’t find in your beginners guides to Kali Linux which brings me onto my next point; who is the book for? The author states that it is for ‘individuals who are aware of the concepts of penetration testing with some practice in one or more types of tests’ which I think is perfectly fair as I myself am not a ‘veteran’ with Kali Linux, more a novice who has played around with it and has lots more to learn. So take that into consideration where looking at this book. It’s more of a ‘follow’ on book after you’ve done some basic tests in Kali and feel you are ready to move on.
As for the actual chapters that contain the tutorials they are very well laid out and easy to read and understand. The author has left screenshots in his chapters so that you can easily see what he is doing. He has also included ‘command boxes’ so that you can easily distinguish commands from actual description so you know what you need to enter.
Chapters contain scenarios which the author has designed himself so you don’t need to worry about this book been short because it’s only 6 Chapters as they are filled with Scenarios.
In conclusion I think that this is a great purchase for anyone who has played around with Kali and eager to learn. But the author defiantly meant it when he said it was for more experienced persons. So take my advice and buy this book if you want to move on in your pen testing hobby/trade.
‘Microsoft Environments’ – create a vulnerable servers and desktop PC and covers the most prevalent vulnerabilities.
‘Linux Environments’ – focused on generating generic vulnerabilities in Linux Environments
‘Wireless and Mobile’ – contains projects targeting WIfI enabled devices such as Tablets and Smartphones.
‘Social Engineering’ – Scenarios including XSS Attackable pages and unmask online personas.
‘Cryptographic Projects’ such as encryption, deciphering and replication of the well-known Heartbleed attack.
‘Red teaming’ – two full scale vulnerable deployments designed to test areas covered in previous chapters.
It covers a lot of things that you won’t find in your beginners guides to Kali Linux which brings me onto my next point; who is the book for? The author states that it is for ‘individuals who are aware of the concepts of penetration testing with some practice in one or more types of tests’ which I think is perfectly fair as I myself am not a ‘veteran’ with Kali Linux, more a novice who has played around with it and has lots more to learn. So take that into consideration where looking at this book. It’s more of a ‘follow’ on book after you’ve done some basic tests in Kali and feel you are ready to move on.
As for the actual chapters that contain the tutorials they are very well laid out and easy to read and understand. The author has left screenshots in his chapters so that you can easily see what he is doing. He has also included ‘command boxes’ so that you can easily distinguish commands from actual description so you know what you need to enter.
Chapters contain scenarios which the author has designed himself so you don’t need to worry about this book been short because it’s only 6 Chapters as they are filled with Scenarios.
In conclusion I think that this is a great purchase for anyone who has played around with Kali and eager to learn. But the author defiantly meant it when he said it was for more experienced persons. So take my advice and buy this book if you want to move on in your pen testing hobby/trade.
December 8, 2014
Capture the flag is a simulated exercise where an attacker is presented with an environment and given specific objectives to complete in order to better understand the risk of a given environment. It also happens to be one of the most challenging and entertaining aspects of a penetration test (at least, in my opinion).
In this book, the author goes through multiple scenarios across different platforms on how to set up and stage a capture the flag environment. Best practices are also covered as to make the objectives real enough, but not insanely difficult.
The first part of the book covers creating basic Windows environments and installing vulnerable applications such as ColdFusion, MSSQL, and TFTP. Next you move on to Linux to create environments for SMB and LAMP. Wireless and social engineering are given their own chapters— (which didn’t really cover anything new,) but i was most interested in reading the chapter on cryptographic projects. Some great beginner/intermediate exercises in here for your CTF environments. And finally, the book wraps it all up with red teaming practices and procedures.
If you’re new to the penetration or looking to get started building CTF environments for your tests, this is a great book to get you started.
In this book, the author goes through multiple scenarios across different platforms on how to set up and stage a capture the flag environment. Best practices are also covered as to make the objectives real enough, but not insanely difficult.
The first part of the book covers creating basic Windows environments and installing vulnerable applications such as ColdFusion, MSSQL, and TFTP. Next you move on to Linux to create environments for SMB and LAMP. Wireless and social engineering are given their own chapters— (which didn’t really cover anything new,) but i was most interested in reading the chapter on cryptographic projects. Some great beginner/intermediate exercises in here for your CTF environments. And finally, the book wraps it all up with red teaming practices and procedures.
If you’re new to the penetration or looking to get started building CTF environments for your tests, this is a great book to get you started.
December 17, 2014
Kali Linux CTF Blueprints
Author Cameron Buchanan takes you on a journey in the land of penetration testing but more so understanding. There are a few things to point out prior to actually getting into a review for this book, 1) Kali Linux is my favorite version of Linux for this type of work. 2) Don't skip ahead in this book as each chapter builds on the last. Great, now that's out of the way we can look into the actual book. I found the setup easy to follow and getting a test environment was as easy as 1-2-3.
I really liked how the different environments were broken out on there own and given a full chapter, it really kept things in perspective and ultimately helped the learning experience. If you're unfamiliar with Windows you can still learn a lot from the Linux side or the opposite is true. Something new that I really enjoyed with the windows side was the ColdFusion coverage, previous books I've read on Kali Linux testing didn't even mention this so I felt it was rewarding and refreshing to see something new covered.
The book does carry some humor as well, I hope this is a new trend with Packt as it makes for easy reading, sometimes the content in technical books can get quite dull so finding anywhere to place a few punch lines are always welcome. Choosing something from the Linux chapter, I felt the coverage on Samba was pretty decent. Exploiting a network using these types of shares has always been a major concern for me, I'm glad it made it in the book. The Telnet portion was also gladly received, I use it quite frequently to test for open ports and responsiveness on a daily basis in my line of work.
The remainder of the book keeps the momentum and my attention, the projects were fun and very hands on. The mobile coverage is always nice to read, I don't feel it gets it's fair attention. If you're on public WiFi you should really be utilizing some security measures to prevent snooping. I would recommend this book to everyone, being aware of security threats on any level should be a new requirement in schools. Heartbleed was mentioned in the book and covered fairly well, most systems are patched for this but sadly many still go unprotected. Sony was recently hacked and one could wonder how, but this book is rather insightful and you'll walk away feeling confident in your new found abilities.
Publisher Link: http://bit.ly/1ulNQzq
Author Cameron Buchanan takes you on a journey in the land of penetration testing but more so understanding. There are a few things to point out prior to actually getting into a review for this book, 1) Kali Linux is my favorite version of Linux for this type of work. 2) Don't skip ahead in this book as each chapter builds on the last. Great, now that's out of the way we can look into the actual book. I found the setup easy to follow and getting a test environment was as easy as 1-2-3.
I really liked how the different environments were broken out on there own and given a full chapter, it really kept things in perspective and ultimately helped the learning experience. If you're unfamiliar with Windows you can still learn a lot from the Linux side or the opposite is true. Something new that I really enjoyed with the windows side was the ColdFusion coverage, previous books I've read on Kali Linux testing didn't even mention this so I felt it was rewarding and refreshing to see something new covered.
The book does carry some humor as well, I hope this is a new trend with Packt as it makes for easy reading, sometimes the content in technical books can get quite dull so finding anywhere to place a few punch lines are always welcome. Choosing something from the Linux chapter, I felt the coverage on Samba was pretty decent. Exploiting a network using these types of shares has always been a major concern for me, I'm glad it made it in the book. The Telnet portion was also gladly received, I use it quite frequently to test for open ports and responsiveness on a daily basis in my line of work.
The remainder of the book keeps the momentum and my attention, the projects were fun and very hands on. The mobile coverage is always nice to read, I don't feel it gets it's fair attention. If you're on public WiFi you should really be utilizing some security measures to prevent snooping. I would recommend this book to everyone, being aware of security threats on any level should be a new requirement in schools. Heartbleed was mentioned in the book and covered fairly well, most systems are patched for this but sadly many still go unprotected. Sony was recently hacked and one could wonder how, but this book is rather insightful and you'll walk away feeling confident in your new found abilities.
Publisher Link: http://bit.ly/1ulNQzq
Displaying 1 - 3 of 3 reviews