During a recent conversation on Network Securtiy, I was reminded me of a tool I had recommended to my good friend Rophic a few years ago.
Not to get into specifics, but he required some network detection and password reverse engineering for an “Issue” he was having, and I just happened to know of an application suite that fit his needs – called BackTrack.
BackTrack was a Linux distribution containing a plethora of tools focused security, with an aim towards aimed at digital forensics and penetration testing. Based on Ubuntu, you could download a self-servicing ISO to a CD, reboot your computer and Voila – you instantly had an incredible resource at your fingertips. We used it extensively with Data/Network Hardening when I was with JES, and as I seem to recall – Rophic had great success with this utility with his particular problem as well.
So – inspired by my aforementioned conversation, I went out to see how things have changed….and boy have they.
In March of 2013, BackTrack was rebranded and rebuilt by the Offensive Security team, releases under the name of Kali Linux.
This Debian-derived distro, continues in the forensics and penetration testing theme – including such known applications as nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). This is by no means an exhaustive list – and it appears they are continually updating and improving the release.
One improvement I like is the various images available. Not only do you have the x86 Frameworks both 32 and 64bit), but there is a specific ARM download for Chromebook and an image so you can run on Raspberry Pi. This later release is what I am currently playing with on an earlier purchase, and so far – I am impressed.
Finally – for those true geeks out there, Kali is offers online training that emphasizes hands-on lab work on Penetration testing. This culminates in OSCP Certification, where you are immersed in an unknown (virtual) network and required to complete exploitation goals and demonstrate competency in the vertical.
There is so much to like with the direction Kali is taking the product – and they have come a long way. Me personally, I am just (re) scratching the surface myself – so stay tuned as I delve into individual tools and document my experiences.
Enjoy – and Happy (Ethical) Hacking.