1/29 –Hey guys, Johnny here with another IT blog post. I had the privilege to be selected as a reviewer for PacktPub’s Kali Linux- Backtrack Evolved: Assuring and Security by penetration testing Video Lab by Shakeel Ali , Tedi Heriyanto and Lee Allen. Must say, coming from a diverse field of expertise in Information Technology with over 6+ years of experience and 15+ IT Certifications I can say this is a very down to earth and comprehensive guide to the world of Kali Linux and Penetration testing.
In today’s world, Information Security has been becoming one of the most demanding fields in the IT industry and based on the current trends it’s been a very hot topic with all the Information security breaches and vulnerabilities ranging from the NSA to the infamous Anonymous group. Having a Systems and Networking background and becoming more and more involved with Ethical Hacking and Security assessment I can vouch that PacktPub’s Kali Linux- Backtrack Evolved: Assuring and Security by penetration testing has been one of the most down pack comprehensive labs ever.
Your skills can range from being today’s top notch blackhat hacker to a world class script kiddie or just starting to get your feet wet within security assessment field, by reviewing this Guide you’ll benefit on the all the topics and overall processes needed for penetration testing. Pat on the back for the Offensive Security Team for funding and maintaining the what I believe is one of the most useful Security Assessment tools out there “Kali Linux”. For you guys who are not aware, Offensive Security is a provider of world-class information security training and penetration testing services.
1- Lab Preparation
Lets get down to business, Penetration testing is a politically correct term for Hacking with the proper paperwork and permissions.. When infiltrating a system without permission, you’re ideally breaking many laws in which if caught you’ll be facing lawsuits and possibly jail time.. Overall to avoid all the lawyer paperwork / lawsuits etc… this guide provides different methods on creating test labs .in which you’ll be able to virtualize all of the attacks on a closed network using today’s VT applications such as Oracle’s Virtualbox or Vmware player.
In order to start developing a network environment for penetration testing, you’ll need to obtain a wide variety of Operating systems image files. (Different tastes in Linux distributions, and Windows OSes) distrowatch.com / technet.microsoft.com. Guide provides step by step instructions on compiling a more effective exploitable environment by increasing the attack surface area. (Recommended to use older OSes that aren’t patched) ex: Win XP SP2 and turning off all the security features (firewalls / AV’s / Win Updates). You can also obtain Metasploitable which is intentionally vulnerable linux virtual machine which can be obtained from sourceforce.net, Metasploitable also has a couple of exploitable webapps which can be accessed through the VM’s IP address.
2- Information Gathering and Reconnaissance
Before we even have contact with the target network you would want to gather as much information as possible eliminating the overall footprinting. This guide walks you through different methods in performing passive reconnaissance and information gathering.
Now and days many companies are more aware with information security, but usually this was never a case if a company in the past practiced poor information security policies on one of their websites. Archive.org is a tool which has a collection of archive websites. Within the guide you’ll be exposed other tools that are publicly available In today’s world there are tons of ways to gather information and perform reconnaissance towards the target question. With all the social media applications and companies getting more and more involved with these products Social engineering has become a breeze. Either uncovering names / roles / functions and the types of systems used in the company by looking a Job Postings via the professional network Linkedin and or Social media giants like Facebook.
The Google search engine is a very effective way to query very specific information; this is called Google hacking using different operators. To read more about Google hacking you can check exploit-db.com other tools mentioned serversniff.net / geektools.com / network-tools.com / domaintools.com. The guide provides a variety of tools within Kali Linux that dig deeper within the passive enumeration of systems in the target network.
3- Getting into the water and swimming with the sharks
The book does a great job in digging deeper proving many techniques and tools to perform more hands on and in depth exploitation, which would involve -Scanning and Enumeration -Vulnerability Mapping and using tools like Metasploit, Nmap, Nessus etc…. Having spent several hours performing assessments and running varies tools mentioned on the lab I’ve certainly added more knowledge to my IT Security arsenal.
Being part of the Ethical Hacking and information Security community has been a exciting privilege. I love to say thanks to Kraig Lewis and the PacktPub team for selecting me as a reviewer for their Kali Linux- Backtrack Evolved: Assuring and Security by penetration testing book and video lab. If you’re a hacker enthusiast or a professional Penetration tester I highly recommend what PacktPub has to offer with this product. You learn something new everyday and you can not put a price on education. Hope everyone enjoyed the article although I did not go in depth with everything that’s covered in the book, but I assure you if you have access to it you’ll expand your expertise in Penetration testing and all the techniques provided.
Video Lab : http://www.packtpub.com/kali-linux-backtrack-evolved-assuring-security-by-penetration-testing/video by Justin Hutchens