2. Overview
What
are testing toolkits used for
What you can do with off-the-shelf distro’s
Comparing BackBox and Kali Linux
Considerations
3. What are testing toolkits used
for?
Enumeration
Open ports
Firewall/IDS testing
Topology mapping
Software version indexing
Vulnerability scan
Penetration testing
Social Engineering
Forensics
4. What are testing toolkits used
for?
Enumeration
Vulnerability scan
Finding software editions & leaks
Finding bad configurations
Faster insight than a whitebox scan
Penetration testing
Social Engineering
Forensics
5. What are testing toolkits used
for?
Enumeration
Vulnerability scan
Penetration testing
Creatively, and with the help of tools, exploring the security
boundaries for opportunities to exploit
WIFI cracking
Social Engineering
Forensics
6. What are testing toolkits used
for?
Enumeration
Vulnerability
scan
Penetration testing (incl. WIFI cracking)
Social Engineering
E.g.
emailing with hidden links in iFrames to get
malicious software on your target
Inject malicious software in ‘regular’ software and
spread it
7. What are testing toolkits used
for?
Social
Engineer
Toolkit
Web
attack
8. What are testing toolkits used
for?
Enumeration
Vulnerability scan
Penetration testing
Social Engineering
WIFI cracking
Cracking wireless keys
Redirecting/tapping WIFI users
Social engineering (e.g. redirect to a fake website, collect
pw)
Exploiting browsers
9. What are testing toolkits used
for?
There can be also different use cases like
Network
Firewall
troubleshooting
handling for fragmented packets
Stress testing networks and servers
DoS defense testing
10. BackBox Linux in short
Properties
Ubuntu user
experience
Many functions
through the start menu
Not extensively
documented
However
it’s just Ubuntu
Non-root
user
Smaller selection of
tools
Sorted
by technology
Updates
of tools are
integrated and easy
11. Kali Linux in short
Properties
Custom Gnome2
ARM support (for your
Pi)
Extensive
documentation
Videos and books
Root
user
Extensive collection of
tools
Sorted
Arduino
by activity
IDE
17. Kali Linux Books & Tutorials
Packt
Publishing (5x)
Securitytube
18. DEMO – GUI overview
BackBox
Linux
Kali Linux
19. Tooling
What is it really about when choosing either?
Installed and available tools (very personal)
Keeping track of various types of
updates, e.g.
Metasploit
Framework
OpenVAS signatures
Documentation
and personal knowledge
Platform support (e.g. ARM)
20. Tooling - advice
Penetration Testing Execution Standard
PTES Technical Guidelines
Structured
index of available tools andn
technologies
Tools with an active community are more
reliable on the long term.
21. Tooling – some favorites
Useful
Fragtest
Hping3
MSF Auxiliary scanners
Very dangerous
Social engineer toolkit
Sslsniff/sslstrip (this says more about SSL/TLS)
25. Thanks for your time! More info:
Kali Linux
BackBox Linux
Main: http://www.backbox.org
Forum/Howto: http://forum.backbox.org/
Penetration Testing Execution Standard
Main: http://www.kali.org
Official Docs: http://www.kali.org/official-documentation/
http://www.penteststandard.org/index.php/PTES_Technical_Guidelines
Metasploit Unleashed
http://www.offensive-security.com/metasploit-unleashed/Main_Page