SlideShare uma empresa Scribd logo

Linux/Unix Night - (PEN) Testing Toolkits (English)

Transferir como PPTX, PDF
Jelmer de Reus
Jelmer de Reus

a comparison of Kali Linux and BackBox Linux and some advice and considerations

Tecnologia
1 de 25
(PEN) TESTING TOOLKITS: BACKBOX & KALI LINUX JELMER DE REUS 2014/01/07 LINUX/UNIX Night @msterdam
Overview  What are testing toolkits used for  What you can do with off-the-shelf distro’s  Comparing BackBox and Kali Linux  Considerations
What are testing toolkits used for?  Enumeration Open ports  Firewall/IDS testing  Topology mapping  Software version indexing  Vulnerability scan  Penetration testing  Social Engineering  Forensics 
What are testing toolkits used for? Enumeration  Vulnerability scan  Finding software editions & leaks  Finding bad configurations  Faster insight than a whitebox scan  Penetration testing  Social Engineering  Forensics 
What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit  WIFI cracking  Social Engineering  Forensics 
What are testing toolkits used for?  Enumeration  Vulnerability scan  Penetration testing (incl. WIFI cracking)  Social Engineering  E.g. emailing with hidden links in iFrames to get malicious software on your target  Inject malicious software in ‘regular’ software and spread it
What are testing toolkits used for?  Social Engineer Toolkit  Web attack
What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Social Engineering  WIFI cracking  Cracking wireless keys  Redirecting/tapping WIFI users  Social engineering (e.g. redirect to a fake website, collect pw)  Exploiting browsers 
What are testing toolkits used for? There can be also different use cases like  Network  Firewall troubleshooting handling for fragmented packets  Stress testing networks and servers  DoS defense testing
BackBox Linux in short Properties  Ubuntu user experience  Many functions through the start menu  Not extensively documented  However it’s just Ubuntu  Non-root user  Smaller selection of tools  Sorted by technology  Updates of tools are integrated and easy
Kali Linux in short Properties  Custom Gnome2  ARM support (for your Pi)  Extensive documentation  Videos and books  Root user  Extensive collection of tools  Sorted  Arduino by activity IDE
Differences in menu structure
Differences in menu structure
BackBox Linux documentation  Forum  Technical questions  Tooling requests  Howto’s  Blog articles (links at the end)
BackBox Linux Tutorials on sinflood.net
Kali Linux documentation  Extensive documentation  Securitytube  Youtube (links at the end)
Kali Linux Books & Tutorials  Packt Publishing (5x)  Securitytube
DEMO – GUI overview  BackBox Linux  Kali Linux
Tooling What is it really about when choosing either?  Installed and available tools (very personal)  Keeping track of various types of updates, e.g.  Metasploit Framework  OpenVAS signatures  Documentation and personal knowledge  Platform support (e.g. ARM)
Tooling - advice Penetration Testing Execution Standard  PTES Technical Guidelines  Structured index of available tools andn technologies Tools with an active community are more reliable on the long term.
Tooling – some favorites Useful  Fragtest  Hping3  MSF Auxiliary scanners Very dangerous  Social engineer toolkit  Sslsniff/sslstrip (this says more about SSL/TLS)
Tip: use databases in Metasploit
Tip: use databases in Metasploit
DEMO – tooling overview
Thanks for your time! More info:  Kali Linux    BackBox Linux    Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/ Penetration Testing Execution Standard   Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/ http://www.penteststandard.org/index.php/PTES_Technical_Guidelines Metasploit Unleashed  http://www.offensive-security.com/metasploit-unleashed/Main_Page

Recomendados

Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxSumit Singh
 

Recomendados

Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxSumit Singh
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarisedSanchit Srivastava
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar reportAbhayNaik8
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
Kali linux
Kali linuxKali linux
Kali linuxAadhithyanPandian
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
Kali linux
Kali linuxKali linux
Kali linuxfutaimbinlahej
 
kali linux
kali linuxkali linux
kali linuxDarshan Dalwadi
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
kali linux
kali linux kali linux
kali linux Avinash Hanwate
 
Kali linux
Kali linuxKali linux
Kali linuxabdulla78
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxShubham Agrawal
 
Kalilinux
KalilinuxKalilinux
Kalilinuxalmuhairi2000
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
Kali linux
Kali linuxKali linux
Kali linuxafraalfalasii
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
linux backbox
linux backboxlinux backbox
linux backbox1
 
toolkit_spread_A4
toolkit_spread_A4toolkit_spread_A4
toolkit_spread_A4Ulla Malecki
 
The Javascript Toolkit 2.0
The Javascript Toolkit 2.0The Javascript Toolkit 2.0
The Javascript Toolkit 2.0Marcos Vinícius
 

Mais conteúdo relacionado

Mais procurados

penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar reportAbhayNaik8
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 

Mais procurados (19)

penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarised
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar report
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
kali linux
kali linuxkali linux
kali linux
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux Presentaion
 
kali linux
kali linux kali linux
kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Kali linux os
Kali linux osKali linux os
Kali linux os
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Kalilinux
KalilinuxKalilinux
Kalilinux
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUX
 
Kali linux
Kali linuxKali linux
Kali linux
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to Go
 

Destaque

linux backbox
linux backboxlinux backbox
linux backbox1
 
The Javascript Toolkit 2.0
The Javascript Toolkit 2.0The Javascript Toolkit 2.0
The Javascript Toolkit 2.0Marcos Vinícius
 
Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2lisanl
 
IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.lisanl
 
Service frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionableService frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionableKarina Smith
 
Working on the event budget and timeline
Working on the event budget and timelineWorking on the event budget and timeline
Working on the event budget and timelineMervyn Maico Aldana
 
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...Jack Morton Worldwide
 
Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design frog
 
Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"Prophets Agency
 
Design Toolkit Analysis
Design Toolkit AnalysisDesign Toolkit Analysis
Design Toolkit AnalysisLou Fink
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!edwardo
 
Future Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design CanvasFuture Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design CanvasSimone Cicero
 
The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1Simone Cicero
 
Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.SlideTeam.net
 
Visual CV - based on a timeline
Visual CV - based on a timelineVisual CV - based on a timeline
Visual CV - based on a timelinePeter King
 
Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates SlideTeam.net
 
EINTROEVM - Contingency planning
EINTROEVM - Contingency planningEINTROEVM - Contingency planning
EINTROEVM - Contingency planningMervyn Maico Aldana
 
Brand Strategy Toolkit
Brand Strategy ToolkitBrand Strategy Toolkit
Brand Strategy Toolkitmails2yamini
 
The True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. SimpsonThe True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. SimpsonInstant Checkmate
 

Destaque (20)

linux backbox
linux backboxlinux backbox
linux backbox
 
toolkit_spread_A4
toolkit_spread_A4toolkit_spread_A4
toolkit_spread_A4
 
The Javascript Toolkit 2.0
The Javascript Toolkit 2.0The Javascript Toolkit 2.0
The Javascript Toolkit 2.0
 
Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2
 
IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.
 
Service frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionableService frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionable
 
Working on the event budget and timeline
Working on the event budget and timelineWorking on the event budget and timeline
Working on the event budget and timeline
 
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
 
Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design
 
Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"
 
Design Toolkit Analysis
Design Toolkit AnalysisDesign Toolkit Analysis
Design Toolkit Analysis
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
Future Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design CanvasFuture Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design Canvas
 
The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1
 
Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.
 
Visual CV - based on a timeline
Visual CV - based on a timelineVisual CV - based on a timeline
Visual CV - based on a timeline
 
Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates
 
EINTROEVM - Contingency planning
EINTROEVM - Contingency planningEINTROEVM - Contingency planning
EINTROEVM - Contingency planning
 
Brand Strategy Toolkit
Brand Strategy ToolkitBrand Strategy Toolkit
Brand Strategy Toolkit
 
The True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. SimpsonThe True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. Simpson
 

Semelhante a Linux/Unix Night - (PEN) Testing Toolkits (English)

powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingdhruvpawar010
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
 
Fight with linux reverse
Fight with linux reverseFight with linux reverse
Fight with linux reversechao yang
 
Operating project
Operating projectOperating project
Operating projectISMAT CH
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)Robert Viseur
 
Why documentation osidays
Why documentation osidaysWhy documentation osidays
Why documentation osidaysBastian Feder
 
Using Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsUsing Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsYoshitake Kobayashi
 
Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09Aravindan Arun
 
Linux; Operating System
Linux; Operating SystemLinux; Operating System
Linux; Operating SystemJayEl Cadawas
 
FOSS Enterprise Security Solutions
FOSS Enterprise Security SolutionsFOSS Enterprise Security Solutions
FOSS Enterprise Security Solutionsevolutionaryit
 
Open Source Enterprise Security Solutions
Open Source Enterprise Security SolutionsOpen Source Enterprise Security Solutions
Open Source Enterprise Security Solutionsevolutionaryit
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 
Linux interview questions-ppt
Linux interview questions-pptLinux interview questions-ppt
Linux interview questions-pptMayank Kumar
 

Semelhante a Linux/Unix Night - (PEN) Testing Toolkits (English) (20)

kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hacking
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
 
Fedora Modularity
Fedora ModularityFedora Modularity
Fedora Modularity
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.ppt
 
Fight with linux reverse
Fight with linux reverseFight with linux reverse
Fight with linux reverse
 
Operating project
Operating projectOperating project
Operating project
 
ON.LAB Mininet
ON.LAB MininetON.LAB Mininet
ON.LAB Mininet
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)
 
Why documentation osidays
Why documentation osidaysWhy documentation osidays
Why documentation osidays
 
Using Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsUsing Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure Systems
 
Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09
 
Linux; Operating System
Linux; Operating SystemLinux; Operating System
Linux; Operating System
 
Security in open source projects
Security in open source projectsSecurity in open source projects
Security in open source projects
 
FOSS Enterprise Security Solutions
FOSS Enterprise Security SolutionsFOSS Enterprise Security Solutions
FOSS Enterprise Security Solutions
 
Open Source Enterprise Security Solutions
Open Source Enterprise Security SolutionsOpen Source Enterprise Security Solutions
Open Source Enterprise Security Solutions
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
 
Foss Presentation
Foss PresentationFoss Presentation
Foss Presentation
 
Linux interview questions-ppt
Linux interview questions-pptLinux interview questions-ppt
Linux interview questions-ppt
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Linux/Unix Night - (PEN) Testing Toolkits (English)

  • 1. (PEN) TESTING TOOLKITS: BACKBOX & KALI LINUX JELMER DE REUS 2014/01/07 LINUX/UNIX Night @msterdam
  • 2. Overview  What are testing toolkits used for  What you can do with off-the-shelf distro’s  Comparing BackBox and Kali Linux  Considerations
  • 3. What are testing toolkits used for?  Enumeration Open ports  Firewall/IDS testing  Topology mapping  Software version indexing  Vulnerability scan  Penetration testing  Social Engineering  Forensics 
  • 4. What are testing toolkits used for? Enumeration  Vulnerability scan  Finding software editions & leaks  Finding bad configurations  Faster insight than a whitebox scan  Penetration testing  Social Engineering  Forensics 
  • 5. What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit  WIFI cracking  Social Engineering  Forensics 
  • 6. What are testing toolkits used for?  Enumeration  Vulnerability scan  Penetration testing (incl. WIFI cracking)  Social Engineering  E.g. emailing with hidden links in iFrames to get malicious software on your target  Inject malicious software in ‘regular’ software and spread it
  • 7. What are testing toolkits used for?  Social Engineer Toolkit  Web attack
  • 8. What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Social Engineering  WIFI cracking  Cracking wireless keys  Redirecting/tapping WIFI users  Social engineering (e.g. redirect to a fake website, collect pw)  Exploiting browsers 
  • 9. What are testing toolkits used for? There can be also different use cases like  Network  Firewall troubleshooting handling for fragmented packets  Stress testing networks and servers  DoS defense testing
  • 10. BackBox Linux in short Properties  Ubuntu user experience  Many functions through the start menu  Not extensively documented  However it’s just Ubuntu  Non-root user  Smaller selection of tools  Sorted by technology  Updates of tools are integrated and easy
  • 11. Kali Linux in short Properties  Custom Gnome2  ARM support (for your Pi)  Extensive documentation  Videos and books  Root user  Extensive collection of tools  Sorted  Arduino by activity IDE
  • 12. Differences in menu structure
  • 13. Differences in menu structure
  • 14. BackBox Linux documentation  Forum  Technical questions  Tooling requests  Howto’s  Blog articles (links at the end)
  • 15. BackBox Linux Tutorials on sinflood.net
  • 16. Kali Linux documentation  Extensive documentation  Securitytube  Youtube (links at the end)
  • 17. Kali Linux Books & Tutorials  Packt Publishing (5x)  Securitytube
  • 18. DEMO – GUI overview  BackBox Linux  Kali Linux
  • 19. Tooling What is it really about when choosing either?  Installed and available tools (very personal)  Keeping track of various types of updates, e.g.  Metasploit Framework  OpenVAS signatures  Documentation and personal knowledge  Platform support (e.g. ARM)
  • 20. Tooling - advice Penetration Testing Execution Standard  PTES Technical Guidelines  Structured index of available tools andn technologies Tools with an active community are more reliable on the long term.
  • 21. Tooling – some favorites Useful  Fragtest  Hping3  MSF Auxiliary scanners Very dangerous  Social engineer toolkit  Sslsniff/sslstrip (this says more about SSL/TLS)
  • 22. Tip: use databases in Metasploit
  • 23. Tip: use databases in Metasploit
  • 24. DEMO – tooling overview
  • 25. Thanks for your time! More info:  Kali Linux    BackBox Linux    Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/ Penetration Testing Execution Standard   Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/ http://www.penteststandard.org/index.php/PTES_Technical_Guidelines Metasploit Unleashed  http://www.offensive-security.com/metasploit-unleashed/Main_Page