SlideShare una empresa de Scribd logo

Linux/Unix Night - (PEN) Testing Toolkits (English)

Descargar como PPTX, PDF
Jelmer de Reus
Jelmer de Reus

a comparison of Kali Linux and BackBox Linux and some advice and considerations

Tecnología
1 de 25
(PEN) TESTING TOOLKITS: BACKBOX & KALI LINUX JELMER DE REUS 2014/01/07 LINUX/UNIX Night @msterdam
Overview  What are testing toolkits used for  What you can do with off-the-shelf distro’s  Comparing BackBox and Kali Linux  Considerations
What are testing toolkits used for?  Enumeration Open ports  Firewall/IDS testing  Topology mapping  Software version indexing  Vulnerability scan  Penetration testing  Social Engineering  Forensics 
What are testing toolkits used for? Enumeration  Vulnerability scan  Finding software editions & leaks  Finding bad configurations  Faster insight than a whitebox scan  Penetration testing  Social Engineering  Forensics 
What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit  WIFI cracking  Social Engineering  Forensics 
What are testing toolkits used for?  Enumeration  Vulnerability scan  Penetration testing (incl. WIFI cracking)  Social Engineering  E.g. emailing with hidden links in iFrames to get malicious software on your target  Inject malicious software in ‘regular’ software and spread it
What are testing toolkits used for?  Social Engineer Toolkit  Web attack
What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Social Engineering  WIFI cracking  Cracking wireless keys  Redirecting/tapping WIFI users  Social engineering (e.g. redirect to a fake website, collect pw)  Exploiting browsers 
What are testing toolkits used for? There can be also different use cases like  Network  Firewall troubleshooting handling for fragmented packets  Stress testing networks and servers  DoS defense testing
BackBox Linux in short Properties  Ubuntu user experience  Many functions through the start menu  Not extensively documented  However it’s just Ubuntu  Non-root user  Smaller selection of tools  Sorted by technology  Updates of tools are integrated and easy
Kali Linux in short Properties  Custom Gnome2  ARM support (for your Pi)  Extensive documentation  Videos and books  Root user  Extensive collection of tools  Sorted  Arduino by activity IDE
Differences in menu structure
Differences in menu structure
BackBox Linux documentation  Forum  Technical questions  Tooling requests  Howto’s  Blog articles (links at the end)
BackBox Linux Tutorials on sinflood.net
Kali Linux documentation  Extensive documentation  Securitytube  Youtube (links at the end)
Kali Linux Books & Tutorials  Packt Publishing (5x)  Securitytube
DEMO – GUI overview  BackBox Linux  Kali Linux
Tooling What is it really about when choosing either?  Installed and available tools (very personal)  Keeping track of various types of updates, e.g.  Metasploit Framework  OpenVAS signatures  Documentation and personal knowledge  Platform support (e.g. ARM)
Tooling - advice Penetration Testing Execution Standard  PTES Technical Guidelines  Structured index of available tools andn technologies Tools with an active community are more reliable on the long term.
Tooling – some favorites Useful  Fragtest  Hping3  MSF Auxiliary scanners Very dangerous  Social engineer toolkit  Sslsniff/sslstrip (this says more about SSL/TLS)
Tip: use databases in Metasploit
Tip: use databases in Metasploit
DEMO – tooling overview
Thanks for your time! More info:  Kali Linux    BackBox Linux    Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/ Penetration Testing Execution Standard   Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/ http://www.penteststandard.org/index.php/PTES_Technical_Guidelines Metasploit Unleashed  http://www.offensive-security.com/metasploit-unleashed/Main_Page

Recomendados

Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxSumit Singh
 

Recomendados

Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Kali linux
Kali linuxKali linux
Kali linuxHarsh Gor
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxChanchal Dabriya
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptxanumeha bhatnagar
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxSumit Singh
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarisedSanchit Srivastava
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar reportAbhayNaik8
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
Kali linux
Kali linuxKali linux
Kali linuxAadhithyanPandian
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
Kali linux
Kali linuxKali linux
Kali linuxfutaimbinlahej
 
kali linux
kali linuxkali linux
kali linuxDarshan Dalwadi
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
kali linux
kali linux kali linux
kali linux Avinash Hanwate
 
Kali linux
Kali linuxKali linux
Kali linuxabdulla78
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
Kali Linux
Kali LinuxKali Linux
Kali LinuxShubham Agrawal
 
Kalilinux
KalilinuxKalilinux
Kalilinuxalmuhairi2000
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
Kali linux
Kali linuxKali linux
Kali linuxafraalfalasii
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
linux backbox
linux backboxlinux backbox
linux backbox1
 
toolkit_spread_A4
toolkit_spread_A4toolkit_spread_A4
toolkit_spread_A4Ulla Malecki
 
The Javascript Toolkit 2.0
The Javascript Toolkit 2.0The Javascript Toolkit 2.0
The Javascript Toolkit 2.0Marcos Vinícius
 

Más contenido relacionado

La actualidad más candente

penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar reportAbhayNaik8
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxshamsaot
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linuxjulius77
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXDeborah Akuoko
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 

La actualidad más candente (19)

penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarised
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar report
 
Shamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linuxShamsa altayer 10bg kali linux
Shamsa altayer 10bg kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]
 
(03 2013) guide to kali linux
(03 2013) guide to kali linux(03 2013) guide to kali linux
(03 2013) guide to kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
kali linux
kali linuxkali linux
kali linux
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux Presentaion
 
kali linux
kali linux kali linux
kali linux
 
Kali linux
Kali linuxKali linux
Kali linux
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Kali linux os
Kali linux osKali linux os
Kali linux os
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
Kalilinux
KalilinuxKalilinux
Kalilinux
 
BASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUXBASIC OVERVIEW OF KALI LINUX
BASIC OVERVIEW OF KALI LINUX
 
Kali linux
Kali linuxKali linux
Kali linux
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to Go
 

Destacado

linux backbox
linux backboxlinux backbox
linux backbox1
 
The Javascript Toolkit 2.0
The Javascript Toolkit 2.0The Javascript Toolkit 2.0
The Javascript Toolkit 2.0Marcos Vinícius
 
Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2lisanl
 
IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.lisanl
 
Service frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionableService frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionableKarina Smith
 
Working on the event budget and timeline
Working on the event budget and timelineWorking on the event budget and timeline
Working on the event budget and timelineMervyn Maico Aldana
 
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...Jack Morton Worldwide
 
Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design frog
 
Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"Prophets Agency
 
Design Toolkit Analysis
Design Toolkit AnalysisDesign Toolkit Analysis
Design Toolkit AnalysisLou Fink
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!edwardo
 
Future Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design CanvasFuture Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design CanvasSimone Cicero
 
The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1Simone Cicero
 
Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.SlideTeam.net
 
Visual CV - based on a timeline
Visual CV - based on a timelineVisual CV - based on a timeline
Visual CV - based on a timelinePeter King
 
Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates SlideTeam.net
 
EINTROEVM - Contingency planning
EINTROEVM - Contingency planningEINTROEVM - Contingency planning
EINTROEVM - Contingency planningMervyn Maico Aldana
 
Brand Strategy Toolkit
Brand Strategy ToolkitBrand Strategy Toolkit
Brand Strategy Toolkitmails2yamini
 
The True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. SimpsonThe True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. SimpsonInstant Checkmate
 

Destacado (20)

linux backbox
linux backboxlinux backbox
linux backbox
 
toolkit_spread_A4
toolkit_spread_A4toolkit_spread_A4
toolkit_spread_A4
 
The Javascript Toolkit 2.0
The Javascript Toolkit 2.0The Javascript Toolkit 2.0
The Javascript Toolkit 2.0
 
Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2Toolkits Overview for IBM Streams V4.2
Toolkits Overview for IBM Streams V4.2
 
IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.IBM ODM Rules Compiler support in IBM Streams V4.2.
IBM ODM Rules Compiler support in IBM Streams V4.2.
 
Service frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionableService frameworks and toolkits: Making design artefacts actionable
Service frameworks and toolkits: Making design artefacts actionable
 
Working on the event budget and timeline
Working on the event budget and timelineWorking on the event budget and timeline
Working on the event budget and timeline
 
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
Marketer's guide to Facebook timeline: Tips for brands and marketers for the ...
 
Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design Investing in local communities by sharing the power of design
Investing in local communities by sharing the power of design
 
Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"Prophets presents "Facebook Timeline for brands essential training"
Prophets presents "Facebook Timeline for brands essential training"
 
Design Toolkit Analysis
Design Toolkit AnalysisDesign Toolkit Analysis
Design Toolkit Analysis
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
Future Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design CanvasFuture Proof Design and the Platform Design Canvas
Future Proof Design and the Platform Design Canvas
 
The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1The Platform Design Toolkit v 0.1
The Platform Design Toolkit v 0.1
 
Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.Timeline roadmap product graphs powerpoint ppt templates.
Timeline roadmap product graphs powerpoint ppt templates.
 
Visual CV - based on a timeline
Visual CV - based on a timelineVisual CV - based on a timeline
Visual CV - based on a timeline
 
Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates Download editable road map power point slides and road map powerpoint templates
Download editable road map power point slides and road map powerpoint templates
 
EINTROEVM - Contingency planning
EINTROEVM - Contingency planningEINTROEVM - Contingency planning
EINTROEVM - Contingency planning
 
Brand Strategy Toolkit
Brand Strategy ToolkitBrand Strategy Toolkit
Brand Strategy Toolkit
 
The True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. SimpsonThe True Timeline Behind The People vs. O.J. Simpson
The True Timeline Behind The People vs. O.J. Simpson
 

Similar a Linux/Unix Night - (PEN) Testing Toolkits (English)

powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingdhruvpawar010
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
 
Fight with linux reverse
Fight with linux reverseFight with linux reverse
Fight with linux reversechao yang
 
Operating project
Operating projectOperating project
Operating projectISMAT CH
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)Robert Viseur
 
Why documentation osidays
Why documentation osidaysWhy documentation osidays
Why documentation osidaysBastian Feder
 
Using Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsUsing Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsYoshitake Kobayashi
 
Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09Aravindan Arun
 
Linux; Operating System
Linux; Operating SystemLinux; Operating System
Linux; Operating SystemJayEl Cadawas
 
FOSS Enterprise Security Solutions
FOSS Enterprise Security SolutionsFOSS Enterprise Security Solutions
FOSS Enterprise Security Solutionsevolutionaryit
 
Open Source Enterprise Security Solutions
Open Source Enterprise Security SolutionsOpen Source Enterprise Security Solutions
Open Source Enterprise Security Solutionsevolutionaryit
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 
Linux interview questions-ppt
Linux interview questions-pptLinux interview questions-ppt
Linux interview questions-pptMayank Kumar
 

Similar a Linux/Unix Night - (PEN) Testing Toolkits (English) (20)

kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
powe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hackingpowe point presentation on kali linux and ethical hacking
powe point presentation on kali linux and ethical hacking
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
 
Fedora Modularity
Fedora ModularityFedora Modularity
Fedora Modularity
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.ppt
 
Fight with linux reverse
Fight with linux reverseFight with linux reverse
Fight with linux reverse
 
Operating project
Operating projectOperating project
Operating project
 
ON.LAB Mininet
ON.LAB MininetON.LAB Mininet
ON.LAB Mininet
 
L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)L'open hardware dans l'électronique (et au delà...)
L'open hardware dans l'électronique (et au delà...)
 
Why documentation osidays
Why documentation osidaysWhy documentation osidays
Why documentation osidays
 
Using Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure SystemsUsing Embedded Linux for Infrastructure Systems
Using Embedded Linux for Infrastructure Systems
 
Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09Linux nic training_intro_14_dec_09
Linux nic training_intro_14_dec_09
 
Linux; Operating System
Linux; Operating SystemLinux; Operating System
Linux; Operating System
 
Security in open source projects
Security in open source projectsSecurity in open source projects
Security in open source projects
 
FOSS Enterprise Security Solutions
FOSS Enterprise Security SolutionsFOSS Enterprise Security Solutions
FOSS Enterprise Security Solutions
 
Open Source Enterprise Security Solutions
Open Source Enterprise Security SolutionsOpen Source Enterprise Security Solutions
Open Source Enterprise Security Solutions
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
 
Foss Presentation
Foss PresentationFoss Presentation
Foss Presentation
 
Linux interview questions-ppt
Linux interview questions-pptLinux interview questions-ppt
Linux interview questions-ppt
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Linux/Unix Night - (PEN) Testing Toolkits (English)

  • 1. (PEN) TESTING TOOLKITS: BACKBOX & KALI LINUX JELMER DE REUS 2014/01/07 LINUX/UNIX Night @msterdam
  • 2. Overview  What are testing toolkits used for  What you can do with off-the-shelf distro’s  Comparing BackBox and Kali Linux  Considerations
  • 3. What are testing toolkits used for?  Enumeration Open ports  Firewall/IDS testing  Topology mapping  Software version indexing  Vulnerability scan  Penetration testing  Social Engineering  Forensics 
  • 4. What are testing toolkits used for? Enumeration  Vulnerability scan  Finding software editions & leaks  Finding bad configurations  Faster insight than a whitebox scan  Penetration testing  Social Engineering  Forensics 
  • 5. What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit  WIFI cracking  Social Engineering  Forensics 
  • 6. What are testing toolkits used for?  Enumeration  Vulnerability scan  Penetration testing (incl. WIFI cracking)  Social Engineering  E.g. emailing with hidden links in iFrames to get malicious software on your target  Inject malicious software in ‘regular’ software and spread it
  • 7. What are testing toolkits used for?  Social Engineer Toolkit  Web attack
  • 8. What are testing toolkits used for? Enumeration  Vulnerability scan  Penetration testing  Social Engineering  WIFI cracking  Cracking wireless keys  Redirecting/tapping WIFI users  Social engineering (e.g. redirect to a fake website, collect pw)  Exploiting browsers 
  • 9. What are testing toolkits used for? There can be also different use cases like  Network  Firewall troubleshooting handling for fragmented packets  Stress testing networks and servers  DoS defense testing
  • 10. BackBox Linux in short Properties  Ubuntu user experience  Many functions through the start menu  Not extensively documented  However it’s just Ubuntu  Non-root user  Smaller selection of tools  Sorted by technology  Updates of tools are integrated and easy
  • 11. Kali Linux in short Properties  Custom Gnome2  ARM support (for your Pi)  Extensive documentation  Videos and books  Root user  Extensive collection of tools  Sorted  Arduino by activity IDE
  • 12. Differences in menu structure
  • 13. Differences in menu structure
  • 14. BackBox Linux documentation  Forum  Technical questions  Tooling requests  Howto’s  Blog articles (links at the end)
  • 15. BackBox Linux Tutorials on sinflood.net
  • 16. Kali Linux documentation  Extensive documentation  Securitytube  Youtube (links at the end)
  • 17. Kali Linux Books & Tutorials  Packt Publishing (5x)  Securitytube
  • 18. DEMO – GUI overview  BackBox Linux  Kali Linux
  • 19. Tooling What is it really about when choosing either?  Installed and available tools (very personal)  Keeping track of various types of updates, e.g.  Metasploit Framework  OpenVAS signatures  Documentation and personal knowledge  Platform support (e.g. ARM)
  • 20. Tooling - advice Penetration Testing Execution Standard  PTES Technical Guidelines  Structured index of available tools andn technologies Tools with an active community are more reliable on the long term.
  • 21. Tooling – some favorites Useful  Fragtest  Hping3  MSF Auxiliary scanners Very dangerous  Social engineer toolkit  Sslsniff/sslstrip (this says more about SSL/TLS)
  • 22. Tip: use databases in Metasploit
  • 23. Tip: use databases in Metasploit
  • 24. DEMO – tooling overview
  • 25. Thanks for your time! More info:  Kali Linux    BackBox Linux    Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/ Penetration Testing Execution Standard   Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/ http://www.penteststandard.org/index.php/PTES_Technical_Guidelines Metasploit Unleashed  http://www.offensive-security.com/metasploit-unleashed/Main_Page