Upload
jelmer-de-reus
View
3.939
Download
1
Embed Size (px)
DESCRIPTION
a comparison of Kali Linux and BackBox Linux and some advice and considerations
Citation preview
(PEN) TESTING TOOLKITS:BACKBOX & KALI LINUXJELMER DE REUS
LINUX/UNIX Night @msterdam2014/01/07
Overview
What are testing toolkits used for What you can do with off-the-shelf distro’s Comparing BackBox and Kali Linux Considerations
What are testing toolkits used for?
Enumeration Open ports Firewall/IDS testing Topology mapping Software version indexing
Vulnerability scan Penetration testing Social Engineering Forensics
What are testing toolkits used for?
Enumeration Vulnerability scan
Finding software editions & leaks Finding bad configurations Faster insight than a whitebox scan
Penetration testing Social Engineering Forensics
What are testing toolkits used for?
Enumeration Vulnerability scan Penetration testing
Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit
WIFI cracking Social Engineering Forensics
What are testing toolkits used for?
Enumeration Vulnerability scan Penetration testing (incl. WIFI cracking) Social Engineering
E.g. emailing with hidden links in iFrames to get malicious software on your target
Inject malicious software in ‘regular’ software and spread it
What are testing toolkits used for?
Social Engineer Toolkit Web attack
What are testing toolkits used for?
Enumeration Vulnerability scan Penetration testing Social Engineering WIFI cracking
Cracking wireless keys Redirecting/tapping WIFI users Social engineering (e.g. redirect to a fake website, collect pw) Exploiting browsers
What are testing toolkits used for?
There can be also different use cases like
Network troubleshooting Firewall handling for fragmented packets Stress testing networks and servers DoS defense testing
BackBox Linux in short
Properties Ubuntu user experience Many functions through
the start menu Not extensively
documented However it’s just Ubuntu
Non-root user Smaller selection of
tools Sorted by technology
Updates of tools are integrated and easy
Kali Linux in short
Properties Custom Gnome2 ARM support (for
your Pi) Extensive
documentation Videos and books
Root user Extensive collection
of tools Sorted by activity
Arduino IDE
Differences in menu structure
Differences in menu structure
BackBox Linux documentation
Forum Technical questions Tooling requests Howto’s
Blog articles
(links at the end)
BackBox Linux Tutorials on sinflood.net
Kali Linux documentation
Extensive documentation Securitytube Youtube
(links at the end)
Kali Linux Books & Tutorials Packt Publishing (5x) Securitytube
DEMO – GUI overview
BackBox Linux Kali Linux
Tooling
What is it really about when choosing either? Installed and available tools (very personal) Keeping track of various types of updates, e.g.
Metasploit Framework OpenVAS signatures
Documentation and personal knowledge Platform support (e.g. ARM)
Tooling - advice
Penetration Testing Execution Standard PTES Technical Guidelines
Structured index of available tools andn technologies
Tools with an active community are more reliable on the long term.
Tooling – some favorites
Useful Fragtest Hping3 MSF Auxiliary scanners
Very dangerous Social engineer toolkit Sslsniff/sslstrip (this says more about SSL/TLS)
Tip: use databases in Metasploit
Tip: use databases in Metasploit
DEMO – tooling overview
Thanks for your time! More info:
Kali Linux Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/
BackBox Linux Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/
Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
Metasploit Unleashed http://www.offensive-security.com/metasploit-unleashed/Main_Page