Linux/Unix Night - (PEN) Testing Toolkits (English)
-
Upload
jelmer-de-reus -
Category
Technology
-
view
3.939 -
download
1
description
Transcript of Linux/Unix Night - (PEN) Testing Toolkits (English)
![Page 1: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/1.jpg)
(PEN) TESTING TOOLKITS:BACKBOX & KALI LINUXJELMER DE REUS
LINUX/UNIX Night @msterdam2014/01/07
![Page 2: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/2.jpg)
Overview
What are testing toolkits used for What you can do with off-the-shelf distro’s Comparing BackBox and Kali Linux Considerations
![Page 3: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/3.jpg)
What are testing toolkits used for?
Enumeration Open ports Firewall/IDS testing Topology mapping Software version indexing
Vulnerability scan Penetration testing Social Engineering Forensics
![Page 4: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/4.jpg)
What are testing toolkits used for?
Enumeration Vulnerability scan
Finding software editions & leaks Finding bad configurations Faster insight than a whitebox scan
Penetration testing Social Engineering Forensics
![Page 5: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/5.jpg)
What are testing toolkits used for?
Enumeration Vulnerability scan Penetration testing
Creatively, and with the help of tools, exploring the security boundaries for opportunities to exploit
WIFI cracking Social Engineering Forensics
![Page 6: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/6.jpg)
What are testing toolkits used for?
Enumeration Vulnerability scan Penetration testing (incl. WIFI cracking) Social Engineering
E.g. emailing with hidden links in iFrames to get malicious software on your target
Inject malicious software in ‘regular’ software and spread it
![Page 7: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/7.jpg)
What are testing toolkits used for?
Social Engineer Toolkit Web attack
![Page 8: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/8.jpg)
What are testing toolkits used for?
Enumeration Vulnerability scan Penetration testing Social Engineering WIFI cracking
Cracking wireless keys Redirecting/tapping WIFI users Social engineering (e.g. redirect to a fake website, collect pw) Exploiting browsers
![Page 9: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/9.jpg)
What are testing toolkits used for?
There can be also different use cases like
Network troubleshooting Firewall handling for fragmented packets Stress testing networks and servers DoS defense testing
![Page 10: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/10.jpg)
BackBox Linux in short
Properties Ubuntu user experience Many functions through
the start menu Not extensively
documented However it’s just Ubuntu
Non-root user Smaller selection of
tools Sorted by technology
Updates of tools are integrated and easy
![Page 11: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/11.jpg)
Kali Linux in short
Properties Custom Gnome2 ARM support (for
your Pi) Extensive
documentation Videos and books
Root user Extensive collection
of tools Sorted by activity
Arduino IDE
![Page 12: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/12.jpg)
Differences in menu structure
![Page 13: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/13.jpg)
Differences in menu structure
![Page 14: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/14.jpg)
BackBox Linux documentation
Forum Technical questions Tooling requests Howto’s
Blog articles
(links at the end)
![Page 15: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/15.jpg)
BackBox Linux Tutorials on sinflood.net
![Page 16: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/16.jpg)
Kali Linux documentation
Extensive documentation Securitytube Youtube
(links at the end)
![Page 17: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/17.jpg)
Kali Linux Books & Tutorials Packt Publishing (5x) Securitytube
![Page 18: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/18.jpg)
DEMO – GUI overview
BackBox Linux Kali Linux
![Page 19: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/19.jpg)
Tooling
What is it really about when choosing either? Installed and available tools (very personal) Keeping track of various types of updates, e.g.
Metasploit Framework OpenVAS signatures
Documentation and personal knowledge Platform support (e.g. ARM)
![Page 20: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/20.jpg)
Tooling - advice
Penetration Testing Execution Standard PTES Technical Guidelines
Structured index of available tools andn technologies
Tools with an active community are more reliable on the long term.
![Page 21: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/21.jpg)
Tooling – some favorites
Useful Fragtest Hping3 MSF Auxiliary scanners
Very dangerous Social engineer toolkit Sslsniff/sslstrip (this says more about SSL/TLS)
![Page 22: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/22.jpg)
Tip: use databases in Metasploit
![Page 23: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/23.jpg)
Tip: use databases in Metasploit
![Page 24: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/24.jpg)
DEMO – tooling overview
![Page 25: Linux/Unix Night - (PEN) Testing Toolkits (English)](https://reader035.fdocument.pub/reader035/viewer/2022062615/54832547b079591f0c8b492c/html5/thumbnails/25.jpg)
Thanks for your time! More info:
Kali Linux Main: http://www.kali.org Official Docs: http://www.kali.org/official-documentation/
BackBox Linux Main: http://www.backbox.org Forum/Howto: http://forum.backbox.org/
Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
Metasploit Unleashed http://www.offensive-security.com/metasploit-unleashed/Main_Page