Kali Linux Training Site: https://kali.training/
Free e-Book PDF: https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf I'm a fan of Kali, for all the reasons Johnny Long mentions in the introduction to the free book for this free course. Ethical hackers (e.g. white hats, the good guys) used to have a MUCH harder time doing our jobs. There was too much work, and up-to-date tools were the tricks of our trade. Keeping those tools organized, up-to-date, and relevant was a beast of a chore. Relieving us of this burden is the greatest gift Kali has given to the community. New cybersecurity professionals are reaping the benefits of their continual hard work today. There still remains one issue technology cannot solve though as it is a purely human trait. That trait being the charge-the-hill ambition of a new cybersecurity person wanting to dive right into using "hacker" tools to do the sexy looking stuff without understanding the basics - I admit it, I'm guilty of this too, sometimes. I'm reminded of this when observing my son learning something new and exciting. He wants to go right into creating his own version of Minecraft with Python without understanding the basics. He'll skip over important foundational information like what a loop or error statement does, why these are important, how they work, or how to fix them when they don't work. Addressing this often frustrating and overwhelming aspect of the job is the premise of Kali Linux Revealed. This course and accompanying PDF/book provides the basic required knowledge which forms the foundation information a new cybersecurity professional needs to know BEFORE they get to do the truly sexy stuff. Understanding, and knowing the information from this course and in this book separates the script kiddies, from the ethical hackers. The girls/boys from the men/women. It's what defines the difference between those you can rely on to give you a decent understanding of your information security posture and those who will lead you astray. So, I gave it a review, and I found it to be very good for the beginner, or as a reference for the experienced cybersecurity professional. You can review the course, download the free eBook, and register all at https://kali.training. The online course, gives you the screenshots/pictures, guides you through what the book reviews, and in essence, if you register you're showing interest, and can save your location while doing the training course over a period of time. The course is a formal walk-through of the book. It will teach you to hack the tools you will use while you hack and also what you need to know before you learn how to really hack - primarily Linux/Unix. If this was an easy task, there would be more hackers; but today we mostly have a plethora of script kiddies. Please don't be a script kiddy! RTFM (Read the Fine/F^@#ing Manual). This job is not for the meager dabbler, it's a long, and quite frankly hard job for most. If this were easier we wouldn't get paid awesome salaries and spend dozens of hours pulling our hair out over a single line of code in a tool that's not working. Hacking and cybersecurity are complex; and Kali made the last parts easy, but when the tools in Kali don't work, and they always fail at some point, you need to know basic Linux system administration, basic programming, shell scripting, and understand how the Linux computer system works in general before you can move forward. Being a hacker isn't a title earned by using some programs or tools you downloaded - that earns the title of "script kiddy". The Hacker title REQUIRES knowing what you downloaded, how it works on the operating system you are using it on, how to use it, and what to do when it does not work or it breaks. Enough preliminary, on to the review. Chapter 1 Runs through a history of the first widely used pen-testing "distributions"; Whoppix, Whax, BackTrack, Kali. It really reminds me of how hard it used to be to do security testing, finding and hoarding tools, then they get outdated, and you have to troubleshoot them. Ugh. What fresh hell that was. Anyway, it describes what Linux is, it's current distribution flavor (Debian), what it does and how it can be used, as well as major features, and Kali Linux policies. A good breakdown of the history of the OS. Chapter 2 Ah the essentials, how do I get this "Kali Linux". This chapter, describes how and where to obtain the stuff you need. Like, where to download Kali Linux and how to prepare using it. It includes configuring a session of VirtualBox to run a Virtual Machine instance of Kali Linux as well as VMWare Workstation. Finally, it describes the importance of validating the downloads via checksums. One area I felt was missing. That is was what I consider the "quick-start" test of Kali Linux. An overview of downloading and test-driving pre-built working virtual machines to use in VMWare Workstation and VirtualBox and fire them up to use Kali immediately; however, this really may have been intentional as the point of this course was to train you to understand and use Kali Linux from start to finish, rather than diving right into using the tools etc. Chapter 3 Describes Linux basics, including the kernel, user space, command line usage, bash, the file-system, and common commands, and Unix permissions. This chapter is a must read for anyone new to Linux/Unix and also is a good reference for the saltier veterans. Do not skip this section. Chapter 4 Describes what you need to run Kali Linux, how much space on your hard drive, memory, processors, and provides step-by-step instructions for installing it onto a hard drive, installing it onto ARM processors, troubleshooting, and unattended installations. It's the advanced Kali Linux installation chapter, with the basics at the forefront. Chapter 5 I would consider this chapter the hacker tool support section, and you'll need it to utilize all the tools properly. Describes how to configure Kali network settings, manage Linux Users and Groups, configuring and managing Services, the Apache web server service and configuration, PostgreSQL database server service and configuration, and using and configuring SSH for remote access to Kali Linux. Chapter 6 The where and how can I get help chapter? At some point everyone is a new person (n00b), and even veterans get caught in a n00b-loop when we let our egos be vulnerable, and ask new person questions. This chapter provides resources to get answers, either on your own (the hacker way), or asking (the community hacker way); usually try to get help in that order though. This chapter reviews help resources and documentation, using Manual pages (man command), apropos command to search man pages, pinfo, the ubiquitous software README file, websites including https://docs.kali.org, Kali official forums, using IRC and Kali, general tips, and how to communicate with "those uber leet hacker d00ds". Chapter 7 So, we've got this powerful collection of hacking tools on an operating system designed to hack the begeebers out of anything one can imagine. So, it makes sense we understand how to secure it, right? That's what this chapter covers, God forbid anyone brings up a default Kali Linux installation on a corporate network with the root/toor default username and password unchanged for any period of time *shudders*. This chapter reviews security policies and securing and monitoring your Kali Linux installation. Topics such as changing default passwords, best practices, reviewing Linux logs, implementing firewall rules, disabling unused services, and how to use iptables (the netfilter firewall config tool). It goes over verifying packages to ensure they're not changed, using top to view activity, using AIDE, Tripwire, and rkhunter/checksecurity/chkrootkit to detect rootkits that may be on your Kali system. Chapter 8 The power of moving BackTrack to a Debian distribution was the ability to keep it, and the thousands of components it has, up-to-date. Kali Linux doesn't do this entirely on it's own, there's some proactive steps we have to perform to maintain it. Our field moves fast, so we needed something to match that pace. This is where this chapter, and the entire project really shines. This chapter discusses Linux Debian Package Management. More importantly, it's an in depth and important review of package management and Repositories. It's a reference for veterans and a must-read for new persons as it reviews managing packages. It discusses maintaining software using basic APT commands to maintain/update packages, alternative dpkg package manager and command, and Aptitude and Synaptic GUI-based package manager. All to keep you up-to-date and secure. Chapter 9 This area is more for an advanced user of Kali Linux. It's targeting modifying the tools on the builds. Probably useful for Red Teams (those who specialize in attacking, legally, networks and systems) as well as dedicated system administrators. It covers more advanced topics including customizing Kali Linux packages, the Linux kernel, images, building live-build systems and maintaining persistent Kali images. The live-build system aspect and maintaining persistent Kali images is probably the most useful to a new professional. Chapter 10 If you're new, you won't need to review this chapter. If you provide Kali to a group of persons or an organization, you're going to need to review this section. It discusses using tools to deploy Kali Linux in enterprise settings. Including booting from the network, centralized management, deploying Kali, configuration management using SaltStack, and the other tools to manage these features. Chapter 11 A key chapter if you're new to cybersecurity. It provides the foundation of terminology so you can ask the right questions and provides useful information to get help more quickly when you need it. If you don't know what to search for in Google, you're going to get a lot of wrong answers. This helps you know what to search for, by using the right words, phrases, and terminology. It gives an overview of security concepts, terms, and how to speak intelligently about the capabilities and activities of cybersecurity. There's great coverage of the types of assessments, vulnerability assessments, compliance penetration tests, traditional penetration tests, application assessments, types of attacks, Denial of Service, Memory corruption, web vulnerabilities, password attacks, and finally client-side attacks. These later items answer the question, "how is it even possible to hack" with a tool? Chapter 12 This chapter goes over what to do after you know a little about Linux. It reviews maintaining Kali via administrative tasks and where to learn more. It does not teach penetration testing. It teaches you what you need to know before you should even think about penetration testing (i.e. avoid jail time). It teaches you how to setup a system which enables you to perform penetration testing. There are hundreds of tools, with hundreds of options, and knowing how they work on the operating system built for them is key to understanding how to use them properly. Summary The twelve chapters and the free online course provide a great introduction to not only Kali, but cybersecurity. It goes over Linux administration, and the basics needed to get into cybersecurity. After you read this book and practice these activities, then you can begin to learn how to hack. Following this, I suggest trying one of the online hack challenges with your newly found Kali knowledge (see SANS Holiday Hack Challenge). I was impressed with the dedication of the authors, the Kali Linux team, and the community in supporting this endeavor. We need more ethical hackers, more white hats. This course and book not only gives you want you want, they give you want you need. Bom Trabalho (Good Work) folks and thank you for providing this awesome resource and service!
0 Comments
|
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|