Domain: kali.org
Stories and comments across the archive that link to kali.org.
Comments · 10
-
SSL may not help
While the attack would result in decrypting any clear text being sent over wifi, the saving grace is that an increasing amount of traffic is sent via HTTPS or SSL, which would provide an additional barrier to an attacker seeing login credentials for remote websites, etc.
If you watch the video posted by Mathy Vanhoef, you'll see at 1:16 he's also using sslstrip.
-
Re:Crucial question
There are plenty of security-focused Linux OSes, e.g. Tails, Qubes, Whonix, Ubuntu Privacy Remix, Kali Linux - just to mention a few. And then there is also the whole BSD family of free Unix OSes who are very security vetted, e.g. NetBSD, OpenBSD and FreeBSD. So I'm not sure what you mean by "the linux community is not capitalizing on the situation"
..? -
Live CD and/or VM
It is easy enough to run Linux from a Live (Bootable) media or to install a VM based Linux box. You do not need a dedicated box.
-
Re:Whatever you do...
...whatever you do, don't give us any fucking clues as to what the features of interest might be or why we might be interested in this particular distro.
They told you in the summary what was important; that it had rolling updates.
But seriously, that it absolutely true. I used to hate companies that insisted on having a mission statement on their websites, but it is something that is essential for the myriad of Linux distros and other open source projects that waste the front page of their websites with the change log. "Great, I know what has changed, now what is the program about?"
In this case, their front page does give a simple explanation of the purpose of the distro; that it is a "penetration testing platform". I guess if you don't know what that means that the product isn't meant for you. But how useful would it have been to have those three words in the
/. summary?They also have a fairly simple features page.
-
Just get Kali Linux, it is set up for Pen TestingJust download and install Kali Linux on a computer. If you get a laptop and want to test wireless, make sure to do a little research for the wireless chip in there to make sure you can put it into full promiscuous mode so you can sniff traffic. If it isn't built in you can buy usb ones that will work but do some research first.
But seriously, this is one of the BEST ways to start learning pen testing, all the tools you need in one place.
Install it and start testing on your own home network first to learn the ins/outs and to see how secure YOUR network is. Then, maybe get permission to run it at work with your boss that suggested you get into this.
-
Stay Informed
No matter what certifications you get (although you should get certified, for legal reasons as mentioned by others), it's critical that you keep abreast of what's going on in the field, otherwise you're not doing your job. Listen to podcasts on the way to, from, and while you're at work. Read all the websites you can. And learn the tools.
This Week in Enterprise Tech: http://twit.tv/show/this-week-... - frequently mentions useful tools and products for testing or securing a business.
Security Now: http://twit.tv/sn - hosted by one of the best known names in the business, Steve Gibson.
Internet Storm Center: http://isc.sans.edu/ - Website has all kinds of detailed on latest vulnerabilities and security issues - podcast is also available in daily or monthly form.
Kali Linux: http://kali.org/ - can be used as a bootable environment or installed on a partition as a portable pen testing "toy."
Metasploit: http://www.metasploit.com/ - Widely used, frequently updated pen testing kit.
-
Start doing penetration tests
If you don't know where to start, try something like Kali. Have a play around with Metasploit as well.
-
Re:License needed only for specific things
When BackTrack became Kali they chose to change the base from Ubuntu to Debian. I wonder if this influenced them, or they were just running away from Unity?
-
Re:Kali Linux
http://www.kali.org/official-documentation/
It's a link on the top of the home page. I bet you couldn't find your arse with both hands and a mirror.
-
Works on Chromebook also, apparantly