From the course: Kali Linux for Advanced Pen Testing and Ethical Hacking
Testing with Kali Linux - Linux Tutorial
From the course: Kali Linux for Advanced Pen Testing and Ethical Hacking
Testing with Kali Linux
- [Instructor] Kali is major part of any pen tester's approach to testing, both as a platform to work from and a source of tools to use. The nature of system vulnerabilities means that the pen tester is faced with a range of operating systems and applications. And for each of them, a variety of release levels. Technology changes quickly but can persist for a long time. And technology users differ widely in their attention to applying patches and updates. Consequently, running a pen test requires a lot of preparation to determine what might be the right tools and exploits to use, and to manage the uncertainty that comes with using tools and exploits in an uncertain environment. Offensive Security, the folks who provide Kali for us, have a range of training courses, the most well-known of which is Pen 200, pen testing with Kali, which is the training course for the OSCP Certified Professional examination. This is the most widely recognized qualification in the pen testing world. Pen 200 includes a training manual and videos to provide a basic level of understanding and a training lab in which to spend many hours attempting system penetrations in order to direct research and build experience. As well as learning the approaches to specific system penetrations, it's as much as anything an opportunity to develop an effective personal style. Pen testing is not about cooking up tests from a recipe book, which contains the perfect solution for every target. Exploits are continually being developed and the combination of configurations and software makes every target a unique challenge. Pen testing, therefore, is about understanding the target, being able to creatively identify potential weak spots and then being able to craft a unique set of tests to suit the target. We can create labels such as script kiddies, cyber warriors, exploiters and so on but in fact, there are no preordained levels of pen tester, just a continuum from beginner to expert. Everyone starts out knowing nothing but depending upon the time and effort they invest in learning, they can become competent pen testers. As with any other endeavor, some people will have more aptitude and learn faster but it is just about plain old learning and experience. There's no magic here. A novel pen tester will be able to run automated tools to find vulnerabilities, and in some cases, to automate the collection of penetration evidence. The challenge gets harder the more obscure the target software. At a more advanced level, exploits may exist but need to be customized to suit the target. And so a level of reverse engineering is required. At the expert level, the pen tester will carry out vulnerability research on his or her targets to find zero-day exploits and craft specific attacks. Anyone wanting to learn pen testing can become a competent advanced tester. The key learning in becoming a competent pen tester is persistence, and the OSCP motto, and examination demand is try harder. Pen testers will need to have a broad range of skills across networks, operating systems and common applications. Most testers will then develop their skills in specific areas, such as wireless networks, specific operating systems, such as Windows or Linux, specific services such as web and mobile, or specific applications, such as Active Directory. There are also some specialized areas outside of mainstream IT, such as SCADA systems, control systems used in areas, such as power stations and other utilities. The explosion in technology that is occurring with the Internet of Things means there'll be many more specialized areas. Home automation, transport and automotive, industrial automation, e-health devices and so on. Developing as a pen tester also means developing your own approach to testing. And learning how to manage the vast amounts of pen testing knowledge that you acquire. Getting yourself ready to do pen testing by creating your own toolbox of useful tools and techniques is as much a part of training to be a pen tester as is learning about specific exploits. Kali supports the pen testing process by providing an effective pen testing environment right from the start, enabling quick wins, and reproducible results. It also provides the foundation for you to develop your own advanced toolset by extending it to suit your own way of working.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.