Question

WHAT YOU WILL LEARN IN THIS CHAPTER:

• Virtualization
• Kali Linux
• Optimizing Kali Linux
• Using Kali Linux Tools

Most of what I teach is done virtually with customers over teleconferencing. The most difficult thing to do with virtual training is to engage the student. They don't see me, and I don't see them. I do not have the ability to read body language. I cannot see the crinkle between their eyes when they're confused. I also can't see when they have gotten up to get more coffee or are sidetracked by emails and phone calls, so student engagement is key. One of our conversations in the Nexpose Vulnerability Management class centers around the cybersecurity philosophy of viewing you and your ecosystem as an attacker would. I ask the question, “What do new pen testers or hackers download as their operating system of choice?” I'm surprised by how many blue‐teamers have never heard of Kali Linux. I've been playing Kali since before it was Kali and was called Backtrack.

Kali Linux debuted in 2013 as a total rewrite of the free Linux distribution called BackTrack. BackTrack was based on the Knoppix Linux OS, whereas now Kali Linux is based on the Debian Linux OS and is funded and maintained by Offensive Security. Kali Linux still remains free and contains more than 600 penetration tools with a wide range of wireless device support. BackTrack was started as an answer to Mati Aharoni's need for a tool to take on an engagement where he could not bring any hardware except a laptop, which would be taken from him at the end of the engagement. Mati is the founder and core developer of the Kali Linux and is the CTO at Offensive Security. Interestingly enough, Kali is the Hindu goddess who brings the death of the ego. I think this software is aptly named.

We have examined many tools throughout this book, and now we've reached one of my favorites. Some of the tools in Kali Linux have entire chapters devoted to them in this book, such as Metasploit Framework, Nmap, Wireshark, and Burp. The best way to master any skill or tool is hands‐on practice. One method you could take is to load these tools on your computer and use them to examine your personal systems. That is a great introduction, but it doesn't scale very well. Most of us don't have many systems in our own private network and may not be able to fully realize the usefulness of these tools. You could use these tools to examine Google or Yahoo! or some other production system out on the Web, but the major problem with doing that is that you don't have permission to do it. It could get you into a lot of legal trouble. Another alternative, and the one I use the most, is to use virtualization.