12.3. Going Further This book taught you a lot of things that any Kali Linux user should know, but we made some hard choices to keep it short, and there are many topics that were not covered. 12.3.1. Towards System Administration If you want to learn more about system administration, then we can only recommend that you check out the Debian Administrator's Handbook: https://debian-handbook.info/get/ You will find there many supplementary chapters covering common Unix services that we have entirely skipped in this book. And even for chapters that have been reused in the Kali book, you will find plenty of supplementary tips, notably on the packaging systemRead More →

12.2. Showing Off Your Newly Gained Knowledge Are you proud of your new Kali Linux skills? Would you like to ensure that you remember the really important things? If you answer yes to one of those questions, then you should consider applying for the Kali Linux Certified Professional program. It is a comprehensive certification that will ensure that you know how to deploy and use Kali Linux in many realistic use cases. It is a nice addition to your resume and it also proves that you are ready to go further.Read More →

Congratulations! Hopefully you should now be more familiar with your Kali Linux system and you should not be afraid of using it for any experiment that you can think of. You have discovered its most interesting features but you also know its limits and various ways to work around those limitations. If you have not put all features into practice, keep this book around for reference purposes and refresh your memory when you are about to try a new feature. Remember that there is nothing better than practice (and perseverance) to develop new skills. Try Harder, as the Offensive Security trainers keep repeating. 12.1. Keeping UpRead More →

11.5. Summary In this chapter, we took a brief look at Kali's role in the field of information security. We discussed the importance of a clean, working installation and the use of encryption before heading out to the field in order to protect your client's information, and the importance of legal representation to protect you and your client's interests. The components of the CIA (confidentiality, integrity, availability) triad are the primary items that you will focus on when securing a system as part of standard deployment, maintenance, or assessment. This conceptual foundation will assist you with the identification of the critical components of your systems andRead More →

11.4. Types of Attacks Once the work is taking place, what are some of the specific sorts of attacks that you will be conducting? Each type of vulnerability has its own associated exploitation techniques. This section will cover the various classes of vulnerabilities that you will interact with most often. No matter what category of vulnerability you are looking at, Kali makes these tools and exploits easy to find. The Kali menu on your graphical user interface is divided up into categories to help make the right tool easier to find. In addition, the Kali Tools website has comprehensive listings of the various tools availableRead More →

11.3. Formalization of the Assessment With your Kali environment ready and the type of assessment defined, you are almost ready to start working. Your last step is to formalize the work to be done. This is critically important, as this defines what the expectations for the work will be, and grants you permission to conduct what might otherwise be illegal activity. We will cover this at a high level, but this is a very complex and important step so you will likely want to check with your organization's legal representative for assistance. As part of the formalization process, you will need to define the rules ofRead More →

11.2. Types of Assessments Now that you have ensured that your Kali environment is ready, the next step is defining exactly what sort of assessment you are conducting. At the highest level, we may describe four types of assessments: a vulnerability assessment, a compliance test, a traditional penetration test, and an application assessment. An engagement may involve various elements of each type of assessment but it is worth describing them in some detail and explaining their relevance to your Kali Linux build and environment. Before delving into the different types of assessments, it is important to first note the difference between a vulnerability and anRead More →

We have covered many Kali Linux-specific features up to this point so you should have a strong understanding of what makes Kali special and how to accomplish a number of complex tasks. Before putting Kali to use however, there are a few concepts relating to security assessments that you should understand. In this chapter, we will introduce these concepts to get you started and provide references that will help if you need to use Kali to perform a security assessment. To start with, it is worth taking some time to explore exactly what "security" means when dealing with information systems. When attempting to secure anRead More →

10.4. Summary Kali Linux scales beyond the desktop to medium or large scale deployments and even to the enterprise level. In this chapter, we covered how to centralize management of multiple Kali installations with SaltStack, allowing you to quickly deploy highly secure Kali systems preconfigured for your specific needs. We also revealed how you can keep them synchronized thanks to Kali's (semi-automatic) installation of package updates. We discussed package forking, which allows you to create your own customized distributable source packages. In summary, let's review the major steps required to establish Salt masters and minions, which allow you remote control and configuration of remote hosts.Read More →

10.3. Extending and Customizing Kali Linux Sometimes you need to modify Kali Linux to make it fit your local needs. The best way to achieve this is to maintain your own package repository hosting the modified versions of the Kali packages that you had to fork, as well as supplementary packages providing custom configuration and extra software (not provided by Kali Linux). 10.3.1. Forking Kali Packages Please refer to Section 9.1, "Modifying Kali Packages" for explanations about this topic. All packages can be forked if you have a good reason but you must be aware that forking a package has a cost, since you haveRead More →