Saturday, 22 July 2017

Book Review: Kali Linux Revealed by Raphael Hertzog

Book Review: "Kali Linux Revealed"

"Kali Linux Revealed: Mastering the Penetration Testing Distribution", by Raphael Hertzog, Jim O'Gorman (elwood), and Mati Aharoni (muts), with a forward by Johnny Long, was probably the most underwhelming infosec book I've read all year. I was expecting to learn about hacking and information security and instead got a book on mostly the Debian OS. Don't get me wrong, it's a decent book about Debian Linux fundamentals and provides pretty core information for any Linux user. 'Kali Linux Revealed' (KLR) is not really about information security or the curated collection of tools that makes the Kali distribution so renowned, as much as it is about the underlying operating system that Kali is now built on, Debian (as opposed to the previous BackTrack releases built on Knoppix). While the authors are up front about this in the introduction, I purchased the book based on the cover, so I hope this review makes it clear what the book entails for any other potential buyers out there. I purchased the book via Amazon at $26 for ~300 pages; Ultimately, I thought this was overpriced as the book presented some pretty standard material and could have been slimmed down considerably. I give the book 4/10 stars, as I felt it was less about hacking and information security and more about fundamental Debian Linux concepts. I recommend the book to novice hackers, such as those who are looking to get a deeper understanding of the Linux operating system, and specifically script kiddies who want to learn more about how Linux package management works, as opposed to individuals with strong foundations who are looking to learn more about information security. In my opinion, only a few chapters actually delved into advanced Kali specifics, namely Chapter 1, Chapter 7, and Chapter 9, mostly everything else was Debian focused with just a mention of Kali to stay relevant, as you can see from the chapter listing below:


Chapter 1: About Kali Linux
1.1 A Bit of History
1.2 Relationship with Debian
1.3 Purpose and Use Cases
1.4 Main Kali Linux Features
1.5 Kali Linux Policies
1.6 Getting Started
Chapter 2: Getting Started with Kali Linux
2.1 Downloading a Kali ISO Image
2.2 Booting a Kali ISO Image in Live Mode
2.3 Summary
Chapter 3: Linux Fundamentals
3.1 What Is Linux and What Is It Doing?
3.2 The Command Line
3.3 The File System
3.4 Useful Commands
3.5 Summary
Chapter 4: Installing Kali Linux
4.1 Minimal Installation Requirements
4.2 Step by Step Installation on a Hard Drive
4.3 Unattended Installations
4.4 ARM Installations
4.5 Troubleshooting Installations
4.6 Summary
Chapter 5: Configuring Kali Linux
5.1 Configuring the Network
5.2 Managing Unix Users and Unix Groups
5.3 Configuring Services
5.4 Managing Services
5.5 Summary
Chapter 6: Helping Yourself and Getting Help
6.1 Documentation Sources
6.2 Kali Linux Communities
6.3 Filing a Good Bug Report
6.4 Summary
Chapter 7: Securing and Monitoring Kali Linux
7.1 Defining a Security Policy
7.2 Possible Security Measures
7.3 Securing Network Services
7.4 Firewall or Packet Filtering
7.5 Monitoring and Logging
7.6 Summary
Chapter 8: Debian Package Management
8.1 Introducing APT
8.2 Basic Package Interaction
8.3 Advanced APT Configuration and Usage
8.4 Package Reference: Digging Deeper into the Debian Package System
8.5 Summary
Chapter 9: Advanced Usage
9.1 Modifying Kali Packages
9.2 Recompiling the Linux Kernel
9.3 Building Custom Kali Live ISO Images
9.4 Adding Persistence to the Live ISO with a USB Key
9.5 Summary
Chapter 10: Kali Linux in the Enterprise
10.1 Installing Kali Linux Over the Network (PXE Boot)
10.2 Leveraging Configuration Management
10.3 Extending and Customizing Kali Linux
10.4 Summary
Chapter 11: Introduction to Security Assessments
11.1 Kali Linux in an Assessment
11.2 Types of Assessments
11.3 Formalization of the Assessment
11.4 Types of Attacks
11.5 Summary
Chapter 12: Conclusion: The Road Ahead
12.1 Keeping Up with Changes
12.2 Showing Off Your Newly Gained Knowledge
12.3 Going Further

Overall, it was a decent book and reminded me of my college computer science days, learning about Linux operating system fundamentals. My biggest complaint with the book is that it spends the majority of it's time covering the Debian Linux OS features, as opposed to the stock security tools that make the Kali OS so uniquely different from other distros. My favorite part of the book was honestly the Intro by Johnny and some of the first chapter where you get the evolution of the tool set and specifically the transformation of BackTrack into Kali. I also enjoyed both the Securing and Monitoring Kali Linux and Advanced Usage chapters (7 and 9), probably being my overall favorite chapters of the book. I also really liked the part on managing and setting the state of a suite of Kali machines using Salt, in Chapter 10. And I did learn a ton about Debian and package management in general, although that's not what I was expecting when I picked this book up, hence the bluntly honest review to make it clear what this book contains and what it doesn't contain. Another reason I felt there was a lot of filler material / the book did not present new material, is that a good amount of the material has already been covered online and for free, such as the installation guides, the ARM builds, setting up persistent USBs, and even the VM prep stuff. The fact that all of that free material was repeated and the excessive number of screenshots made it feel like filler content at times. The Kali site itself includes all of these free docs and a free ebook that has many of the Kali specific parts listed and contains a heavy overlap of content with this book. Finally, I really didn't like the final chapter, which tried to summarize many core security and information assurance principles into a few super simple intros. I also do not agree that this book sets you up to take either the Pentesting w/ Kali Linux courses or the OSCP certification, as the authors suggest at the end of the final chapter, where they also mention their free course Metasploit Unleashed. This book is good for someone who is still learning about the operating systems and underlying technologies, a more junior person, whereas I would recommend the OSCP certification to someone who has more intermediate hacking experience and is looking to challenge themselves. Offensive Security launched a new cert along w/ the book, the KLCP (a Kali Linux Certified Professional) and an accompanying BlackHat training, but I'm not sure who the target audience is for $5k introductory course to Debian Linux? As far as I could tell, there is nothing presented in this book that is particularly new, unique, or that couldn't be found on The Internet for free. 

comment:


This books covers how to install Kali Linux and how to deploy it in an enterprise environment. I bought it to learn more about the features of the distro itself and I am happy to have gained a good insight from that perspective.

I see however that some users were expecting more from this book i.e penetration testing tools. They are not covered in this book. Consider it an official insightful manual of the distribution and not the tools.
 

Firefox Add-ons a Hacker Must Have

11 Firefox Add-ons a Hacker Must Have


1. Tamper Data
Tamper data is a great tool to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to the destination host with this. It helps in security testing web applications by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.
Add Tamper data to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/tamper-data/

2. Firebug
Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS, and JavaScript live on any webpage to see the effect of changes. It helps while analyzing JS files to find XSS vulnerabilities. It�s a very helpful add-on for finding DOM based XSS for security testing professionals.
Add Firebug to your browser:
https://addons.mozilla.org/en-US/firefox/addon/firebug/

3. Hackbar
Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether or not vulnerability exists. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the time, this tool helps while testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks. I am sure most people in the security field already know about this tool. Hackbar is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability to manually send POST form data, you can easily bypass client side validations. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on to Firefox browser.
Add Hackbar to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/hackbar/

4. Cookies Manager 
Cookie Manager is one of the greatest tools ever created. Using this tool you can actually play with cookies. You can alter almost every cookie using this tool. You can use Cookies Manager to view, edit, and create new cookies. It also displays extra information about cookies, allowing you to edit multiple cookies at once and backup/restore them.
Add Cookies Manager to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/

5. NoScript
No Script add-on is greatness beyond imagination. With this tool, you can monitor each and every script running on a website; you can block any of the scripts and see what each script actually does. But this add-on is for experts, newbies will face problems using this. Note: If you are testing XSS, HTTPS header modifications, or Injection attacks on any website, you need to disable this plugin first because it will block your efforts.
Add NoScript to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/noscript/

6. Grease Monkey
Grease Monkey is the counter part to NoScript, its function is the exact opposite of Noscript. We use Noscript to block scripts and GreaseMonkey to run them. It allows you to customize the way a web page displays or behaves by using small bits of JavaScript. 
Add Grease Monkey to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

7. User Agent Switcher

User Agent Switcher adds a one-click user agent switch to the browser, along with a menu and tool bar button. Whenever you want to switch the user agent, use the browser button. User Agent add-on helps in spoofing the browser while performing an attack.
Add User Agent Switcher to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

8. CryptoFox
CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithms so you can easily encrypt or decrypt data with supported encryption algorithms. This add-on comes with dictionary attack support to crack MD5 cracking passwords. Although it hasn�t always had great reviews, it works satisfactorily.
Add CryptoFox to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/cryptofox/

9. SQL Inject Me
SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit vulnerabilities but displays their existence. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add, or delete records in a database. This tool sends escape strings through form fields and searches database error messages. If it finds a database error message, it marks the page as vulnerable. Hackers can use this tool for SQL injection testing.
Add SQL Inject Me to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/ 

10.  XSS ME
Cross Site Scripting is the most common web application vulnerability. This add-on is incredibly useful for detecting XSS vulnerabilities in web applications. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that rendered a payload, and may be vulnerable to XSS attack. Then, you can manually test the web page to determine whether or not the vulnerability exists.
Add XSS ME to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/xss-me/

11.  Passive Recon
Last but not the least, Passive Recon is an information gathering tool.
Passive Recon provides information security professionals the ability to perform �packetless� discoveries of target resources utilizing publicly available information. It gathers information in the same manner as DnsStuff tool, available on backtrack.

Add PassiveRecon to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/passiverecon/


That�s all for today. I hope you�re enjoying your journey towards becoming a Professional Hacker. Have fun! Keep learning.