Kali Linux: A better BackTrack?

Kali Linux 1.0 in action

BackTrack Linux was and still is reputedly one of the best security-oriented Live Linux distributions out there, for both offensive and defensive purposes. Packed with tools and affirmed by near-universal acclaim, the veteran BackTrack has seen a whopping 7+ years of active development and explosive community growth.

Originally based on a merger of two earlier established distros, the Slax-based WHAX (formerly Whoppix) and a Knoppix-based LiveCD named Auditor Security Collection, BackTrack saw a switch to an Ubuntu-based system during its later life, mostly to benefit from its Aptitude package management system and wide driver compatibility. But now, faced with an aging tool management architecture for its penetration testing tools, parent company Offensive Security wants to try something new.

Enter Kali Linux. First announced and finalized just a month ago in March 2013, Kali aims to be a complete restructuring and replacing of BackTrack from the software perspective while keeping the philosophy, community, penetration testing options, and even much of the branding intact.

Read more

Honeyd: Your own virtual honeypot

Featured image: “DEFCON In Action #2” by Ambrosia Software

HoneyD Logo
Today, I will discuss a very interesting tool called Honeyd (pronounced “honey-dee” or “honey-daemon“). It is a powerful virtual honeypot tool written by Niels Provos and released as open source under the GNU General Public License v2.0, as part of the Honeynet Project. It runs on many Linux distributions and BSD’s.

A honeypot is a public or private computer that is intentionally left insecure, unpatched, without an anti-virus or firewall, etc. which encourages malicious hackers to attack it for behavioral analysis or for spamtrapping. This is a perfect tool for catching potential black-hat network intruders or spammers and monitoring their behavior. If you like, you can even build a massive open “playground”, giving any hacker (good or bad) a testbed to develop their skills and put their knowledge and techniques to the test without disrupting others.

If you have the cash, you can up multiple honeypots in your home or workplace, which act as convincing “decoy machines” that can help protect your legitimate computers from crackers. Networks like these are called honeynets.

Read more

A List of Ethical Hacking Tools: Part 2

Well, I decided to respond to part 1 of this series with a little shell script which automatically grabs a suite of ethical (and not-so-ethical) hacking and programming tools freely available on Ubuntu’s software repository listings. This should work fine under Debian or other similar distributions as it uses simple apt-get commands, but I cannot promise anything. I will revise this series of posts periodically to improve the listings and fix scripting bugs as time progresses.

See full source code

A List of Ethical Hacking Tools: Part 1

Update: Part 2 of this series has released a shell script that automates the installation process of these tools on Ubuntu.

Interested in security? Well, here’s a list of nice hacking tools for Linux (no Windows support, sorry) for all you budding hackers out there (see this article from University of Utah on Hackers vs. Crackers).

The best way to learn about hacking is to learn by doing: download some existing tools, play with them, and get to know them well. If you can, look them up on Google or Wikipedia to see what makes them tick if you want to see their internals (I’d recommend this for people with some form of programming experience).

Coming up in part 2 will be a convenient shell script for Ubuntu and its derivatives to install the programs listed here. Note that if you choose to use this on pure Debian, some programs may not be installed as they might not be in the repositories. And without further ado, the list is as follows:

Read more