Microsoft Windows is one of the two most common OSes, and managing its security has spawned the discipline of Windows security. Kali Linux is the premier platform for testing and maintaining Windows security. Kali is built on the Debian distribution of Linux and shares the legendary stability of that OS. This lets you focus on network penetration, password cracking, and using forensics tools, and not the OS.
In this interview, we talk to two experts, Wolf Halton and Bo Weaver, on using Kali Linux for pentesting. We also discuss their book Kali Linux 2018: Windows Penetration Testing - Second Edition.
Read also: Kali Linux 2018 for testing and maintaining Windows security - Interview with Wolf Halton and Bo Weaver - Part 2
Bo Weaver: First, it runs on Linux and is built on Debian Linux. Second, the people at Offensive Security do a fantastic job of keeping it updated and stable with the latest tools to support not just pentesting but also forensics work or network analysis and diagnostics. You can tell that this platform is built and maintained by real security experts and isn’t some distro thrown together by some marketing folks to make a buck.
Wolf Halton: Kali is a very stable and extensible open source platform. Offensive Security’s first security platform, BackTrack, was customised in a non-Posix way, breaking from UNIX or other Linux distros by putting the security tools in unexpected places in the filesystem. Since Kali was first released, they used Debian Testing as a base, and adhered to the usual file locations. This made Kali Linux far easier to use. The normalization of the OS behind the Kali Linux distro makes it more productivity-friendly than most of the other “Security Distros,” which are usually too self-consciously different. Here, the developers are building their space in the mass of distros by how quirky the interface or how customizable the installation process has to be.
Bo Weaver: I appreciate it’s stability. In all the years I have used Kali on a daily basis, I have had only one failure to update properly. Even with this one failure, I didn’t have any data loss. I run Kali as my “daily driver” on both my personal and company laptop, so one failure in all that time is nothing. I even do my writing from my Kali machines. Yes I do all my normal computing from a normal user account and NOT root!
I don’t have to go looking for a tool. Any tool that I need is either installed or is in the repo. Since everything comes from the same repo, updates to all my tools and the system is just a simple command to keep everything updated.
Wolf Halton: Kali is a stable platform, based upon a major distribution with which I am very familiar. There are over 400 security tools in the Kali repos, and it can also draw directly from the Debian Testing repos for even more tools. I always add a few applications on top of the installation default set of packages, but the menus work predictably, allowing me to install what I need without having to create a whole new menu system to get to them.
Bo Weaver: I really can’t think of a disadvantage. The biggest advantage is that all these tools are in one toolbox (Kali). I remember a time when building a pentesting machine would take a week, having to go out, and find and build the tools separately. Most tools had to be manually compiled for the machine. Remember “make”, “make install”? Then to have it bork over a missing library file. In less than an hour, you can have a working pentesting machine running. As mentioned earlier, Kali has the tools to do any security job, not just pentesting, such as pulling evidence from a laptop for legal reasons, analyzing a network, finding what is breaking your network, breaking into a machine because the passwords are lost. Also, it runs on anything from a high-end workstation to a Raspberry Pi or a USB drive with no problem.
Wolf Halton: The biggest disadvantage is for Windows-Centric users who have never used any other operating system. In our book, we try to ease these users into the exciting world of Linux.
The biggest advantage is that the Kali Linux distro is in constant development. I can be sure that there will be a Kali distro available even if I wander off for a year. This is a great benefit for people who only use Linux when they want to run an ad hoc penetration test.
Bo Weaver: There are other distros out there for this use. Most don’t have the completeness of toolsets. Most security distros are set up to be run from a DVD and only contain a few tools to do a couple of tasks and not all security tasks. BlackArch Linux is the closest to Kali in comparison.
BlackArch is built on Arch Linux which is a bleeding-edge distro which doesn’t have the stability of Debian. Sometimes Arch will bork on an update due to bleeding-edge buggy code in an update. This is fine in a testing environment but when working in production, you need your system to run at the time of testing. It’s embarrassing to call the customer and say you lost three hours on a test fixing your machine. I’m not knocking BlackArch. They did a fine job on the build and the toolsets included. I just don’t trust Arch to be stable enough for me. This is not saying anything bad about Arch Linux. It does have its place in the distro world and does a fine job of filling its place in this world. Some people like bleeding edge, it’s just a personal choice.
The great thing about Linux overall is that you have choices. You’re not locked into one way a system looks or works. Kali comes with five different desktop environments, so you can choose which one is the best for you. I personally like KDE.
Wolf Halton: I have had to find tools for various purposes:
Kali Linux is the one platform where I could find multiple tools to perform all of these tasks and many more.
Bo Weaver: I hope the readers come out with a greater understanding of system and network security and how easy it is to breach a system if simple and proper security rules are not followed. By following simple no-cost rules like properly updating your systems and proper network segmentation, you can defeat most of the exploits in the book.
Over the years, Wolf and I have been asked by a lot of Windows Administrators “How do you do a pentest?” This person doesn’t want a simple glossed over answer. They are an engineer and understand their systems and how they work; they want a blow by blow description on actually how you broke it, so they can understand the problem and properly fix it. The book is the perfect solution for them. It contains methods we use in our work on a daily basis, from scanning to post exploitation work. Also, I hope the readers find how easy Linux is to use as a desktop workstation and the advantages in security when using Linux as your workstation OS and do the switch from Windows to the Linux Desktop.
I want to thank the readers of our book and hope they walk away with a greater understanding of system security.
Wolf Halton: The main thing we tried to do with both the first and second edition of this book is to give a useful engineer-to-engineer overview of the possibilities of using Kali to test one’s own network, and including very specific approaches and methods to prove their network’s security. We never write fictionalized, unworkable testing scenarios, as we believe our readers want to actually know how to improve their craft and make their networks safer, even though there is no budget for fancy-schmancy proprietary Windows-based security tools that make their non-techie managers feel safer.
The world of pentesting is still edgy and interesting, and we try to infuse the book with our own keen interest in testing and developing attack models before the Red-Team hackers get there.
Thanks Bo and Wolf for a very insightful perspective into the world of pentesting and on Kali Linux!
Readers, if you are looking for help to quickly pentest your system and network using easy-to-follow instructions and support images, Kali Linux 2018: Windows Penetration Testing - Second Edition might just be the book for you.
Wolf Halton is an Authority on Computer and Internet Security, a best selling author on Computer Security, and the CEO of Atlanta Cloud Technology. He specializes in—business continuity, security engineering, open source consulting, marketing automation, virtualization and data center restructuring, network architecture, and Linux administration.
Bo Weaver is an old school ponytailed geek. His first involvement with networks was in 1972 while in the US Navy working on a R&D project called ARPA NET. Bo has been working with and using Linux daily since the 1990's and a promoter of Open Source. (Yes, Bo runs on Linux.) He now works as the senior penetration tester and security researcher for CompliancePoint a Atlanta based security consulting company.
Pentest tool in focus: Metasploit
Kali Linux 2018.2 released
How artificial intelligence can improve pentesting