Wednesday, March 13, 2013

Kali Released


Kali has been released today.  I have been wondering what changes they have made for the new "Backtrack 6", Kali 1.0.  Looks like they are going to Debian.  For a list of changes, go here.  I have already downloaded the ISO and I love the boot screen.  It looks like all my devices are found in this version of the Kali Live CD.  The offsec guys say that this is a very customizable distro.  I want to install it but I have not had any trouble with Ubuntu 12.04.  It has everything I would need for a vulnerability assessment or penetration test, however, I will keep it as a virtual machine instead of using it daily on my laptop. Probably ... for now.  I want to investigate the new tools that are available.  They said that it has over 300 new tools and remove the stale ones.


Since I am trying to focus more on Web Application testing instead of the network testing, I will probably focus on Burp, WafW00f, Nikto, Wikto, SQLMap, SQLNinja, etc. I have been using them a lot in the Web App Pentester Night School course by Joe McCray.  When the course is over, I am sure I am going to want to use them against a web application test environment.  There was a great listing posted on EthicalHacker last month on web application testing here.  The actual website with all of the test virtual machines and security labs are located here.  I want to get better XSS and webshells and bypassing IDS/IPS.  I have been having trouble with the latest version of URLScan too.  Such a pain in the butt.

In addition, the Offensive Security guys have announced that they will give offsec veterans a discount "once a new version of PWB [ Offensive Security Certified Professional (OSCP) ] is available, in the next 6 months" (Reference: ) I do not think the new Kali release will impact the course.  Having Kali will probably just be nice to have if you were taking the course at the time. I am undecided if I will take the updated course.  I loved the course but I want to finish so many other subjects, I am not sure I can get it all done.  I am still working on SPSE from SecurityTube. I want to get very good at coding in Python and to do it justice, I will be doing it for a while.  There is a tool I have in mind that I want to write in python and I need a better understanding of web scraping google search results among other things.  Till next time.