- Display a list of running processes.
- Display the 100 most recent entries from the Application log – without using Get-WinEvent.
- Get-EventLog -LogName Application -Newest 100
- Display a list of all commands that are of the “cmdlet” command type.
- Get-Command -CommandType Cmdlet
- Display a list of all aliases in the current session.
- Create a new alias (d) to get a directory listening.
- New-Alias -Name “d” -Value Get-ChildItem
- Display a list of services that begin with the letter “m”.
- Get-Service m*
- Display a list of all Windows Firewall rules.
- Display a list of only inbound Windows firewall rules.
- Get-NetFirewallRule -Direction inbound
Anatomy of a PowerShell command.
|Cmdlet Name||Parameter 1||Parameter2||Parameter3|
|Parameter Name||Parameter Value||Parameter Name||Parameter Value||Switch Parameter|
- Parameter values that do not contain punctuation or spaces do not need to be inside quotation marks.
- Parameter values may be in comma-separated lists, such as the param value for Parameter 2 in the above example.
- Parameter names always start with a dash. (-)
- Mandatory space between cmdlet name and first parameter.
- Case sensitivity not required.
- Cmdlet = native PowerShell CLI
- Term “cmdlet” is unique to PowerShell
- Function != cmdlet, but are similar.
- They are not written in .NET, but rather, PowerShell’s own scripting language.
- A “workflow” is a special type of function. They tie into PowerShell’s workflow execution process.
- An “application” is an external executable – i.e. ping, ipconfig, etc.
- When developing functions and workflows, it is generally good practice to apply Microsoft’s established naming convention in the same way that MS applies them to cmdlets.
- Anatomy of naming convention: Verb-SingularNoun (i.e Get-EventLog).
- To get a list of acceptable verbs, run: Get-Verb.
- Like many other shells, and scripting languages, you can alias commands.
- There are some pre-defined aliases. Try running Get-Alias -Definition Get-TimeZone.
- Output for above will be: gtz.
- You can get help for aliases as well, try: help gtz.
- You can also create local aliases.
- Local aliases are only good for the single shell session they’re created in. When you exit PowerShell, they’re gone.
- To create a local alias, use: New-Alias.
- Example: New-Alias -Name “time” Get-TimeZone.
- Parameters can be aliased, too. Parameter aliases are not as convenient to find.
- (get-command [Command Name] | select ExpandProperty parameters).[Parameter Name].aliases
- Positional parameters are wrapped in square brackets – but the positional value can also be easily found with the -full switch on help.
- The Show-Command cmdlet provides the administrator with a GUI to simplify building complex commands.
- Rather than hitting RUN in the Show-Command GUI, hit COPY instead, to paste it manually into the shell. This allows you to see the command syntax in its proper form, to learn from.
- PowerShell supports many traditional external commands that most system administrators are already used to. No need to drop the shell and go over to CMD to run something like “ping” or “ipconfig” for instance.
- With that said, Microsoft has developed many commands that can be used to replace older commands – often with greater output or better features. One instance of this is test-connection to replace ping.
- Still, there are some external commands that may not parse correctly. One way to work around this is to pass all of the elements that make up the external command into PowerShell variables (for instance $varName), and then run the external command using the variables you defined.
- A parameter that takes no value – for instance: -recurse – gets a dash before its name.
Before we begin…
“You have no idea how good you have it.”
Johnny Long, preface of Kali Linux Revealed.
Early yesterday morning, I opened my front door to find a brown package waiting patiently for me to scoop it up and tear it open. Inside that package was my copy of Kali Linux Revealed: Mastering the Penetration Testing Distribution. I would have had the book sooner, but when I initially ordered it, I wasn’t paying attention and opted in for the standard 4-5 day delivery. Needless to say, I’ve been very excited for it to arrive, for the past four days. Having nothing on my plate for yesterday and today, I spent several hours pouring through the book. This review will cover what I found within…
Before we go any further, I want to state this up front: This book is not designed, nor was it ever intended, to cover offensive security techniques, or the specifics of tools within the Kali Linux platform, à la Penetration Testing, by Georgia Weidman. Rather, this book acts as the first official Kali Linux user manual, guiding you in unlocking the full potential of the Kali Linux platform – a truly powerful ability to have. Now, back to the good stuff…
The Book Review
Kali Linux Revealed begins with a beautifully written historical account of the pre-Kali days of penetration testing distributions, by none other than Johnny Long, of Hackers for Charity (and much more) fame. In his preface, Mr. Long discusses his experience of days long past in the Information Security industry, taking us back to the earliest days of Mati “Muts” Aharoni’s foray into penetration testing distributions – beginning with WHoppiX, and traversing through WHAX, the early versions of BackTrack Linux, and finally into a discussion on Kali. He wraps up his preface with a shout out to the Kali Linux development team, the Kali Linux community, and a warming congratulations to us, the readers, for taking our first steps towards mastering the Kali Linux platform.
Following directly after Mr. Long’s preface, Mati Aharoni takes us right into the foreword, throwing us into a scenario we’ve all likely experienced in some shape or form – if not specific to Kali Linux itself. In Mr. Aharoni’s foreword, he details how such a scenario ultimately lead to the creation of this Kali Linux book, and how the book took on a life of its own, once it was under way. Much like Mr. Long, Mr. Aharoni wishes the reader well on their journey to mastering the Kali Linux platform.
Chapter Summaries & Thoughts
Like many first chapters, Chapter 1 of this book begins with a brief history of the Kali Linux distribution. It takes us back to the days of Backtrack, and what lead the Offensive Security team to develop Kali Linux in its place. It then leads into the relationship between Kali Linux and Debian. It discusses the purpose (and subsequent use cases) behind the Kali Linux distribution, summarizing it as a “penetration testing and security auditing” platform, but goes on to elaborate how much more than that it actually is. It goes on to elaborate upon several different use cases for Kali, ranging from Information Gathering, to Reverse Engineering, Digital Forensics, and Post Exploitation – plus everything in-between. Each use case comes with a description of that particular task. For those of us familiar with the Kali Linux distribution, you’ll immediately recognize these use cases as the menu options within the OS, where the various tools reside within. Next, the book will step the reader through six of the most notable features within Kali Linux, before wrapping up the chapter with a discussion on the internal policies of the operating system.
Chapter 2 of this book dives right in to getting the user prepared to download, and use, the Kali Linux platform. The first half of the chapter walks the user through obtaining an image of Kali Linux, and then leads into the second half of the chapter, which walks the user through booting into the platform for their very first time. The instructions are well-worded, the URLs are all live and working. For those of us that already have a copy of Kali Linux, and know how to use it, this chapter is unnecessary. However, it does offer some useful tips for building out a Kali-based virtual machine, for people new to VMs. For the beginners, however, it’s a very important stepping stone to what comes next…
Kali is a Linux distribution. As such, some familiarity with the Linux command line is a requirement for using the operating system effectively. Chapter 3 takes a slight step back from Kali, and discusses Linux as a whole. In this chapter, the reader can expect to find information about what Linux is, what a “command line” is, and some of the more basic commands. The chapter is wrapped up with a solid discussion on the Kali file system, giving a beginner user their first look at concepts such as the Filesystem Hierarchy Standard, as well as process management.
Chapter 4 starts off with a brief discussion of the minimal system requirements that are necessary to run Kali Linux. Overall, this entire chapter is focused on the installation process, offering step-by-step instructions for installing Kali Linux to a hard drive. The instructions are further broken down into different scenarios. The first section involves a standard installation, where the second section walks the reader through installing Kali on a fully encrypted file system. This chapter also discusses instructions on performing unattended installations, and ARM-based installations.
Chapter 5 is all about configuring Kali Linux. Up until this point, the earlier chapters definitely had beginners as their target audience. Skimming through this chapter, however, revealed a few useful tips and tricks for the configuration process that even experienced users will benefit from. Chapter 5 begins with a thorough discussion on network configuration in Kali. It then steps the reader through managing Unix groups and users. Finally, it wraps up with an excellent discussion on service configuration and management. Some of the services it discusses are the management of PostgreSQL databases, and SSH tunnels for remote logins.
Chapter 6 is your standard self-help section; like all operating systems, Kali Linux has plenty of online documentation, and other methods to help you solve issues within the platform. The Kali Linux community is also an excellent resource – which this chapter rightly points out – and definitely worth getting involved with. Where this chapter really shines, in my opinion, is the final section. The final section of this chapter takes the reader through an excellent discussion on how to file bug reports. Having worked in the IT industry, I can tell you: I’ve seen my fair share of terrible bug reports. This section discusses communication methods, and potential content to include in a bug report; and the best part about this section is that it extends beyond the realm of Kali Linux. I highly recommend all readers – newbies, or seasoned users – to read this section, especially if you do not have any experience with bug report submissions.
Chapter 7 was definitely one of my favorites. So far, the reader should have a basic understanding of Linux commands, how to download, install, and configure Kali, and how to troubleshoot problems using the various forms of documentation and the wonderful Kali Linux community. And with that knowledge, Kali Linux just works… but it’s not fully optimized. Chapter 7 discusses various techniques for securing the Kali platform; because, yes, like all operating systems, it, too, needs to be hardened. This chapter is all about hardening the Kali platform, and there was a lot of fantastic information in here. This chapter discusses how to define security policies, secure network services, perform proper monitoring and logging, and design strong firewalls and packet filtering rules. The concepts are all explained well, though I did feel like some of them could have been touched on just a bit more. With that said, certain concepts within this chapter could be the subject of its own book, so for brevity’s sake, I understand. I recommend all readers – experienced, or otherwise – look through this section, as there were a lot of hidden gems in here.
Chapter 8 begins on page 170, so thinking all the way back to the contents of page 4 might be a little tough for some people. I’ll give you a hint: The authors discussed Kali’s relationship with Debian, on page 4. Kali Linux is based on Debian Testing. If you recall, Debian Testing is the current development state of the next stable Debian distribution. With that said, having a firm understanding of Debian package management is a must. This chapter will walk the reader through concepts such as the APT command, and DPKG. This chapter gives an excellent introduction to advanced APT configuration techniques, but I also recommend using it as an anchor point to your research. Overall, this chapter contains a lot of meaty information about package management on Debian systems, and much of what you learn in this section can be applied to any Debian-based platform.
Chapter 9 is another one of those “must read” chapters. Simply titled Advanced Usage, I found that this chapter contained a lot of content that I found quite useful. Chapter 9 focuses on concepts such as recompiling Kali packages – a task typically, but not always, performed by developers and contributors to the Kali Platform, as well as recompiling the Linux kernel, and designing custom images of Kali. It also thoroughly covered adding persistence to a live image of Kali, via external media.
For those of you running, or planning on running, Kali in an enterprise level environment, this chapter is for you. Chapter 10 discusses the scalability of Kali linux, and the various methods for making that happen. It lists instructions for over-the-network Kali installations via PXE Boot. It also discusses configuration management with SaltStack. Lastly, the authors wrap this chapter up with a discussion on modifying Kali to conform more to the personal needs of your specific environment. I’ve never had the need to put most of these concepts to use, in an enterprise environment, but they’re all well-documented for readers out there who might need to perform this type of scaling and enterprise-level management.
Final chapter of the book. Chapter 11. If you’ve made it this far: Congratulations! You likely have a pretty solid understanding of Kali Linux. This chapter, titled “Introduction to Security Assessments,” covers the fundamental concepts of performing a security assessment. It starts out by laying some strong foundation – discussing the CIA triad. Confidentiality, Integrity, and Availability. The three components of that model are considered the most crucial components in Information Security. This book gives an excellent discussion of this model and why it’s important. The authors then lead the reader into another well-worded discussion concerning the various types of assessments that are typically performed in a penetration test or security audit. One thing that really shines about this chapter is that it presents the reader with formal techniques for conducting a penetration test or security audit – something that the reader may not have had access to. All of the information presented is very professional. For individuals who did not go to school for IT Security, or obtain certifications… this chapter is an excellent first step into the formalities of Information Security. For that reason, this is one of my favorite chapters in the book. Over the course of my time in the Information Security field, I’ve met a lot of excellent penetration testers with absolutely no knowledge on how to perform a professional assessment. This chapter will help individuals in that boat get well on their way to rectifying that issue.
I really enjoyed reading through this system manual. The aim of this book is to provide Kali users with as much information possible to realize the full potential of the distribution, beyond the out-of-the-box state it comes in. The target audience is very much beginners to the distribution, or to Information Security in general, but the later chapters were peppered with hidden gems that even the most advanced user will find helpful. If you are a frequent user of the Kali platform, this book is for you; it’s an invaluable resource, and one that you may find yourself going back to time and time again. It’s worth having on your shelf. Job well done, guys. Job well done.
Link to purchase the book on Amazon: Kali Linux Revealed: Mastering the Penetration Testing Distribution. ($25.67 – paperback)
Hello, everyone. I’m back with another article; this time, analyzing the state of the Information Security job market, as of Tuesday, May 30, 2017.
The previous article in this series, Diving into the Deep, Dark Waters of Information Security, ended up being quite the hit with a lot of folks. Even making its way onto Jayson E. Street‘s incredibly useful Information Security resource list site, iR0nin – which, FYI, is a must see if you’re new to Information Security. After I finished writing that article – a Security primer, for those of you that have not yet read it (do so!) – I sat down with a few of the young adult students that I mentor, and we discussed what each of them would like to see more of. This topic was the most mentioned.
In this article, we’ll take a look at the state of the Information Security job market – we’ll consider factors such as the necessity behind certifications and university degrees, a few different “career paths”, and the various job titles that exist within the field. Unlike the Security primer that I authored, the goal of this post will be focused more on understanding the market, and helping newcomers to the field decide on what type of path they want their careers to take.
Graduation day is quickly approaching. In three weeks, a six year academic journey will come to an end for me. But my journey into Information Security, and the subsequent sub-disciplines of the field, certainly didn’t begin with university, and will not end with it. Along the way, I’ve come across some truly remarkable – and highly useful – resources. Resources that I’ve used not only in the academic environment, but also in professional, and personal, environments. This post aims to pass on those resources to you, and help you navigate the dark, deep waters of Information Security, as you take your first dive into the field.
Part One of my series on Incident Response Fundamentals.
Inspired by Phil Collins’ famous quote, “In learning you will teach, and in teaching you will learn,” I have decided to take what I have learned, and document it in the form of research notes. In doing so, the primary outcome will result in teaching my audience, and sharpening my own skills at the same time. This article – and future articles marked “Research Notes” – will not always contain in-depth explanations behind every focal point; but rather, identify critical definitions and areas of study, and allow for further exploration into those areas. They are just notes, after all…
This post begins that learning journey for both of us…
What is Incident Response?
Let’s talk about coding
Welcome to my introduction into the topic of C++. Just over a week ago, I introduced the concept of programming to you, through my article: Introduction to Programming. In that article, I discussed different programming languages, and what it meant to actually be a programmer. I gave you resources to utilize, in order to figure out what kind of programming you wanted to do, and also mentioned different compilers you could download. In this article, however, we’re going to actually look at the logic and coding mechanics behind C++, instead of just talking about various resources that can be utilized to learn C++.
Now, in that aforementioned article, I mentioned that every programming language is different. Some of you out there may be more familiar with Java, or a website development language, for instance. My reasoning behind introducing you to C++ is simple: It is an incredibly powerful language, versatile and great for introductory programming. However, C++ can sometimes be tough and complicated; do not fret if you get too confused, but instead, contact me or do a little bit of researching until you’re clear on how to fix your problem. I’m going to demonstrate a few different, very basic programs and break them down for you so you can grasp the mechanics behind what they are performing.
Before I immerse you in the glorious world that is C++, however, we’re going to have to install an Integrated Development Environment (IDE) in which you will be writing your code. So, without further adieu, let’s go ahead and look at what an IDE is, how to install one and why we’re going to need one.
If you already have a C++ IDE, feel free to skip the next section and go straight to the actual coding section.
Let’s talk about hacking.
In this article, I am going to discuss the introductory methodology behind penetration testing a wireless network, utilizing Kali Linux. I am also going to discuss the concept of fuzzing, and other methods that can be utilized to introduce you to wireless network security.
Wireless networking is a technology that is still in its infancy; and never has this technology been more vulnerable to penetration testing than it currently is today. The current IEEE 802.11 wireless LAN technology that we utilize allows attackers (and information security specialists) to proceed with a myriad of methods and tools that can be utilized against the technology to gain unauthorized access to the wireless network. With the level of ease, and the tools that are readily available, attacking a wireless network can be performed by just about anyone with an above-average understanding of networking and information technology. It is for that reason alone that we must properly configure and prepare our networks against attacks of this nature.
However, before we get into that, we need to cover some highly important ground rules.
This website covers many different topics related to information security, ethical hacking and intelligence gathering. Often times, the articles within this website will utilize common penetration tools that are readily available to the public. However, this does not mean that the tools are legal to use in a majority of the given scenarios. Utilizing any of the articles, tutorials or methodology within this website on a system that you do not have permission to penetration test against is illegal. If you choose to utilize this information maliciously – you are on your own. I, nor anyone else associated with this website, will be liable or held responsible for any of the illegal decisions you decide to make, utilizing the methodology and tools that are described within the articles on this website.
Let’s talk about encryption.
My last article was a brief introduction to the world of Open-Source Intelligence; it garnered a fair amount of attention, and I got several requests to make my next article about ways to remain private online. After reading the OSINT article, I can see why people would want to take action to ensure their privacy online; especially with so much of your information being mined and gathered by people like me, and making everything you do online wide open for everyone to see. So, for that reason, let’s look at one of the easier steps you can take to make sure your electronic communications are secure.
Author’s Note: If you’re just here for the PGP installation instructions, scroll down to “Installing PGP.”
For my second blog post, I decided I would write something about OSINT.
Before getting into OSINT, however, I feel that it’s important for a brief understanding of how it is utilized to assist attackers in completing whatever attack they’re going to carry out against their target. In order to assist your understanding, I’m going to quickly cover the theoretical approach that most attackers will follow, when attacking a target. This approach will consist of five phases; as ethical hackers, we refer to these phases as the “Five Steps to Ethical Hacking.” The following steps are the path that an attacker will likely follow, when attacking you (or their target.):