We have really enjoyed doing the Dojo at Black Hat the last few years. It’s been a great opportunity to show off some of the lesser known (but oh so useful) features of Kali Linux as well as interact with the user base. But one of the limitations of the previous structure was that while this was a hands-on exercise, many attendees moved at different paces from each other. So we wanted to move towards more of a “self service” model where attendees can drop in, have access to the training material, and will be free to work at their own pace. We accomplished with the new model we will be premiering this year, allowing everyone to take as much, or as little, time needed to get a working Kali install customized to their desires. While this is being done, Kali developers will be onsite and interacting with everyone on a consistent basis.
Offensive Security is proud to present a Kali Linux workshop that provides a unique journey through our distribution while providing rare insights and an in-depth look at the most powerful features available in the Kali penetration testing platform.
Created by the Kali Linux development team and debuted at Black Hat USA 2014, this event will also include an interactive Q&A session with the developers, hands on instructions on creating your own custom Kali Linux ISOs, automatic unattended installations of Kali Linux, enterprise management of the distribution, building and utilizing Kali Linux on ARM platforms, and the step by step creation of a custom Raspberry Pi image – transforming it into an effective hardware backdoor. If you’ve ever wished for fluent proficiency with Kali Linux, this workshop is for you.
If you want to play along with us, you’ll need to come prepared with a fast laptop running an updated version of Kali Linux. For more details about the workshop and its requirements, check out our “Kali Linux Dojo” announcement page.
Kali Linux Dojo Workshop Topics and Description
Workshop #1: Kali Linux – Under the Hood
Technical Level : 1/5 | Duration : 45 minutes
In this workshop, we will introduce the Kali Linux security auditing distribution, its history, development, architecture, and features. We will delve into how we got to where we are today, how penetration-testing tools are evaluated for inclusion in the distribution, and a look at the road ahead. If we have enough time, we’ll also dabble with altering and patching Kali packages.
At the end of this session, we will also conduct a Q&A session where individuals can ask the Kali developers questions about the project. If you are new to Kali Linux and need a guided introduction or you have specific questions for the Kali team, this is the workshop for you. Workshop Goals – Get to know the developers, get warmed up and set-up, build some basic Kali packages.
Workshop #2: Rolling Your Own – Generating Custom Kali Linux ISOs
Technical Level : 2/5 | Duration : 1 hour
One of the most powerful features of Kali Linux is the ability to create your own flavours of the distribution containing customized tools, desktop managers, and services. This workshop will show you how to create your own personalized Kali Linux ISO, customizing virtually every aspect using the live-build utility and making efficient use of the various metapackages available in Kali. Workshop Goals – Attendees should be able to understand and independently build complex Kali images, such as the Kali Linux ISO of Doom.
Workshop #3: Pre-seeding, Automating, and Managing Multiple Kali Installations
Technical Level : 3/5 | Duration : 1 hour
Kali Linux supports several interesting installation and deployment options, which will be explored in depth. In this workshop, we’ll show you how to deploy Kali over the network with PXE and iPXE technologies, pre-seed installations, deploy custom Kali setups, and then use the Salt management and configuration package to manage multiple installations of Kali throughout the enterprise. Workshop Goals – Attendees should be able to install and automate Kali Linux instances to fit specific needs. Fluency in network installs, pre-seeding, and slipstreaming packages. If time permits, enterprise management of Kali with Salt.
Workshop #4: Penetration Testing From Your Pocket – Kali Linux on ARM and Android Devices
Technical Level : 3/5 | Duration : 1 hour
Kali Linux supports ARMEL and ARMHF architectures. This allows us to put Kali on a variety of interesting hardware platforms as well as easily conduct chroot installs of Kali Linux on Android. In this workshop, we will show you how to install Kali Linux within a chroot environment on an Android device. Workshop Goals – Attendees should be able to manually create custom Kali ARM images for use in chroot environments such as Android devices. Attendees should also be able to deploy these images on their Android cellphone and be fluent with supportive Android applications such as Linux Deploy.
Workshop #5: The Ultimate Hardware Backdoor – Kali Linux Edition
Technical Level : 3/5 | Duration : 1 hour
This will be the concluding session, where we’ll use methods demonstrated throughout the day to show you how to create your very own “Raspberry Pi of Doom”, based off Kali Linux and a Raspberry Pi. The configuration involves creating an image file that contains a minimal Kali installation, which on boot, connects back to the penetration tester over a VPN connection and bridges the remote target network with the testers’. This image can then also be used on an Android device – proving to be perhaps the most potent hardware backdoor of them all. Workshop Goals – Attendees should be able to manually create custom native Kali ARM images for a Raspberry Pi which have similar properties to the “ISO of Doom”. This includes compiling a custom ARM kernel for the Raspberry Pi.
Battle Tested, Free Kali Linux Educational Resources
After a very short deliberation, the team decided that once these training materials are polished and battle tested in the upcoming conferences, we will release them publicly and free of charge so that Kali Linux users worldwide will all be able to benefit from accessible, high quality training materials revolving around our open source project. Our hope is that by doing this, our users will become both more aware and proficient with the advanced features available in Kali Linux and be able to use it more effectively.
The folks at Black Hat have been kind enough to invite us once again to deliver a Kali Dojo in Las Vegas this year. The event will be held on the 4th of August at the Mandalay Bay hotel, and will be open to all Black Hat pass types. This year our Dojo will be set up differently, allowing for a larger crowd and much more interaction. We are going to hold a full day event, featuring several main activity areas :
Today marks an important milestone for us with the first public release of our Kali Linux rolling distribution. Kali switched to a rolling release model back when we hit version 2.0 (codename “sana”), however the rolling release was only available via an upgrade from 2.0 to kali-rolling for a select brave group. After 5 months of testing our rolling distribution (and its supporting infrastructure), we’re confident in its reliability – giving our users the best of all worlds – the stability of Debian, together with the latest versions of the many outstanding penetration testing tools created and shared by the information security community.
Kali Linux 2.0 has been out for a couple of months and the response has been great, with well over a million unique downloads of Kali 2.0 as a testament. Release day was somewhat hectic for us, as we did not anticipate the sheer volume of traffic … which we somehow always underestimate. In the first few days after the release of 2.0 we had ten times the download volume of 1.0 in a similar period, back in 2013.
We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new Kali Linux Dojo, which was a blast. With the help of a few good people, the Dojo rooms were set up ready for the masses – where many generated their very own Kali 2.0 ISOs for the first time. But the excitement doesn’t end for us just yet. With the end of the cons, we now find ourselves smack in the middle of the most significant release of Kali since 2013. Today is the day that Kali 2.0 is officially released.
We’ve been awfully quiet lately, which usually means something is brewing below the surface. In the past few months we’ve been working feverishly on our next generation of Kali Linux and we’re really happy with how it’s looking so far. There’s a lot of new features and interesting new aspects to this updated version, however we’ll keep our mouths shut until we’re done with the release. We won’t leave you completely hanging though…here’s a small teaser of things to come!