“Whether you’re new to the fight, or a seasoned pro, don’t stop training…”
This statement, like the video that introduced it, has real punch. We did this on purpose to get you fired up, excited about your training, and to kickstart your journey. If it worked, and you’re in the fight, welcome aboard! If you haven’t jumped in for whatever reason, we want to introduce you to the plethora of resources we’ve made available to help you master Kali Linux, the penetration testing distribution.
You’ve likely heard about the first, official Kali Linux book: Kali Linux Revealed, Mastering The Penetration Testing Distribution available from OffSec Press. Don’t worry, this isn’t a sales pitch. We’ve made the book available for free in both online HTML and PDF versions because we love you. But wait, there’s more. We’ve also made chapter exercises available online at Kali.training (after free registration) so you can test your knowledge and get some hands-on experience as you work through the book. We’ve also created our first Kali Linux certification, the Kali Linux Certified Professional (KLCP), so you can take your training to the next level. This is where some folks get either overwhelmed or confused, so let’s talk about what all this is, exactly.
Kali Linux Revealed – What’s That
First, let’s talk about Kali Linux Revealed. Whether you buy the (fairly-priced) physical book from retailers like Amazon, download the free PDF, or follow along with the online version of the book, you’re getting exactly the same content. There is no difference. So why are we selling a book and giving it away? The fact is, we’re not trying to make a business by selling books. We wrote the book to provide an official manual for Kali Linux, to provide a body of knowledge for the KLCP, and to improve the knowledge base of the Kali community.
The follow-on exercises at Kali.training help solidify your knowledge and give you practical hands-on experience. All of this will help prepare you for the ultimate test: the KLCP.
So what is the KLCP, exactly? Once you’ve studied (and not simply read or skimmed) the book and worked through the exercises, you’re probably ready for the KLCP. Consisting of a 90-minute, 80-question multiple choice exam (proctored by Pearson Vue), the KLCP is the foundational Kali Linux certification.
All of this is centered around the content in the Kali Linux Revealed print, online, and PDF books, so let’s dive into what’s covered.
It’s been mentioned that we’ve provided a resource that’s too basic for some and too advanced for others. That’s fair because we provide a somewhat gentle introduction for new users, thoroughly cover all Kali Linux features, and then delve into some fairly advanced topics as well. So, yes, it’s a fairly broad range.
To start things off, we discuss the basics of Kali Linux in the first few chapters. In the first chapter, we share the history of Kali Linux, explain the relationship with Debian, talk about Kali features, policies and use cases, and discuss what Kali is best used for. We follow this up in chapter two with details on how to download and verify Kali Linux, how to create a bootable Kali USB, and how to set up a virtual machine. In chapter three, we discuss Linux fundamentals, talk about terminology and basic commands, and touch on system logging and troubleshooting.
Once you register on Kali.training, you can dive in to end-of-chapter exercises. Working through these exercises, you will:
- Set up a new VM
- Boot Kali Live
- Inspect kernel boot options
- Download (and verify) Kali
- Install Kali on USB and VM
- Modify kernel boot parameters
- Practice Linux job control
- Search and manipulate files
- Enumerate and manipulate hardware settings
This is the turning point of the table of contents, where beginners are starting to get pumped and advanced users have dismissed this as “useless beginner stuff”. While many are quite happy bouncing around and using the book as a reference, if you’re a serious student or a professional seeking to better your skills or nail your KLCP, you should not simply dismiss or skip any of the chapters. There really is a lot of good material for users at every level and anything in the book is fair game for the KLCP.
Continue The Journey
Continuing with our journey, we step into chapter four where we cover installation requirements, show you how to install Kali as a standard install, ARM install, unattended install and as a fully encrypted installation with LVM and LUKS.
If you’ve never strayed from the standard installation path, you’re missing out on the power of unattended installation and the ultimate security of encryption with LUKS “nuke”. You’ll get hands-on at Kali.training with a fully encrypted install, an unattended install and a standard as well as a fully customized ARM install on a Raspberry Pi. The final exercise in this chapter has you not only building a “Kali Pi” but mounting and chrooting the file system to make post-installation changes. This gives you extreme flexibility, takes you off the path of a standard burned-image installation and is especially eye-opening for new users.
In chapter five, we dive into service and user configuration and management, then follow this up in chapter six with tips on troubleshooting Kali Linux and self-diagnosing and getting help with any aspect of your installation. As we roll into chapter seven, we’ll dig into security topics and cover firewall and log configuration and monitoring, package auditing and several host-based intrusion detection tools. While most of this may seem like basic Linux system administration, the fact is that Kali is really a killer secure base OS and each of these skills is important for building a strong foundational knowledge of Kali.
As you pass through these chapters and tackle the exercises, you will:
- Add new user accounts
- Configure network without Network Manager
- Spin up hostapd as WAP
- Configure Apache and PostgreSQL
- Install masscan with a custom web interface
- Create a custom PI access point with hostapd
- Create and test firewall rules
- Learn to detect and prevent password brute forcing
- Install and modify a host-based IDS system
This is yet another turning point of the book. We’ve covered basic Kali installation and use, stepped into administrative roles and gotten even the most basic user up to a decent foundational level of knowledge. Our advanced users may be frustrated, wondering when they get their turn to play. That time is now. The next three chapters are the meat of Kali Linux Revealed. They are the longest and most densely packed chapters in the entire book and each chapter contains a ton of cool stuff that will appeal to even the most advanced user.
Into The Fray
We jump right into the fray in chapter eight as we examine Debian Package Management. Debian is a robust, mature, operating system that allowed us to take Kali to the next level as a distribution. We gained so many advanced features when we moved to Debian, and in this chapter we start to lay out the foundations of what makes these features possible.
If you’ve done anything with Kali, you’ve likely used apt to update your installation. It’s easy to just blow off this process, follow the directions, and move on. But what happens behind the scenes with Debian’s package management tools is impressive, powerful, and flexible. We go behind-the-scenes and talk about all the components that make this possible. For example, do you understand the difference between dpkg, apt, and apt-get? What about aptitude and synaptic? Each of these utilities has powerful functionality and we get in deep so we can get into some powerful features in the following chapters.
At the end of chapter eight, you dive into the exercises where you will:
- Install bleeding edge software, like the Social Engineering Toolkit (SET)
- Create custom packages, including a custom-built offline installation of Nessus that includes all plugins
- Install and configure packages from foreign architectures
- Install Windows-based programs in Kali Linux
In chapter nine, we will show you how to modify Kali packages, recompile the Kali kernel, and build custom Kali live ISO images. Custom packages are especially cool, allowing you to create a package, share it, deploy it, and even roll back your changes if you need to.
As we dive into the exercises, you will:
- Build custom Kali live ISO images, like an much-upgraded version of Angela’s live USB from Mr. Robot
- Build an unencrypted live Kali USB
- Build an encrypted live Kali USB with LUKS “nuke” allowing you to obliterate your data with a specific decryption password.
- Fork your own metapackage containing exactly the tools you want to deploy
As we cruise in to chapter ten, we’ll show you how to install Kali Linux over the network, including options for complete unattended installation. We’ll also show you how to create a full-featured enterprise installation of Kali that allows you to deploy Kali “minions” that you can control from a central “master”. Finally, we will show you how to create a custom package repository that you can use to deploy your own completely customized packages. When you pull together the skills in these final chapters, you will be able to create custom Kali installations with your own package builds and configuration options. You will even have the power to build custom live instances primed to do anything you want after booting. You’ll be able to network-install machines with completely unattended installation options, stand up your own package repositories with custom tools for rapid deployment, and monitor, update, and control deployed Kali instances without installing any additional tools on top of Kali.
Take The Next Step
At this level, the true power of Kali Linux is revealed and you have truly “mastered the penetration testing distribution”.
Kali Linux Revealed, the resources at Kali.training and the KLCP encompass so much cool stuff, it’s pretty hard to summarize, but we hope you’ll take the next step in your journey and join us at Kali.training!