During this week, we talked about some additional scanning products used in Ethical Hacking. While many are open source, we also mentioned that there are some products that are commercial, and require a paid license.
During your trial of Kali, so far, have you found any interesting tools that you want to spend more time with?
While not disclosing your employer’s name, are you aware of tools that your employer currently uses?
I thought Kali had Volatility pre-loaded but no evidence of that in the forensics tab. Commercial forensic tools are pretty pricey so I know my org’s forensic team develops their tool-kits to be open source and Volatility is a great open-source software for analyzing memory for malware and other IOCs. Looking through the ‘Post-Exploitation’ tab, I see Mimikatz comes pre-installed. We have had a couple instances in my environment where we have caught people from our division using Mimikatz which as you would expect raises A LOT of questions. Ultimately, we were able to confirm that those individuals did have permission to use Mimikatz in our network for testing. Although I am familiar with this tool, I have never personally used it so I may try it out on my own window VMs.
The Wireshark, which is a free and open-source network analysis tool to capture network, and it’s pre-loaded to the Kali Linux. It can be used to view network traffic, and it cannot be used for intrusion detection. So, we can use it with confidence and don’t have to worry about the wrong operation causing damage to the network. We can use Wireshark to monitor network traffic, analyze the captured packets, or use the captured packet for troubleshooting.
One of the pre-loaded tools on Kali I would like to test out is sqlmap, which deals with databases. This tool will find vulnerabilities such as sql injections and other ways to take over the database. Sqlmap supports many popular database management engines. I’m not aware if anyone at my organization uses this tool, but it would be helpful to test our databases for any vulnerabilities.
I would definitely like to learn how to use and understand how Wireshark works. This is one of tools my employer uses for IT operations support for Production issues and project troubleshooting. I have seen it in action before, but it would be a huge benefit for me to understand how it works and how to use it myself. Also, I know nmap is used and pretty sure dnstracer as well.
Hi,
If you’re interested in learning Wireshark I recommend checking this website out. https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/ Helps to give you some examples of what to look for in your network and how to configure Wireshark to optimize your workflow.
I have used Wireshark during training in the past and it’s certainly a tool I feel is very useful and robust. Thank you for sharing this link, Kelly.
Snort is a network traffic analysis tool that I have used in the past and would like to further into moving forward. I spoke with a member of my organizations security risk management team and he informed me that we have used both snort and wireshark in the past. Additionally, my coworker informed me that we use skipfish for web applications.
never heard of skipfish – I’ll have to look into that
The one tool I would like to explore a little more in Kali is ZenMAP, as I understand it is baically a GUI version of nMAP.