During this week, we talked about some additional scanning products used in Ethical Hacking. While many are open source, we also mentioned that there are some products that are commercial, and require a paid license.
During your trial of Kali, so far, have you found any interesting tools that you want to spend more time with?
While not disclosing your employer’s name, are you aware of tools that your employer currently uses?
From paid programs from work I have only used RAPID7 and Splunk. I think both were interesting and useful tools, with the proprietary licenses obtained, I as able to use these tools on test systems to play around with. For tools I want to play with more on Kali, I think I would like to play around with the Fern WIFI cracker tool more.
As I have not done too much wi-fi hacking, I would be interested in learning more about using and gaining experience with a tool like Aircrack-ng as that appears to be commonly used for wi-fi scanning and cracking. I also plan to get more experience with Maltego. In my own practice, I have frequently used hydra, dirb/DirBuster, WinPEAS, SQLMap, and John the Ripper.
Going over the theory and practical application of Wi-Fi hacking would be interesting to learn. I too am not all that familiar with the process so seeing how wifi cracking works would be interesting.
It would be interesting to attempt a brute force attack using the Hydra tool. We go over brute force in theory, but to actually conduct it would be a great learning experience. I am not aware of any security tools my organization uses as I am not in a security role in my organization.
I am very interested in DLP programs. Though it is not exactly a “hacking” tool, identifying fingerprints of certain types of data and understanding how these tools are used by companies to map user behavior to protect data loss, can be used to outsmart these tools during penetration tests.
My company had a major ransomware attack not long ago, so after the incident, they went ahead and more than tripled the number of tools that they are using. Some of the vendors are Forcepoint, Tenable, and Proofpoint.
In my day-to-day work, I use many paid programs. As I work in a SOC, many different clients have many different programs that they use for incident response and alert management. One of the main programs I use is Splunk. I can use Splunk to view activity on the client’s network that may be suspicious and use that information to reach out to a user and ask if what they are doing is for a business purpose or not. Similarly, another program used in client environments is QRadar, which does most of the same things as Splunk. I have not tried any tools that specifically deals with Wi-Fi hacking, but I would certainly be interested in working with them in my free time on an isolated network that I control.
While exploring Kali Linux, one of the tools that I would like to spend more time with would be Aircrack-ng. Wifi hacking has always been super interesting to me, and I would love to find out more about how it works and what you can do with it.
Some of the tools that my company uses is BurpSuite for viewing internet traffic.
Unfortunately I’m not yet working in the field so I cannot give an example of an employer’s commercial scanning tools, but as Dhaval mentioned above, I also have former class experience in working with Hydra. Although Hydra goes further than just scanning, it is a fun tool to use to try to find login vulnerabilities as it tries to brute force crack passwords using common rules and techniques. I’d like to spend more time using similar tools that allow for finding more vulnerabilities within a system.