Tuesday, February 12, 2013
Have you heard of BackTrack? It's a Linux distribution custom made for penetration testers. The BackTrack distribution comes loaded to the gills with password crackers, network sniffers, vulnerability detectors, and even tracking applications to make notes about vulnerabilities and exploits.
If this sounds like a powerful tool that could be used for great good or great evil, I think you've got a good picture. In the wrong hands, it can be a very bad thing. In the right hands, it can help you defend your systems against the heavily armed bad guys.
This book is written in the Packt 'Cookbook' format. This means it doesn't contain a lot of theory or in-depth explanations. Just lots of snippets telling you what to type and where to click. Most sections contain the headings:
Using (Some feature) - Tells a little about which tool you are about to use
Getting Ready - The prerequisites for using the specified utility
How to do it - Screenshots and script instructions for running the utility
How it works - A small explanation of what was done
There's more - additional explanations
To repeat that, this book is really a collection of short sections that describe how you can use various utilities in a dedicated Linux distro. So, what are the contents?
- Installing and customizing BackTrack
- Information Gathering
- Vulnerability identification
- Privilege Escalation
- Wireless Networks
- Voice Over IP
- Password Cracking
Most of those are pretty explanatory about what's in each chapter. If you are charged with protecting your company's electronic assets, the tools and techniques that are presented can help you validate what's working and point out what's not.
By the way, there is a critical warning in the explanatory text for one of the tools: Make wise choices in where you direct your attacks, lest you bring a visit from Federal investigators. User beware!
The chapter on Forensics can serve a dual purpose. Besides helping with ethical penetration testing, this one also offers some interesting processes for other useful work: data recovery (damaged drives or deleted files) and password recovery. These can surely be useful in everyday situations.
What's the final verdict? This book is going to be a valuable tool for penetration testers. If that's your business, you probably ought to have a copy.
The book can be found here.
Happy (ethical) hacking!