Started a new job. I'm slightly afraid to be talking about it because my boss my read this. It's exciting. I'm an intern.
I'm not exactly sure where I expected to start, but it wasn't like this. My friends told me that they started internships that were fairly easy-just the daily work of IT people-installing software, deleting software, moving equipment around, some troubleshooting...
I don't know how much I can say about what I do. I can say capture the flags and challenges do not make someone proficient in a task. They show that a person is willing to work hard and learn; not what they know, now.
Also, red team is not blue team. Red team is easier. If I find one vulnerability, that's all I need to start. Sure, finding others is nice, but one gets me in. Then I can establish persistence, and use the tools already there to move further into the network.
Blue team has to think of everything, and they have to balance the organizarion's needs with Security. Sometimes software can't run with fully patched systems-sometimes the budget doesn't allow for an upgrade of equipment, sometimes executives want x software, yesterday without thinking about how it affects the overall security posture... which isn't necessarily a bad thing. We're supposed to give them the best advice we can and let them choose. Sometimes blue team has to do "good enough" Security, not best Security. And that makes things a little tougher.
I feel like I did when I first started doing challenges, it was frustrating at times, but I really wanted to do well and learn as much as I can. I hope that I rise to that challenge. Right now, I'm not feeling so great, though. I still have a lot to learn.
Saturday, July 29, 2017
Thursday, July 6, 2017
Kali Meta-Packages
Recently, my spouse purchased a Software Defined Radio Starter Kit and a Yard Stick One for my birthday. Yesterday, I finally got a chance to start configuring the Yard Stick One. I was watching a video on the Hak 5 Shop: https://hakshop.com/products/yard-stick-one, about how to get started configuring and using the Yard Stick One.
There's a program mentioned in the video, gqrx: http://gqrx.dk, that's supposed to be included with Kali. I happen to have a couple of Kali VMs, so I decided to try to set up my Yard Stick One on one of the VMs. The program wasn't on my particular Kali VM. So, I googled how this could be. Turns out, that when installing Kali, it's modularized, meaning that one can choose which install of Kali that they want. With the default install, some tools may not be available. That is when I learned about this awesome feature of Kali: You can choose which packages you want with these things called Kali Meta-Packages: https://tools.kali.org/kali-metapackages. There is more information on the Kali news site as well: https://www.kali.org/news/kali-linux-metapackages/. If you don't have a Kali VM, already, here is how to customize your installation: https://docs.kali.org/downloading/live-build-a-custom-kali-iso. If you already have a distro, and want to add a package to it, it's as easy as the following command:
sudo apt-get install <Kali meta-package name>
So, if I want all the software defined radio tools that are available in Kali at this time, I simply type:
sudo apt-get install kali-linux-sdr
That's it. It's that easy.
What if you don't know the name of the package you want? This command: "sudo apt-cache search kali-linux", is noted in the website I mentioned earlier in the post: https://www.kali.org/news/kali-linux-metapackages/, or you can find the meta-packages listing at: https://tools.kali.org/kali-metapackages.
Hopefully this helps others, because some people on Stack Exchange and other websites were asking how to do this. I just thought I'd try the normal way of installing packages on Kali and see if it worked. It did. Have fun everyone! :)
There's a program mentioned in the video, gqrx: http://gqrx.dk, that's supposed to be included with Kali. I happen to have a couple of Kali VMs, so I decided to try to set up my Yard Stick One on one of the VMs. The program wasn't on my particular Kali VM. So, I googled how this could be. Turns out, that when installing Kali, it's modularized, meaning that one can choose which install of Kali that they want. With the default install, some tools may not be available. That is when I learned about this awesome feature of Kali: You can choose which packages you want with these things called Kali Meta-Packages: https://tools.kali.org/kali-metapackages. There is more information on the Kali news site as well: https://www.kali.org/news/kali-linux-metapackages/. If you don't have a Kali VM, already, here is how to customize your installation: https://docs.kali.org/downloading/live-build-a-custom-kali-iso. If you already have a distro, and want to add a package to it, it's as easy as the following command:
sudo apt-get install <Kali meta-package name>
So, if I want all the software defined radio tools that are available in Kali at this time, I simply type:
sudo apt-get install kali-linux-sdr
That's it. It's that easy.
What if you don't know the name of the package you want? This command: "sudo apt-cache search kali-linux", is noted in the website I mentioned earlier in the post: https://www.kali.org/news/kali-linux-metapackages/, or you can find the meta-packages listing at: https://tools.kali.org/kali-metapackages.
Hopefully this helps others, because some people on Stack Exchange and other websites were asking how to do this. I just thought I'd try the normal way of installing packages on Kali and see if it worked. It did. Have fun everyone! :)
Subscribe to:
Posts (Atom)