Are you sure you want to cancel your subscription?

If you cancel, your subscription will remain active through the paid term. You will be able to reactivate the subscription until that date.

Sorry to see you go

Your subscription will remain active until . If you change your mind, you may rectivate your subscription anytime before that date.

Are you sure you want to reactivate?
Welcome Back!

Your subscription has been reactivated and you will continue to be charged on .

Reactivate Subscription

Thank you for choosing to reactivate your subscription. In order to lock in your previous subscription rate, you owe: .

Your Subscription term is from - .

Questions? Call Sales.

Payment Due:

Auto-Renew Subscription

To auto-renew your subscription you need to select or enter your payment method in "Your Account" under Manage Payments.

Click continue to set up your payments.

CBT Nuggets License Agreement

Unless otherwise stated all references to “training videos” or to “videos” includes both individual videos within a series, entire series, series packages, and streaming subscription access to CBT Nuggets content. All references to CBT or CBT Nuggets shall mean CBT Nuggets LLC, a Delaware limited liability company located at 44 Country Club Road, Ste. 150, Eugene, Oregon.

A CBT Nuggets license is defined as a single user license. Accounts may purchase multiple users, and each user is assigned a single license.

  • GRANT OF LICENSE. CBT Nuggets grants you a non-transferable, non-exclusive license to use the training videos contained in this package or streaming subscription access to CBT content (the “Products”), solely for internal use by your business or for your own personal use. You may not copy, reproduce, reverse engineer, translate, port, modify or make derivative works of the Products without the express consent of CBT. You may not rent, disclose, publish, sell, assign, lease, sublicense, market, or transfer the Products or use them in any manner not expressly authorized by this Agreement without the express consent of CBT. You shall not derive or attempt to derive the source code, source files or structure of all or any portion of the Products by reverse engineering, disassembly, decompilation or any other means. You do not receive any, and CBT Nuggets retains all, ownership rights in the Products. The Products are copyrighted and may not be copied, distributed or reproduced in any form, in whole or in part even if modified or merged with other Products. You shall not alter or remove any copyright notice or proprietary legend contained in or on the Products.
  • TERMINATION OF LICENSE. Once any applicable subscription period has concluded, the license granted by this Agreement shall immediately terminate and you shall have no further right to access, review or use in any manner any CBT Nuggets content. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you are in violation of this Agreement. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you have exceeded reasonable usage. In these events no refund will be made of any amounts previously paid to CBT.
  • DISCLAIMER OF WARRANTY AND LIABILITY. The products are provided to you on an “as is” and “with all faults” basis. You assume the entire risk of loss in using the products. The products are complex and may contain some nonconformities, defects or errors. CBT Nuggets does not warrant that the products will meet your needs, “expectations or intended use,” that operations of the products will be error-free or uninterrupted, or that all nonconformities can or will be corrected. CBT Nuggets makes and user receives no warranty, whether express or implied, and all warranties of merchantability, title, and fitness for any particular purpose are expressly excluded. In no event shall CBT Nuggets be liable to you or any third party for any damages, claim or loss incurred (including, without limitation, compensatory, incidental, indirect, special, consequential or exemplary damages, lost profits, lost sales or business, expenditures, investments, or commitments in connection with any business, loss of any goodwill, or damages resulting from lost data or inability to use data) irrespective of whether CBT Nuggets has been informed of, knew of, or should have known of the likelihood of such damages. This limitation applies to all causes of action in the aggregate including without limitation breach of contract, breach of warranty, negligence, strict liability, misrepresentation, and other torts. In no event shall CBT Nuggets’ liability to you or any third party exceed $100.00.
  • REMEDIES. In the event of any breach of the terms of the Agreement CBT reserves the right to seek and recover damages for such breach, including but not limited to damages for copyright infringement and for unauthorized use of CBT content. CBT also reserves the right to seek and obtain injunctive relief in addition to all other remedies at law or in equity.
  • MISCELLANEOUS. This is the exclusive Agreement between CBT Nuggets and you regarding its subject matter. You may not assign any part of this Agreement without CBT Nuggets’ prior written consent. This Agreement shall be governed by the laws of the State of Oregon and venue of any legal proceeding shall be in Lane County, Oregon. In any proceeding to enforce or interpret this Agreement, the prevailing party shall be entitled to recover from the losing party reasonable attorney fees, costs and expenses incurred by the prevailing party before and at any trial, arbitration, bankruptcy or other proceeding and in any appeal or review. You shall pay any sales tax, use tax, excise, duty or any other form of tax relating to the Products or transactions. If any provision of this Agreement is declared invalid or unenforceable, the remaining provisions of this Agreement shall remain in effect. Any notice to CBT under this Agreement shall be delivered by U.S. certified mail, return receipt requested, or by overnight courier to CBT Nuggets at the following address: 44 Club Rd Suite 150, Eugene, OR 97401 or such other address as CBT may designate.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the License Agreement at any time, with or without notice.

Billing Agreement

  • By entering into a Billing Agreement with CBT Nuggets, you authorize CBT Nuggets to use automatic billing and to charge your credit card on a recurring basis.
  • You agree to pay subscription charges on a monthly basis, under the following terms and conditions:
    • CBT Nuggets will periodically charge your credit card each monthly billing cycle as your subscription charges become due;
    • All payments are non-refundable and charges made to the credit card under this agreement will constitute in effect a "sales receipt" and confirmation that services were rendered and received;
    • To terminate the recurring billing process and/or arrange for an alternative method of payment, you must notify CBT Nuggets at least 24 hours prior to the end of the monthly billing cycle;
    • You will not dispute CBT Nugget’s recurring billing charges with your credit card issuer so long as the amount in question was for periods prior to the receipt and acknowledgement of a written request to cancel your account or cancel individual licenses on your account.
  • You guarantee and warrant that you are the legal cardholder for the credit card associated with the account, and that you are legally authorized to enter into this recurring billing agreement.
  • You agree to indemnify, defend and hold CBT Nuggets harmless, against any liability pursuant to this authorization.
  • You agree that CBT Nuggets is not obligated to verify or confirm the amount for the purpose of processing these types of payments. You acknowledge and agree that Recurring Payments may be variable and scheduled to occur at certain times.
  • If your payment requires a currency conversion by us, the amount of the currency conversion fee will be determined at the time of your payment. You acknowledge that the exchange rate determined at the time of each payment transaction will differ and you agree to the future execution of payments being based on fluctuating exchange rates.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the Billing Agreement at any time, with or without notice.

Penetration Testing with Linux Tools

Course Duration: 11:15:41
Welcome to the Tools of BackTrack and Kali Linux
In this introduction, Keith shares important information on how to stay safe (and legal) when using the powerful tools included in BackTrack and Kali, as well as how to get the most out of this course. All of the tools demonstrated in this series should only be used on networks/systems where appropriate authorization is provided.
What is BackTrack?
BackTrack (BT) is the "Swiss Army Knife" of penetration testing, information gathering and vulnerability assessment tools (all conveniently packaged in a free single Linux distribution). In this video, Keith introduces this package of tools, as well as options available for running it.
Install BT on a Virtual Machine
BackTrack can be run on live hardware or virtual hardware. In this video, Keith explains where to get BackTrack and virtualization software for free and walks you through the installation of BT in a VirtualBox-emulated computer. Settings used by Keith are explained in the video and are also available as a NuggetLab download.
Connecting to the Network
An IP address can be configured via DHCP or through static configuration. The choice is yours on how you want BackTrack to operate. In this video, Keith walks you through configuring a static IP address and how to modify the Linux configuration files so that the same IP address is used next time the system boots. You'll also see a demo on how to enable SSH. You are encouraged to practice the configurations that you learn in this video. Commands used at the Command Line Interface (CLI) for this video are available in the NuggetLab download area.
Updating S/W and Using Integrated Help
Using built-in help tools, such as man pages are terrific—if you know how to use them. In this video, Keith shares with you how to use both the man pages and built-in help that are often associated with commands at the CLI. The Advanced Package Tool (apt-get) also is presented and demonstrated as a utility to keep software up to date (also applies to new installations). You are encouraged to practice what you learn in this video, including using man pages, command prompt help and doing a system update on your implementation of BackTrack.
BT Wireless TX Power
In this video, Keith walks you through verifying and changing the wireless transmission strength for a wireless adapter that's being used by BackTrack. This technique can be useful when the BT needs a slightly further wireless reach or when we want the BT to be more "quiet" in its environment.
Uncovering Hidden SSIDs
Security through obscurity. It's not a bad idea, but it's not always successful. If a criminal didn't know there was a bank, he wouldn't attempt a robbery. If a wireless Access Point (AP) isn't broadcasting its Service Set Identifier (SSID), it's likely the average user won't see the AP and try to using it. Turning off the advertisement of the SSID does very little on its own to protect the AP. In this video, Keith demonstrates how discovering the SSID is a simple task that can be done with a few easy commands. You are encouraged to practice these tools on networks you are authorized on to perform work. Commands used in this video are available in the NuggetLab download area.
Bypassing MAC Address Filters
Wireless Access Points (APs) don't have to allow any client to connect. By setting up an Access Control List (ACL) at the AP based on the MAC addresses of individual customers, client machines with MAC addresses that are not on the list won't be associated with the AP. In this video, Keith demonstrates how to utilize tools that can be used to "borrow" a MAC address that is on the list in order to gain access. Commands used in this video are available in the NuggetLab download area.
Breaking WPA2 Wireless
First there was WEP, then WPA and now WPA2 for wireless security. But even using the WPA2 with a pre-shared key (PSK) has risks. For example, if a weak key is chosen you are still vulnerable to an attack. In this video, Keith walks you through several familiar wireless tools (and a new one!) included with BackTrack that can be used to discover the WPA2 PSK that's being used on a wireless network. Commands used in this video are available in the NuggetLab download area.
Rogue Wireless Access Points
Normally, we would be on the watch for these, but in this video we get to implement one. In this Nugget, Keith walks you through converting the BackTrack computer into a wireless AP, including how to set up DHCP routing services so that clients who associate with your BackTrack device might not even notice they are walking into a man-in-the-middle (MITM) attack. Configuration commands used are available in the NuggetLab download area.
Wireless Mis-Association Attacks
Complimenting the techniques discussed in the previous video, Keith demonstrates additional techniques to learn what wireless networks a client previously used and then creating a matching AP SSID. By doing this, it's easier (and perhaps not noticeable to the user) for a computer to associate with the BackTrack AP for another MITM type of an attack. Keith also demonstrates the "Wireless Evil Twin" attack. All the commands used in this video are available for download in the NuggetLab download area.
MITM Using Wireless Bridging
In this video, Keith walks you through another method that can be used to implement a wireless man-in-the-middle (MITM) attack by bridging the AP logical interface and the physical Ethernet interface. Using Wireshark as a tool to interpret the captured data and the concept of bringing up multiple Access Points (APs) on a single BackTrack system are discussed. Configuration commands Keith uses in this video are available in the NuggetLab download area.
Nmap: King of Scanners
What devices are sitting on the network and what services are they offering? It's a good question and one that the Nmap program can assist us in answering In this video, Keith walks you through the CLI, including options to gather OS identification and version information, as well as using Nmap with scripts. He'll also look at the Graphical User Interface (ZenMap). Commands used in this video are available in the NuggetLab download area.
DHCP Starvation
Whether trying to implement a Denial of Service (DoS) attack or clearing the path for the introduction of a rogue DHCP server, consuming all the existing addresses from the real DHCP server is very easy. In this video, Keith demonstrates how to use Yersinia, one of the tools in the BackTrack distribution, to implement this attack.
Vote for BT - as the new STP Root Bridge
The Spanning Tree Protocol (STP) plays a critical role in identifying and removing layer 2 loops in a switched network. If left unprotected, the SPT topology can be changed by a rogue device, injecting what appears to be superior Bridge Protocol Data Units (BPDUs). In this video, Keith walks you though STP, with the BackTrack system acting as the STP root.
CDP Flooding
Cisco Discovery Protocol is an excellent tool to confirm the physical connections between Cisco devices. It's also an excellent tool (when flooding a neighbor with tens of thousands of CDP advertisements per minute) to overwhelm and cause Denial of Service (DoS) attack. In this video, Keith demonstrates how to implement this attack on a test switch in the lab. This video also shows how to use a X-windows sever and SSH to redirect the GUI from a remote BackTrack system to a local windows computer.
Taking over HSRP
The Hot Standby Router Protocol (HSRP) is a First Hop Redundancy Protocol (FHRP) that provides a fault tolerance default gateway for customers to use in a network. By politely asking to be the active router, a BackTrack system can cause a DoS attack by getting the role, (while the production routers take a well deserved break) and then not performing routing for the subnetwork.
DTP and 802.1q Attacks
When an attacker can convert a "single-VLAN" access port to a trunk port, there are are many additional opportunities for the attacker on a network. In this video, Keith walks you through using Dynamic Trunking Protocol to transition a switchport that BackTrack is connected to from an access port to a trunk port. This video also demonstrates creating logical VLAN interfaces on the BackTrack system, creating direct access (via the new trunk) to the VLANs available through that trunk. The protocol capture file from this Nugget is available in the NuggetLab download area.
ARP Spoofing MITM
LAN switches do a fantastic job of forwarding layer 2 frames based on the destination MAC address in each frame. However, if a device that is encapsulating and sending the frame puts the incorrect destination address it can be forwarded to an unintended destination (that of the BackTrack system). In this video, Keith walks you through how to implement an ARP spoofing attack through poisoning the ARP cache of a host and its default gateway and perform a live MITM on an Ethernet network. Commands used in this video are available in the NuggetLab download area.
Metasploit Framework
Metasploit Framework is an environment build for the discovery of vulnerabilities of systems and the compromise/exploitation of those systems. In this video, Keith demonstrates how to install a working copy (when needed) on the BackTrack system, and introduces you to the MSFConsole CLI and the GUI interfaces. Also, examples of synflood attacks are provided in this Nugget. The commands used in this video are available in the NuggetLab download area.
PWNing a System with MSF
In this video, Keith walks you through using both MSFconsole and Armitage to exploit a network device. Capturing keystroke logging and screen captures against a compromised system also are demonstrated. Commands used in this video are available in the NuggetLab download area.
Creating a "Pivot Point"
If we can't directly access a network, we may be able to compromise a host that can, and from there launch attacks. Using a victim host as a pivot point, attacks can be launched (via proxy using the victim) to reach additional networks. In this video, Keith shows you how to make this process easier by using MSF with Armitage.
Social-Engineer Toolkit (SET)
One of the easier methods for compromising a system is to trick the user to run our code or click on a link that executes the code. The Social-Engineer Toolkit simplifies the process for setting up content, including web sites designed to compromise when connected to by users. In this video, Keith introduces SET, and how using it can create a malicious web server on the BackTrack system.
Ettercap and Xplico
Ettercap is a fantastic tool to implement a MITM attack. Xplico is great way of analyzing the data collected (in the middle). In this video, Keith demonstrates how to use both of these tools, as well as using Wireshark to actually listen in on a voice conversation captured within the packets collected by a sniffer.
DNS Spoofing
The Domain Name System is used by computers to resolve friendly names, such as, to an IP address so that computers can reach those devices. Unfortunately, if we compromise the DNS function and reply with a hostile (BT) computer's IP address as the Web server they are trying to reach, the client computer will willingly connect to the BT server and have the potential to be exploited. In this video, Keith demonstrates how to implement a DNS spoofing attack. The CLI commands used in this video are available in the NuggetLab download area.
A dictionary, as used in a dictionary attack, can contain millions of words and phrases for use as potential passwords. In this video Keith demonstrates using Hydra to implement a dictionary password guessing attack against a router with SSH and a server using FTP.
A large part of a pen-test is gathering information. Maltego is a fast and powerful tool that can be used to collect data from publicly available sources and create a graphical representation based on that information. In this video, Keith walks you through using this tool (including its transforms) to find specific information about a domain, its servers and IP addresses.
Kali Linux
There's a new flavor of BackTrack in town and the interesting part is that it isn't called "BackTrack." Kali Linux is a new Debian distribution that includes most of the tools from the previous BackTrack (5R3), but with additional care given to the packaging of those tools and other benefits. In this video, Keith discusses some of the new features and demonstrates an install of Kali Linux. Most of the tools shown in this video series are available on both BackTrack and Kali Linux.
Burp Suite
There exists another world when it comes to interactions between a web client and server. Burp Suite is a set of tools that enables you to analyze the details of both the requests and responses between web clients and servers, as well as replay requests after making modifications to those requests. In this video, Keith introduces and demonstrates these tools, including setting up the proxy on a client and using the spider and replay options.
Raspberry Pi & Kali Linux
What is small enough to fit in a pocket, affordable and can be a serious threat to an unprotected network? The answer: Kali Linux running on a Raspberry Pi computer. In this video, Keith walks you through the steps to install and use Kali on a Pi. Included in the video are the hardware specifics for the Pi, the wireless adapter and the SD card (in the event you want to replicate this). Keith also shares the "correct" URL to download the customized ARM image of Kali for the Pi.
Scapy is a packet manipulation tool than can craft, send, capture and sniff network datagrams (segments, packets and frames). In this video, Keith introduces you to this toolset and provides an example of it being used successfully. Examples of why it would be used also are included in the video. The video uses Kali Linux running on a Raspberry Pi, using SSH and Xwindows, and similar results can be obtained by practicing at the local console of the BackTrack/Kali device.
A traditional PING uses ICMP and request/reply messages to verify connectivity between two devices over an IP network. But what if a firewall or the device itself is blocking the PING messages? What can be done? Have no fear, hping3 is here! In this video, Keith demonstrates how TCP and/or UDP options can be used to verify reachability and round trip time between two devices, even when ICMP isn't allowed. Commands used in this video are available in the NuggetLab download area.
How easy is it to implement an MITM on an IPv6 network? If you use the parasite6 tool, it's easy. In fact, way too easy. In this video, Keith discusses how Neighbor Discovery Protocol (NDP) is used in IPv6 (compared to IPv4's ARP), and then how to use parasite6 to perform layer 2 spoofing on an IPv6 network. Commands used in this video are available in the NuggetLab download area.
IPv6 THC Tools
The Hackers Choice (THC) group has lots of great tools for IPv6 networks, and in this video, Keith demonstrates a few of his favorites. This nugget includes Neighbor Discovery Protocol (NDP) Router Advertisement (RA) manipulation including spoofing and flooding, DoS based on Duplicate Address Detection (DAD) and much more. Commands used in this video are available in the NuggetLab download area.
Custom Password Lists
Which is better? A password list of a million entries or one with 50 thousand, IF they both contain the correct passphrase used in a dictionary attack? In this case, smaller is better, as it will save time and CPU. In this video, Keith introduces and shares a tool called the "Common User Password Profiler" (CUPP) that will interview you, ask you questions about the subject of interest (the person whose password you want) and then build a customized password file surrounding the names, dates, numbers based on the input you supplied. This password file then can be utilized by tools such as Hydra or Medusa as part of a dictionary attack. The commands used in this video are available in the Nuggetlab download area.
Hashes and Cracking Passwords
Passwords aren't normally stored in plain text files on a system such Windows or Linux. Instead, a hash is generated and that one-way hash value is stored. In this video, Keith walks you through using a BackTrack Live CD to boot a system that has Windows on the hard drive, and by mounting the Windows file system, get access to the SAM database and the hashes for the user accounts. With the hash files in hand, we can take those hash files and use off-line password cracking tools such as John the Ripper. Commands used in this video are available in the NuggetLab download area.
Rainbow Tables and Ophcrack
What's faster than 241x34(9644/2)-1 ? The answer: the result of 39,511,467. In the world of comparing millions of hashes, it's much faster to already have the hash (as in the result above) rather than having to create the hash before being able to compare it to another value. In this video, Keith demonstrates how a "Rainbow Table" (a pre-computed list of hashes) can be used to significantly improve the time it takes to break a password. Ophcrack also is demonstrated as a tool that can use a rainbow table. A supporting document listing some of the many of the steps shown in the video is available in the NuggetLab download area.
The king of open-source packet analyzers is Wireshark (previously named Ethereal). In this video Keith discusses methods for obtaining network data such as port mirroring and MITM. He then shares with you Wireshark options including the ability to create graphs and analyze the top speakers on the network, as well as apply filters to focus on specific traffic.
Virtual Test Environment
Practicing how to use the tools contained in BackTrack and Kali Linux is important. At the same time, it may not be a safe idea to practice on your company's production network without authorization. One solution is to create a virtual environment that includes Backtrack or Kali (or both), as well as host machines that can interact with each other in a sandbox without needing to access the live production network. In this video, Keith demonstrates how to add a new host to Virtualbox, as well as use a pre-defined virtual machine named metasploitable that can be used when testing vulnerabilities.
Detecting Rootkits
A rootkit is software (normally malware of some kind) that provides unauthorized access to the computer for the attacker. A rootkit can be placed via a remote exploit or by physically running software at the computer. In this video, Keith demonstrates two software tools that can be used in a Linux environment to detect if a rootkit is running. Commands used in this video are available in the NuggetLab download area.

No Bookmarks

BackTrack and Kali Linux provide easy access to an extensive collection of security-related tools ranging from port scanners to Security Audit.

Recommended skills:
  • Virtualization (VirtualBox or VMware)
  • Wireshark Packet Capture software
  • GNS3
  • Linux
  • IPv4 and IPv6 networking (Network+, Juniper JNCIA or Cisco CCNA) or similar equivalent experience

Recommended equipment:
  • Virtualization software such as Virtual Box, or VMware. Dedicated hardware could be used instead of a virtual environment to run BackTrack or Kali Linux. A BackTrack/Kali supported wireless network card would also be needed to practice and use the wireless related tools.

Related certifications:
  • CEH
  • CCNA Security
  • CCNP Security
  • Check Point CCSA/CCSE
  • Juniper security certifications

Related job functions:
  • System, Network, and/or Web Penetration Tester
  • Security Architect
  • Network Security Engineer
  • Security Analyst
  • Computer Crime Investigator
  • CISO/ISO or Director of Security
  • Application Penetration Tester
  • Intrusion Analyst
  • Vulnerability Researcher/ Exploit Developer
  • Security Auditor
  • Security-savvy Software Developer

BackTrack is a Linux distribution designed by Jason Dennis based on the Ubuntu Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack and released it under the name Kali Linux.

Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution. Kali Linux Features a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged.

This course addresses both platforms and focuses on using the tools of BackTrack/Kali Linux for authorized penetration testing and vulnerability analysis for both wired and wireless networks. None of these tools should be used in any unauthorized, unlawful or harmful ways.

Welcome to the Tools of BackTrack and Kali Linux

00:00:00 - Hi.
00:00:01 - I'm Keith Barker.
00:00:02 - And on behalf of the entire CBT Nuggets family, I'd like
00:00:05 - to welcome you to the tool sets of
00:00:07 - BackTrack and Kali Linux.
00:00:09 - In this introduction, I'm going to share with you a
00:00:11 - couple of critical things, including how to get the
00:00:13 - absolute most out of the series and how to keep safe.
00:00:16 - Let's begin.
00:00:17 - I am very excited about the idea of you joining me in this
00:00:22 - BackTrack Kali Linux series.
00:00:24 - When I talk about BackTrack with individuals, a lot of
00:00:27 - times people have never even heard of it, which is really
00:00:29 - surprising to me.
00:00:30 - BackTrack and its replacement, Kali Linux, have literally
00:00:34 - hundreds of hacking and penetration testing
00:00:36 - tools all built in.
00:00:38 - So you basically install the BackTrack or the Kali, and the
00:00:41 - tools are just ready to go.
00:00:43 - Now I want to share with you a word of caution with using any
00:00:46 - type of hacking or penetration testing tools.
00:00:49 - Let's imagine that there's a young man who's 22 years old,
00:00:53 - and he has his hands on BackTrack or Kali Linux.
00:00:55 - And he takes one of the tools, or many of the tools, and
00:00:58 - launches them.
00:00:59 - And, whether he intended to or not, let's say he disrupts the
00:01:03 - business, steals information, or causes damage to a public
00:01:07 - network or to a public company, or even to his
00:01:10 - private company.
00:01:11 - What is going to be the impact, negative impact, to
00:01:14 - that person if he is caught as the
00:01:17 - perpetrator of that attack?
00:01:19 - And the answer is never anything good.
00:01:22 - That's going to be a very, very bad situation.
00:01:24 - So I want to make sure, right off the top, that we make sure
00:01:27 - that we're going to use these tools for White Hat use only.
00:01:30 - And you might say, well, Keith, exactly what does that
00:01:32 - mean, White Hat use?
00:01:33 - Does that mean I have to put on a white hat every time
00:01:35 - we're going to use these tools?
00:01:36 - And the answer is, not a physical white hat, but a
00:01:39 - logical White Hat.
00:01:40 - A White Hat is an individual who is going to use the tools
00:01:44 - only in an authorized manner, meaning you've got explicit
00:01:47 - authorization to do exactly the tests and the penetration
00:01:50 - testing tools you're going to be using, or they're on their
00:01:53 - own private network and never going to touch, bother,
00:01:56 - damage, or disturb anything outside of their own private
00:02:00 - network that they're completely in control of.
00:02:03 - So that would be White Hat use.
00:02:04 - The far extreme of that, which would get you into trouble,
00:02:07 - very likely, is Black Hat.
00:02:09 - And that's where you use the tools to do malicious things
00:02:13 - to networks where you're not authorized.
00:02:15 - We want to stay completely away from Black Hat.
00:02:18 - And Gray Hat is everything else that's not
00:02:21 - really clearly defined.
00:02:22 - So I would encourage you to stick with only White Hat use
00:02:26 - on authorized networks where you are in control or
00:02:29 - authorized for the specific tools
00:02:31 - you're going to be using.
00:02:32 - And if you're not sure if you're authorized or not to
00:02:35 - run a specific tool, don't run it.
00:02:38 - If you do anything that is illegal or not authorized,
00:02:43 - it's completely on you.
00:02:45 - And I would strongly recommend you completely avoid any of
00:02:48 - that activity.
00:02:49 - This series is intended for individuals who, at a bare
00:02:52 - minimum, understand network fundamentals.
00:02:55 - For example, if I said to you, hey, what is an IP subnet?
00:02:59 - How does DHCP work?
00:03:00 - What is ARP?
00:03:01 - What's the difference between IP version 4 and IP version 6?
00:03:04 - A person should be able to at least understand those
00:03:07 - concepts before they ever start attempting to use attack
00:03:12 - or penetration testing tools there are
00:03:14 - covered in this series.
00:03:15 - So there's lots of great resources for those
00:03:18 - fundamentals, like Network Plus, and Cisco, and HP, and
00:03:21 - Juniper have entry-level courses in training.
00:03:24 - I would strongly recommend you have a solid understanding of
00:03:27 - the fundamentals of the network before you start
00:03:30 - approaching tools that could be used for penetration
00:03:33 - testing and hacking against those networks and systems.
00:03:37 - To emphasize it one more time, we only want to use any of
00:03:40 - these tools in an authorized environment only.
00:03:43 - For example, let's say you and I get hired to go into a
00:03:45 - company and to do penetration testing and vulnerability
00:03:49 - assessment.
00:03:50 - And when we walk in, we're just not going to open up the
00:03:52 - entire toolkit and start launching everything.
00:03:54 - We are going to have requirements and guidelines of
00:03:57 - what we're allowed to do and not do.
00:03:59 - So even in those environments, where you have specific
00:04:02 - authorization to do some tools, it doesn't mean you get
00:04:05 - to do everything.
00:04:06 - You have to stay within the guidelines that you're
00:04:08 - explicitly authorized to do.
00:04:10 - Any time you or I step outside the lines of what we are
00:04:15 - authorized to do, we are putting ourselves at risk,
00:04:18 - which is never a good idea.
00:04:19 - So stay safe.
00:04:21 - At the end of the day, the major benefit of using these
00:04:24 - tools in a positive, authorized way is to improve
00:04:27 - the overall security posture for a network.
00:04:30 - For example, let's say we have a company.
00:04:32 - They have a network.
00:04:33 - It's in place.
00:04:33 - They've put in the correct controls, the technical
00:04:36 - controls, access list, authorization, authentication,
00:04:39 - all that stuff.
00:04:40 - And they think it's set.
00:04:41 - Then they hire a third-party company to come in.
00:04:44 - They have that third-party company run a certain set of
00:04:47 - penetration testing tools within guidelines, just to
00:04:49 - verify that the defense mechanisms that they currently
00:04:52 - have in place are enough.
00:04:54 - And if they're not, they get the results from the
00:04:56 - penetration testing, and they can make changes to improve
00:04:59 - their security, again, with the goal of making sure we
00:05:02 - have the best fortress of security
00:05:04 - possible for that network.
00:05:06 - To get the absolute most out of this series, I would
00:05:09 - strongly recommend, to stay out of trouble and to have the
00:05:12 - opportunity to practice these commands, build an isolated--
00:05:16 - meaning not connected to the rest of the network--
00:05:19 - build a test network where you can go ahead and practice.
00:05:21 - And it can be a physical network, completely separate,
00:05:24 - or you can do it virtualized.
00:05:25 - You can have a virtual network living inside your host
00:05:28 - computer, again, keeping it separate from the outside
00:05:31 - world so that none of your attacks will accidentally leak
00:05:35 - out to any production networks.
00:05:37 - Once we have that test network in place, the secret to
00:05:40 - becoming good with these tools is to practice, practice,
00:05:44 - practice in that isolated area, that test network that
00:05:47 - we've created.
00:05:48 - Now here's something that I've discovered
00:05:49 - many, many years ago.
00:05:50 - If I'm reading a book or watching a video, and I try
00:05:53 - out a command myself, a lot of times, I might have a typo, I
00:05:57 - might miss a switch or an option in the command line,
00:06:00 - and so the command doesn't work.
00:06:01 - Very, very frustrating.
00:06:02 - So here's what I've done.
00:06:03 - For many of the videos, I've overlaid the actual commands
00:06:06 - I'm using in bigger fonts.
00:06:08 - So if you're on a smaller viewing device, you can
00:06:10 - actually see the commands.
00:06:11 - And check this out.
00:06:12 - I've also included, for many of the
00:06:14 - videos, Nuggetlab files.
00:06:16 - And these Nuggetlab files are the commands that
00:06:18 - I'm actually issuing.
00:06:19 - So if you wanted to, in your sandbox test environment,
00:06:23 - practice those same exact commands, you could download,
00:06:25 - from the Nuggetlab download area, those files.
00:06:29 - And that way, you could verify the actual commands by looking
00:06:31 - at the file.
00:06:32 - Or if you wanted to copy paste, you
00:06:33 - could do that as well.
00:06:35 - And this last bullet.
00:06:36 - Just as a reminder, please only use these tools in an
00:06:39 - authorized way.
00:06:40 - And if you're not sure, you're not sure if you're authorized
00:06:43 - to use a tool, or you're not sure what damage it will
00:06:45 - cause, the answer is don't run it.
00:06:48 - Stay on the correct side of the line.
00:06:50 - Keep yourself out of trouble.
00:06:52 - And only use any of these tools in an authorized manner.
00:06:56 - With these safety guidelines in place, I am so looking
00:06:59 - forward to enjoying this time with you in this series.
00:07:01 - We're going to have a blast.
00:07:02 - I hope this has been informative for you.
00:07:05 - And I'd like to thank you for viewing.

What is BackTrack?

Install BT on a Virtual Machine

Connecting to the Network

Updating S/W and Using Integrated Help

BT Wireless TX Power

Uncovering Hidden SSIDs

Bypassing MAC Address Filters

Breaking WPA2 Wireless

Rogue Wireless Access Points

Wireless Mis-Association Attacks

MITM Using Wireless Bridging

Nmap: King of Scanners

DHCP Starvation

Vote for BT - as the new STP Root Bridge

CDP Flooding

Taking over HSRP

DTP and 802.1q Attacks

ARP Spoofing MITM

Metasploit Framework

PWNing a System with MSF

Creating a "Pivot Point"

Social-Engineer Toolkit (SET)

Ettercap and Xplico

DNS Spoofing



Kali Linux

Burp Suite

Raspberry Pi & Kali Linux




IPv6 THC Tools

Custom Password Lists

Hashes and Cracking Passwords

Rainbow Tables and Ophcrack


Virtual Test Environment

Detecting Rootkits

This forum is for community use – trainers will not participate in conversations. Share your thoughts on training content and engage with other members of the CBT Nuggets community. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Community Standards

We encourage you to share your wisdom, opinions, and questions with the CBT Nuggets community. To keep things civil, we have established the following policy.

We reserve the right not to post comments that:
contain obscene, indecent, or profane language; contain threats or defamatory statements; contain personal attacks; contain hate speech directed at race, color, sex, sexual orientation, national origin, ethnicity, age, religion, or disability; contributes to a hostile atmosphere; or promotes or endorses services or products. Non-commercial links, if relevant to the topic, are acceptable. Comments are not moderated, however, all comments will automatically be filtered for content that might violate our comment policies. If your comment is flagged by our filter, it will not be published.

We will be continually monitoring published comments and any content that violates our policies will be removed. Users who repeatedly violate our comments policy may be prohibited from commenting.
Keith Barker

Keith Barker

CBT Nuggets Trainer

Cisco CCDP, CCIE Security, CCIE Routing & Switching; Juniper JNCIS-ENT, JNCIS-SP; Brocade BCNP ; HP-MASE; (ISC)2 CISSP; CompTIA Network+, Security+

Area of Expertise:
Cisco, security, networking, bitcoin. Author or coauthor of: CCNA Security 640-554 Official Cert Guide; CCNP Security IPS 642-627 Official Cert Guide; CCNA Security 640-554 Official Cert Guide, and many more.

Course Features

Speed Control

Play videos at a faster or slower pace.


Pick up where you left off watching a video.


Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.

MP3 Downloads

Listen to videos anytime, anywhere


Files/materials that supplement the video training
Your browser cannot access Virtual Labs
Add training to a playlist
or create a new list
Add to current playlist
or add to an existing list
Add to new playlist