00:00:00 - Hi.
00:00:01 - I'm Keith Barker.
00:00:02 - And on behalf of the entire CBT
Nuggets family, I'd like
00:00:05 - to welcome you to
the tool sets of
00:00:07 - BackTrack and Kali Linux.
00:00:09 - In this introduction, I'm going
to share with you a
00:00:11 - couple of critical things,
including how to get the
00:00:13 - absolute most out of the series
and how to keep safe.
00:00:16 - Let's begin.
00:00:17 - I am very excited about the idea
of you joining me in this
00:00:22 - BackTrack Kali Linux series.
00:00:24 - When I talk about BackTrack
with individuals, a lot of
00:00:27 - times people have never even
heard of it, which is really
00:00:29 - surprising to me.
00:00:30 - BackTrack and its replacement,
Kali Linux, have literally
00:00:34 - hundreds of hacking and
00:00:36 - tools all built in.
00:00:38 - So you basically install the
BackTrack or the Kali, and the
00:00:41 - tools are just ready to go.
00:00:43 - Now I want to share with you a
word of caution with using any
00:00:46 - type of hacking or penetration
00:00:49 - Let's imagine that there's a
young man who's 22 years old,
00:00:53 - and he has his hands on
BackTrack or Kali Linux.
00:00:55 - And he takes one of the tools,
or many of the tools, and
00:00:58 - launches them.
00:00:59 - And, whether he intended to or
not, let's say he disrupts the
00:01:03 - business, steals information,
or causes damage to a public
00:01:07 - network or to a public company,
or even to his
00:01:10 - private company.
00:01:11 - What is going to be the impact,
negative impact, to
00:01:14 - that person if he
is caught as the
00:01:17 - perpetrator of that attack?
00:01:19 - And the answer is never
00:01:22 - That's going to be a very,
very bad situation.
00:01:24 - So I want to make sure, right
off the top, that we make sure
00:01:27 - that we're going to use these
tools for White Hat use only.
00:01:30 - And you might say, well, Keith,
exactly what does that
00:01:32 - mean, White Hat use?
00:01:33 - Does that mean I have to put
on a white hat every time
00:01:35 - we're going to use
00:01:36 - And the answer is, not a
physical white hat, but a
00:01:39 - logical White Hat.
00:01:40 - A White Hat is an individual who
is going to use the tools
00:01:44 - only in an authorized manner,
meaning you've got explicit
00:01:47 - authorization to do exactly the
tests and the penetration
00:01:50 - testing tools you're going to be
using, or they're on their
00:01:53 - own private network and never
going to touch, bother,
00:01:56 - damage, or disturb anything
outside of their own private
00:02:00 - network that they're completely
in control of.
00:02:03 - So that would be
White Hat use.
00:02:04 - The far extreme of that, which
would get you into trouble,
00:02:07 - very likely, is Black Hat.
00:02:09 - And that's where you use the
tools to do malicious things
00:02:13 - to networks where you're
00:02:15 - We want to stay completely
away from Black Hat.
00:02:18 - And Gray Hat is everything
else that's not
00:02:21 - really clearly defined.
00:02:22 - So I would encourage you to
stick with only White Hat use
00:02:26 - on authorized networks where
you are in control or
00:02:29 - authorized for the
00:02:31 - you're going to be using.
00:02:32 - And if you're not sure if you're
authorized or not to
00:02:35 - run a specific tool,
don't run it.
00:02:38 - If you do anything that is
illegal or not authorized,
00:02:43 - it's completely on you.
00:02:45 - And I would strongly recommend
you completely avoid any of
00:02:48 - that activity.
00:02:49 - This series is intended for
individuals who, at a bare
00:02:52 - minimum, understand network
00:02:55 - For example, if I said to you,
hey, what is an IP subnet?
00:02:59 - How does DHCP work?
00:03:00 - What is ARP?
00:03:01 - What's the difference between IP
version 4 and IP version 6?
00:03:04 - A person should be able to
at least understand those
00:03:07 - concepts before they ever start
attempting to use attack
00:03:12 - or penetration testing
tools there are
00:03:14 - covered in this series.
00:03:15 - So there's lots of great
resources for those
00:03:18 - fundamentals, like Network Plus,
and Cisco, and HP, and
00:03:21 - Juniper have entry-level
courses in training.
00:03:24 - I would strongly recommend you
have a solid understanding of
00:03:27 - the fundamentals of the network
before you start
00:03:30 - approaching tools that could
be used for penetration
00:03:33 - testing and hacking against
those networks and systems.
00:03:37 - To emphasize it one more time,
we only want to use any of
00:03:40 - these tools in an authorized
00:03:43 - For example, let's say you and
I get hired to go into a
00:03:45 - company and to do penetration
testing and vulnerability
00:03:49 - assessment.
00:03:50 - And when we walk in, we're just
not going to open up the
00:03:52 - entire toolkit and start
00:03:54 - We are going to have
requirements and guidelines of
00:03:57 - what we're allowed
to do and not do.
00:03:59 - So even in those environments,
where you have specific
00:04:02 - authorization to do some tools,
it doesn't mean you get
00:04:05 - to do everything.
00:04:06 - You have to stay within the
guidelines that you're
00:04:08 - explicitly authorized to do.
00:04:10 - Any time you or I step outside
the lines of what we are
00:04:15 - authorized to do, we are putting
ourselves at risk,
00:04:18 - which is never a good idea.
00:04:19 - So stay safe.
00:04:21 - At the end of the day, the major
benefit of using these
00:04:24 - tools in a positive, authorized
way is to improve
00:04:27 - the overall security posture
for a network.
00:04:30 - For example, let's say
we have a company.
00:04:32 - They have a network.
00:04:33 - It's in place.
00:04:33 - They've put in the correct
controls, the technical
00:04:36 - controls, access list,
00:04:39 - all that stuff.
00:04:40 - And they think it's set.
00:04:41 - Then they hire a third-party
company to come in.
00:04:44 - They have that third-party
company run a certain set of
00:04:47 - penetration testing tools within
guidelines, just to
00:04:49 - verify that the defense
mechanisms that they currently
00:04:52 - have in place are enough.
00:04:54 - And if they're not, they get
the results from the
00:04:56 - penetration testing, and they
can make changes to improve
00:04:59 - their security, again, with
the goal of making sure we
00:05:02 - have the best fortress
00:05:04 - possible for that network.
00:05:06 - To get the absolute most out
of this series, I would
00:05:09 - strongly recommend, to stay out
of trouble and to have the
00:05:12 - opportunity to practice these
commands, build an isolated--
00:05:16 - meaning not connected to the
rest of the network--
00:05:19 - build a test network where you
can go ahead and practice.
00:05:21 - And it can be a physical
network, completely separate,
00:05:24 - or you can do it virtualized.
00:05:25 - You can have a virtual network
living inside your host
00:05:28 - computer, again, keeping it
separate from the outside
00:05:31 - world so that none of your
attacks will accidentally leak
00:05:35 - out to any production
00:05:37 - Once we have that test network
in place, the secret to
00:05:40 - becoming good with these tools
is to practice, practice,
00:05:44 - practice in that isolated area,
that test network that
00:05:47 - we've created.
00:05:48 - Now here's something that
00:05:49 - many, many years ago.
00:05:50 - If I'm reading a book or
watching a video, and I try
00:05:53 - out a command myself, a lot of
times, I might have a typo, I
00:05:57 - might miss a switch or an option
in the command line,
00:06:00 - and so the command
00:06:01 - Very, very frustrating.
00:06:02 - So here's what I've done.
00:06:03 - For many of the videos, I've
overlaid the actual commands
00:06:06 - I'm using in bigger fonts.
00:06:08 - So if you're on a smaller
viewing device, you can
00:06:10 - actually see the commands.
00:06:11 - And check this out.
00:06:12 - I've also included,
for many of the
00:06:14 - videos, Nuggetlab files.
00:06:16 - And these Nuggetlab files
are the commands that
00:06:18 - I'm actually issuing.
00:06:19 - So if you wanted to, in your
sandbox test environment,
00:06:23 - practice those same exact
commands, you could download,
00:06:25 - from the Nuggetlab download
area, those files.
00:06:29 - And that way, you could verify
the actual commands by looking
00:06:31 - at the file.
00:06:32 - Or if you wanted to
copy paste, you
00:06:33 - could do that as well.
00:06:35 - And this last bullet.
00:06:36 - Just as a reminder, please only
use these tools in an
00:06:39 - authorized way.
00:06:40 - And if you're not sure, you're
not sure if you're authorized
00:06:43 - to use a tool, or you're not
sure what damage it will
00:06:45 - cause, the answer
is don't run it.
00:06:48 - Stay on the correct
side of the line.
00:06:50 - Keep yourself out of trouble.
00:06:52 - And only use any of these tools
in an authorized manner.
00:06:56 - With these safety guidelines
in place, I am so looking
00:06:59 - forward to enjoying this time
with you in this series.
00:07:01 - We're going to have a blast.
00:07:02 - I hope this has been informative
00:07:05 - And I'd like to thank
you for viewing.