Penetration Testing with Linux Tools

by Keith Barker

Total Videos : 40 Course Duration: 11:15:41
1. Welcome to the Tools of BackTrack and Kali Linux (00:07:08)
2. What is BackTrack? (00:04:00)
3. Install BT on a Virtual Machine (00:13:12)
4. Connecting to the Network (00:17:22)
5. Updating S/W and Using Integrated Help (00:07:18)
6. BT Wireless TX Power (00:10:06)
7. Uncovering Hidden SSIDs (00:12:03)
8. Bypassing MAC Address Filters (00:14:26)
9. Breaking WPA2 Wireless (00:10:07)
10. Rogue Wireless Access Points (00:23:59)
11. Wireless Mis-Association Attacks (00:15:39)
12. MITM Using Wireless Bridging (00:16:15)
13. Nmap: King of Scanners (00:36:31)
14. DHCP Starvation (00:12:01)
15. Vote for BT - as the new STP Root Bridge (00:19:27)
16. CDP Flooding (00:14:34)
17. Taking over HSRP (00:07:05)
18. DTP and 802.1q Attacks (00:22:14)
19. ARP Spoofing MITM (00:16:20)
20. Metasploit Framework (00:19:30)
21. PWNing a System with MSF (00:26:22)
22. Creating a "Pivot Point" (00:18:15)
23. Social-Engineer Toolkit (SET) (00:20:37)
24. Ettercap and Xplico (00:18:36)
25. DNS Spoofing (00:13:11)
26. Hydra (00:22:31)
27. Maltego (00:14:21)
28. Kali Linux (00:15:09)
29. Burp Suite (00:14:02)
30. Raspberry Pi & Kali Linux (00:17:44)
31. Scapy (00:23:16)
32. Hping3 (00:28:24)
33. Parasite6 (00:14:46)
34. IPv6 THC Tools (00:28:19)
35. Custom Password Lists (00:13:21)
36. Hashes and Cracking Passwords (00:18:14)
37. Rainbow Tables and Ophcrack (00:14:50)
38. Wireshark (00:23:33)
39. Virtual Test Environment (00:19:48)
40. Detecting Rootkits (00:11:05)
This course with Keith Barker offers training on BackTrack and Kali Linux, which provides easy access to an extensive collection of security-related tools ranging from port scanners to Security Audit.

Related Area of Expertise:
  • IT Security

Recommended skills:
  • Virtualization (VirtualBox or VMware)
  • Wireshark Packet Capture software
  • GNS3
  • Linux
  • IPv4 and IPv6 networking (Network+, Juniper JNCIA or Cisco CCNA) or similar equivalent experience

Recommended equipment:
  • Virtualization software such as Virtual Box, or VMware. Dedicated hardware could be used instead of a virtual environment to run BackTrack or Kali Linux. A BackTrack/Kali supported wireless network card would also be needed to practice and use the wireless related tools.

Related certifications:
  • CEH
  • CCNA Security
  • CCNP Security
  • Check Point CCSA/CCSE
  • Juniper security certifications

Related job functions:
  • System, Network, and/or Web Penetration Tester
  • Security Architect
  • Network Security Engineer
  • Security Analyst
  • Computer Crime Investigator
  • CISO/ISO or Director of Security
  • Application Penetration Tester
  • Intrusion Analyst
  • Vulnerability Researcher/ Exploit Developer
  • Security Auditor
  • Security-savvy Software Developer

BackTrack is a Linux distribution designed by Jason Dennis based on the Ubuntu Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack and released it under the name Kali Linux.

Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution. Kali Linux Features a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged.

This course addresses both platforms and focuses on using the tools of BackTrack/Kali Linux for authorized penetration testing and vulnerability analysis for both wired and wireless networks. None of these tools should be used in any unauthorized, unlawful or harmful ways.

Welcome to the Tools of BackTrack and Kali Linux

00:00:00 - Hi.
00:00:01 - I'm Keith Barker.
00:00:02 - And on behalf of the entire CBT Nuggets family, I'd like
00:00:05 - to welcome you to the tool sets of
00:00:07 - BackTrack and Kali Linux.
00:00:09 - In this introduction, I'm going to share with you a
00:00:11 - couple of critical things, including how to get the
00:00:13 - absolute most out of the series and how to keep safe.
00:00:16 - Let's begin.
00:00:17 - I am very excited about the idea of you joining me in this
00:00:22 - BackTrack Kali Linux series.
00:00:24 - When I talk about BackTrack with individuals, a lot of
00:00:27 - times people have never even heard of it, which is really
00:00:29 - surprising to me.
00:00:30 - BackTrack and its replacement, Kali Linux, have literally
00:00:34 - hundreds of hacking and penetration testing
00:00:36 - tools all built in.
00:00:38 - So you basically install the BackTrack or the Kali, and the
00:00:41 - tools are just ready to go.
00:00:43 - Now I want to share with you a word of caution with using any
00:00:46 - type of hacking or penetration testing tools.
00:00:49 - Let's imagine that there's a young man who's 22 years old,
00:00:53 - and he has his hands on BackTrack or Kali Linux.
00:00:55 - And he takes one of the tools, or many of the tools, and
00:00:58 - launches them.
00:00:59 - And, whether he intended to or not, let's say he disrupts the
00:01:03 - business, steals information, or causes damage to a public
00:01:07 - network or to a public company, or even to his
00:01:10 - private company.
00:01:11 - What is going to be the impact, negative impact, to
00:01:14 - that person if he is caught as the
00:01:17 - perpetrator of that attack?
00:01:19 - And the answer is never anything good.
00:01:22 - That's going to be a very, very bad situation.
00:01:24 - So I want to make sure, right off the top, that we make sure
00:01:27 - that we're going to use these tools for White Hat use only.
00:01:30 - And you might say, well, Keith, exactly what does that
00:01:32 - mean, White Hat use?
00:01:33 - Does that mean I have to put on a white hat every time
00:01:35 - we're going to use these tools?
00:01:36 - And the answer is, not a physical white hat, but a
00:01:39 - logical White Hat.
00:01:40 - A White Hat is an individual who is going to use the tools
00:01:44 - only in an authorized manner, meaning you've got explicit
00:01:47 - authorization to do exactly the tests and the penetration
00:01:50 - testing tools you're going to be using, or they're on their
00:01:53 - own private network and never going to touch, bother,
00:01:56 - damage, or disturb anything outside of their own private
00:02:00 - network that they're completely in control of.
00:02:03 - So that would be White Hat use.
00:02:04 - The far extreme of that, which would get you into trouble,
00:02:07 - very likely, is Black Hat.
00:02:09 - And that's where you use the tools to do malicious things
00:02:13 - to networks where you're not authorized.
00:02:15 - We want to stay completely away from Black Hat.
00:02:18 - And Gray Hat is everything else that's not
00:02:21 - really clearly defined.
00:02:22 - So I would encourage you to stick with only White Hat use
00:02:26 - on authorized networks where you are in control or
00:02:29 - authorized for the specific tools
00:02:31 - you're going to be using.
00:02:32 - And if you're not sure if you're authorized or not to
00:02:35 - run a specific tool, don't run it.
00:02:38 - If you do anything that is illegal or not authorized,
00:02:43 - it's completely on you.
00:02:45 - And I would strongly recommend you completely avoid any of
00:02:48 - that activity.
00:02:49 - This series is intended for individuals who, at a bare
00:02:52 - minimum, understand network fundamentals.
00:02:55 - For example, if I said to you, hey, what is an IP subnet?
00:02:59 - How does DHCP work?
00:03:00 - What is ARP?
00:03:01 - What's the difference between IP version 4 and IP version 6?
00:03:04 - A person should be able to at least understand those
00:03:07 - concepts before they ever start attempting to use attack
00:03:12 - or penetration testing tools there are
00:03:14 - covered in this series.
00:03:15 - So there's lots of great resources for those
00:03:18 - fundamentals, like Network Plus, and Cisco, and HP, and
00:03:21 - Juniper have entry-level courses in training.
00:03:24 - I would strongly recommend you have a solid understanding of
00:03:27 - the fundamentals of the network before you start
00:03:30 - approaching tools that could be used for penetration
00:03:33 - testing and hacking against those networks and systems.
00:03:37 - To emphasize it one more time, we only want to use any of
00:03:40 - these tools in an authorized environment only.
00:03:43 - For example, let's say you and I get hired to go into a
00:03:45 - company and to do penetration testing and vulnerability
00:03:49 - assessment.
00:03:50 - And when we walk in, we're just not going to open up the
00:03:52 - entire toolkit and start launching everything.
00:03:54 - We are going to have requirements and guidelines of
00:03:57 - what we're allowed to do and not do.
00:03:59 - So even in those environments, where you have specific
00:04:02 - authorization to do some tools, it doesn't mean you get
00:04:05 - to do everything.
00:04:06 - You have to stay within the guidelines that you're
00:04:08 - explicitly authorized to do.
00:04:10 - Any time you or I step outside the lines of what we are
00:04:15 - authorized to do, we are putting ourselves at risk,
00:04:18 - which is never a good idea.
00:04:19 - So stay safe.
00:04:21 - At the end of the day, the major benefit of using these
00:04:24 - tools in a positive, authorized way is to improve
00:04:27 - the overall security posture for a network.
00:04:30 - For example, let's say we have a company.
00:04:32 - They have a network.
00:04:33 - It's in place.
00:04:33 - They've put in the correct controls, the technical
00:04:36 - controls, access list, authorization, authentication,
00:04:39 - all that stuff.
00:04:40 - And they think it's set.
00:04:41 - Then they hire a third-party company to come in.
00:04:44 - They have that third-party company run a certain set of
00:04:47 - penetration testing tools within guidelines, just to
00:04:49 - verify that the defense mechanisms that they currently
00:04:52 - have in place are enough.
00:04:54 - And if they're not, they get the results from the
00:04:56 - penetration testing, and they can make changes to improve
00:04:59 - their security, again, with the goal of making sure we
00:05:02 - have the best fortress of security
00:05:04 - possible for that network.
00:05:06 - To get the absolute most out of this series, I would
00:05:09 - strongly recommend, to stay out of trouble and to have the
00:05:12 - opportunity to practice these commands, build an isolated--
00:05:16 - meaning not connected to the rest of the network--
00:05:19 - build a test network where you can go ahead and practice.
00:05:21 - And it can be a physical network, completely separate,
00:05:24 - or you can do it virtualized.
00:05:25 - You can have a virtual network living inside your host
00:05:28 - computer, again, keeping it separate from the outside
00:05:31 - world so that none of your attacks will accidentally leak
00:05:35 - out to any production networks.
00:05:37 - Once we have that test network in place, the secret to
00:05:40 - becoming good with these tools is to practice, practice,
00:05:44 - practice in that isolated area, that test network that
00:05:47 - we've created.
00:05:48 - Now here's something that I've discovered
00:05:49 - many, many years ago.
00:05:50 - If I'm reading a book or watching a video, and I try
00:05:53 - out a command myself, a lot of times, I might have a typo, I
00:05:57 - might miss a switch or an option in the command line,
00:06:00 - and so the command doesn't work.
00:06:01 - Very, very frustrating.
00:06:02 - So here's what I've done.
00:06:03 - For many of the videos, I've overlaid the actual commands
00:06:06 - I'm using in bigger fonts.
00:06:08 - So if you're on a smaller viewing device, you can
00:06:10 - actually see the commands.
00:06:11 - And check this out.
00:06:12 - I've also included, for many of the
00:06:14 - videos, Nuggetlab files.
00:06:16 - And these Nuggetlab files are the commands that
00:06:18 - I'm actually issuing.
00:06:19 - So if you wanted to, in your sandbox test environment,
00:06:23 - practice those same exact commands, you could download,
00:06:25 - from the Nuggetlab download area, those files.
00:06:29 - And that way, you could verify the actual commands by looking
00:06:31 - at the file.
00:06:32 - Or if you wanted to copy paste, you
00:06:33 - could do that as well.
00:06:35 - And this last bullet.
00:06:36 - Just as a reminder, please only use these tools in an
00:06:39 - authorized way.
00:06:40 - And if you're not sure, you're not sure if you're authorized
00:06:43 - to use a tool, or you're not sure what damage it will
00:06:45 - cause, the answer is don't run it.
00:06:48 - Stay on the correct side of the line.
00:06:50 - Keep yourself out of trouble.
00:06:52 - And only use any of these tools in an authorized manner.
00:06:56 - With these safety guidelines in place, I am so looking
00:06:59 - forward to enjoying this time with you in this series.
00:07:01 - We're going to have a blast.
00:07:02 - I hope this has been informative for you.
00:07:05 - And I'd like to thank you for viewing.

What is BackTrack?

Install BT on a Virtual Machine

Connecting to the Network

Updating S/W and Using Integrated Help

BT Wireless TX Power

Uncovering Hidden SSIDs

Bypassing MAC Address Filters

Breaking WPA2 Wireless

Rogue Wireless Access Points

Wireless Mis-Association Attacks

MITM Using Wireless Bridging

Nmap: King of Scanners

DHCP Starvation

Vote for BT - as the new STP Root Bridge

CDP Flooding

Taking over HSRP

DTP and 802.1q Attacks

ARP Spoofing MITM

Metasploit Framework

PWNing a System with MSF

Creating a "Pivot Point"

Social-Engineer Toolkit (SET)

Ettercap and Xplico

DNS Spoofing



Kali Linux

Burp Suite

Raspberry Pi & Kali Linux




IPv6 THC Tools

Custom Password Lists

Hashes and Cracking Passwords

Rainbow Tables and Ophcrack


Virtual Test Environment

Detecting Rootkits

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Keith Barker

Keith Barker

CBT Nuggets Trainer

Cisco CCIE Routing and Switching, Cisco CCIE Security, Cisco CCDP, HP-MASE, Brocade BCNP, (ISC)2 CISSSP, CompTIA’s Network+ and Security+, VMware VCP5-DCV, Palo Alto CNSE, Check Point CCSA

Area Of Expertise:
Cisco, security, networking, bitcoin. Author or coauthor of: CCNA Security 640-554 Official Cert Guide; CCNP Security IPS 642-627 Official Cert Guide; CCNA Security 640-554 Official Cert Guide, and many more.

Course Features

Speed Control

Play videos at a faster or slower pace.


Pick up where you left off watching a video.


Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.


Files/materials that supplement the video training

Offline Training

Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching

Develop and maintain a study plan with assistance from coaches.


Stay Connected

Get the latest updates on the subjects you choose.

  © 2015 CBT Nuggets. All rights reserved. Licensing Agreement | Billing Agreement | Privacy Policy | RSS