Red Team 101: Understanding Kali Linux

Your security environment is complicated. You’re invested in multiple security tools – antivirus, firewalls, IDS, IPS, SIEM, DLP, and more. If you haven’t invested in a red team, however, you’re doing security wrong.  How could you know that your expensive defenses are working unless you’ve tested them out?

Sponsorships Available

A red team is a great way to test your defenses. In brief, a red team is a small group of employees whose job is to try to hack into your organization, understand its vulnerabilities, and then help you patch them up. Think of them as your in-house penetration testers, with some added advantages:

• Red teams can be assembled from your pre-existing IT and information security personnel – no need to hire an expensive outside consultant.
• Because of this, red teams can test more often than expensive outside consultants.
• Lastly, red team members are intimately familiar with your security. They helped build your defenses, so they may be better at breaking them.

Several companies hire full-time employees specifically to comprise a red team, but here we’ll assume that you’re pulling members of your IT staff to form a red team on a part-time, ad-hoc basis. If this is the case, then some of your potential red team members may need some training. Hence, Kali Linux.

What is Kali Linux, and Why is it Important?

Kali Linux is one of the foundational tools used by pen testers and fledgling red teams. Essentially, it’s an open-source Linux distribution that’s been optimized with built-in tools designed to break open networks. It can be installed on a dedicated endpoint, run from a USB, or hosted on a VM – it can even be downloaded as a smartphone app. Due to its power and flexibility, it makes an excellent tool for both new and experienced testers alike.

In particular, Kali Linux is specialized for several major approaches:

• Identifying and breaching vulnerable WiFi networks
  Vulnerable wireless networks are a huge liability for many companies. Kali Linux gives you the tools to identify any insecure access points. Built-in programs such as Wireshark will let users find access points that are unpatched or unencrypted, and other tools will help you find out if those access points pose a danger to your wider network.

• Attacking vulnerable databases
  Tools like sqlmap let red team members find your vulnerable databases and whether it’s possible to exploit them. The red team may be able to find the database management system behind your website or application, map your databases, and extract valuable data.

• Active reconnaissance
  If someone maps your network, it’s usually the prelude to an attack. Your IDS/IPS systems are designed to catch this initial reconnaissance phase before it escalates. Kali Linux contains tools that determine the effectiveness of your IDS/IPS. Tools like nmap can sneak by some applications, timing their pings below the threshold of suspicious activity.

Many organizations have been embarrassed to find that testers using Kali Linux can break into most of your protected databases and networks using step-by-step tutorials designed for children and teenagers.

What to do Next?

The genius of Kali Linus isn’t that it’s a sophisticated hacking tool. Rather, it contains hundreds of preconfigured hacking tools found throughout the internet. Installing and configuring any single one of these tools can be a journey unto itself – the major benefit of Kali Linux is that it does this work for you while running on nearly any endpoint that you could think of.

Over the next few weeks, we’ll go in-depth on the various tools contained within Kali Linux and other popular red team applications. In the meantime, if you begin to discover vulnerabilities within your critical systems, your first next step is remediation. Contact Safe-T to learn more about how our solutions protect and mitigate common vulnerabilities found in enterprises, small businesses, and governments alike.