WEBVTT - This file was automatically generated by VIMEO 0 00:00:00.300 --> 00:00:03.500 Hello and welcome to this. Cali fundamentals lesson. 1 00:00:03.500 --> 00:00:06.600 I'm very excited to be here with you today. So we've 2 00:00:06.600 --> 00:00:10.000 gone through a lot of different things and you may be wondering when 3 00:00:09.300 --> 00:00:12.500 am I going to get to work with the tools? What am 4 00:00:12.500 --> 00:00:15.200 I going to get to see these things in action? What am 5 00:00:15.200 --> 00:00:18.200 I going to start learning about the different types of tools within the 6 00:00:18.200 --> 00:00:21.400 distribution great questions to have and today 7 00:00:21.400 --> 00:00:24.100 is that day we're going to go through a high level 8 00:00:24.100 --> 00:00:27.400 introduction of the Cali tools listing where to find 9 00:00:27.400 --> 00:00:30.300 that at and where to start looking into what each 10 00:00:30.300 --> 00:00:33.500 of these things does as it changes through the versions. Just 11 00:00:33.500 --> 00:00:36.400 keep in mind that some tools may you know disappear over 12 00:00:36.400 --> 00:00:39.400 time. So all these revisit what we're about to do here so 13 00:00:39.400 --> 00:00:42.100 that you can be current on the tools that are available to you 14 00:00:42.100 --> 00:00:45.500 for testing or any other types of purposes. So 15 00:00:45.500 --> 00:00:48.300 let's go ahead and Jump Right In I'm gonna pull over a web 16 00:00:48.300 --> 00:00:48.600 browser. 17 00:00:49.300 --> 00:00:53.400 And what we're going to do is let's go to tools dot 18 00:00:52.400 --> 00:00:55.100 Cali dot org, so 19 00:00:55.100 --> 00:00:57.900 you'll see here that they have a tools listing. 20 00:00:58.600 --> 00:01:01.300 So we'll go ahead and click into that. Now the thing that 21 00:01:01.300 --> 00:01:04.700 I love about this site is that they lay the tools out and a 22 00:01:04.700 --> 00:01:07.100 very nice orderly fashion. So if you're familiar with 23 00:01:07.100 --> 00:01:11.100 pen testing or security testing, you know information gathering vulnerability 24 00:01:10.100 --> 00:01:14.300 analysis exploitation maintaining 25 00:01:13.300 --> 00:01:16.800 access things of that nature are all 26 00:01:16.800 --> 00:01:19.600 going to be a part of doing penetration testing security 27 00:01:19.600 --> 00:01:22.700 testing Etc. Now you may not be a 28 00:01:22.700 --> 00:01:25.100 pentester. Maybe you're into forensics. They've got 29 00:01:25.100 --> 00:01:28.200 forensics tools. Maybe you need to do stress testing. Maybe you're going to do 30 00:01:28.200 --> 00:01:31.400 wireless testing or you know something of that nature so 31 00:01:31.400 --> 00:01:34.300 they have a tool in this distribution that 32 00:01:34.300 --> 00:01:37.200 could help you to meet those needs and do those things. So we 33 00:01:37.200 --> 00:01:40.300 don't want to limit ourselves to just pin testing because you may be 34 00:01:40.300 --> 00:01:43.500 seeking out the distribution for other reasons. So let's go 35 00:01:43.500 --> 00:01:46.100 ahead and jump into a few things that you may want to 36 00:01:46.100 --> 00:01:49.300 be aware of here. So they do a good job of again breaking this 37 00:01:49.300 --> 00:01:52.300 down by category. But what you can do is let's say 38 00:01:52.300 --> 00:01:55.500 that you want to look at let's just 39 00:01:55.500 --> 00:01:58.300 start from the top information gathering tools and 40 00:01:58.500 --> 00:02:01.500 And let's just say you won't know what DNS 41 00:02:01.500 --> 00:02:04.400 map does. So when you click into the link they do 42 00:02:04.400 --> 00:02:07.400 a really awesome job of giving you a description. So as 43 00:02:07.400 --> 00:02:10.400 you can see here, they've described what the tool does and 44 00:02:10.400 --> 00:02:13.400 what it is and then they give you some examples of 45 00:02:13.400 --> 00:02:16.700 what's included in the package what the tool does how to 46 00:02:16.700 --> 00:02:19.600 use it and that's consistent across every tool 47 00:02:19.600 --> 00:02:22.400 that you see here. So if you go over into 48 00:02:22.400 --> 00:02:25.100 the vulnerability analysis area here, you'll see 49 00:02:25.100 --> 00:02:28.500 they have in map now you may or may not have heard of in map, but 50 00:02:28.500 --> 00:02:29.600 when you click into it 51 00:02:30.300 --> 00:02:33.300 It gives you this very verbose description of what endmap is 52 00:02:33.300 --> 00:02:36.800 how to use it. What are some things that are included in the package? And 53 00:02:36.800 --> 00:02:39.900 so really if you've not worked with a lot of security testing 54 00:02:39.900 --> 00:02:42.800 tools or if this is your really, you know, your Baseline 55 00:02:42.800 --> 00:02:45.300 jump into security testing spend some 56 00:02:45.300 --> 00:02:48.300 time on this page learning about the different tools and what 57 00:02:48.300 --> 00:02:51.500 they do and and what's available you will always find, you 58 00:02:51.500 --> 00:02:54.000 know, some industry favorites and things of that nature. I love 59 00:02:54.500 --> 00:02:57.900 in map and map is one of my go-to's when it comes to information gathering 60 00:02:57.900 --> 00:03:00.300 vulnerability analysis doing things of 61 00:03:00.300 --> 00:03:03.300 that nature. I also have used in like that 62 00:03:03.300 --> 00:03:06.500 cone, which is great for trying to do and discover 63 00:03:06.500 --> 00:03:09.600 directory traversals and things of that nature. It's an awesome 64 00:03:09.600 --> 00:03:12.400 tool. So they've really got a lot going on here 65 00:03:12.400 --> 00:03:16.300 Wireless attacks. I'm sure you may have heard of aircraft in 66 00:03:15.300 --> 00:03:16.900 G here. 67 00:03:17.800 --> 00:03:20.700 And so each of these things is just 68 00:03:20.700 --> 00:03:23.400 in itself, you know, a wonderful resource with 69 00:03:23.400 --> 00:03:27.500 respect to the tools and learning these things is going to be Top Notch. 70 00:03:27.500 --> 00:03:30.200 And so, you know, one of the things that I also want to point out 71 00:03:30.200 --> 00:03:33.700 that you may have heard of is the Metasploit framework if you're 72 00:03:33.700 --> 00:03:36.600 going to do any type of pin testing maybe, you 73 00:03:36.600 --> 00:03:39.200 know, some in-depth security testing. This is 74 00:03:39.200 --> 00:03:42.700 definitely a tool that you're going to want to work with. There is a paid version 75 00:03:42.700 --> 00:03:45.300 of this tool offered by rapid 7, but 76 00:03:45.300 --> 00:03:48.300 the framework is available to use 77 00:03:48.300 --> 00:03:51.400 in Cali so, you know, you're going 78 00:03:51.400 --> 00:03:54.100 to want to learn how to use Metasploit if you're going 79 00:03:54.100 --> 00:03:57.200 to be a pin tester and do things in that 80 00:03:57.200 --> 00:04:00.200 nature and it has some introductory information here. I know 81 00:04:00.200 --> 00:04:04.300 that they offer a course for free on this as well, but definitely 82 00:04:03.300 --> 00:04:06.800 want to jump into looking at 83 00:04:06.800 --> 00:04:09.300 Metasploit if that's something that you plan on doing with respect 84 00:04:09.300 --> 00:04:12.300 to penetration testing and then let's 85 00:04:12.300 --> 00:04:15.600 just say you're going to work and forensics and do forensic analysis 86 00:04:15.600 --> 00:04:17.700 or something of that nature. They also have 87 00:04:17.700 --> 00:04:20.700 The number of forensic tools here. And so really 88 00:04:20.700 --> 00:04:23.000 the sky is the limit with respect to what you 89 00:04:23.200 --> 00:04:26.100 can do with Cali you can do a lot of customization with 90 00:04:26.100 --> 00:04:29.200 the distribution and things that nature but really when it 91 00:04:29.200 --> 00:04:32.400 comes to learning tools and pointing out tools 92 00:04:32.400 --> 00:04:35.400 I can teach you things about in map. I can show you things about 93 00:04:35.400 --> 00:04:38.900 not that pone in crack Johnny John the 94 00:04:38.900 --> 00:04:41.500 Ripper all of those things, but at the 95 00:04:41.500 --> 00:04:44.300 end of the day it's what's going to be beneficial to you moving 96 00:04:44.300 --> 00:04:47.400 forward. What are you trying to achieve if it's you know, 97 00:04:47.400 --> 00:04:51.000 mobile phone pin testing if you're into stress 98 00:04:50.400 --> 00:04:53.400 testing again, if you're wanting to do forensics, if 99 00:04:53.400 --> 00:04:56.300 you're just wanting to do vulnerability analysis, but nothing deeper than 100 00:04:56.300 --> 00:04:59.100 that really it's what is going to interest you. 101 00:04:59.100 --> 00:05:02.200 What is going to to be your passion and drive. This is 102 00:05:02.200 --> 00:05:05.800 a good starting point after the fundamentals course and kind 103 00:05:05.800 --> 00:05:08.200 of digging into this stuff and really starting to 104 00:05:08.200 --> 00:05:11.500 figure out you know, what's available to you in this distribution. 105 00:05:12.400 --> 00:05:16.100 So let's go ahead back to our slides here. So in 106 00:05:15.100 --> 00:05:18.500 in brief today, we really just wanted 107 00:05:18.500 --> 00:05:21.400 to talk about those tools. We really want it to know where there's resources 108 00:05:21.400 --> 00:05:24.800 are and where you can start doing more research. I could 109 00:05:24.800 --> 00:05:27.600 spend all of the time in the world probably teaching 110 00:05:27.600 --> 00:05:30.800 you about each of those tools. But again, 111 00:05:30.800 --> 00:05:33.400 it's about what's beneficial to you. It's about what you 112 00:05:33.400 --> 00:05:36.400 want to take away from this course what you want to 113 00:05:36.400 --> 00:05:39.300 do with the distribution and how you start from this 114 00:05:39.300 --> 00:05:42.300 point, you know moving into learning about those 115 00:05:42.300 --> 00:05:45.200 tools and really focusing on the areas that are going 116 00:05:45.200 --> 00:05:48.500 to bring you the greatest return with your time. So with that 117 00:05:48.500 --> 00:05:51.500 in mind, I want to thank you for your time today and I look forward 118 00:05:51.500 --> 00:05:53.700 to seeing you again soon.