Dear PenTest Readers,
Today we've got for you another great interview. We spoke with Rupert Edwards about Linux and The "Kill Chain" methodology. What's more Rupert is our new instructor and he will teach you how to perform penetration tests step by step using "Kill Chain". Enjoy reading!
You can find the course here: https://pentestmag.com/course/penetration-testing-using-the-kill-chain-methodology-w28-2/
[PM] Can you tell us something about yourself?
[RE] I’m a Linux professional possessing LPIC-3 Linux Professional Institute certification and CompTIA Cloud Essentials. I also have over 15 years of computer security experience, over 15 years of systems engineering as a security expert, 15 years as a lecturer and trainer, and 35 years of industry experience. Programming: PHP, Perl, Python, Ruby, Shell, and Penetration tester extraordinaire.
[PM] Can you tell us something about your company - Linuxprotraining.com?
[RE] We specialize in Cloud computing, Computer Security, and Linux System Administration.
[PM]Do you use only Linux as an operating system? Is it better than other systems?
a)Yes. Full time, all the time. Along with a Chromebook with Linux installed and, infrequently, an Android tablet with Linux installed and an Android phone with Linux installed.
b)Not better per se, the BSD guys/gals (I'm one of them) will have something to say about that. I would say its flexibility makes it the go to OS for penetration testers.
[PM] Please introduce your tool to the readers.
From Wikipedia: The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.
“Kill Chain” is a console with an anonymizer that will perform the following stages of attack:
1) Reconnaissance – Uses social engineering to find weaknesses in the target’s security posture.
2) Weaponization – Crafting attack tools for the target system.
3) Delivery – Delivering the attack tools to the target system.
4) Exploit – The malicious file intended for an application target system or the operating system vulnerabilities control objectives is opened by the victim on target system.
5) Installation – Remote control program installed on target system.
6) Command & Control – Successfully compromised hosts will create a C2 channel on the Internet to establish a connection with the C2 server.
7) Actions – After the preceding process, the attacker will continue to steal information about the target system, undermine the integrity and availability of information, and further to control the machine to jump to attack other machines, to expand the sphere of influence.
[PM] How did you come up with an idea to create it?
[RE] I came up with the idea while preparing to teach a very large Information Systems Security Association (ISSA) class Advanced Penetration Testing. I wanted to keep everyone on the same set of tools to demonstrate and teach the seven stages of the “kill chain” attack.
[PM] How does it work exactly?
[RE] It's fairly user friendly -- up to a point. Just select the tool (number) from the menu and it will launch said tool. The tools contained within may require you having knowledge of some popular pen-testing tools.
[PM] Have you had any difficulties when creating it?
[RE] Probably coming up with a name the didn't have "spoit" in it ;)
[PM] How does it differ from other tools?
[RE] It's not different from any other run-of-the-mill pentesting tool in any particular way. I would say having an anonymizer at your finger tips is a nice feature to have.
[PM] Do you think it’s important to teach people about Linux?
[RE] Short answer is YES! Just look around you ...
[PM] You are an active member of the GitHub community. Do you think that collaboration is essential in cybersecurity?
[RE] Community involvement is not only essential, I consider it a must. I'm not advocating one community over another. I'm also a member of the Bitbucket community. The GitHub community tends to be very active. Your code will likely get noticed there.
My public repos:
[PM] What are your plans for the future?
[RE] To be around in the future ;-)
[PM] Have you got any final thoughts? Is there anything you would like to add? (any piece of advice for our readers)
[RE] I would take this time to give credit to all the folks in the open source infosec community who contribute their time and tools. If it weren't for them (too many to name here), the idea of kill chain wouldn't have been conceived.
Tell me and I'll forget; show me and I may remember; involve me and I'll understand.
You can follow me on G+ http://google.com/+RupertEdwards
Cyber Kill Chain® is a registered trademark of Lockheed Martin.