Setup your Mac for Pentesting

Setup Your Mac For Pentesting

Get Your Mac Setup With Pen Test Tools

I’ve been using Kali for sometime now and while I do like Kali, running it from a VM can sometimes be a pain. So I started to wonder if there was a way to bypass running a VM for these security tools and instead use my host machine, my Mac.

  1. Overview
  2. How to install Pentest Tools
  3. Installing a Pentest Tool like Dirb

 

Overview

At first I was going to mimic Kali’s tools in folders on my Mac. Installing the tools I wanted manually, then I decided to stop and research if there was an easier way. Upon doing so I found this:

Homebrew Tap – Pen Test Tools
Essentially this is a collection of brew taps that will install the various tools you find in Kali. Score!

A prerequisite to use this Pen Test Tools is to have brew installed. Brew is a package manager for your Mac, it allows you to install Linux packages on your Mac, it’s really convenient.

 

How to install Pentest Tools

After you install brew you can run the following command:

$ brew tap sidaf/pentest

Installing Pen Test Tools
This will install the Pen Test Tools tap (aka. a repository), from there you can install one of the tools as seen below.

 

Installing a Pentest Tool like Dirb

$ brew install sidaf/pentest/dirb
Installing Dirb

Installing Dirb

Verifying Dirb is Installed

Verifying Dirb is Installed

This will install the Dirb tool (used to discover hidden files and directories).

 

Conclusion

Now that you can install and run some of Kali’s pentest tools you’ll be able to hunt for bugs without launch a VM. Good hunting 🙂

Feel free to let me know your how you have your mac setup to do pentesting and any additional tip/tricks you use.

How I prepared for the Certified Ethical Hacker (CEH) exam

CEH Exam

Background

So I felt my current career in web development had reached a peak and I was feeling stagant. So I started looking for a change, a new challenge. I can’t quite remember what made me think about doing Security, but I think maybe it may have been someone mentioning we had just hired a Security guy at work and he would need some help.

I started really looking at security and security related topics in the fall of 2016 and expressed my interest to my workplace. Which by coincidence they had received an email from a vendor about a Certified Information Systems Security Professional CISSP training, which with me being new to it all I gladly said, “Yes, Please!”. The CISSP training was fantastic (thanks Jay Ranade) it gave me a board overview of Information Security and what areas I may want to invest my time in.

After the training I did consider taking the exam, but I still felt unsure and plus a 6 hour exam is not something you just get excited about. So I took the chirstmas break to learn more about InfoSec and try to decide my next step.

At the begining of the new year, through work, I was able to attend another training session this time it was for the Certified Ethical Hacker (CEH). I was really excited about this training as it would be about hacking 🙂 One problem, I had been out of school for such a longtime and I felt like my brain was just mush. So I started researching how to, well learn.

How do we learn?

Here’s what I found, how I was taught in school was well, wrong. We were taught how to pass exams (barely), but we weren’t taught how to learn and retain that info.

While doing my research I came across this excellent Coursera course (Learning How to Learn: Powerful mental tools to help you master tough subjects). This course is taught by Dr. Barbara Oakley, her teaching style is easy and the content is retainable. I was so impressed and inspired that I dug deeper into other resources that Dr. Barbara Oakley might have, then I discovered her book, A Mind For Numbers: How to Excel at Math and Science (Even If You Flunked Algebra). In her book she outlines 10 Rules of Good Studying, you can read more about the process in detail but below is an outline, needless to say it helped me and I’m glad I found her book.

10 Rules of Good Studying

  1. Use recall. After you read a page, look away and recall the main ideas.
  2. Test yourself.
  3. Chunk your problems. Chunking is understanding and practicing with a problem solution so that it can all come to mind in a flash.
  4. Space your repetition. Spread out your learning in any subject a little every day, just like an athlete.
  5. Alternate different problem‐solving techniques during your practice. Never practice too long at any one session using only one problem.
  6. Take breaks.
  7. Use explanatory questioning and simple analogies. Whenever you are struggling with a concept, think to yourself, How can I explain this so that a ten‐year‐old could understand it?
  8. Focus. Turn off all interrupting beeps and alarms on your phone and computer, and then turn on a timer for twenty‐five minutes.
  9. Eat your frogs first. Do the hardest thing earliest in the day, when you are fresh.
  10. Make a mental contrast. Imagine where you’ve come from and contrast that with the dream of where your studies will take you.

So from reading all of those great tips I created my own list of resources and study routine:

 

My Resources

My study routine

Here’s the routine I used on my study nights:

  1. 15 mins – Review notes
  2. 15 mins – Review slides
  3. 15 mins – Review Flash Cards
  4. 60 mins – Do Practice Exams

Conclusion

Don’t listen to that inner voice! The biggest challenge by far was that inner voice that tries to tell you that you can’t do it, that you’ll never find the time to study and that you’re not smart enough. However if you push past that voice you’ll realize the truth, that if you want it bad enough you will achieve your goals.

Best of luck to you. Feel free to let me know your experience and tip/tricks you used to pass your exams.