learning

Install Secure Lab Tools in Fedora 26

/ jankka / 1 Comment

I am working my way to dive in to the world of security testing. We have been going through the tasks on 30 days of security testing from Ministry Of Testing Dojo. The themed tasks is actually a really good way to keep up in learning new topics and deepening your knowledge on different issues at hand. Ministry Of Testing has a nice series of themed months on the catalogue and I warmly recommend to check them out.

We have been doing the themed months a bit differently. First of all, we accept the fact that there is weekends and people do not have to live, breathe and urinate testing. Even though it does help from time to time. So, our approach has been mainly to do 30 days of testing during the weekdays. Which means that instead of 4 weeks, we’ll accomplish it in approximately 6 weeks.

Anyhow, one of the things beside the security testing challenge has been us having a course on Ethical Hacking. The course is available in Udemy and it is reasonably priced, so I recommend that, at least if you’re not familiar with penetration testing and hacking techniques in general.

So, we go through tools and techniques and use Kali Linux for that. Which seems to be powerful to use. As I am running Fedora 26 on my workstation, I am running the penetration test stuff on Fedora Boxes (more stable than VirtualBox), but I noticed that it would actually be nice to have the tools on my actual workstation, too.

So I went and googled a bit and as I knew, someone had already solved my issue.  As I am using Finnish language on the laptop, my installation command was like this:

# sudo dnf groupinstall Turvallisuuslaboratorio

For most of the people who do not have the capability to understand Finnish, it would make sense to use something more, how to put it, understandable language, like English.

So, in that case I suppose the command should work like this:

# sudo dnf groupinstall security-lab

By the way, while writing this, I did write the Kali Linux on a USB disk. It actually feels better to have it there than fooling around with virtual machines (in this case). Even though I’ll have to reboot the computer if I want to run it.

Advertisement

Re-evaluating and bouncing

/ jankka / Leave a comment

I managed to actually re-evaluate my plans and combine them to my skill-set. There is a slight cap there. I can now see, that the skills of my programming are not near the needs of the project. Now that means that I’ll have to build the resources.

This means, of course, that the Algorithm -training is going to be continued, but that it is not enough. In fact I decided to get back to basics and go through two topics.

  1. Programming in Python 3
  2. Twisted tutorial (and everything related)

So getting those 2 things done will, eventually, get me closer to my ultimate goal: to become an efficient technical tester (A Test Toolsmith, some might say).

Now earlier, in this kind of projects, I’ve let myself sidetrack myself. Pretty easily also. So in this case, I’ll have to learn myself some discipline and perseverance. What I mean is that no matter if I get the ideas on how to develop the project I have in mind (being the messaging answering machine or my Crossfit whiteboard), I should only write the ideas down and get back to them after I’ve finished the ‘course’.

Now the learning should not take too long. Honestly put, I have had programming education in Java and Python. Java -education took place long time ago, just before I was hired at my first Test Engineer -job. The Python training, in the other hand was only few years ago. So in that way re-learning the stuff (and adding more, the course was just a basic one) should not take too much time. And this time I just have to make it all the way. The benefit on having this done at home, as my private project, is that I can also implement my skills right away after I’ve done the learning. Lately the usage of my learned skills has been more or less nothing. I know it is matter of determination at work, too, but previous tasks at work has kept me so busy otherwise that the usage of any coding capabilities has been more or less closer to the zero. Now that also seems to be changing, hopefully for good.

Besides Python, I do have a sneaky feeling that I should learn a bit more groovy. Which actually means that I should refresh also the java -skills. Not the worst idea either. Maybe after the Python is done I can concentrate more on groovy. Besides, we do use groovy -scripting when using SoapUI at work, so that one comes also naturally by the work, too. The other day I managed to even fetch a file from FTP to my desktop. Woohoo 😀

Last, but not least is that I do still have my project plans. To create something useful by using Python, Robot Framework and ATDD -methods to test and create everything. I just need to build my wheels first. Slow and steady should eventually win the race.