The challenge for Day Sixteen is – Research how to build a Tiger Box.
Note: Please use this information responsibly
Step One – find a box
Step Two – add Tiger
Step Three – release into the network
When I started looking into this question the details on what makes a “Tiger Box” was quite slim.
A “tiger team” is a team of specialists in a given field getting together for a specific task project or goal. So with this in mind, I’d interpret a “tiger box” to mean a machine assembled using specific hardware and software to be used for hacking and penetration testing.
From what I’ve read, a tiger box doesn’t necessarily need to be the gruntiest of machines as many of the applications used in Pent Testing and hacking are relatively lightweight.
Kali Linux seems to be the go-to operating system for penetration testing and infosec professionals in general, and the great thing with Kali Linux is that it already comes pre-loaded with a lot of really useful tools that are automatically kept up to date.
Kali Linux is open source, free to download, and is funded + supported by Offensive Security – who run the highly respected OSCP certification.
Great news too is that as an OS it’s very lightweight, here’s a video I found with a tutorial showing how to install it on a credit card sized Raspberry Pi 3 – I’m pretty keen to give this a go to have a cheap machine to play with
Once your tiger box is set up with Kali Linux, I’d look into learning about:
OpenVAS (Open Vulnerability Assessment System) – vulnerability scanning
John the Ripper – password cracking
Nmap – Network vulnerability scanner
Metasploit Community Edition
Wireshark – Network sniffer
BurpSuite – Proxy
SQLMap – SQL injection tool and database vulnerability scanner
AirCrack-ng – WiFi network security assessor
If you’ve set up your own machine for penetration testing and are cringing / laughing at my noobness – please leave some comments for guidance, I’d love to know where I’m going wrong and where I should be looking.
No tigers or boxes were harmed in the making of this blog post
Thanks for reading my post and following my progress through the 30 Days of Security Testing.
Feel like joining in? Sign into the WeTest Slack group and get involved!