Introduction to Kali Purple

Introduction to Kali Purple

by Karl Lane
Released June 2024
Publisher(s): Packt Publishing
ISBN: 9781835088982

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Combine the offensive capabilities of Kali Linux with the defensive strength of a security operations center to enhance cybersecurity for business and training purposes

Key Features

  • Gain practical experience in defensive security methods
  • Learn the correct process for acquiring, installing, and configuring a robust SOC from home
  • Create training scenarios for junior technicians and analysts using real-world cybersecurity utilities
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Introduction to Kali Purple combines red team tools from the Kali Linux OS and blue team tools commonly found within a security operations center (SOC) for an all-in-one approach to cybersecurity. This book takes you from an overview of today's cybersecurity services and their evolution to building a solid understanding of how Kali Purple can enhance training and support proof-of-concept scenarios for your technicians and analysts.

After getting to grips with the basics, you’ll learn how to develop a cyber defense system for Small Office Home Office (SOHO ) services. This is demonstrated through the installation and configuration of supporting tools such as virtual machines, the Java SDK, Elastic, and related software. You’ll then explore Kali Purple’s compatibility with the Malcolm suite of tools, including Arkime, CyberChef, Suricata, and Zeek. As you progress, the book introduces advanced features, such as security incident response with StrangeBee’s Cortex and TheHive and threat and intelligence feeds. Finally, you’ll delve into digital forensics and explore tools for social engineering and exploit development.

By the end of this book, you’ll have a clear and practical understanding of how this powerful suite of tools can be implemented in real-world scenarios.

What you will learn

  • Set up and configure a fully functional miniature security operations center
  • Explore and implement the government-created Malcolm suite of tools
  • Understand traffic and log analysis using Arkime and CyberChef
  • Compare and contrast intrusion detection and prevention systems
  • Explore incident response methods through Cortex, TheHive, and threat intelligence feed integration
  • Leverage purple team techniques for social engineering and exploit development

Who this book is for

This book is for entry-level cybersecurity professionals eager to explore a functional defensive environment. Cybersecurity analysts, SOC analysts, and junior penetration testers seeking to better understand their targets will find this content particularly useful. If you’re looking for a proper training mechanism for proof-of-concept scenarios, this book has you covered. While not a prerequisite, a solid foundation of offensive and defensive cybersecurity terms, along with basic experience using any Linux operating system, will make following along easier.

Table of contents

  1. Introduction to Kali Purple
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Conventions used
    5. Get in touch
    6. Share Your Thoughts
    7. Download a free PDF copy of this book
  6. Part 1:Introduction, History, and Installation
  7. Chapter 1: An Introduction to Cybersecurity
    1. How we got here
      1. Stuxnet
      2. The Target cyberattack of 2013
    2. Offensive security
      1. Nmap
      2. Metasploit Framework
      3. Burp Suite
      4. Wireshark
      5. Aircrack -ng
      6. John the Ripper
      7. Hydra
      8. SQLmap
      9. Maltego
      10. Social Engineering Toolkit (SET)
    3. Defensive security
      1. Confidentiality
      2. Integrity
      3. Availability
    4. Summary
    5. Questions
    6. Further reading
  8. Chapter 2: Kali Linux and the ELK Stack
    1. The evolution of Kali Linux
    2. Elasticsearch, Logstash, and Kibana (ELK stack)
      1. Elasticsearch
      2. Logstash
      3. Kibana
    3. Agents and monitoring
      1. Beats
      2. X-Pack
    4. Summary
    5. Questions
    6. Further reading
  9. Chapter 3: Installing the Kali Purple Linux Environment
    1. Technical requirements
    2. Acquiring the Kali Purple distribution
      1. Linux backup
      2. Windows backup
      3. macOS backup
      4. Linux
      5. Mac
      6. Windows
    3. The installation of a VM
      1. Windows users
      2. macOS users
      3. Linux users
      4. Linux VirtualBox installation
      5. macOS VirtualBox installation
      6. Windows VirtualBox installation
      7. Setting the environment PATH variable in Windows
      8. Setting the environment PATH variable in macOS or Linux
    4. The installation of Kali Purple
    5. The installation of the Java SDK
    6. Summary
    7. Questions
    8. Further reading
  10. Chapter 4: Configuring the ELK Stack
    1. Technical requirements
    2. Elasticsearch
    3. Kibana
    4. Logstash
    5. Summary
    6. Questions
    7. Further reading
  11. Chapter 5: Sending Data to the ELK Stack
    1. Technical requirements
    2. Understanding the data flow
    3. Filebeat
      1. Linux and macOS download and installation
    4. Types of Beats
    5. Elastic Agent
    6. Logstash and filters
    7. Summary
    8. Questions
    9. Further reading
  12. Part 2: Data Analysis, Triage, and Incident Response
  13. Chapter 6: Traffic and Log Analysis
    1. Technical requirements
    2. Understanding packets
    3. Malcolm
    4. Arkime
    5. CyberChef and obfuscation
    6. Summary
    7. Questions
    8. Further reading
  14. Chapter 7: Intrusion Detection and Prevention Systems
    1. Technical requirements
    2. IDS
      1. Traffic monitoring
      2. Anomaly detection
      3. Signature-based detection
      4. Real-time alerts
      5. Log and event analysis
      6. Network and host-based detection
      7. Response and mitigation
      8. Regulatory compliance
      9. Integration with security infrastructure
    3. IPS
      1. Real-time threat prevention
      2. Automated response
      3. Policy enforcement
      4. Inline protection
      5. Application layer protection
      6. Performance optimization
    4. Suricata
    5. Zeek
    6. Summary
    7. Questions
    8. Further reading
  15. Chapter 8: Security Incident and Response
    1. Technical requirements
    2. Incident response
    3. Docker
    4. Cortex
    5. TheHive
    6. Challenge!
    7. Summary
    8. Questions
    9. Further reading
  16. Part 3: Digital Forensics, Offensive Security, and NIST CSF
  17. Chapter 9: Digital Forensics
    1. Technical requirements
    2. Digital forensics and malware analysis
      1. Portable Executable Identifier (PEiD)
      2. PEScan
      3. IDA Pro
      4. Volatility3
      5. ApateDNS
    3. SET
    4. BeEF
    5. Maltego
    6. Summary
    7. Further reading
  18. Chapter 10: Integrating the Red Team and External Tools
    1. Technical requirements
    2. OWASP ZAP
      1. Mozilla Firefox
      2. Google Chrome
    3. Wireshark
    4. Metasploit
    5. Scanners
      1. Nmap
      2. SQLmap
      3. Nikto
      4. Nessus
      5. Greenbone Vulnerability Management and OpenVAS
    6. Password cracking
      1. Hydra
      2. Medusa
      3. John the Ripper
    7. Burp Suite integration
    8. Summary
    9. Questions
    10. Further reading
  19. Chapter 11: Autopilot, Python, and NIST Control
    1. Technical requirements
    2. Autopilot
    3. Python
    4. NIST Control
      1. Identify
      2. Protect
      3. Detect
      4. Respond
      5. Recover
      6. Govern
    5. Summary
    6. Questions
    7. Further reading
  20. Appendix: Answer Key
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
    11. Chapter 11
  21. Index
    1. Why subscribe?
  22. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Introduction to Kali Purple
  • Author(s): Karl Lane
  • Release date: June 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781835088982