After a year of silent development, we are incredibly proud to announce the release and public availability of “Kali Linux“, the most advanced, robust, and stable penetration testing distribution to date.
Kali is a more mature, secure, and enterprise-ready version of BackTrack Linux. Trying to list all the new features and possibilities that are now available in Kali would be an impossible task on this single page. We therefore invite you to visit our new Kali Linux Website and Kali Linux Documentation site to experience the goodness of Kali for yourself.
We are extremely excited about the future of the distribution and we can’t wait to see what the BackTrack community will do with Kali. Sign up in the new Kali Forums and join us in IRC in #kali-linux on irc.freenode.net and help us usher in this new era.]]>
With this in mind, about a year ago a bunch of us at Offensive Security started thinking about the future of BackTrack and brainstormed about the features and functionality we’d like to see in the next and future revisions. One of our main topics of conversation was the option of swapping out our custom development environment for a fully fledged Debian-compliant packaging and repository system.
This seemed like a good idea at the time, but little did we know the world of hurt and pain we were getting ourselves into. This single decision concerning the future path of BackTrack brought with it so much power and flexibility that it has changed the face of our distribution.
What’s happened in the past year? We have been quietly developing the necessary infrastructure and laying the foundation for our newest penetration testing distribution as well as building over 300 Debian compliant packages and swearing in 8 different languages. These changes brought with them an incredible amount of work, research and learning but are also leading us down the path to creating the best, and most flexible, penetration testing distribution we have ever built, dubbed “Kali”.
BackTrack Reborn – Kali Linux Teaser from Offensive Security on Vimeo.
So when is new version of BackTrack goodness hitting the internet? We wont tell, yet. After all, that *is* the definition of a “teaser”. All we can say for now, is that we are well on the way to completion, and hope to have our initial release out….soon.]]>
Our primary focus with this release was on the implementation of various bug fixes, numerous tools upgrades and well over 60 new additions to the BackTrack suite. Because of this, the upgrade path to BackTrack 5 R3 is relatively quick and painless.
First, you will want to make sure that your existing system is fully updated:
With the dist-upgrade finished, all that remains is the install the new tools that have been added for R3. An important point to keep in mind is that there are slight differences between the 32-bit and 64-bit tools so make sure you choose the right one.
That’s all there is to it! Once the new tools have been installed, you are up and running with BackTrack 5 R3. As always, if you come across any bugs or issues, please submit tickets via our BackTrack Redmine Tracker.]]>
Building, testing and releasing a new BackTrack revision is never an easy task. Keeping up-to-date with all the latest tools, while balancing their requirements of dependencies, is akin to a magic show juggling act. Thankfully, active members of our redmine community such as backtracklover and JudasIscariot make our task that much easier by actively reporting bugs and suggesting new tools on a regular basis. Hats off to the both of you.
We would like to thank Offensive Security for providing the BackTrack dev team with the funding and resources to make all of this happen. Also, a very special thanks to dookie, our lead developer – for building, testing and packaging most of the new tools in this release.
Together with our usual KDE and GNOME, 32/64 bit ISOs, we have released a single VMware Image (Gnome, 32 bit). For those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki.
Lastly, if you’re looking for intensive, real world, hands on Penetration Testing Training – make sure to drop by Offensive Security Training, and learn the meaning of “TRY HARDER“.
For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all our HTTP mirrors have synched, which should take a couple more hours. Once this happens, we will update our BackTrack Download page with all links.
In addition, the European Open Source Event will be taking place between the 19th and 21st of June, 2012. The event will be held at the at the “CNIT de Paris” in “La Défense”, and several of our European BackTrack developers will be attending. You can find more information about this event at the official site – www.solutionslinux.fr.
Security is not in rest in this book since a full chapter is dedicated to the topic. It covers setting up a firewall, monitoring, intrusion detection systems, setting up SELinux policies, dealing with a compromised machine, and gives many thoughful advice to define a security policy within your organization.
The authors have pledged to release the book under an open source license if the associated “liberation fund” reaches 25,000 EUR. Today, there’s less than 3,000 EUR to raise and we invite you to contribute as well. By giving 10 EUR or more, you’ll get a copy of the ebook as soon as it’s available (even if the liberation fund is not completed). Click here to contribute now.
The book is planned to be released in April but in the mean time you can have a peek at a sample chapter and the full table of contents. We have no doubt that this book will provide a solid foundation to all those looking to better understand Debian, BackTrack and Linux at large.]]>
Initially, the bug report confused us, as BackTrack 5 R2 by default has a single root user, with no open TCP or UDP ports – therefore a console escalation from root to root seemed frivolous. The title of the bug was even more confusing – calling it a “BackTrack 0day” misrepresents the bug, apparently in an attempt to make it seem bigger than it is.
As an organization who claim to be security professionals, the Infosec Institute should know better. They should know that an accurate vulnerability description is probably the most important aspect of a bug report. Without this basic rule in place, every single 3’rd party FTP overflow in windows would be categorized as a “Windows 0day”, and every PHP web application vulnerability would be defined as an “Apache 0day”.
To summarise, we believe that the intentional misrepresentation of this bug report has discredited BackTrack unecessarily in the eyes of those who do not understand the underlying mechanisms of our OS, and also discredited the Infosec Institute in the eyes of those who do.
Lastly, we found the following quote from Saul Bellow relevant to this situation. “A great deal of intelligence can be invested in ignorance when the need for illusion is deep“.]]>
After months of development, bug fixes, upgrades, and the addition of 42 new tools, we are happy to announce the full release of BackTrack 5 R2 available for download now. Running our custom-built 3.2.6 kernel with the best wireless support available, this is our fastest and best release of BackTrack yet. In the past few weeks, we have had a flood of submissions to our BackTrack Redmine Tracker with submissions for many new tools and dozens of packages that needed to be updated and this has helped to make this one of the strongest releases we’ve ever had.
Once again, our good friends over at Paterva have created a special BackTrack edition of Maltego 3.1.0 for your data mining pleasure and we have also included their recently-released CaseFile tool to help you organize and collate data from numerous sources. If you have never used these tools before, you really need to…they will change the way your interact with data and conduct reconnaissance.
You will also find we have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades too numerous to mention.
In addition to the aforementioned updates and additions, we have also added the following new tools to BackTrack:
Perhaps the one change that we are most excited about in this release is that we are now including the Ubuntu updates in our repositories on a more regular basis. So from now on, when you run a dist-upgrade, you will also receive the updated tools and packages that are being pulled from Ubuntu, making for a more secure and stable distribution. Rest assured that we will not be pushing out the updates blindly. We will be testing the updates internally to ensure that they don’t break any functionality prior to rolling them out publicly.
If you are merely upgrading your existing BackTrack installation to R2 instead of doing a fresh install, you can add the new update repository as shown below.
Along with this release, we have created some new HOWTO’s in our wiki to cover some things that simply can’t be packaged efficiently into a distribution, particularly the configuration of clusters.
We hope that you enjoy this new release of BackTrack as much as we enjoyed creating it. Our goal, as always, is to be the world’s best penetration testing distribution so if you find bugs or have tool suggestions, please feel free to open up a ticket in our Redmine tracker.]]>
1. Update and upgrade your BT5 (R1) installation:
Once that’s done, you should already have the new kernel installed as well as any last updates we have for the official R2 release. You need to reboot to have the 3.2.6 kernel kick in.
2. OPTIONAL – Once rebooted, log back in, and get your pretty splash screen back.
On the next reboot, you should see the red console splash screen appear.
3. Verify that you are running a 3.2.6 kernel:
You should see something like “Linux bt 3.2.6 …”
4. Feel free to install any or all of the new tools featured in BackTrack 5 R2:
5. Add the new security updates repository to /etc/apt/sources.list, and run another upgrade.
During the last upgrade you’ll be asked about file revision updates. Make sure to always keep the locally installed file. Feel free to press “Enter” and accept all the defaults.
6. Some of the newly installed services will be set to start on boot. We like disabling these as needed:
And…you’re done! Expect a more comprehensive introduction to BT5 R2, on the day of the Official release – March 1st! The BackTrack 5 R2 ISOS will we available for download from our site on March 1st via Torrent only. HTTP links will be added a few days later.]]>