Introduction to Kali Purple: Harness the synergy of offensive and defensive cybersecurity strategies of Kali Linux

Preface xiii
Part 1: Introduction, History, and Installation
1
An Introduction to Cybersecurity 3
How we got here 4
Stuxnet 6
The Target cyberattack of 2013 8
Offensive security 11
Nmap 12
Metasploit Framework 13
Burp Suite 14
Wireshark 17
Aircrack -ng 18
John the Ripper 20
Hydra 21
SQLmap 22
Maltego 23
Social Engineering Toolkit (SET) 25
Defensive security 27
Confidentiality 28
Integrity 28
Availability 28
Summary 37
Questions 38
Further reading 40
2
Kali Linux and the ELK Stack 41
The evolution of Kali Linux 42
Elasticsearch, Logstash, and
Kibana (ELK stack) 43
Elasticsearch 43
Logstash 46
Kibana 49
Agents and monitoring 51
Beats 51
X-Pack 55
Summary 56
Questions 56
Further reading 57
3
Installing the Kali Purple Linux Environment 59
Technical requirements 60
Acquiring the Kali
Purple distribution 60
Linux backup 61
Windows backup 61
macOS backup 61
Linux 65
Mac 65
Windows 66
The installation of a VM 67
Windows users 71
macOS users 72
Linux users 72
Linux VirtualBox installation 73
macOS VirtualBox installation 74
Windows VirtualBox installation 74
Setting the environment PATH variable in
Windows 79
Setting the environment PATH variable in
macOS or Linux 79
The installation of Kali Purple 83
The installation of the Java SDK 96
Summary 98
Questions 98
Further reading 100
4
Configuring the ELK Stack 101
Technical requirements 102
Elasticsearch 102
Kibana 107
Logstash 112
Summary 117
Questions 118
Further reading 119
5
Sending Data to the ELK Stack 121
Technical requirements 122
Understanding the data flow 122
Filebeat 130
Linux and macOS download and installation 133
Types of Beats 143
Elastic Agent 143
Logstash and filters 148
Summary 151
Questions 151
Further reading 152
Part 2: Data Analysis, Triage, and
Incident Response
6
Traffic and Log Analysis 157
Technical requirements 158
Understanding packets 158
Malcolm 159
Arkime 167
CyberChef and obfuscation 176
Summary 181
Questions 182
Further reading 183
7
Intrusion Detection and Prevention Systems 185
Technical requirements 186
IDS 186
Traffic monitoring 187
Anomaly detection 187
Signature-based detection 188
Real-time alerts 189
Log and event analysis 190
Network and host-based detection 190
Response and mitigation 190
Regulatory compliance 191
Integration with security infrastructure 191
IPS 191
Real-time threat prevention 192
Automated response 193
Policy enforcement 193
Inline protection 193
Application layer protection 193
Performance optimization 194
Suricata 194
Zeek 200
Summary 206
Questions 206
Further reading 207
8
Security Incident and Response 209
Technical requirements 210
Incident response 210
Docker 212
Cortex 216
TheHive 224
Challenge! 234
Summary 235
Questions 236
Further reading 237
Part 3: Digital Forensics, Offensive Security,
and NIST CSF
9
Digital Forensics 241
Technical requirements 242
Digital forensics and
malware analysis 242
Portable Executable Identifier (PEiD) 243
PEScan 244
IDA Pro 245
Volatility3 248
ApateDNS 251
SET 255
BeEF 258
Maltego 262
Summary 266
Further reading 267
10
Integrating the Red Team and External Tools 269
Technical requirements 270
OWASP ZAP 270
Mozilla Firefox 274
Google Chrome 276
Wireshark 280
Metasploit 283
Scanners 285
Nmap 285
SQLmap 287
Nikto 288
Nessus 289
Greenbone Vulnerability Management and
OpenVAS 290
Password cracking 291
Hydra 292
Medusa 294
John the Ripper 295
Burp Suite integration 296
Summary 298
Questions 299
Further reading 300
11
Autopilot, Python, and NIST Control 301
Technical requirements 302
Autopilot 302
Python 314
NIST Control 319
Identify 321
Protect 321
Detect 322
Respond 322
Recover 323
Govern 324
Summary 324
Questions 325
Further reading 326
Appendix: Answer Key 327
Index 343
Other Books You May Enjoy 354

 Defensive Security with Kali Purple combines red team tools from the Kali Linux OS and blue team tools commonly found within a security operations center (SOC) for an all-in-one approach to cybersecurity. This book takes you from an overview of today's cybersecurity services and their evolution to building a solid understanding of how Kali Purple can enhance training and support proof-of-concept scenarios for your technicians and analysts.

 After getting to grips with the basics, you’ll learn how to develop a cyber defense system for Small Office Home Office (SOHO ) services. This is demonstrated through the installation and configuration of supporting tools such as virtual machines, the Java SDK, Elastic, and related software. You’ll then explore Kali Purple’s compatibility with the Malcolm suite of tools, including Arkime, CyberChef, Suricata, and Zeek. As you progress, the book introduces advanced features, such as security incident response with StrangeBee’s Cortex and TheHive and threat and intelligence feeds. Finally, you’ll delve into digital forensics and explore tools for social engineering and exploit development.

 By the end of this book, you’ll have a clear and practical understanding of how this powerful suite of tools can be implemented in real-world scenarios.

What you will learn

• Set up and configure a fully functional miniature security operations center

• Explore and implement the government-created Malcolm suite of tools

• Understand traffic and log analysis using Arkime and CyberChef

• Compare and contrast intrusion detection and prevention systems

• Explore incident response methods through Cortex, TheHive, and threat intelligence feed integration

• Leverage purple team techniques for social engineering and exploit development

Who this book is for

 This book is for entry-level cybersecurity professionals eager to explore a functional defensive environment. Cybersecurity analysts, SOC analysts, and junior penetration testers seeking to better understand their targets will find this content particularly useful. If you’re looking for a proper training mechanism for proof-of-concept scenarios, this book has you covered. While not a prerequisite, a solid foundation of offensive and defensive cybersecurity terms, along with basic experience using any Linux operating system, will make following along easier.