O'Reilly logo
live online training icon Live Online training

Security testing with Kali Linux

Topic: Security
Ric Messier

It’s no secret that businesses are looking for people who are skilled with security testing, as well as those who understand the impacts of vulnerabilities and exploitations. While this is not the entire breadth of the field of information security, businesses' focus on security means there are jobs available to those with these skills.

Join Ric Messier for an introduction to Kali Linux, a popular Linux distribution for security testing. You'll discover the importance of security testing and gain hands-on experience with the essential tools you need to get started.

What you'll learn-and how you can apply it

By the end of this live online course, you’ll understand:

  • Available tools for Kali Linux
  • The importance of security testing and where it’s applicable (as well as where it’s not)
  • How to manage your testing environment

And you’ll be able to:

  • Perform basic reconnaissance and vulnerability testing with Kali Linux
  • Identify problem traffic on a network at all layers of the network stack
  • Explain the different elements of the protocol headers and their functions
  • Utilize host-based tools to isolate trouble spots

This training course is for you because...

  • You have some experience with Linux but need an introduction to the security-related tools available in Kali Linux.
  • You want to get started with security testing using open source tools, and you want to better understand the security issues facing businesses.
  • You want to begin using tools like Metasploit to assist with testing.


  • A machine or virtual machine with Kali Linux installed

Recommended preparation:

Ethical Hacking (video)

Learning Kali Linux (Learning Path)

About your instructor

  • Ric Messier is a senior information security consultant with FireEye Mandiant. He’s also an author, consultant, and educator who has published several books on information security and digital forensics, and he holds GCIH, GSEC, CEH, and CISSP certifications. In his decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor.


The timeframes are only estimates and may vary according to how the class is progressing

Starting with Kali Linux (15 minutes)

  • Lecture: Introducing the desktop, command-line tools, and essential system management tools
  • Hands-on exercise: Add a user to Kali Linux and start the SSH service
  • Discussion: How much Linux experience do you have?

Open source intel (20 minutes)

  • Lecture: Using Maltego, theHarvester, Recon-ng, and WHOIS
  • Hands-on exercise: Use Maltego to locate info about yourself
  • Discussion: What other open source intel sources do you know about?

Passive reconnaissance (10 minutes)

  • Lecture: Using PassiveRecon and p0f
  • Hands-on exercise: Use p0f on your local network to discover details about the systems
  • Discussion: What have you discovered that is surprising to you?

Break (10 minutes)

Active reconnaissance (25 minutes)

  • Lecture: Using Nmap; banner grabbing; vulnerability scanning
  • Hands-on exercise: Scan your local network

Metasploit (30 minutes)

  • Lecture: Starting up Metasploit; checking a database; importing scans from outside sources; scanning from inside Metasploit; identifying vulnerabilities; searching for modules; using a module; Meterpreter

Wrap-up and Q&A (10 minutes)