I think a point worth taking into consideration is dual-booting your OSs. If you really want to have them both on bare metal. In that case it would come down to getting more storage space rather than RAM in order to facilitate both systems, as only one would be booted up at a time. Great video, thanks very much for the insight!
I was looking for hacking books , in the same day David made a vídeo about, i was looking for a laptop for Ethical Hacking five minutes ago, David post a video about . Now i going to search a girlfriend and hope David do a video 😂😂😂
Menu: Which is the best hacking OS? What does parrot say? 0:00 Neal's choice and why: 0:31 Which laptop does Neal use for hacking: 3:27 What about Windows and WSL2: 5:06 What about bare metal installations: 5:47 VM vs baremetal Performance: 7:34 Which laptop would you buy if starting out: 8:12 Moving from a Mac to Windows: 11:33 Ultimate laptop for hacking: 12:00 Career perspective: 13:45 How much of my time is hacking vs other tasks: 14:55 You are a *$%^& hacker if you cannot do this: 16:13 How much of my time will be spent on hacking: 20:13 How do I learn to write reports: 22:10 Breach reports: 26:30 Summary: 28:15 ============================== Examples of reports mentioned: ============================== FireEye: www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html Securelist: securelist.com/sunburst-backdoor-kazuar/99981/ Krebs: krebsonsecurity.com/ ======================= Direct links mentioned: ======================= Mandiant: www.fireeye.com/mandiant.html Kaspersky Securelist: securelist.com/ Krebs: krebsonsecurity.com/ ================ Connect with me: ================ Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RU-vid: ru-vid.com ================ Connect with Neal: ================ LinkedIn: www.linkedin.com/in/nealbridges/ Twitter: twitter.com/ITJunkie Twitch: www.twitch.tv/cyber_insecurity ================ Links: ================ eLearn Security: elearnsecurity.com OSCP: www.offensive-security.com/courses-and-certifications/ INE: bit.ly/inetraining SANS: www.sans.org/ Hack the box: www.hackthebox.eu/ Try Hack Me: tryhackme.com/ CTF Time: ctftime.org/ctf-wtf/ CEH: www.eccouncil.org/programs/certified-ethical-hacker-ceh/ Cyber Blue: securityblue.team/ Cyber Defenders: cyberdefenders.org/ Did I miss something? Please comment. ================ Support me: ================ DavidBombal.com: CCNA ($10): bit.ly/yt999ccna Udemy CCNA Course: bit.ly/ccnafor10dollars GNS3 CCNA Course: CCNA ($10): bit.ly/gns3ccna10 Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
hi david! thanks again for this great video!!! if you have another video planned with neil can you ask him about the futur of cybersec with automation. Thank you and keep up the good work
Good session, but I have to disagree with the macbook recommendation. When going to assignments it's not great to carry multiple laptops in my case, and also in case of [ as in video ] using VMs, not bare metal. You get a windows laptop for the price of mbp and you get a dedicated gpu in most cases, expandability, sd card slots, ethernet port, etc etc That means you can play games. You can gpucrack. You can have the same laptop for a longer time. Depending on assignment Dell is more likely to be inconspicuous in corporate environment for example. With ThinkPads you get a keyboard that is amazing for writing and tank durability. I see absolutely no advantage in having a mac, except blending in at starbucks/costa.
Neil is so precise and what I like at him is that he never dissapoints people that you have to do only this or nothing, he always provides alternatives so everybody could catch on, either financially, age related or skills. Thumbs up!
This is hands down one of the best channels I have come across. Thank you so much David for these interviews with Neal and the awesome content. keep up the good work
Good things come to those who look for them. The more I look, the more great mentors I find. I have ADHD, and it's difficult to sit down and study. Your work has taught me so much, and I have loads of fun doing it. Thank you David Bombal for your amazing videos.
Being a pentester with about 8 years of experience, It is completely true "You are a useless penetration tester if you cannot write a report". I've been mentoring alot of juniors who are top class CTF hackers but are absolutely pathetic at writing reports. I can't tell you the countless times I've saved their asses from being fired from the higher ups.
I started with kali and loved it but I found that due to the WiFi restrictions where I live iit makes kali unusable. However it considers Parrot a normal OS so started using Parrot and loved it. After learning how to create my own Linux OS I used Debian as a base as Kali and Parrot use Debian to and created my own OS called Blue Wolf.
I've not personally used Kali but your WiFi restrictions shouldnt be able to filter your traffic based on precisely what Linux distribution you're using unless there's something in your internet config that tells the network you run Kali
@fantasypvp I was living in a hostel at the time so I'm guessing it was either their firewall or a paid service to filter out software and operating systems as it even said it was blocked due to hacking ability. Now I have my own place and WiFi I don't have that issue but thought it was interesting that kali was banned but Parrot, Mint, Debian, Ubuntu and others were fine when you could download the same tools you get on Kali on other distros anyway.
For those interested, I ran both Kali and ParrotOS on a 2007 Dell Inspiron 1525 running a core 2 Duo, I did upgrade to 8 GBs of Ram, both OS's were running off a 32GB Samsung thumb drive. If you are in a bind for money, an older laptop will work to run these OS's until a new one can be acquired.
5:47 Been a Linux desktop user since 2013. Bare metal OS is fine and dandy. Much like Neal said having a Windows host with 3 VMs to suit your needs is ideal for him; flip the scenario and have a linux based OS as the host with windows and others as a guest. As a software engineer I find linux a better development environment. No need to hate on us users on metal and state that "we're doing it to just look cool". Not my fault my workflow is better achieved and more of my time is spent in linux. Virtualization is the great mediator ...besides some networking issues. lol
@Elixir yeah... and Kali falls under that umbrella and could be fine as a daily given someone's workflow. My main point in the original comment was that some dev workflows don't necessitate proprietary/specific software as he mentions. For myself, Kali is perfectly fine as a dev and hobbyist. I rarely touch anything else and if so, I spin it up. That's all I was getting at lol
-Great content teachers David and Neal ... !!! -I always say that and a crowd of Kali fan boys come to fight with me when I speak. -Kali is a tool (distro) compiled with the packages they test in their certification exam, it is not made to be an OS with all the features of an OS that would come in a standard distro, in short it is an ideal tool for run on VM (VMs are perfect toll I use a lot of then). -The Parrot seems to have more resources but has the same problem as Kali, it is a distro that Hackers know so they also know their vulnerabilities. -I am a network engineer and I worked with the military in my government for a long time and the security experts I met more than a decade ago used super unknown distro with a lot of things that they compiled altered kernel and so on will, almost always some variation of Arch. -Therefore when I go to learn Pentest I want to use BlackArch which just by looking at the amount of packages and tools that comes is immense the image is 2 or 3 times larger than Kali and Parrot, but this is my personal taste and even so i'm going to run it on VM so I run several tool VMs on both OS i run on the 2 separate hard drives I have on this note one has Windows and the other Linux (this hardware is old so VM for real use is very slow), I use for everything and is a standard Linux distro for Desktop and I use it as Desktop, Mini Server, but it is my personal taste, each one uses what they want. -Thanks for the knowledge ... !!!
Run a Linux Distro as the bare metal OS on the laptop, build a Windows 10 VM for business integration and have VM's for ParrotOS Security and Kali. On my laptop, I run Parrot OS Home (the non security distro) and have VM's for ParrotOS security, Kali and Windows 10. Runs great on a Dell XPS 13 or 15 from 2018.
Hello David. Thank you so much for covering the ethical hacking education portion. It took me almost one year just to figure it out what do I need to learn, read and where should I start from. I'm still figuring out. But your videos helps a lot for people like who just started. I'm not sure if you've already covered if we need to learn programming for hacking. If so then which languages. If you can discuss this issue in future videos. That would be much appreciated. And definitely loving your discussion together. Please keep it going. You guys are putting out very important informations. Thank you again.
The advantage of Parrot/Kali for learners is that they can discover and learn about all the existing programs on the distro and discover tools they never knew existed without extensive googling . You can hack just fine with most other distros but only when you are already experienced enough to know what tools and programmes you want to install in the first place.
Some tipps for Windows (according 11:33) 1. Use Bitlocker or VeraCrypt for full disc encryption 2. use Chocolatey to install your software 3. choose WSL, Docker or HyperV, if you need Linux or Bash Apple guys, you still think anything is missing?
I am using separate laptop for penetration testing only, on which I am running Kali and Parrot (dual boot) on bare metal. It is a laptop with integrated and dedicated GPU's just in case I need to run some password cracking etc... while on the go. So, if you are going with bare metal installation, if you can - go with integrated + dedicated GPUs model (and dont buy macbook for bare metal installation). If you are using Virtual Machine, no use of GPU anyway.
I love these videos man. Thank you for making them. As an amateur still learning a lot of stuff, these distros really help me make sure my own network and devices are secure which is such a huge factor for me and should be for everyone. I don't take any pleasure in the idea of using these against other people. Everyone's been a victim of a hack at least once. And the feeling is a deep feeling of violation and paranoia. I don't wish that on anyone. That's what led me to your awesome channel. Thanks again!
Bought myself two second hand Lenovo mini desktops for under $150 each. Keep an eye out for the “enterprise” brands (HP, Dell, Lenovo), as companies dump them onto the market when they replace them as part of their asset refreshes. Many second hand ones become available every year and they typically have high end features such as ram and SSDs.
I like the look and feel of Parrot OS with a side of Black Arch. I think what a good topic may be why any "GIT, repository gets old and outdated quick.
Neal touched an interesting point there and i'd love to see you guys go over that particular thing in a future video: How does stuff like the GDPR and ethical hacking/pentesting go together? How would one make it work? How about places (that is countries) that try to ban 'hacker tools'? What are your thoughts/experiences/... in that regard?
Just wanna mention that . We should really appreciate that we have an awesome channel like David getting all these information for free that I bet you you can't get them even in a Premium courses.
I have the same question! In my experience, it's very difficult to virtualise the needed environments on M1 Macs (as good as Parallels is). I have thought about Amazon Lightsail or GCP - but that could end up expensive...
Great video, advice. Thanks for helping everyone keep learning, sharing tips and growing in knowledge. I like the fact it was mentioned, you can't just go hack anything, it has to be planned, a report written and compiled together. I have been learning hacking for 6 years, have a sound background, multiple skills, great aptitude for learning. For me it would be windows pc. I carry another cheap laptop for testing attacks against. Most applications that are on github will run in powershell, I also run kali on a thumb drive, must add love parrot and tails. Keep up the great content. To add to what, so what, now what. Learn, test, document.
Very strong points, until now I used parrot as my daily but I've always complained about the sucky integration with all my stuff; I guess I should've use a VM by now :)) good work!
I feel like these distros are good for newbies, but once you have a direction you want to go I find them both lacking and a bit bloated. Neal hit the nail on the head by saying you can turn anything into a good hacking rig.
First, thanks for all the videos. They’re a valuable resource of which I only recently became aware. I’d consider myself computer literate only as far as I can navigate Windows on a PC and usually figure out whatever general issues may arise. I hasn’t been since this past year that I really wanted to learn as much as possible before time catches up with me. I’ve heard this discussion about what hardware is best for a given task. My question finally… with the ability to get a fully functional machine with respectable stats , that’ll run nearly any OS out there, all in a form factor that will fit in a pocket-- Why hasn’t anyone come up with a modular Laptop design, that could hold several, individual SBCs , with all the I/O ports , WiFi BLE RF gear and would still be the size of a MacBook Pro. I have an ancient Toshiba Satellite that could hold 4 pounds of SBCs plus whatever else would be needed. I wouldn’t be surprised if this already exists. If so, please point me in the right direction. Thanks for the videos and all the great info.
İ generally prefer Windows over Macbooks, though Macbooks are nice in software İ think the downside is that it's preset. With Windows, you can customize it & it comes with great features/functionality. Generally speaking, the price point is also much better compared to Apple if you were to compare specs. Great video as again David!
Yes , absolutely that the line is getting very thin between Windows and Kali linux, however, in mind own opinion, I believe that kali linux and Windows 11 will eventually will be fused together as 2 types tolerating system under the same software in a near future. That would be awesome for sure.
The most important aspect of having a hacking distro is that when you're starting out, it gives you all the important tools you need when you don't actually know what tools you need yet.
Lenovo Thinkpad P52/P53/P15 support max 128Gb of Ram. And some of them support 2 or 3 HDD/SDD depending on configuration. Some of them officially support Linux. Also on some laptops you can install Hackintosh
Granted, I was using my old 2009 MacBook pro, but I honestly did not like running Kali off of bare metal on it. Since grabbing VMWare Workstations and tossing it on my desktop and just using a Wifi USB (that I had to use on my Macbook anyway, since the drivers just wouldn't work for me) my life has been so much easier. Someday I'll get a nice laptop and throw this setup on there, so I can stick with Windows 10 and still have my multiple VM's as needed.
Yeah, I don't think people should gate keep which Linux you use or how you use it, BUT I will say there's something inherently satisfying about running a distro on bare metal and having some laptops around with JUST Linux on them
Thanks a lot! Great material. The advice on writing reports, presale and customer relation are really appreciated. I find that in small company you have to be a jack of all trade. And we don’t talk too much about it.
Go to a site like Newegg grab a business type laptop refurbished between $200 to $300. Make sure it has at least 16 gigs of RAM and it's upgradable. Great box to install virtualbox and run a few VMSls and get started.
Actually one of the good things about using kali as default OS would be one can become very professional in CLI by using it everyday., n could be able to get in depth knowledge of linux.
And how does that differ from using OSX in the same way or some other more user-friendly distribution? The main point here is that Kali is really not made for daily use other than hacking. It is a real eye-sore to use daily.
Not even then, it is not. If you want to get fluent in CLI, you just install a headless Linux on your box in something like WSL2 or make a docker container. Unless you're doing nothing else but hacking, the use of Kali as a daily distro is counterproductive. I don't even think it's something open for debate if you read the distribution manifest of Kali Linux. I'm convinced this is is something amateurs do to look cool.
I would even go further with installing kali on bare metal for your daily mails and reports: it seems like an unnecessary risk for being reverse hacked and unnecessarily exposing your information. By using compartments you avoid seeping data from one VM to another or to your main system.
I've had backtrack back in those days in bare metal along side with win 7, Vms are ok, I tried bare metal parrot for a whole year and loved it, right now I use ubuntu with parrot on Vm. Kali is ok but I preffer parrot, I find it quite useful and very, very fast. You can also use it bare metal with any other OS in Vm, so it is up to you. Unless you are a gamer. In that case use windows bare metal with any of those distros in a Vm. Running it from a flash drive is another good and portable choice.
Hi David. I use the HP Elite X2, virtualised with VMware running Kali and Ubuntu. I think WSL was inevitable, needed to happen. Linux is a fantastic OS.
so what i did when i started getting hard into linux and i wanted to hop around is i bought an older thinkpad (t430) with 16gb ram i5 500gb ssd it was around $100. i went on amazon and found a caddy for an additional ssd that replaces the optical drive. so with the 2 ssd the main one it boots to has an arch install with cinnamon/hyprland as my daily driver and the second ssd is used for security distros which ive tested a few. parrot os worked out nice running vms for kali and other util distros. as a side note depending on the desktop environment / window manager you use for the main box there are ways to hide the second ssd in the file manager and other places if you dont want people poking around or you are hiding it.
Writing reports is some of my weakness due my language barrier. I currently attending an Technical writhing class and I am doing well except that I need to work more in my sentence structure. great video I am hook with your contend.
I have a question: Which field ( field means = programming or networking ) is good to start and then to move in to security or cybersecurity ? Is better to have networking skills or programming skills when to start in IT and then to move to cybersecurity ?
Gus Khawaja and Matthew Hickey have written useful books on how to become a professional pen tester and how to provide a complete report on vulnerabilities found and training required to prevent attacks or staff members becoming complacent. Gaining access to a company system can be as simple as talking to the reception staff and getting login credentials, without touching a computer.
David, great content again! Can you describe how the Mac laptop for hacking would be configured (e.g., VirtualBox with VMs or Linux directly installed)?
The Windows choice is a bit complicated. I found Windows Home acting up with WSL and in general. Windows Professional is better. That requires a beefier laptop. When learning if you want to run a few VMs, 8 MB is more comfortable. It also helps to have a multi-core. You can have an external SSD to store the VMs.
Great Video ✌🏽 but I have two small questions? 1) Assuming you have the money, should you buy a MacBook with Intel CPU or a MacBook with the M1 chip ? 2) What would you recommend, use kali in a VM or in a USB with persistence?
Pepito Suárez , Hola 😀 in my opinión with this kind the money , even he recommended MacBook , instead I can go with one high resources laptop ie: Acer predator with 32GB ram and install Linux on this 😀
I prefer to multiboot, AND run VMs and yes even USB OS. To me the most important piece of hardware is the SSD size then a big amount of RAM. Windows partition for windows stuff a Kali partition and an Ubuntu or Mint. Virtual Box in a Linux, VM Ware in Windows. For me, I need Windows for Packet Trace, Visio and and etc. GNS3 I've tried before and it was DIFFICULT compared to Packet Tracer. I didn't like spending ungodly amounts of time learning how to use GNS3. I want to spend the time building networks to play with. Lately I've been looking at buying a Latitude 7490 with the 8650U i7 (8 threads for some VMs), for now 16GB RAM, and 1TB SSD. Being as poor as I am, it comes in at about $400 US. I am wondering how soon I would want to upgrade to 32GB RAM.... The last time I was playing with all this was around 2013 - 2015, after i completed CCNA. Back then i was using a Latitude e6420 with a Sandy Bridge i5, 16GB RAM and a 500GB ssd....lol Lately I've been remotivated to try like crazy to get a career going in Networking and InfoSec. Everyone is taking about how much easier it is to get a foot in the door (the HARD part!), than it used to be. This is the first time I've heard of WSL to run Linux VMs in Windows. Seems like something I'd love to play with...Damn MS! 😆 From what I understand, you cant have Windows running on the metal AND run that very same license (Windows) in a VM. Is that true? Makes no sense to me, but...I'd like to have a windows to attack without having to buy a second license 🤦or possibly go to jail attacking things that get you thrown in jail... What say you? Any help would be helpful and appreciated 🙂 🙏 👍 Man, I feel like such a noob again 😆