Black Bear Information Security
Information Technology Security
penetrationtesting.jpg

Blog

I <3 BlackArch

For many, Kali Linux is the go to distribution for anything security related.  The amount of support it has from both the creators and community has resulted in a Swiss Army Knife for anyone from script kiddies to professional researchers. Kali is designed out of the box to just work, and it does work very well.  However, because it is so specialized it does not funciton great as a daily driver OS.  This specialization results in a lot of services and ports being enabled and open that are required for tools to work properly that wouldn't normally be enabled.  Also many of the tools require running as root to function properly. Finally, because things "just work," Kali requires use of it's repository for software.  Other repos can be added, but at your own peril.

So what if I want my security tools AND an OS that I can use as a daily driver? Enter BlackArch.

blackarch.png

While BlackArch can be installed same as Kali and is considered a Kali alternative, it can also be installed on top of an already running Arch installation. This is the configuration I run as my daily driver.  BlackArch allows for it's repositories to be added alongside upstream Arch.  I am then able to get the latest patches as soon as they hit upstream without having to wait for Kali to release their own version of the patch to their repo.  

To add the BlackArch repo to your existing install you'll need to grab strap.sh from BlackArch

curl -O https://blackarch.org/strap.sh
chmod +x strap.sh
sudo ./strap.sh

As always, review the code to see what it is doing, but essentially, all the script does is add the Blackarch repo mirror and keyring to you pacman config.  Once it is added, you can install individual packages OR categories of packages.  To check out the categories run:

sudo pacman -Sg | grep blackarch

Now, I could use VMs, or dual boot, or use a USB and while I do use a disposable Kali VM for engagements, I don't want to have to boot up a VM or reboot to mess around with security tools or do testing (read: Lazy).  I have found that this setup works really well for my use case.  

And thats it!  Hope this was helpful.  I would love to hear your thoughts.  Let us know what you think by hitting us up on twitter @BlkBearIS

Tim Kusajtys