You are not logged in.
- Topics: Active | Unanswered
#1 2017-04-06 11:53:42
- erkana
- Member
- Registered: 2016-04-29
- Posts: 8
Are Arch and BlackArch good choices for Information Security people?
Hello guys,
I have been working in IT for over 12 years now, mostly in Windows world but always had some interest in Linux. I am currently trying to switch to Information Security field, penetration testing at least in the first place. I know that Kali exists and it's mostly a standard choice but I wonder if BlackArch is a good alternative to it? I also wonder If Arch would be a good choice for me while I am learning penetration testing tools. By the way, I am using a MSI gaming notebook with dual GPU's (Nvidia Prime) and having some issues with Ubuntu and Fedora (they just don't use nvidia card at all and it's fine). I bought this gaming notebook just because it had quad core I7 and 32gb memory support, so I don't care gaming at all. All I might play nowadays is Diablo II over wine.
Thank you.
Offline
#2 2017-04-06 12:28:50
- Texbrew
- Member
- From: The Lone Star State
- Registered: 2016-02-09
- Posts: 580
Re: Are Arch and BlackArch good choices for Information Security people?
I hope I'm not just adding noise here.
(1) I think the moderators will tell you only Arch Linux is supported in these forums. You asked about BlackArch.
(2) i know nothing about penetration testing, so I can't comment there (noise?)
(3) I am pretty sure Nvidia cards have support in Arch Linux, and I see a lot of posts in the forums regarding Nvidia, with issues fixed.
(4) The main reason for my post: In my opinion, Arch is an excellent distro for learning how linux works. You can build on that learning if you choose to switch to most any other distro, but I bet you won't switch, because you are going to love it.
Offline
#3 2017-04-06 13:33:43
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 11,911
Re: Are Arch and BlackArch good choices for Information Security people?
(1) I think the moderators will tell you only Arch Linux is supported in these forums. You asked about BlackArch.
It is possible to install blackarch on top of a normal arch linux installation.
--------------------------------
I know very little about BlackArch, but just browsing their installation instructions makes me wonder how secure it is .
# Run https://blackarch.org/strap.sh as root and follow the instructions.
$ curl -O https://blackarch.org/strap.shIf you look at strap.sh, you'll see it doesn't do much and could easily be replaced by a simple how-to achieve those things manually .
If BlackArch devs take security serious, why do they ask you to download and run a script as root ?
They should have added a step to verify the contents of the script before running it.
Last edited by Lone_Wolf (2017-04-06 13:34:15)
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline
#4 2017-04-06 13:43:59
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,523
- Website
Re: Are Arch and BlackArch good choices for Information Security people?
It is possible to install blackarch on top of a normal arch linux installation.
That's debatable. It's unclear whether such systems would be supported on these forums. I'd personally emphatically argue against supporting those systems. I think there is some precident here of those threads being binned - perhaps not explicitly as 'not archlinux' but as too foolish to warrant help.
Pen-testing packages that would come preinstalled in blackarch can absolutely be installed on an arch linux system. Those systems, and those packages installed via pacman would be supported here.
As for whether blackarch is good for real information security work ... <mod hat way off>
... hell no. It's for script kiddies who want to pretend they are "leet". The only sane return value from their above mentioned installation method (executing randomly downloaded code as root) would be "Sorry, you failed the penetration test".
If that's how they encourage someone to install security tools, I'm quite comfortable concluding that they either don't take security remotely seriously, or they don't know their a** from a hole in the ground. Likely both.
Using arch, and installing any given security-related tools or packages you would want would be a good way to actually learn about security. Using black arch is a good way to brag about being some "leet haxor" without knowing a damned thing.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#5 2017-04-06 16:33:41
- erkana
- Member
- Registered: 2016-04-29
- Posts: 8
Re: Are Arch and BlackArch good choices for Information Security people?
Thank you for the ideas guys. I was thinking that Black Arch was a sub project of Arch but seems like I was wrong. I am currently reading and trying to install Arch on virtualbox over my Fedora host. If I am not wrong, Kali is just a linux distro which is pre-loaded with security tools which also can be achieved by installing any Linux and then installing those tools one by one. I'll return to that later, once I finish installing Arch on my laptop.
Offline
#6 2017-06-25 10:06:47
- Photor
- Member
- Registered: 2013-05-28
- Posts: 11
Re: Are Arch and BlackArch good choices for Information Security people?
In you are Interesses in Penetration testing you my have a Look on Kali-Linux. This Distribution is based on Debian I think.
Hope that is no noise,
Photor
Offline
#7 2017-07-28 23:27:49
- Mr.Elendig
- #archlinux@freenode channel op
- From: The intertubes
- Registered: 2004-11-07
- Posts: 4,092
Re: Are Arch and BlackArch good choices for Information Security people?
In you are Interesses in Penetration testing you my have a Look on Kali-Linux. This Distribution is based on Debian I think.
Hope that is no noise,
Photor
See the post by Trilby, it applies to kali too.
Evil #archlinux@libera.chat channel op and general support dude.
. files on github, Screenshots, Random pics and the rest
Offline
#8 2017-07-28 23:52:37
- Xyne
- Administrator/PM
- Registered: 2008-08-03
- Posts: 6,963
- Website
Re: Are Arch and BlackArch good choices for Information Security people?
If that's how they encourage someone to install security tools, I'm quite comfortable concluding that they either don't take security remotely seriously, or they don't know their a** from a hole in the ground. Likely both.
So penetration testing for them is basically a game of golf? 
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
#9 2017-07-29 08:59:38
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: Are Arch and BlackArch good choices for Information Security people?
If that's how they encourage someone to install security tools, I'm quite comfortable concluding...
I'm not following your logic train.
They're giving instructions on how to efficiently *install* security tools, not on how to penetration-test the installer.
Someone who is running a software provider's installer, has obviously already decided to *trust* that installer.
Offline
#10 2017-07-29 11:11:08
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,523
- Website
Re: Are Arch and BlackArch good choices for Information Security people?
And they shouldn't trust someone who so efficiently demonstrates what would have to be at least one of incompetance, carelessness, or malevolence. I certainly wouldn't think the third of those three options is particularly likely, but either of the first two are sufficiently problematic.
Don't run something as root if the author of that something has no idea what they are doing.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline