PDA

View Full Version : Looking for Kali use cases for IT audits



okwabrac
2022-02-25, 15:41
Hello everyone,

I am a senior IT auditor at my company, and I've begun a new project to start a technical, hands-on lab (Kali VM in AWS with a Windows jump host) that we hopefully will be able to use in validating the effectiveness of various internal security assessments designed by our company's infosec team.

Right now, our use cases mainly consist of:

Validating auditee's endpoint and intermediary device configuration against chosen hardening guidelines
Using cloudmapper to generate network diagrams of auditee infrastructure
Using syft to generate SBOMs on our software, to manually look for packages vulnerable to high-profile vulnerabilities (e.g. the log4j stuff)


Obviously Kali is the best for offensive security testing, but I believe the tools packaged with Kali would lend themselves to technical audit-related tasks as well. Would you all be willing to throw some more audit-related use cases at me? I'm not as familiar with the specific tools, so I'm hoping the experts (you all) could give me some recommendations.

Thanks!