Fun with Kali

4/1/2019

If you’re reading this post, you likely work in some aspect of Information Technology. Personally, I’ve been in many IT roles, leader, manager, trainer, engineer, architect, etc. ad nauseum. Each involves challenges and opportunities but for the most part you probably would not consider IT to be fun.

I do.

I could spend the rest of this post waxing poetic about how fun fits into all the roles listed above, but perhaps there will be better value for you if I narrow my focus.

Want to know what’s been especially fun for me (and perhaps could be for you as well)?

Kali Linux

Admittedly the vast majority of my technical background is on the Windows side. Like many of you I’ve spent years in the field and through training courses improving my Windows skills and gathering a bunch of certifications from Microsoft. Windows is powerful and ubiquitous. I have a great time working in Windows networks and teaching Microsoft courses. But sometimes we all need to broaden our horizons.

Which leads me to Kali Linux. In the past I’ve used Ubuntu in small environments and enjoyed the capabilities and differences. But Kali is a completely different animal. You see, most of the time we install an operating system for productivity as we have something positive we want to accomplish.

Not Kali. Kali is all about crashing through security barriers. Well, that’s not exactly true. A lot of white hat security professionals use Kali to shore up their defenses. The first time I used Kali Linux in a test environment I had very mixed emotions. Here was the internal dialog:

“Wow! This is so cool! I’m breaking into all kinds of stuff, stealing password hashes, sneaking past defenses and covering my tracks like a boss!”

“Wow. This is freaking me out. Other people could use this to be breaking into all my stuff, stealing my password hashes and covering their tracks like a boss!”

Here is a quick synopsis of Kali Linux straight from the official documentation at Kali.org.

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

My friends, playing with Kali Linux in the test environment was more fun for me than a basketful of kittens. I’m not even joking. I should warn you, this is NOT something you want to put into your production environment unless you are fully authorized to do so and have some serious training. It’s a powerful set of tools that can be used for good, to improve security, but for evil, to wreak all kinds of havoc in your organization.

Having said that, if you’re at all responsible for IT security then learning how to use these tools, many of which are the exact same tools attackers use, will be valuable for your organization and your own personal skill set. If you want to outwit the bad actors, you need to know how they do what they do.

Plus, it’s free. FREE!

I highly recommend checking out Kali Linux. SO. MUCH. FUN.

Here are a few links to help you out.

Kali Linux ISO downloads (which can be used to create a Hyper-V VM on a Windows system or a bootable USB drive)

Kali Linux VMWare and VirtualBox downloads

Also, if you want to get training on how Kali Linux can be used then check out our CYSA+ course. It’ll get you up to speed on various cybersecurity topics specific to those of you who are on the front lines of cybersecurity. Here is a great blog post on the course.

Now go out there and have fun with Kali!!

-Troy