Kali Linux on Windows 10
https://www.microsoft.com/en-us/store/p/kali-linux/9pkr34tncv07?rtc=1#
Has anybody installed this yet? What are your opinions? Essentially, it's a barebones shell and you have to install the tools after the fact. It means not having to use a virtual machine. Is it ready for prime time?
Has anybody installed this yet? What are your opinions? Essentially, it's a barebones shell and you have to install the tools after the fact. It means not having to use a virtual machine. Is it ready for prime time?
Comments
: Dons tin-foil hat :
On one hand, maybe this is a win for society in general from the perspective of catching script kiddies up to no good. Said script kiddies a install gimped down version of Kali in Windows 10, an OS that has key stroke logging baked in (Microsoft rewords the EULA and privacy policy to describe this "feature" more vaguely these days, but the wording is still there).
But then again, I don't think whatever agency that can take advantage of this feature will do so yet for something so trivial. The data sniffing features are probably not there to catch criminals and are there instead to make money off of datamining.
Good luck to Microsoft in figuring out how to actually do that in a competent manner--they can't even figure out how to sell a phone correctly. Hanlon's razor and all.
On the other hand, this is a bit of a lose for Linux and for open source in general. Microsoft remains as an unconvicted monopolist at-large. This can't be a good idea from that perspective.
But then again, Microsoft didn't write this, Offensive Security (the creators of Kali Linux) did.
: Doffs tin foil hat :
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Re: script kiddies, what's to stop them from just installing a free VM and Kali? It's not that hard. There's plenty of free instruction on YouTube.
Do remember to add anti-virus exclusion when installing packages.
There is no systemd; so you will have to start programs such as postgresql manually before running say metasploit.
Most of the command line utilities work. You can install xrdp server and RDP in to get a UI; there is a guide on Kali web site.
However, there is no raw socket support so tools such as nmap and hping3 does not work as expected.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Or, maybe someone has it installed on a vulnerable machine and it's another way to exploit their network. If they have the tools available to me from within their own network, it makes things a lot easier.
But, from an end user perspective, I'll use it just to play around with it.
Yea their article mentions that will happen: https://www.kali.org/news/kali-linux-in-the-windows-app-store/
"[FONT="]Note:[/FONT][FONT="] Some Kali tools are identified by antivirus software as malware. One way to deal with this situation is to allow antivirus exceptions on the directory in which the Kali chroot resides in. "[/FONT]
Yeah and the FBI now has to make more room in cabinet to store your file. Its getting thicker, just ask them. Nothing but trouble for these people.
A neutered version of Kali - nice. Go for it.
- b/eads
All the penetration tools are all still located right in the Kali software repository. Where they are not all located in the other Linux distributions repositories. Takes one line to pick and choose which ones you'd like installed.
www.parrotsec.org