Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

  • Manifish_Destiny@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    4 days ago

    Kali is secure as in once it’s configured, it cannot be accessed without creds, keys etc. That meets the definition of ‘secure’. It’s just Linux with a bunch of pre installed packages.

    Of course something can always be more secure. But saying Kali isn’t secure is like me saying your PC isn’t secure because it isn’t air gapped like my most secure PC.

    • N.E.P.T.R@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 days ago

      PCs aren’t secure. Linux default isnt secure. Kali has so many apps/tools installed by default that it isnt comparable to default Linux. It has massive attack surface and no security design, therefore calling it secure isn’t accurate.

      If no effort was put into the security design of an OS, why call it secure?

      • Manifish_Destiny@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 days ago

        Okay if I turned off password auth, just used keys, disabled the Kali user and root login, how are you breaking in? Where’s the vulnerability? Which cve or cwe are you able to exploit?

        A large attack surface doesn’t mean insecure. It just means less secure.

        Source: I literally pentest for a living. No, I don’t even use Kali on a regular basis.

        • N.E.P.T.R@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 days ago

          My point exactly. A large attack surface means less secure. My point was that Kali isn’t focused on being a secure OS. It is all about the tools. Even without a vulnerability, a secure OS should protect against unknowns.

            • N.E.P.T.R@lemmy.blahaj.zone
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              24 hours ago

              I am not a troll. You don’t need to be an ass.

              Just because a system doesnt have a CVE doesn’t make it secure. It needs proper exploit mitigations. Read why Linux isn’t secure here.. The article is written by the lead developer of Whonix OS (Security hardened Debian with a focus on anonymity). If you had checked out any of the references from my previous comments you would have learned more about why I have this opinion.

              Kali isn’t any more secure than regular Debian, while also having a larger attack surface, and no kernel hardening, protecting of GUI, or application isolation. What makes it “secure”?