How not to do it wrong with Kali

Kali Linux is an incredible platform for hacking.

It’s an open-source operating system (based on Linux Debian) with an extensive range of pre-installed applications you can use to achieve various security tasks:

Kali is undeniably impressive, but use it with caution. Installing it to run some nmap commands or cook malicious payloads with Metasploit (built-in software) won’t make you an ethical hacker.

Worse, if you don’t cover your tracks, it’s easy to do illegal stuff, and you might not realize your white hat has turned grey, and you are putting yourself at risk.

Permalink to heading Disclaimer Disclaimer

Please don’t get me wrong with this post. Don’t take the term “noob” the wrong way. I don’t want to patronize.

At the end of the day, you’ll do whatever you want, including taking unnecessary risks or joining the dark side.

I just want to make sure you understand what’s at stake. Hopefully, it will help you make the most of this beautiful open-source platform.

Permalink to heading 12 nooby mistakes with Kali 12 nooby mistakes with Kali

  • beginning ethical hacking with Kali
  • installing Kali without authorization at work
  • adding new repository sources as mirrors to solve dependencies errors
  • not knowing anything about Linux systems, encryption, daemons, and other critical concepts
  • not protecting your Kali installation (e.g., weak passwords)
  • not understanding that and why you have a root account with Kali
  • using Nmap to perform unauthorized scans on real websites and networks
  • not covering your tracks (e.g., not masking your real IP)
  • not understanding the risks of using Kali to hack public WiFi or your neighborhood (you can go to Jail!)
  • underestimating the targeted systems or persons (you can get caught quickly)
  • installing Kali as a primary system

That would make 11 points, but the twelfth nooby mistake might be a bit paradoxical: don’t take Kali as a “ready to go” solution.

Of course, there are tons of pre-installed apps you can use to run penetration tests, for example, but each tool must be used carefully. Pen-testing is a full-time job that requires some knowledge!

Permalink to heading 5 Signs that show you are doing it wrong 5 Signs that show you are doing it wrong

In addition to the nooby mistakes we just saw, there are red signs that show you are probably misusing Kali:

  • you don’t update Kali before using it
  • you are googling things like “how to fix XXX in Kali” or “how to make XXX work on Kali” every day
  • you are mixing personal stuff and work
  • you think you are safe with Kali Linux by default
  • you think ignorance can be a valid excuse if you get caught

Permalink to heading How to do it right How to do it right

It’s best if you can, at least, watch a series of videos like “Kali Linux: the complete guide” before even installing it. You’ll avoid the most common mistakes, including the misuses we saw in this post.

Don’t install Kali Linux as a primary system like Windows or Linux. You’d better use a live USB installation, which is also better for your privacy.

Kali has comprehensive documentation to understand how it works before using it.

Don’t collect information about networks or devices that do not belong to you with Linux utilities (e.g., nmap). Those scans will be logged and used against you in court.

Regardless of your intentions or the risks you are willing to take, cover your tracks. At least, mask your IP with multiple proxies. To me, there is no valid reason to run those tests online unless you have explicit authorization (e.g., for a penetration test).

Permalink to heading Conclusion Conclusion

Kali is not meant for beginners, but it’s not a condescending statement.

The quantity AND the quality of free online resources are fantastic, and it can prevent so many bad mistakes if you take the time to learn before jumping in.

This content is available in other languages: