Kali Linux comes to Windows 10, handing hacking tools to pen testers

Hacker-friendly distro arrives on Windows Subsystem for Linux

Kali Linux is now officially available on the Microsoft Store, marking another milestone in Microsoft's recent bid to support open source software.

Running on Windows Subsystem for Linux (WSL), a feature introduced as part of last year's Fall Creators Update that allows users to run various Linux distros on top of existing Windows 10 installations, Kali Linux joins other popular distros such as openSUSE, Fedora and Ubuntu.

"Our community expressed great interest in bringing Kali Linux to WSL in response to a blog post on Kali Linux on WSL. We are happy to officially introduce Kali Linux on WSL," said Microsoft's WSL programme manager, Tara Raj, as part of a blog post announcing the distro's availability.

"We would like to extend our sincerest thanks to the Kali Linux team and especially [Kali lead developer] Mati Aharoni for all their patience, hard work and support to plan, build, and publish their distro packages in the Windows Store. Thank you!"

Kali Linux, a security-focused Linux distro based on Debian, is designed primarily for 'offensive security' - a branch of cyber security that involves ethical hackersattacking businesses in order to expose flaws in their networks that can then be fixed, a process known as penetration testing.

As well as penetration testers and red teams, the distro is also used by actual cyber criminals, due to its effectiveness. The software comes pre-packaged with a variety of different hacking tools, including password crackers, packet sniffers and exploit tools.

Ian Thornton-Trump, cyber vulnerability and threat hunting lead at Ladbrokes Coral, toldIT Pro that such tools could be dangerous in the wrong hands, but equally warned that using these tools on Windows 10 could expose hackers, due to the type of data Microsoft collects from the OS.

"Windows 10 collects a ton of user telemetry. If you're going to get your hack on, you're going to get caught," he said,"and in the US, you may go to jail for a very long time - especially if you are a jerk and go after infrastructure you don't own. So, it's like a bear trap for script kiddies and entrepreneurial cyber criminals."

However, he also pointed out that making Kali more accessible could lead to improvements in overall security, such as security teams using it to illustrate network vulnerabilities to board members.

"Kali is pure red, like the blood of your cyber enemies. But I do think it may do some good if used to improve security, and the key word is responsibly," he said. "Learning is always cool - getting busted under the CFAA because OPSEC training is not included in Kali is un-cool. Bottom line: hack what you own. If you don't own, it don't hack it - unless you have written permission."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021