Kali Linux comes to Windows 10, handing hacking tools to pen testers

Kali Linux is now officially available on the Microsoft Store, marking another milestone in Microsoft's recent bid to support open source software.

Running on Windows Subsystem for Linux (WSL), a feature introduced as part of last year's Fall Creators Update that allows users to run various Linux distros on top of existing Windows 10 installations, Kali Linux joins other popular distros such as openSUSE, Fedora and Ubuntu.

"Our community expressed great interest in bringing Kali Linux to WSL in response to a blog post on Kali Linux on WSL. We are happy to officially introduce Kali Linux on WSL," said Microsoft's WSL programme manager, Tara Raj, as part of a blog post announcing the distro's availability.

"We would like to extend our sincerest thanks to the Kali Linux team and especially [Kali lead developer] Mati Aharoni for all their patience, hard work and support to plan, build, and publish their distro packages in the Windows Store. Thank you!"

Kali Linux, a security-focused Linux distro based on Debian, is designed primarily for 'offensive security' - a branch of cyber security that involves ethical hackersattacking businesses in order to expose flaws in their networks that can then be fixed, a process known as penetration testing.

As well as penetration testers and red teams, the distro is also used by actual cyber criminals, due to its effectiveness. The software comes pre-packaged with a variety of different hacking tools, including password crackers, packet sniffers and exploit tools.

Ian Thornton-Trump, cyber vulnerability and threat hunting lead at Ladbrokes Coral, toldIT Pro that such tools could be dangerous in the wrong hands, but equally warned that using these tools on Windows 10 could expose hackers, due to the type of data Microsoft collects from the OS.

"Windows 10 collects a ton of user telemetry. If you're going to get your hack on, you're going to get caught," he said,"and in the US, you may go to jail for a very long time - especially if you are a jerk and go after infrastructure you don't own. So, it's like a bear trap for script kiddies and entrepreneurial cyber criminals."

However, he also pointed out that making Kali more accessible could lead to improvements in overall security, such as security teams using it to illustrate network vulnerabilities to board members.

"Kali is pure red, like the blood of your cyber enemies. But I do think it may do some good if used to improve security, and the key word is responsibly," he said. "Learning is always cool - getting busted under the CFAA because OPSEC training is not included in Kali is un-cool. Bottom line: hack what you own. If you don't own, it don't hack it - unless you have written permission."

Comments are closed.