To get started download a Kali Linux ISO and burn the ISO to DVD or Image Kali Linux Live to USB. In this example, I used a 1TB USB3 drive for the project and the speed difference wasn’t that different from the onboard drive. Here’s a closer look at how you can implement this approach. Any use of these tools on a machine you do not have authorization to test is illegal. When the project is over, you hand over the USB drive and all testing data goes back to the client.īefore we go any further, I want to say use these tools only on systems that you have written authorization to test or systems that you personally own.So per the security policy, all company and customer data is on company hardware. Since the USB drive is owned by the company, all data is being used and stored on company hardware.Since the onboard drive is also encrypted-using different encryption-the onboard drive cannot be accessed when booted to the operating system working from the USB.
However, the lack of memory on your Windows machine might cause it to crash frequently, and you may encounter restrictive policies such as the USB ports being disabled.Īnd finally, Kali’s site has instructions for installing to a USB drive with persistence to keep any saved data. In this case, you could install a virtualization tool (I recommend the free, Virtualbox solution) and run Kali in a virtual machine. In other cases, the workstation you are provisioned for a pen testing job may require you to keep Windows as the primary operating system. You can often install Kali fully on your machine. I run Kali on all my laptops-in fact, this post is being written on Kali under a normal user account on my “sittin’ in the coffee shop” laptop. With Kali, the developers have already installed key tools for you, so your experience is pain-free. There is nothing wrong with having a “full toolbox,” but sometimes loading individual tools on the distro of your choice can be a hair-pulling experience. In less than an hour, you can have a running pen testing box with more tools than you will ever use. Kali has become a go-to distribution for hacking, and rightly so. Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of information security training and penetration testing services. If you’re just getting started in penetration testing, or are simply interested in the basics, this blog is for you. I’m Bo, a penetration tester at CompliancePoint (and also a customer of Rapid7). The following is a guest post from Rapid7 customer Bo Weaver.