Kali Linux is an incredible platform for hacking.
It's an open-source operating system (based on Linux Debian) with an extensive range of pre-installed applications you can use to achieve various security tasks:
Kali is undeniably impressive, but use it with caution. Installing it to run some
nmap commands or cook malicious payloads with Metasploit won't make you an ethical hacker.
Worse, if you don't cover your tracks, it's easy to do illegal stuff, and you might not realize your white hat has turned grey, and you are putting yourself at risk.
Please don't get me wrong with this post. Don't take the term "noob" the wrong way. I don't want to patronize.
At the end of the day, you'll do whatever you want, including taking unnecessary risks or joining the dark side.
I just want to make sure you understand what's at stake. Hopefully, it will help you make the most of this beautiful open-source platform.
rootaccount with Kali
That would make 11 points, but the twelfth nooby mistake might be a bit paradoxical: don't take Kali as a "ready to go" solution.
Of course, there are tons of pre-installed apps you can use to run penetration tests, for example, but each tool must be used carefully. Pen-testing is a full-time job that requires some knowledge!
In addition to the nooby mistakes we just saw, there are red signs that show you are probably misusing Kali:
It's best if you can, at least, watch a series of videos like "Kali Linux: the complete guide" before even installing it. You'll avoid the most common mistakes, including the misuses we saw in this post.
Don't install Kali Linux as a primary system like Windows or Linux. You'd better use a live USB installation, which is also better for your privacy.
Kali has comprehensive documentation to understand how it works before using it.
Don't collect information about networks or devices that do not belong to you with Linux utilities (e.g.,
Those scans will be logged and used against you in court.
Regardless of your intentions or the risks you are willing to take, cover your tracks.
At least, mask your IP with multiple proxies. To me, there is no valid reason to run those tests online unless you have explicit authorization (e.g., for a penetration test).
Kali is not meant for beginners, but it's not a condescending statement.
The quantity AND the quality of free online resources are fantastic, and it can prevent so many bad mistakes if you take the time to learn before jumping in.
Also Published Here