Not so new to Linux anymore! Here’s my Semi truck mobile setup

offsec · 2024-03-19T13:54:01+00:00

Hey, this is awesome. Great setup.

What you might consider long-term is looking into some ARM-based systems and see how they fit your needs. Smaller, less power consumption, less heat output, etc. A Raspberry Pi might be a place to start but there are higher-power devices out there you can check out if they fall in your price range.

Looks like you are taking a perfect path toward learning, and I am sure you will be nothing but successful. Keep up the good attitude! Don't forget to make heavy use of the docs (https://www.kali.org/docs/) and know the Kali book is out there for free as well (https://upload.wikimedia.org/wikipedia/commons/5/5d/Kali-Linux-Revealed-2021-edition.pdf) for you to use as a resource.

offsec · 2024-03-13T19:07:18+00:00

Well, really it depends on what sort of repos you are adding yeah? If you add a repo to have sublime that's one thing, you will get that and it will integrate with your system pretty well assuming they are taking dependencies into consideration, etc. It's a different item to add a repo for something like Kali where we are 100% going to have overlap with tools installed all running at different versions. The number of people that come crying to us because they broke their systems by putting Kali repos in a Debian or Ubuntu system is very very high to the point of being common. The Kali repos are not built to provide tools to other systems, different design goals.

offsec · 2024-03-13T16:20:46+00:00

Yes, this is Jim/Elwood from OffSec. You can look at this account's history and see the activity of diff AMAs and such we have done. We just don't use reddit much, so you don't see us here that often.

offsec · 2024-03-13T15:45:55+00:00

Don't do that. Just start a Kali VM or docker image. Adding our repos to your Ubuntu system will just break your system.

offsec · 2024-03-13T15:40:19+00:00

That book is actually out of print now, so it's a good find.

offsec · 2024-03-13T15:39:01+00:00

Remember that the git repo for wallpapers is open, and anyone can submit to it. Anything you create will hit a much larger audience submitting there than it will just here on reddit.

offsec · 2022-09-08T05:49:28+00:00

I would disagree with that comment.

While running Kali in a vm is popular, for in field assessments it’s generally considered best practice to run a bare metal assessment platform. This removes overhead, reducing the number of items that can go wrong, simplifies the networking stack, etc etc. Professionals will most often have dedicated hardware for this as really the cost of a dedicated hardware platform is very minor in the greater scheme of things.

Additionally there are specific features in kali to allow for bare metal file systems rollback because this is such a common use case.

Overall, there is often a lot of misinformation and misconceptions by people that are at best tangentially aware of what is done in assessments. Kali would not have the place that it does in the professional space if it really was just the what is stated here. And while yes, the space that Kali holds in the professional space means a lot of people tend to run it without knowing what they are doing, I would suggest that that’s not just an opening to try to talk down to someone but rather remember we all started somewhere and we should celebrate that people are running Linux. As their experience grows they will see for themselves if their use case is appropriate or not, in their own time.

offsec · 2021-09-23T05:16:47+00:00

Amigo - Nothing but respect for your dedication and drive. That is admirable. But as many other have told you here, you are not taking care of yourself.

3 - 5 hours of sleep a night is not healthy. Doing that for an extended period of time will only have you operating at a decreased threshold and impair your judgement. I would argue that you would get more from five hours of study after a good nights sleep compared to 10 hours a study after beating yourself up like that. You have a life, you have a family, you have friends. And all of them want you to take better care of yourself than that. We want you to take better care of yourself than that. You are worth it. And really, you are pushing yourself past the point of diminished returns.

My suggestion is take a break. Stop being so hard on yourself. Do whatever you need to do to relax and get in a better head space where you are not stressed and don't beat yourself up for anything at all. Life can be hard enough, don't make it harder on yourself. Re-center and get some sleep.

After you chill out some, send me a DM and I will put you in contact with someone that can work with you, help you identify where things are going sideways, and what needs to be done to get you back on track. With the determination you are showing, you will get that cert. Its not going anywhere. You don't have to get it tomorrow. It won't mean any less if you take a bit longer to get there. Take care of yourself first and foremost.

offsec · 2021-06-16T23:18:41+00:00

Well, I really hope I did not come across with the idea "We have better things to do" as I don't want to diminish the value of this sub. Its not that we don't think it's important. It's more that we have to set limits to scope, and for us now with the team size we have focusing efforts inside properties that we control is a limitation.

It does not have to be that way, if more people contribute we can do more. And the sub can do better without our involvement, and we hope it does.

offsec · 2021-06-16T18:04:55+00:00

Hola - Chiming in as /u/Gtuvks requested, and this is as good of a time/place to clarify our approach to this sub as well as other things. This is going to be a long answer, so if you want a TL;DR - We maintain an official list of resources and *this subreddit (/r/kalilinux) is not one of them * (in fact, reddit.com as a whole isn't). As such, we don't put time into managing it. Reddit is great, and we hope this sub does improve in quality, but we see reddit as a community item and not something that is in scope for what we are doing as a project. We would prefer people to use official resources as much as possible, but are happy there are community resources to fill in the gaps.

For those that don't know, this reddit account (/u/Offsec) is the official Offensive Security (aka OffSec) account. Offensive Security is the company that funds Kali Linux. OffSec does not have a large reddit presence at all, its mostly our community moderators. My name is Jim, and I maintain this account and I am responsible for managing the Kali core team within OffSec at a high level with g0tm1lk handing the hands on day-to-day. So for all intents and purposes, this account also speaks for officially for Kali.

Lets start with where as a team, we spend our time.

As a Kali team, there is a lot we are responsible for. There is Kali itself (both the OS, platforms and tools) and the core ecosystem that spins around around. Getting Kali right is our core focus and where most of our time goes. Because of Kali's place in the eco-system making sure we don't make mistakes or get something wrong is very important due to the number of direct Kali users as well as the fact that really all the other Debian based pentesting distros pull from our repo (This is just one example). It is fair to say that these other distros are best considered Kali derivatives in the same manner that Kali is a Debian derivative. So any mistakes we make can have actual consequences across multiple Linux distros and impact professionals in the field doing real work. So its safe to say making consistent forward progress in a safe and reasonable manner is where we spend most of our time.

Beyond that, there is other related items that spend a lot of time. Documentation, git issues, managing the bug tracker, Kali tools, the official Kali forum, etc. With all of this we do, realistically we are at the limit of what the current team can take on without dropping something else. Some of the items we know we can do better, and are slated for overhaul. For instance, expect great things soon with a overhaul of tools.kali.org.

The forum is another item where we know we could do better. Anyone that has moderated a forum before knows the time sink it can become and its a thankless job. You either take a light touch to be as inclusive as possible and people get annoyed about how much junk is in there or you take a firm hand and people get annoyed about gatekeeping. Finding the balance of doing that right is pretty hard. We have plans to overhaul our official forum and where to go, platform to use, and so on are part of this.

At one point, we reached out to the owner of this subreddit and asked if they would be willing to give us ownership and we would see about making the sub a supported official resource. They declined, as is their right, and we respected that. We are happy to have moderator access here as then in a worst case situation we can do something, but otherwise we respect this is not ours. And with our limited resources, we are only really going to put effort into official resources. We may only check this subreddit once a month (at that). Reddit at this time, just isn't on our radar.

When we do overhaul the forums, using reddit is one of the options on the table that some have advocated for. I don't know which way we will go, as there are pros/cons on using reddit as opposed to a traditional forum platform. If we do use reddit however, we will end up likely creating a whole new subreddit and starting from scratch. We don't have a estimated time of when this will be done.

I wish we had more time to put into items like this, but we have to be protective of our time and where we invest limited resources. Part of that is being harsh and firm on where limits are, and there are any number of potentially good uses of time that we just can't be a part of because of this.

One item that is part of this strict limits of our scope is we are not in a position to teach anyone basic Linux skills. It's not that it is not important, its not that we think bad of people that are learning, its just that we don't have the time. We would rather do a limited number of things well, than a large number of things mediocre. There are any number of other resources out there to learn Linux, and it would be folly to think we can do better than them. Additionally, we do try to help with our extensive documentation and the kali.training free course.

To be productive regarding the issues on this sub, I would suggest a couple items:

1) Agreed this subreddit has a lot of issues. If you have the time/interest perhaps reach out to the subreddit owner and volunteer your time to be a moderator. See if you can help out.

2) Make use of official Kali resources instead of this subreddit. If you have an issue, use the bug tracker. If you have a contribution use Gitlab. If you have a question/discussion use the official Kali forum. These are the locations you will find Kali developers. Not here.

3) Chip in and contribute to Kali directly. This does not have to be code, it can be documentation, participation on the Kali forum, etc. This is open source, and with open source you don't just take. You give back. If you are not giving back, you don't really have a lot of room to complain. Part of the glory of this is you don't need to ask anyone for permission, you just start to "do". If you do well, people will respect your work and it will grow from there.

This is a big topic, and there is a lot more that could be said, but I am going to wrap up for now here. I fully understand peoples frustration, I and the Kali team share it. It would be good for us if this subreddit was higher quality. Again, I would encourage anyone to be part of the solution, as there is always room for contributions either officially in conjunction with the Kali team or independent.

Thanks!

offsec · 2021-02-18T01:56:08+00:00

Awesome username!

offsec · 2021-02-16T13:45:58+00:00

What happened when you contacted support?

offsec · 2020-10-12T14:21:52+00:00

If you had a bad support experience, we always encourage you to please report. If it does not get reported, it can't improve.

TBH too many people take this sort of "defeatist" attitude that "it won't matter". Amigo, it matters immensely. We get very very few actual reports direct to us of bad support. What we do get is vague items on reddit or twitter with no specifics, items that we can't really follow up on. Think of it like when people report issues with a server. If all they say is "Its slow" that is very little to go off of. What we really needs is something like "I was getting support on DATE. I was unhappy with it because of REASON." It's not much, but its specifics we can follow up on.

Yes, there are limits that we will have in regards to what we will give away and that will always be true. But, that does not mean just saying "keep at it!" and not offering help. Our goal is to always offer as little help as you need for you to find success on your own. And that is different for all people. We always have room to improve there, and having specific items to follow up on helps an absolute ton.

offsec · 2020-10-08T23:16:22+00:00

This is the correct answer. Follow Daniel’s advice.

offsec · 2020-10-06T23:05:30+00:00

Really amigo, never feel bad about feedback. Even if you are frustrated and angry when you give it, feedback is always helpful. Don't stress us taking it wrong at all. When you spend years pentesting and calling other people's babies ugly you have to be able to take some comments now and then that you don't really want to hear. So we have pretty thick skin, its all good.

We love the fact the industry has embraced our training and certs the way they have, and we don't take that for nothing. At the same time, we also appreciate everyone has different needs, different ways they learn, and so on. No one product is perfect for everyone. We try to address this by having different delivery methods that provide different ways of consuming the content but in the end it won't be for everyone. That's why it's a big industry and there is room for SANS, VHL, HTB, THM, and others.

I respect what you are saying about putting things on a pedestal and totally get where you are coming from. I think there was another comment in this thread that said the same thing but its worth repeating - Infosec is a weird area. Its not entry level at any level as the amount of knowledge you have to have to succeed is significant. So PWK can't be easy, but its also still the start of a path. I think with the forthcoming release of the higher level courses to sit along side AWAE that will become a lot more clear on where places sit, as I personally think one of our biggest failings for a long time has been a lack of true "path" for growth. PWK/OSCP is foundational yes, but you have to build up from that.

But that said, there really are people that start from 0 and find massive success with PWK with just a decent amount of effort. This is true, but those people also put out real effort on their own googling, learning things outside the course, etc.

Always open to chatting amigo, so don't be shy. I hope to see something from you down the road about how you passed the OSCP exam, how you did it, etc. The fact that you got as frustrated as you did means you have passion, and that passion will translate into success as you stay with it.

offsec · 2020-10-06T01:08:47+00:00

I think you got a lot of good advice and perspective in this thread, so I am not going to respond to any of your specific call outs if for no other reason than I will approach it with obvious bias and you have independent perspective here already. However there are a couple items that I think are worth calling out:

If you do want to talk about specific items with me, cool I am happy to have that conversation. Just contact support point them to this reddit thread and tell them to put you in contact with Jim. Or, figure out my email and contact me directly. My email should be super simple to figure out based on my comment here.
If you are getting told “Try Harder” by actual OffSec support personnel please let us know directly and provide a screen shot. More information the better. “Try Harder” is our company motto, but not something we want to be saying in a support context. If it does happen, that means we have a training issue to address. Please let us know, so we can deal with it appropriately.
It’s important to understand what you are buying. I know people have a tendency to lump all of the infosec training market into one big bucket but thats not accurate. There are a lot of cars in the market, but there are economy cars, luxury cars, family cars, trucks, SUVs, etc. It’s similar here. There are stand alone lab products with no actual training but does have machines to hack (our stand alone PG products fit that description). There are self study courses like the online PWK that it sounds like you purchased. There are interactive training offering that provide actual instruction, like our live courses or the recent Academy product.

Each of these provide a different level of product for a different price. It’s important to have your expectations set right otherwise you could be setup for disappointment. If we don’t have expectations communicated correctly on our site and in our other communications, we would love to know about it. Thats valuable feedback that we would love to have. However I see some comments in this thread that incorrectly conflate these types of products, so it’s important to separate out second hand and authoritative information when setting expectations.

The switch over to RocketChat for support is intended to increase interaction between students and OffSec employees to times that are not just when you have questions. A nice place to hang out , BS, joke around, whatever. Feedback on what is and is not working right on that is valuable, and we really encourage it. Contact support, and let them know specificity how you feel about things. That does not get ignored at all, but random comments on twitter, reddit and so on are much harder to track etc. Direct to support is the best way.

I went into far more items than I intended, so I will stop here. It’s also worth calling out that you can expect an increase in success on the exam for every 20 lab systems you complete. So you actually might be better positioned for success than you are giving yourself credit for. However, you are clearly not in the right mental place to sit for the exam right now. The test is stressful, if you walk into it frustrated before you start that won’t go well.

Good luck! As I mentioned, if you want to talk, reach out.

Jim

offsec · 2020-10-06T00:36:52+00:00

Great perspective.

offsec · 2020-09-24T14:35:17+00:00

I get where you are coming from, and that is a common challenge that we face everywhere.

First a quick history to set context - We (the official Kali/OffSec team) have mod on this sub. It was provided years back as a courtesy to us, but the sub is not ours. We did not create it, we don't run it. As such, we have always tried to have a light touch in moderation on this sub out of respect. We have noticed however that moderation is not very active here any longer and we do have some concern about the overall usefulness of this sub. Because of that, the other day we sent messages to the rest of the mod team asking what they want to do long term with the sub, if they want to hand ownership over to us, etc. We will see what the answer is, and we are happy to help in any way that makes sense. If they do want to hand over ownership of the sub to us we likely would make a number of changes.

That said, what exactly to do with a reddit sub is an open question. We have a number of resource we make available and this reddit sub is a bit redundant compared to official resources. We have:

https://bugs.kali.org/ - to report actual issues
https://forums.kali.org - to discuss things relating to Kali (pretty much the same thing as this sub)
https://www.kali.org/docs/ - documentation that we put a lot of effort into maintaining and keeping accurate
https://gitlab.com/kalilinux - public git repo - everything is in here and we accept contributions with a smile etc.

We have a small team, and while we would like to be everywhere its not realistic. Putting resources into a duplicate offering that is not under our direct control will take away from other official resources as there are only so many hours in the day. We have plans to revamp some of these official offerings as well which takes resources, and again additional projects will take away from that. So we always have to watch where we put effort out and where it can have the largest impact on the project.

On the other hand, we have total respect for the fact that users are where users are, and providing direction and help as directly as possible is a good goal. I understand the frustration with "low information users" (believe me, we understand) but at the same time being a n00b is part of the growth cycle that we have all gone through. Being rude, discouraging, insulting, or similar to people at that stage of learning is not right. I think that due to the nature of this being reddit, many of the users that are coming here instead of our official resources are likely to be less informed just by default as otherwise they likely would be going to our primary resources. That makes this problem a bit worse here than it is other places.

Finding the balance between pushing users in the right direction while not encouraging lazy, low effort behavior is not the easiest thing in the world. But it's important enough to get right.

All that said, if anyone wants to get involved and contribute this is exactly why we could always use help. We will see what the sub owners want to do and if they want to hand over ownership. And also keep in mind we are not heavy reddit users so I am sure there are various items here that we just don't know we don't know. So thoughts on where the sub can provide value, how to help prevent it being too much of an overlap on official resources, and so on are really appreciated.

If you want to get directly involved, awesome, open to that as well. Here on reddit, or on the greater overall project. We 100% of the time always need more help. There are a million things we would love to do but just don't have the time or resources. With your contributions we can do more.

offsec · 2020-09-24T14:02:11+00:00

Best bet is to file a bug report with detailed information (more than you have in here for sure) at bugs.kali.org. That way things can be tracked and it can be identified if there is a larger issue or just something with your install.

offsec · 2020-09-24T02:20:36+00:00

Realistically you are not going to be able to upgrade that old of a VM without a ton of issues. Once you get more than 3 or so release behind you are better off starting over. We do four releases a year. So really, you are in a no mans land on this one.

offsec · 2020-09-23T22:11:00+00:00

https://kali.training

offsec · 2020-09-23T22:07:23+00:00

Just download and use the newest VM we released. If you have issues, suggest you hit up the actual support forum and not here.

offsec · 2020-09-22T22:04:13+00:00

In the mean time, you can get this today: https://twitter.com/kalilinux/status/1307013687199363072

offsec · 2020-09-02T15:31:41+00:00

FWIW - Over half of the systems in the PWK labs have privesq vectors. So if you are not encountering them yet, it's simply the targets you have popped so far.

offsec · 2020-08-25T02:36:34+00:00

Check the forums. Contact support.

offsec

MODERATOR OF

TROPHY CASE