• 25 Posts
  • 83 Comments
Joined 1 year ago
cake
Cake day: July 16th, 2023

help-circle

  • Okay if I turned off password auth, just used keys, disabled the Kali user and root login, how are you breaking in? Where’s the vulnerability? Which cve or cwe are you able to exploit?

    A large attack surface doesn’t mean insecure. It just means less secure.

    Source: I literally pentest for a living. No, I don’t even use Kali on a regular basis.






  • Kali is secure as in once it’s configured, it cannot be accessed without creds, keys etc. That meets the definition of ‘secure’. It’s just Linux with a bunch of pre installed packages.

    Of course something can always be more secure. But saying Kali isn’t secure is like me saying your PC isn’t secure because it isn’t air gapped like my most secure PC.