Kali is one example. That said Kali is not a bad thing.

quesera · 2025-01-27T22:18:29 1738016309

We are obligated to have an external auditor run PCI DSS penetration testing and network segmentation testing every year.

Their second request (after a network diagram) is always to create an EC2 instance running Kali.

Which, honestly, confuses me a bit -- all of the packages are available in AL or Ubuntu, so why do they care? I don't know, and I guess I don't care enough to ask. Just give me the attestation document please. :)

alp1n3_eth · 2025-01-27T23:53:04 1738021984

My assumption is it's for reducing the number of things they need to configure, and therefore troubleshoot.

It's easy to say "The newest Kali release is the distro the org will use" instead of "Use whatever Linux flavor you want and here's an install script that may or may not work or break depending on your distro and/or distro's version".

Them spending time troubleshooting a setup that's out-of-spec is still time billed, so it's better for their customers for everything to roll smoothly too. They also just want to execute their job well, not spend time debugging script / build issues.

maple3142 · 2025-01-28T01:18:22 1738027102

From my experience, it is obviously not all the packages in Kali Repo will be in Ubuntu (or other regular distro) Repl. Lots of specific pentesting tool can be installed with just `apt install ...` in Kali, which make it a lot more convenient when you need to do pentesting.

indymike · 2025-01-28T15:19:53 1738077593

Out of the box experience and some extra scripts :-)

zblevins · 2025-01-27T22:38:25 1738017505

Think about all the time saved not having to do sudo or su.

panki27 · 2025-01-27T23:27:21 1738020441

Kali has actually used a non-root user as default for a while now.

Anyways, if you don't run `sudo -s` as your first command in a shell - are you really hacking?

bluedino · 2025-01-27T23:35:09 1738020909

They don't know how to use Linux they just know Kali

tsujamin · 2025-01-28T01:00:28 1738026028

More like compiling a bunch of github projects written by hackers is a pain in the ass, so “make me an ec2 with Kali” is more cost effective

bluedino · 2025-01-28T01:30:03 1738027803

Fair point

emmelaich · 2025-01-28T01:00:56 1738026056

pic mentions openKylin, I suppose Kylin is a bit like Kali?

Likewise, discussion should be allowed.

The actual title of this story is literally not believable if you take the most generic meaning of discussion and Linux.

I'd go even further: I don't believe that anyone could believe that the title is believable.

indymike · 2025-01-28T15:20:52 1738077652

It is believable if you've experienced anything to do with moderation on Facebook. It's a dystopian experience that defies any ordinary expectation of normalcy.