Hi everyone,
I was wondering if people here would be interested in chiming in about offensive/defensive security-focused distributions. I have come across Kali Linux, Parrot OS and Security Onion. The former distros are largely oriented towards offensive-penetration (although Kali released a defensive distro a bit back), and the latter is for reconnaissance.
What do you run as VMs, and have you found differences that made you choose one over the other?
Thanks!
I honestly don’t see much value in these distributions. They just preinstall some software that you can install yourself.
Although Kali and Parrot are not that privacy-centric, I personally use Kali since I own Apple Silicon (Kali has an ARM version) and because I do well on Debian, but if I had a choice I would probably choose distros like QubeOS and Kodachi OS
Why would you downgrade your privacy and security by using Linux instead of MacOS?
I would recommend using MacOS and running Linux in a VM, if you need to use Linux.
Using Linux on Apple silicon downgrades security? Can Linux not use all of the cryptographic functions of Apple silicon?
Linux distributions don’t take advantage of the hardware-based security features that are available on Apple Silicon Macs, and all of them are still typical Linux distributions without a modern privacy/security model or features.
Ye i mean, thats what im doing now. Mac os and Linux in VM.
But Distro like QubeOS works differently in therms of security compared to Kali
Good, I thought you’re running Linux natively, lol.
Qubes OS isn’t really a Linux distribution. It also has a lot of usability and performance drawbacks. You also need to know how to properly take advantage of the isolation that Qubes provide, etc.
Security Onion has a not-all-that-dissimilar structure to pentest and security distributions like Kali and Parrot OS, but with basis on monitoring and handling data collection. It’s more like a distribution for analysing, such as Flare or Remnux. Not in the same ballpark as Qubes, or Whonix.
I most use kali when needing quicky access to some tooling without having access to my config, aka mostly a new VM.
Other than that I agree you can install this all in any distro.
Remember these are all for offensive security not really defensive for that matter. I see people mentioning Qubes, this has a completely different use case.