Kali Linux is the Debian-based successor of BackTrack Linux which was based on Ubuntu. It is aimed at advanced Penetration Testing and Security Auditing applications. It provides common tools, configurations, and automations that enable users to focus on actual security testing instead of wasting time searching for the right tools. Kali Linux contains industry specific modifications as well as several hundred tools targeted towards various Information Security tasks, such as Penetration Testing, Security Research, Computer Forensics, Reverse Engineering, Vulnerability Management and Red Team Testing. Kali Linux is a multi-platform solution, accessible and freely available to information security professionals and hobbyists.
Over the years, Kali has perfected the offensive security distribution. But now it is branching into a new era, defensive security! Kali Purple is still in its infancy and is going to need time to mature. But you can start to see the direction Kali is expanding into.
What is Kali Purple
On a higher level, Kali Purple consists of:
- A reference architecture for the ultimate SOC In-A-Box; perfect for:
-
- Learning
- Practicing SOC analysis and threat hunting
- Security control design and testing
- Blue / Red / Purple teaming exercises
-
- Kali spy vs. spy competitions (bare knuckle Blue vs. Red)
- Protection of small to medium size environments
- Over 100 defensive tools, such as:
-
- Arkime – Full packet capture and analysis
- CyberChef – The cyber swiss army knife
-
- Elastic Security – Security Information and Event Management
- GVM – Vulnerability scanner
- TheHive – Incident response platform
- Malcolm – Network traffic analysis tool suite
- Suricata – Intrusion Detection System
-
- Zeek – (another) Intrusion Detection System (both have their use-cases!)
- …and of course, all the usual Kali tools
- Defensive tools documentations
- Pre-generated image
- Kali Autopilot – an attack script builder / framework for automated attacks
- Kali Purple Hub for the community to share:
-
- Practice pcaps
- Kali Autopilot scripts for blue teaming exercises
- Community Wiki
- A defensive menu structure according to NIST CSF (National Institute of Standards and Technology Critical Infrastructure Cybersecurity):
-
- Identify
- Protect
- Detect
- Respond
- Recover
- Kali Purple Discord channels for community collaboration and fun
- And theme: installer, menu entries & Xfce!
HYPERLINK “https://www.kali.org/docs/introduction/what-is-kali-linux/#kali-linux-features
Screenshots.
Figure 1: Kali Purple Login Screen
Figure 2: Kali Purple Desktop
Figure 3: Kali Purple Menu – Blue Team Tools Align with NIST Categories of Identify, Protect, Detect, Respond and Recover.
The new menu has a defensive structure according to NIST CSF:
- Identify
- Protect
- Detect
- Respond
- Recover
Closing Thoughts
Kali Purple is made with pentesters and purple teams in mind. Over the years, Kali has perfected the red team security distribution. But now it is branching into a new era, blue team operations. Kali Purple is still in its infancy and will need time to mature.
If you are new to Linux or have less experience with command line you might find Kali Linux to be not so user-friendly, even though its developers try to make it as user-friendly as possible, some things might be intimidating to you if you are new.
The developers always try to make Kali Linux as much hardware compatible as possible but, still some hardware/s might not work as expected or not work at all. So, it’s better to research hardware compatibility beforehand rather than breaking your computer later.
If you are installing Kali Linux for the first time, it is recommended to install first in Virtual Machine then, after getting familiar with it, you can install it in your own hardware. And that’s Kali Linux Purple.
