Unlike some other operating systems, Kali Linux makes getting started easy, thanks to the fact that
a
live disk image is available, meaning that you can boot the downloaded image without following
any prior installation procedure. This means you can use the same image for testing, for use as
a bootable USB or DVD-ROM image in a forensics case, or for installing as a permanent operating
system on physical or virtual hardware.
Because of this simplicity, it is easy to forget that certain precautions must be taken. Kali users
are often the target of those with ill intentions, whether state sponsored groups, elements of orga-
nized crime, or individual hackers. The open-source nature of Kali Linux makes it relatively easy
to build and distribute fake versions, so it is essential that you get into the habit of downloading
from original sources and verifying the integrity and the authenticity of your download. This is
especially relevant to security professionals who often have access to sensitive networks and are
entrusted with client data.
2.1. Downloading a Kali ISO Image
2.1.1. Where to Download
The only official source of Kali Linux ISO images is the Downloads section of the Kali website. Due
to its popularity, numerous sites offer Kali images for download, but they should not be considered
trustworthy and indeed may be infected with malware or otherwise cause irreparable damage to
your system.
è
https://www.kali.org/downloads/
The website is available over
HTTPS, making it difficult to impersonate. Being able to carry out
a man-in-the-middle attack is not sufficient as the attacker would also need a www.kali.org cer-
tificate signed by a Transport Layer Security (TLS) certificate authority that is trusted by the vic-
tim’s browser. Because certificate authorities exist precisely to prevent this type of problem, they
deliver certificates only to people whose identities have been verified and who have provided
evidence that they control the corresponding website.
