Kali Linux Adds 'Undercover' Mode to Impersonate Windows 10

"Kali Linux 2019.4 was released last week and with it comes an 'Undercover' mode that can be used to quickly make the Kali desktop look like Windows 10," reports Bleeping Computer: Kali is a Linux distribution created for ethical hacking and penetration testing and is commonly used by researchers and red teamers to perform security tests against an organization. As most people are used to seeing Windows and macOS devices being used, it may look suspicious to see a user running Kali Linux with it's distinctive dragon logo and a Linux environment in an office lobby or other public setting.

With this in mind, in Kali Linux 2019.4 the developers created a new 'Undercover' mode that will make the desktop look similar to Windows 10 in order to draw less suspicion.
The script even hides Kali's dragon logo, explains a post on the Kali blog, so "you can work a bit more incognito. After you are done and in a more private place, run the script again and you switch back to your Kali theme. Like magic...!"

"Thanks to Robert, who leads our penetration testing team, for suggesting a Kali theme that looks like Windows to the casual view..."

Sad state of the world.

[BAReFO0t]

To me, a Windows or macOS user would be highly suspicious and not be allowed on the local network.

But you are not allowed to bring your own devices here anyway. This is not venti latte hipster webdev shop. We do actual work. People could die.

Re: Sad state of the world.

[Provocateur]

Not a criminal for f*** sake. Just a casual pr0n viewer, looking to see what's trending in the adult section of the net.

Back on topic-undercover, living on the edge...soon, somebody's going to get caught. They might listen to my plea of insanity when they find out I was posting comments on Slashdot.

Re:Sad state of the world.

[arglebargle_xiv]

Couldn't you emulated 90% of the Windows 10 experience with a static image displaying the text "Working on updates / 12% complete / Don't turn off your computer"? You could occasionally flip to "We couldn't complete the updates / Undoing changes / Don't turn off your computer" to make it even more realistic.

Liek magic!

[De_Boswachter]

"After you are done and in a more private place, run the script again and you switch back to your Kali theme. Like magic!" "Like magic!", said no hacker ever.

Um, no

[apoc.famine]

....suggesting a Kali theme that looks like Windows to the casual viewer....

The casual viewer is going to immediately notice that you've either got a terminal window open or a GUI, and that immediately makes what you're doing seem out-of-place. They're expecting either a browser, Outlook, a MS Office App, or maybe an Adobe app. Anything else and you're squarely in "who's that guy, and what's he doing" territory.

If you want to be sneaky you need to just reskin the terminal as an Excel sheet with commands getting entered in cells. When most people look over and see an Excel sheet with lots of crap in it, you immediately just got 1000% less interesting.

Re:

[Zero__Kelvin]

"The casual viewer is going to immediately notice that you've either got a terminal window open or a GUI, and that immediately makes what you're doing seem out-of-place. "

It isn't intended to solve the case where people are constantly staring at your screen. It is so that when people pass by you can momentarily minimize the terminal.

Re:

[antdude]

When I started working full-time for a dotcom startup company back in the late 90s, my boss thought I was using DOS with my command prompt in Windows NT4 SP6. Haha.

Hmm ...

[fahrbot-bot]

... ethical hacking and penetration testing ... it may look suspicious ... in an office lobby or other public setting.

If you're doing "ethical hacking", presumably you're doing it for someone and presumably they know about it, so can't you do it in one of their cubicals or offices, rather than slinking about in the lobby or Starbucks next door? Even so, if you're not doing anything wrong, using the Kali desktop with dragon logo shouldn't be an issue - right?

Re:Hmm ...

[Zero__Kelvin]

"Even so, if you're not doing anything wrong, using the Kali desktop with dragon logo shouldn't be an issue - right?"

In most pen testing scenarios it isn't common knowledge throughout the company that pen testing is happening. Being covert is how a real hacker would do it, so if you want to see what a real hacker can accomplish you need to also be covert.

Re:

[fahrbot-bot]

In most pen testing scenarios it isn't common knowledge throughout the company that pen testing is happening.

True, but then the boss could just introduce you as something else, like an auditor, and show you to an office.

Being covert is how a real hacker would do it, so if you want to see what a real hacker can accomplish you need to also be covert.

Also true, but, until now, if a real hacker was using Kali, they would have been using the desktop w/dragon logo :-) Also, I'm sure 99% of people, and even a fair number of IT people, don't know what Kali is and/or wouldn't notice or care about its desktop or logo.

I can see the utility of this "undercover" or "boss" -mode desktop, but Kali's being a bit disingenuous (or naive) -- it's really b

Re:

[Zero__Kelvin]

Yes ... because it isn't possible that someone has a similar thing. Only if Kali does it could it possibly be a thing. Great point.

Re:

[fahrbot-bot]

Yes ... because it isn't possible that someone has a similar thing. Only if Kali does it could it possibly be a thing. Great point.

Sorry, I'm not sure what sarcastic point you're truing to make.

I'm just saying the reasoning behind, and need for, this new "feature" seems a bit flimsy.

Re:

[Zero__Kelvin]

Pen testing involves anticipating new techniques and approaches, not just using ones already in common and widespread use.

Re:

[fahrbot-bot]

Pen testing involves anticipating new techniques and approaches, not just using ones already in common and widespread use.

Sure, I get that, but I'm not sure having a Windows 10 (looking) desktop rather than something else is that innovative (or necessary). Anyone can change their desktop background and many other settings -- at least enough for the casual passer-by to ignore. Furthermore, someone could actually have Windows 10 on their system and run Kali in a VM window. As I said and/or implied, the feature is nice (I guess) but, ultimately, that's about it. Not sure why it's news. I don't think we're in disagreement abou

Re:

[Zero__Kelvin]

I see your mistake. Nobody gives a shit if you are sure or not.

Re:

[fahrbot-bot]

I see your mistake. Nobody gives a shit if you are sure or not.

Okay, still not sure why you're so invested in this -- did you develop it and I'm shitting on it?

In any case, what is clear, now, is that you're being a dick.

Re:

[De_Boswachter]

If you're doing "ethical hacking", presumably you're doing it for someone and presumably they know about it

Penetration testing can have a social engineering aspect. Your boss may know that the company is being tested by some Kali-wielding people, but you may not. Like double blind medical trials.

Re:

[fahrbot-bot]

If you're doing "ethical hacking", presumably you're doing it for someone and presumably they know about it

Penetration testing can have a social engineering aspect. Your boss may know that the company is being tested by some Kali-wielding people, but you may not. Like double blind medical trials.

Sure. The boss could also introduce you as an Auditor or something else and show you to an office. Additionally, that would be good for testing in-house social engineering and how well your people are trained to restrict access to other employees. For example, I don't assume that even another employee is entitled to some restricted access or sensitive information w/o checking it out first.

Re:

[postbigbang]

Some people read too many detective novels.

A good script launches and reports back to you, or branches to do something. Any joker that displays a Kali logo on their desktop is showing off, the antithesis of a spook. Might as well wear a big arrow pointing to the top of your pointed head. Changing wallpaper isn't a big deal. Making it look like something else isn't a big deal.

A cult of Kali pentesters who consider themselves a big deal are fooling themselves. The best stealth hasn't been written about becaus

Re:

[fahrbot-bot]

Might as well wear a big arrow pointing to the top of your pointed head.

You could wear a baseball cap that says "Cracker" -- oh, wait ... maybe in the southern states. :-)

Re:

[lgw]

Just wear a t-shirt from the band Cracker.

Re:

[Cid Highwind]

The boss could also introduce you as an Auditor or something else and show you to an office.

Five minutes later, someone walks past the "Auditor" and notices he has a terminal spewing multi-colored SkR1pT k1dDe3 text on his screen, instead of Excel with facebook hidden behind it.

I suppose time from introduction to first "Hey boss, there's something weird about the new Auditor." is one valid output from a pen test...

Re:

[Kryptonut]

Some pentests incorporate the human factor into them as well. In that situation, only a couple of people will know (perhaps the person who contracted the pentester and some security staff).

Re: Hmm ...

[Provocateur]

Or the Iowa police department. See slashdot.org/story/360894

Re:

[Skuld-Chan]

And on a corporate network - you're going to have a hard time with network auth when none of the required agents (ConfigMgr or whatever) report back.

I wish distros that aim to replace windows...

[williamyf]

... like ZorinOS or mint did as competent a job as this.

I mean, not plagiarizing the wallpaper and edge icon, but at leas that desktop bears more resemblance to windows than most windows replacement themes I've ever seen

Stop valuing my privacy

[Gabest]

I have already clicked Accept.

Boss mode in games

[Way Smarter Than You]

Some games used to have a one button boss mode hot key to hide the game and bring up some random spreadsheet and charts. What's old is new again.

Re:

[Zero__Kelvin]

That's not what this is.

Re:

[Anonymous Coward]

Both of you guys are dicks. Shut the fuck up already.

Re:

[Tough Love]

Three dicks now :-)

Oh wait, four!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Zero__Kelvin]

"most OS fingerprinting is done of course at the network level, however most operating systems are fingerprinted at the DHCP level."

Cool story bro! [nmap.org]

Re:

[Kernel Kurtz]

most OS fingerprinting is done of course at the network level, however most operating systems are fingerprinted at the DHCP level. You see, the order of operations and offer of options during the DHCP handshake is quite unique to certain operating systems. BSD, Linux, Windows, and Mac all have separate eccentricities in their network stack that allow them to be fingerprinted. This is largely how 802.1x can advertise the ability to "reject" certain blacklisted operating systems.

ive always been fascinated by opportunities to cloak DHCP offers, but unless this is being done in Kali, then most efforts to thwart fingerprinting and spoof windows will be rendered useless by the lowest feature set of IDS and IPS.

At my previous job we used the fingerprinting options in our Infoblox DHCP appliances to keep people from using their 802.1x credentials on Android phones in our corporate iPhone environment. It worked pretty well. Not foolproof of course, but a worthwhile extra layer in an appropriate layered security approach.

Penetration testing

[Glenn Quagmire]

Giggity!

That Windows 10 mode looks pretty convincing...

[leonbev]

Convincing enough that Microsoft will probably be sending them a Cease And Desist order to remove it by the end of next week.

Cool idea, though!