I want to turn a Microsoft surface go 2 into a kali linux machine. I would appreciate any guidance pulling this off. I want use it for learning it security stuff, partly for work but mostly for curiosity. Occasionally I run across malware, trojans, and I want to look under the hood to see how they work. I'm assuming Kali is the best tool for the job and that Lemmy is the place to go for tooling around with tools.
Kali is a pentesting distro, it's not designed for malware analysis. The distro you'd want to use for malware analysis is REMnux, but it's mostly meant for static analysis. Static analysis is fine, but you may not be able to dig deep unless you're familiar with decrypting code and using tools like Cutter, Ghidra, EDB etc for debugging. Naturally you'd also need intimate low-level coding experience, familiarity with assembly language and/or Win32 APIs (or whatever APIs the malware is using). So this isn't an area a casual security researcher can just get into, without some low-level coding experience. But you can at least do some beginner-level analysis like analysing the PE headers and using some automated tools which employ signature-based detection, or you could analyse strings and URLs embedded in the malware; stuff like that.
Dynamic analysis is far more easier to get into and more "fun", but the problem is of course, with most malware being made for Windows, Linux is kinda irrelevant in this scenario. But you could still run Linux as a VM host and run the malware inside a Windows VM. The problem with running malware in VMs though is that these days any half-decent malware would be VM/context aware and may evade detection, so for accurate results you'd really want to run the malware on a real machine, and use tools like procmon, IDA, wireshark etc for analysis. But again, decent malware may be able to evade tools like procmon, so it can get quite tricky depending on how clever your malware is. You'd normally employ a combination of both static and dynamic analysis.
Industry pros these days often use cloud-based analysis systems which can account for many such scenarios, such as Joe Sandbox, Any.Run, Cuckoo etc. These offer a mix of both VM and physical machine based analysis. You can use these services for free, but there are some limitations of course. If you're doing this for furthering your career, then it's worth getting a paid subscription to these services.
Coming back to Kali Linux - it's not something you'd want to install permanently on physical machine, as its meant to be an ephemeral thing - you spin it up, do your pentesting, and then wipe it. So most folks would use it inside a VM, or run Kali from a Live USB without installing it.
There are also alternatives to Kali, such as ParrotSec and BlackArch, but really from a pentesting toolbox point of view, there's not much of a difference between them, and it doesn't really matter (unless you're a Linux nerd and like the flexibility Arch offers). Most industry folks use Kali mainly, so might as well just stick to it if you want to build up familiarity in terms of your career.
As for your Surface Go - you could install a normal daily-driver Linux distro on your Surface if you really want to, and then run Kali under KVM - which is personally how I'd do it. Running Linux on Linux (KVM) is pretty convenient has a very low performance overhead. You can also employ technologies like ballooning and KSM to save RAM, if your system has low RAM.
Thank you for such an amazing response. You've given me so many great threads to pull on. I'm going to have a great time diving into all this. Sincere thank you.
Is there any performance difference between KDE and GNOME?
Nope.
How can I hide a pinned post without blocking the poster? It bothers me having this at the top of my list all the time, like some reminder on my phone I can't ack and make go away.
I'm sorry I don't know of any way to do that :( does it appear even when you're browsing your main feed??
No, just at the top of the Linux community. I sort on New by default, looking for anything new Linux related... it's been slow news in there of late. I'll check if Voyager supports a method of doing it. Another user suggested Sync client. I'm usually on my desktop browser, though.
Thanks for checking. :)
Most third-party Lemmy clients should support this. For instance, if you're on Sync, you can just swipe it hide the post (assuming you've configured it that way).
Is explicit sync a good enough solution to make wayland gaming with nvidia a reality(+ remove window flickering like some people claim it will)? It's the last obstacle I find now trying to move my main pc to linux, and I don't really want to use x11.
Pd. Lesson learned, next time I'll get an AMD gpu.
If you really want to switch there isn't really any reason to not use X.
If you really want to use Wayland I guess it will take a while longer. It's not really 100% foolproof even if you get AMD. The vast majority of apps on Linux are designed for X and XWayland isn't completely ready either.
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0