
Kali Linux Adds 'Undercover' Mode to Impersonate Windows 10 - praveenscience
https://www.bleepingcomputer.com/news/security/kali-linux-adds-undercover-mode-to-impersonate-windows-10/
======
t0mas88
From the title I had expected a mode where it will emulate TCP flags and
attributes like Windows 10.

But on the GUI side I think the best way to hide is to make something slightly
Word-like looking as a terminal emulator. Because it doesn't matter that much
whether you have a Windows file manager, people will think you're up to
something if you're typing in a terminal window in either OS.

The same happens in IntelliJ or Eclipse, non-developers looking over your
shoulder will ask what it is because it has a certain look of "complexity"

~~~
tbronchain
Having been working in many parts of the world, in many different kind of
environments - coffee shops, hotels, airports and train stations, restaurants,
co-workings, and a lot less common places like public benches, beaches, or
post office - I very, very rarely had someone asking me, or even looking what
I was up to.

I may have not noticed a curious eye once a while, but not sure it would be
able to pick up if I'm spinning up a Kubernetes cluster, or pentesting the
nearby bank's network.

Cool feature though!

~~~
jniedrauer
Whenever I'm on a flight and I open my laptop and start coding in vim on my
tiling window manager, I always worry that someone is going to freak out that
I'm "hacking the plane." It hasn't happened yet, but it wouldn't surprise me
at all if it did.

~~~
hnarn
> It hasn't happened yet, but it wouldn't surprise me at all if it did

That's what we call confirmation bias.

------
vidarh
In ~15 years of running Linux on laptops I've yet to have anyone care what I
was running looked "weird", including when running e.g. bspwm or other tiling
WMs that look totally alien to them.

~~~
kevingadd
There are definitely environments where "weird stuff" on the screen would get
attention, but that will apply even if you're running Windows - it just has to
look "hacker-like" enough. So I'm not sure disguising the desktop and the file
manager will help if you still spend most of your time running shell commands.

If everyone in a workplace spends all their time on corp gmail (white
background) and in terminal sessions to some mainframe somewhere (let's be
generous and say teal text on black in like 20pt courier), anything that
doesn't match either of those appearances will stand out pretty dramatically.

~~~
goatinaboat
I confess to stopping and asking what it was when a colleague was 3270’d into
an AS/400, the font IBM used for that is gorgeous.

~~~
tyingq
That font in modern formats...

[https://github.com/rbanffy/3270font](https://github.com/rbanffy/3270font)

~~~
goatinaboat
That isn’t it - this one had serifs. Have an upvote anyway :-)

~~~
tyingq
Interesting, as it is definitely the classic 3270/5250 font. Your friend must
of specified a very "not 3270" font for their terminal emulator.

The most unixy iconic serif monospaced font I can think of would be Sun's
Gallant Demi:
[https://images.app.goo.gl/Nx2wzRvY71DczMVdA](https://images.app.goo.gl/Nx2wzRvY71DczMVdA)

Or more recently, the Golang monospaced fonts: [https://blog.golang.org/go-
fonts](https://blog.golang.org/go-fonts)

~~~
kohtatsu
Wow that's cute. Also your link breaks the back button, this is post-redirect:
[https://www.google.com/imgres?imgurl=http://www.furorteutoni...](https://www.google.com/imgres?imgurl=http://www.furorteutonicus.eu/wp-
content/uploads/2014/06/console.jpg&imgrefurl=https://www.furorteutonicus.eu/2014/06/03/solaris-11-2-beta-
feedback/&tbnid=0yv5K7EugE4aYM&vet=1&docid=bLBcCF6r-WeWdM&w=635&h=185&q=sun+gallant+demi&source=sh/x/im)

Direct link (no idea what the google wrapper does; the related images are
completely different fonts): [http://www.furorteutonicus.eu/wp-
content/uploads/2014/06/con...](http://www.furorteutonicus.eu/wp-
content/uploads/2014/06/console.jpg)

~~~
bb010g
Post it's from:
[https://www.furorteutonicus.eu/2014/06/03/solaris-11-2-beta-...](https://www.furorteutonicus.eu/2014/06/03/solaris-11-2-beta-
feedback/)

------
tsukurimashou
Nice, I hope it will also be added back to Tails, used to be a feature but I
think they had to drop it because it was no longer maintained.

------
Nursie
Cute!

I hope that background doesn't get them into copyright trouble though.

~~~
tyingq
That background was apparently a fairly complicated project:

[https://gmunk.com/Windows-10-Desktop/](https://gmunk.com/Windows-10-Desktop/)

~~~
andrewaylett
I'd always assumed it was a render or a drawing -- it never occurred to me
that there would be photograhs involved! Thanks for sharing.

------
badrabbit
It should add evasive mode so things like openvas and masscan use brower user
agents and obfuscate payloads where possible to foil detective capabilities of
the target. You don't want to do that in a vuln scan (scanner allowed), but
you (and real attackers) will do that to evade detection.

------
tyingq
GTK theme that does something similar: [https://github.com/B00merang-
Project/Windows-10](https://github.com/B00merang-Project/Windows-10)

