Hacker News new | past | comments | ask | show | jobs | submit login
Kali Linux Adds 'Undercover' Mode to Impersonate Windows 10 (bleepingcomputer.com)
106 points by praveenscience 13 days ago | hide | past | web | favorite | 37 comments

From the title I had expected a mode where it will emulate TCP flags and attributes like Windows 10.

But on the GUI side I think the best way to hide is to make something slightly Word-like looking as a terminal emulator. Because it doesn't matter that much whether you have a Windows file manager, people will think you're up to something if you're typing in a terminal window in either OS.

The same happens in IntelliJ or Eclipse, non-developers looking over your shoulder will ask what it is because it has a certain look of "complexity"

Having been working in many parts of the world, in many different kind of environments - coffee shops, hotels, airports and train stations, restaurants, co-workings, and a lot less common places like public benches, beaches, or post office - I very, very rarely had someone asking me, or even looking what I was up to.

I may have not noticed a curious eye once a while, but not sure it would be able to pick up if I'm spinning up a Kubernetes cluster, or pentesting the nearby bank's network.

Cool feature though!

Whenever I'm on a flight and I open my laptop and start coding in vim on my tiling window manager, I always worry that someone is going to freak out that I'm "hacking the plane." It hasn't happened yet, but it wouldn't surprise me at all if it did.

> It hasn't happened yet, but it wouldn't surprise me at all if it did

That's what we call confirmation bias.

I spent a flight reading man pages and thought exactly the same thing

My preference for dark color schemes is great until I realize on a plane I'm a walking stereotype..

It wouldn't be too difficult to modify things like ttl, syn/ack prng, and banners to fool something like nmap, but more sophisticated fingerprinting software would require mimicking SSDP requests and responses; totally doable with enough packet captures over a period of time. Would be a fun project.

You don't need heavy tweaking for that. Just set your terminal to have a white background with black text. Unless someone moves up really close to you it'll look like regular old Notepad.

In ~15 years of running Linux on laptops I've yet to have anyone care what I was running looked "weird", including when running e.g. bspwm or other tiling WMs that look totally alien to them.

Maybe because you are yourself a long time Linux desktop user so that you don't really care what people feel about your environment unless they speak out.

I remember the moment that I saw someone who uses the plain GNOME 3 desktop for the first time when the only Linux I knew was Ubuntu - it was not "weird" but is was enough distinctive to me so that it dragged my all of attention.

If people commented on it, maybe I would care, but what I'm talking about is the total absence of any kind of noticeable reaction from anyone.

I'm genuinely curious if there are places where this actually draws attention. Especially when the linked article talks about "suspicion" not just curiosity.

Perhaps in a non-dev, office worker environment.

Ive had one or two seatmates on the train ask me what I’m doing, but they’ve always been more curious than alarmed.

Same for cafes. Once, the owner struck up a conversation because he himself was a former dev.

There are definitely environments where "weird stuff" on the screen would get attention, but that will apply even if you're running Windows - it just has to look "hacker-like" enough. So I'm not sure disguising the desktop and the file manager will help if you still spend most of your time running shell commands.

If everyone in a workplace spends all their time on corp gmail (white background) and in terminal sessions to some mainframe somewhere (let's be generous and say teal text on black in like 20pt courier), anything that doesn't match either of those appearances will stand out pretty dramatically.

I confess to stopping and asking what it was when a colleague was 3270’d into an AS/400, the font IBM used for that is gorgeous.

That font in modern formats...


That isn’t it - this one had serifs. Have an upvote anyway :-)

Interesting, as it is definitely the classic 3270/5250 font. Your friend must of specified a very "not 3270" font for their terminal emulator.

The most unixy iconic serif monospaced font I can think of would be Sun's Gallant Demi: https://images.app.goo.gl/Nx2wzRvY71DczMVdA

Or more recently, the Golang monospaced fonts: https://blog.golang.org/go-fonts

Wow that's cute. Also your link breaks the back button, this is post-redirect: https://www.google.com/imgres?imgurl=http://www.furorteutoni...

Direct link (no idea what the google wrapper does; the related images are completely different fonts): http://www.furorteutonicus.eu/wp-content/uploads/2014/06/con...

I'd like to know what and where these environments are where NOT using OSX or Windows would look "suspicious".

Any non-tech firm.

That's not the envisioned use case, I guess. From the actual Kali Release Notes, it's specifically about hiding the more iconic parts of Kali for Pen-Testers (logo mostly). So it's a pretty specific use case being considered here.

Heck, opening a terminal seems like the best way to slack off in a corporate environment, as nobody seems to understand what it is and just assumes it's above their pay grade. But you quickly dispel the illusion when you are just as clueless about what is wrong with their Office 365 as they are.

I've definitely had users panic a little bit when they see a windows command prompt on their own machine (when I'm doing tech support or whatever.) I think it's because they see something foreign on a machine that's familiar to them. But I've never had anyone but fellow nerds comment when I run unfamiliar things on my own machine.

Ditto. I didn't realize people were getting picked up enough by the authorities to merit building a Windows clone.

Nice, I hope it will also be added back to Tails, used to be a feature but I think they had to drop it because it was no longer maintained.


I hope that background doesn't get them into copyright trouble though.

That background was apparently a fairly complicated project:


I'd always assumed it was a render or a drawing -- it never occurred to me that there would be photograhs involved! Thanks for sharing.

They didn't even need to copy the default background. People customize their Windows wallpaper all the time.

If anything, I would say that continuing to use the default wallpaper instead of changing it to a picture of your kids, your dog, or some cool scenery makes you look even more suspicious. It makes you look like you're not quite at home with the device you're using.

Where I work all devs on windows users have the default wallpaper.

I never change wallpapers... who cares. I mean, you always have a window covering it.

They could distribute the script and ask their users to drop the copyrighted assets to a set location by themselves.

The icons are pretty devoted lookalikes too, which makes it complicated.

It totally will. I mean, we all have different stances on how copyright should work, but if anything's a copyright infringement, this is.

It should add evasive mode so things like openvas and masscan use brower user agents and obfuscate payloads where possible to foil detective capabilities of the target. You don't want to do that in a vuln scan (scanner allowed), but you (and real attackers) will do that to evade detection.

GTK theme that does something similar: https://github.com/B00merang-Project/Windows-10

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact