Blog
May 27, 2014
Kali Encrypted USB Persistence
A couple of days ago, we added an awesome new feature to Kali allowing users to set up a Live Kali USB with encrypted persistence. What this means is that you can now set up a bootable Kali USB drive allowing you to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, allowing you to securely save your changes on the USB drive between reboots. If you add our LUKS nuke feature into this mix together with a 32GB USB 3.0 thumb drive, you’ve got yourself a fast, versatile and secure “Penetration Testing Travel Kit”.
2 min read
Secure, Persistent Kali Linux Live USB
A few days ago, we added an awesome new feature to Kali allowing users to set up a Live Kali USB with encrypted persistence. What this means is that you can now create a bootable Kali USB drive allowing you to either live boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, allowing you to securely save your changes on the USB drive between reboots. If you add our LUKS nuke feature into this mix together with a 32GB USB 3.0 thumb drive, you’ve got yourself a fast, versatile, and secure “Penetration Testing Travel Kit”.
New Default Kali Boot Options
From Kali 1.0.7 onwards, everything needed for encrypted Live USB persistence to work is already available in our ISO release, including an altered boot menu which now also contains two persistent boot options:
For either of these persistence options to work, we first need to image the Kali ISO to the USB device and then prepare a persistence partition, which can now also be encrypted. We’ve updated our Kali Linux documentation site to include the instructions for setting up your own Kali Linux Live USB with encrypted persistence.
Following these few simple commands, you can now secure your USB persistent data while traveling. Of course, if you’re über paranoid, you can also enable the Kali LUKS nuke feature to this persistent storage. Following the example from our Kali documentation site, our LUKS encrypted partition is located at /dev/sdb2. We can add a LUKS nuke key as follows:
[cc lang=”bash]
root@kali:~# cryptsetup luksAddNuke /dev/sdb2
Enter any existing passphrase: (the existing password)
Enter new passphrase for key slot: (the nuke password)
[/cc]
Once the nuke key is set, all the data on the encrypted persistent partition would be rendered useless should the nuke key be entered at boot time.
Latest from OffSec
Research & Tutorials
My Journey with IR-200: Becoming an OffSec Certified Incident Responder (OSIR)
Embark on a journey to become an OffSec Certified Incident Responder (OSIR) through the IR-200 course, as described by a Student Mentor who tested its effectiveness.
Jan 24, 2025
6 min read
Research & Tutorials
A Student Mentor’s TH-200 and OSTH Learning Experience
Explore the TH-200 course & OSTH exam with an OffSec Mentor’s insights on mastering threat hunting skills.
Jan 24, 2025
9 min read
OffSec News
OffSec Yearly Recap 2024
Join us as we explore all our successes in 2024, including exciting new content, courses, and so much more!
Dec 23, 2024
8 min read