Kali Linux: The Complete Ethical Hacking Toolbox
+1 855.488.5327 customerservice@ituonline.com Mon – Fri: 9:00am – 5:00pm ET
Login To My Training Cart
PublishedJanuary 25, 2024
Last UpdatedMay 5, 2026
kali linux

Kali Linux : The Complete Ethical Hacker’s Toolbox

Ready to start learning? Individual Plans →Team Plans →
In This Article

Kali Linux is the distro people reach for when they need to test, inspect, validate, or investigate systems without building a security stack from scratch. If you are trying to learn how to hack with Kali in an ethical way, build a forensics workstation, or standardize a penetration testing lab, this is the distribution designed for that job.

Developed, funded, and maintained by Offensive Security, Kali Linux is purpose-built for security testing, penetration testing, and digital forensics. It is not meant to be a general desktop replacement. It is a controlled platform for specialized work, which is why it ships with security tools, defensive defaults, and a workflow that makes sense for analysts, testers, and incident responders.

This guide breaks down what makes kali linux different, who should use it, how to install it safely, and how to get value from the toolset without getting lost in the noise. If you are comparing the best linux for hacking options or researching parrot os vs kali linux 2026, you will also get a practical view of where Kali fits and where it does not.

Security testing works best in a controlled environment. Kali Linux is valuable because it gives you a repeatable workstation for scanning, analysis, and evidence handling without turning your main OS into a lab experiment.

What Makes Kali Linux Different from a Standard Linux Distribution

Most desktop Linux distributions are built for everyday productivity. Kali Linux is built for offensive security workflows. That means the design choices are different from Ubuntu, Fedora, or other general-purpose systems. Instead of optimizing for office apps and casual desktop use, Kali focuses on reconnaissance, exploitation testing, wireless auditing, reverse engineering, and digital forensics.

One of the biggest differences is the tool ecosystem. Kali ships with hundreds of pre-installed tools for network scanning, password auditing, web application testing, and evidence analysis. That saves time, but it also creates a specialist workstation where the tools are organized around security tasks instead of consumer convenience. A security analyst can move from discovery to validation to reporting without hunting through package repositories every time a new test begins.

Why that matters in real work

In a penetration test, the first hour often involves host discovery, port enumeration, banner grabbing, and traffic observation. In a forensic case, the first priority might be memory analysis, disk artifact review, or timeline reconstruction. Kali supports both workflows because the distro assumes the user is doing structured technical work, not browsing the web and checking email.

  • General-purpose Linux: better for everyday productivity and broad software support.
  • Kali Linux: better for targeted security assessment and digital investigation.
  • Controlled lab environment: essential for testing tools safely and documenting results.

That distinction also explains why Kali is often installed as a specialized workstation rather than a one-size-fits-all operating system. If you need a purpose-built system for testing, auditing, or analysis, Kali makes sense. If you want a daily driver for general work, it usually does not.

For official distro details and package structure, Offensive Security maintains the project documentation at Kali Linux Documentation. For broader security workflow alignment, NIST’s guidance on security testing and risk management is useful background at NIST.

Core Use Cases and Who Kali Linux Is For

Kali Linux is not just for professional penetration testers. It is useful for cybersecurity students, IT administrators, digital forensics analysts, and security researchers who need a consistent toolset. The common thread is simple: these users need to inspect systems, understand weaknesses, or preserve evidence with as little setup overhead as possible.

Ethical hackers use Kali to identify weaknesses before attackers do. That can include open ports, weak web authentication, vulnerable services, insecure wireless settings, or misconfigured access controls. IT administrators use the same platform differently. They may confirm whether a patch actually closed a service, validate firewall rules, or compare network behavior before and after a change.

Who gets the most value

  • Ethical hackers: validate exposure and report actionable remediation steps.
  • Cybersecurity students: build practical skills in a lab without modifying a production system.
  • Digital forensics analysts: inspect artifacts, logs, and system state during investigations.
  • Security researchers: analyze protocols, binaries, and attack paths.
  • IT administrators: test hardening work and troubleshoot suspicious behavior.

Kali is also a good fit for incident response work where analysts need to preserve data while identifying indicators of compromise. That said, it is not a shortcut. Tools do not create skill. You still need fundamentals: networking, operating systems, authentication, logging, and threat modeling.

Key Takeaway

Kali Linux is a toolset, not a guarantee. Used correctly, it helps you test, verify, and investigate. Used carelessly, it creates legal and technical risk.

If you want to align Kali work with recognized cybersecurity frameworks, the NICE/NIST Workforce Framework helps define job roles and skill areas. That makes it easier to map Kali lab practice to actual security work.

Installing Kali Linux in the Right Environment

How you install kali linux matters as much as what you install. The safest and most flexible setup for most learners is a virtual machine. A VM gives you snapshots, isolation, easy rollback, and portability. If you break something while experimenting, you revert to a clean state instead of reinstalling your entire OS.

A live USB or live DVD is useful when you need temporary access, system troubleshooting, or a portable demo environment. A full hard drive installation makes sense when you need hardware access, better performance, or persistent workflows like wireless testing with supported adapters. Each option has tradeoffs, and the right one depends on your goal.

Installation choices compared

Virtual machine Best for safety, snapshots, and learning without risk to your main system.
Live USB Best for portable use, troubleshooting, and temporary access on different hardware.
Full install Best for persistence, better hardware integration, and daily security workflow use.

Before installing, plan disk space carefully. Security tools, packet captures, wordlists, logs, and project files can grow quickly. Backups matter too, especially if you are using the machine for client work or long-term lab notes. Hardware compatibility should also be checked in advance, particularly for wireless adapters, GPU support, and virtualization features.

Offensive Security maintains installation guidance and images through the official project site: Get Kali. For secure system setup principles, Microsoft’s guidance on virtualization and endpoint security concepts at Microsoft Learn can also help frame your approach.

Pro Tip

If you are new to Kali Linux, start with a VM. It is the easiest way to learn tools, take snapshots, and recover from mistakes without damaging your host system.

Getting Started After Installation

Once Kali boots, do not jump straight into tool testing. Start with system readiness. The first task is usually updating packages so you have the latest fixes, tool versions, and metadata. A common workflow is to refresh package lists and upgrade the system with the package manager, then confirm the desktop, network, and virtualization integration are working properly.

After that, verify your user account, local settings, and network access. If you are using a VM, check clipboard sharing, display resizing, and guest tools integration. If you are using a physical machine, confirm drivers, wireless adapters, and power settings. These small checks prevent a lot of wasted time later.

Useful first steps

  1. Update package lists and apply available upgrades.
  2. Confirm the default user account and sudo access.
  3. Test network connectivity with a simple ping or DNS lookup.
  4. Check display resolution, time zone, and keyboard layout.
  5. Document what you changed so the build stays reproducible.

That last point is easy to skip and hard to recover from. If you modify system settings, install custom wordlists, or add scripts, document them. A reproducible security workstation is easier to troubleshoot, clone, and hand off to another analyst. It also helps when you need to rebuild the environment after a failure.

For official package and update guidance, use the Kali docs at Updating Kali. For safe system administration practices, CISA publishes useful operational security guidance that applies well to lab and workstation hygiene.

Exploring Kali Linux’s Essential Tool Categories

One of the most common mistakes new users make is treating Kali like a giant toolbox they must master all at once. That does not work. A better way to learn kali linux is by tool category and workflow. The platform is organized around security tasks, so your learning should follow the same structure.

The core categories include network scanning, vulnerability analysis, wireless analysis, web application analysis, forensics, and reverse engineering. These categories matter because real assessments chain tools together. For example, a scan might reveal an exposed service, a traffic capture might confirm a protocol weakness, and a web proxy might help validate an application flaw.

Common tool groups and what they do

  • Network scanning: discover hosts, ports, and services.
  • Vulnerability analysis: test for known weaknesses and misconfigurations.
  • Wireless analysis: assess Wi-Fi exposure and authentication strength.
  • Web application analysis: inspect HTTP traffic and application behavior.
  • Forensics: collect and analyze artifacts during investigations.
  • Reverse engineering: inspect binaries and understand code behavior.

Popular examples like Nmap, Wireshark, Metasploit, and Aircrack-ng appear frequently because they cover major phases of the workflow. Nmap finds what exists. Wireshark shows what is happening. Metasploit helps validate exploitability in a controlled setting. Aircrack-ng supports wireless security testing.

Learn a few tools deeply. That will make you faster and more accurate than trying to collect every utility in the distro and using none of them well.

If you want a vendor-neutral view of secure workflow design, the OWASP project is a strong reference for application testing, while MITRE ATT&CK helps connect tools to real adversary behaviors.

Network Scanning and Reconnaissance Tools

Reconnaissance is where most security testing begins. If you do not know what is exposed, you cannot meaningfully assess risk. Nmap is the classic example because it can identify live hosts, open ports, running services, service versions, and response patterns that hint at a system’s attack surface.

That is why network scanning is foundational. You are not just looking for “open ports.” You are mapping the shape of the environment. A single scan can reveal an SSH service on an unexpected host, an old HTTP server, or a database port exposed to a segment that should never have direct access.

How Nmap and Wireshark work together

Nmap is active reconnaissance. It sends traffic and measures responses. Wireshark is packet analysis. It shows the exact traffic on the wire so you can understand protocols, retransmissions, TLS negotiation, authentication messages, and error patterns.

  • Nmap: host discovery, port scanning, service enumeration.
  • Wireshark: packet capture, protocol decoding, troubleshooting.
  • Together: one finds the target, the other explains how it behaves.

A practical example: suppose a scan shows TCP 443 open on a web server, but the application behaves strangely. Wireshark can confirm whether the client is negotiating TLS properly, whether a proxy is rewriting headers, or whether a reset is happening at the network layer. That kind of detail is critical when you are separating a real security issue from a misconfiguration.

Authorized use only is non-negotiable. Scanning networks you do not own or administer can violate policy, law, or both. If you are building skills, use a lab range you control or a client-approved scope.

For official command and reference material, the Nmap project is documented at Nmap Reference Guide, and Wireshark documentation is available at Wireshark Docs.

Vulnerability Analysis and Exploitation Workflows

Vulnerability analysis is the process of identifying weaknesses such as missing patches, insecure configurations, weak credentials, exposed services, and known software flaws. The goal is not just to say “this system is vulnerable.” The goal is to understand impact, scope, and remediation.

Metasploit is one of the best-known frameworks for controlled validation because it helps testers model exploitability in a safe, repeatable way. Used properly, it sits inside a broader workflow: discover, analyze, validate, document, and recommend fixes. It does not replace judgment. It supports it.

What good workflow looks like

  1. Scan the target to identify services and versions.
  2. Correlate findings with known vulnerabilities.
  3. Validate whether the issue is actually exploitable.
  4. Record the evidence, impact, and risk level.
  5. Provide clear remediation steps, not just technical proof.

This is where many beginners go wrong. They confuse finding a vulnerability with proving impact. A version number alone does not prove exploitability. You need context: configuration, network access, authentication state, compensating controls, and target behavior. That distinction matters in client work and in any responsible lab exercise.

For authoritative vulnerability and remediation guidance, use vendor advisories and the NIST National Vulnerability Database. For risk framing and patch prioritization, CIS Benchmarks at CIS Benchmarks are a strong reference point.

Wireless Network Analysis and Password Auditing

Wireless security is still a major concern because Wi-Fi creates a shared radio environment. If the access controls are weak, the encryption is outdated, or the configuration is sloppy, exposure can spread fast. Kali Linux supports wireless assessment tasks through tools like Aircrack-ng, which are commonly used to evaluate Wi-Fi protections in controlled environments.

The main objective is not “breaking into Wi-Fi.” The objective is to test whether the wireless design is resilient. That can include checking encryption mode, key management, authentication strength, SSID exposure, and whether the environment leaks too much information during association or roaming.

Where Aircrack-ng fits

  • Capture: observe wireless traffic in a controlled lab.
  • Analyze: review handshakes, authentication behavior, and signal characteristics.
  • Audit: test password strength and configuration choices.
  • Report: document the weakness and how to fix it.

Wireless testing works best with dedicated lab gear, especially a compatible adapter and an access point you control. That keeps the exercise legal and makes the results repeatable. It also avoids the mistake of learning wireless tools in an uncontrolled environment, which can quickly create compliance issues.

For official Wi-Fi security and networking standards, the Wi-Fi Alliance and the IEEE 802 standards community are the right places to verify protocol expectations and terminology.

Warning

Do not use wireless assessment tools on networks you do not own or have written permission to test. Even passive-seeming activity can create legal exposure if it is done outside approved scope.

Web Application Analysis and Application Security Testing

Web application testing is one of the most practical ways to use Kali Linux because modern applications are built on complex client-server behavior. A web app can fail at authentication, session management, input handling, access control, or API validation. Kali supports the analysis side of that workflow by helping you observe, intercept, and compare requests and responses.

At a minimum, this means understanding HTTP methods, cookies, headers, redirects, token flow, and the relationship between the browser and backend. If an application behaves differently after login, after a failed request, or after an unusual parameter is sent, that behavior can signal a defect worth investigating.

What to look for during testing

  • Weak authentication: poor password policy, broken reset logic, or missing MFA.
  • Session issues: insecure cookies, token reuse, or long-lived sessions.
  • Input handling flaws: injection risks, malformed request handling, or unsafe reflection.
  • Access control problems: users reaching data they should not see.

Kali is useful here because the platform supports proxy-based inspection and traffic analysis, but the real value comes from understanding web security concepts. Tools help you observe and validate. They do not replace knowledge of application architecture, server-side authorization, or secure coding practices.

For the most widely used testing guidance, reference OWASP Top 10. For HTTP behavior and standards-level detail, the IETF maintains protocol references at IETF.

Digital Forensics and Reverse Engineering Capabilities

Digital forensics is the process of collecting and analyzing data to support an investigation. That can include disk artifacts, logs, memory snapshots, browser history, registry-like structures on Windows systems, or event traces from Linux hosts. Kali Linux supports this work by giving analysts a toolbox for inspection and evidence-oriented analysis.

Reverse engineering is the related skill of understanding how binaries, scripts, or malware behave. In incident response, that might mean identifying persistence mechanisms, command-and-control patterns, or suspicious API calls. In research, it may mean understanding how a sample manipulates memory, network traffic, or files.

Why evidence handling matters

Forensics is not just “opening files and looking around.” You need careful preservation, chain-of-custody discipline, and repeatable methods. If you alter the evidence, you may compromise the investigation. That is why forensic workflows emphasize working from copies, documenting hashes, and recording every meaningful step.

  1. Preserve the original evidence.
  2. Work from verified copies or images.
  3. Record hashes and timestamps.
  4. Document actions and findings clearly.
  5. Keep analysis reproducible for review or court use.

This is one place where Kali’s breadth matters. A single machine can support artifact review, timeline analysis, and binary inspection without forcing the investigator to stitch together multiple systems. That saves time in a response window and reduces procedural mistakes.

For forensic best practices and incident handling references, use NIST Computer Security Resource Center and MITRE’s threat knowledge base at MITRE ATT&CK.

Customization, Flexibility, and Workflow Optimization

Kali Linux is flexible enough to support very different working styles. Some users want a stripped-down system with only a handful of tools. Others want a heavily customized workstation with scripts, aliases, desktop tweaks, preferred wordlists, and task-specific shortcuts. Both approaches are valid, as long as the environment stays organized.

Customization can include language settings, desktop behavior, package selection, kernel parameters, and startup preferences. You can also organize your environment around specific roles, such as web testing, wireless work, or forensics. That is better than carrying every utility everywhere. A smaller setup is faster to navigate and easier to maintain.

Ways to make Kali work better for you

  • Install only what you use to reduce clutter.
  • Keep scripts and notes organized so workflows are repeatable.
  • Use aliases and shell profiles for common commands.
  • Standardize directories for captures, reports, and evidence.
  • Document changes so the system can be rebuilt later.

If you are building a repeatable lab, think like an operator. Keep standard operating procedures close to your tools. Store your notes in a consistent format. Version-control scripts if appropriate. Those habits reduce errors, especially when you revisit a project weeks later or hand it to another analyst.

There is also a practical benefit for beginners: a lighter, cleaner setup makes learning easier. When you see only the tools that match your current goals, you spend less time browsing menus and more time understanding the workflow.

For Linux customization and package management concepts, Kali’s official docs at General Use are the best reference point.

Kali Linux Update Strategy and Rolling Release Benefits

Kali Linux uses a rolling release model, which matters because security tools change quickly. New vulnerabilities appear, detection methods evolve, and exploit frameworks are updated continuously. A rolling release helps keep the platform current without waiting for a major version cycle.

That gives you access to recent bug fixes, new tool versions, and updated signatures or rules. In active testing environments, that can improve reliability and reduce the “it worked last month” problem. It also means you need a regular maintenance routine. Rolling systems reward consistency.

How to manage updates without breaking your workflow

  1. Update on a schedule rather than randomly mid-engagement.
  2. Test major tool changes in a lab before client use.
  3. Keep snapshots or backups before large upgrades.
  4. Check release notes for dependency changes.
  5. Verify your critical tools still run after updates.

Balance is the key point. Staying current improves security and compatibility, but blind updating can disrupt a known-good lab build. If you depend on a specific toolchain, pin your workflow to a known baseline and validate upgrades before you rely on them in a real engagement.

For release and update guidance, the official Kali documentation at Kali updating guide is the right place to start. For broader software maintenance principles, CISA’s secure configuration resources are useful.

Security Defaults and Why Services Are Disabled

Kali disables many services by default to reduce exposure. That design choice matters because a security workstation is often connected to test networks, lab segments, shared environments, or client-managed infrastructure. The less unnecessary surface area the machine exposes, the safer it is to use.

This is a major difference from a general-purpose desktop that may keep multiple background services running for convenience. Kali is built around the principle of minimizing attack surface. If you do not need a service, it should not be enabled. That lowers the risk of unexpected exposure and helps keep the environment predictable.

Why that helps in practice

  • Less exposure on shared or untrusted networks.
  • Fewer background processes to troubleshoot.
  • Cleaner testing conditions for lab work.
  • Better control over what the system shares with others.

This approach also reinforces good operational discipline. A security analyst should know exactly what is listening, what is running, and why. If a service is not needed for the current task, disable it. That makes troubleshooting easier and reduces the chance of accidental data exposure.

For hardening guidance and service management principles, see CIS Benchmarks and general Linux service documentation in the Kali docs. Those references align well with the security-first design of the distro.

Community, Documentation, and Learning Resources

Learning kali linux is not a one-time event. Tools change, workflows change, and best practices change. That is why official documentation and community support matter. When you hit a problem, the right answer is usually in the vendor docs, the tool manual, or a community thread that explains the edge case clearly.

Good documentation helps with installs, package management, troubleshooting, and tool usage. It also reduces guesswork. Instead of searching for an “advanced kali linux commands pdf” from an unknown source, use the official docs and the tool’s own man pages. That gives you current behavior and avoids stale advice.

Good learning habits

  • Read the official docs first before relying on forum snippets.
  • Keep notes on commands, outputs, and findings.
  • Validate advice against current package or vendor documentation.
  • Build a lab notebook for repeatable practice.

If you are researching the best kali linux version or a kali linux vs parrot os 2026 comparison, official project documentation is a better baseline than hearsay. Kali’s own docs explain supported workflows, while other vendor sites may focus on different goals. You need facts, not fan opinions.

Start with the main project site at Kali Linux, then use tool-specific docs as needed. For broader workforce alignment and role skills, the NICE Framework is a useful guide.

Best Practices for Ethical and Safe Use

Kali Linux should only be used on systems and networks where you have permission. That sounds obvious, but it is the rule that protects your career, your employer, and your clients. Security tools are powerful. They are also easy to misuse if you skip authorization or work outside scope.

The safest way to learn is by setting up a legal lab. Use virtual machines, isolated networks, intentionally vulnerable practice targets, and test data you are allowed to touch. That gives you room to experiment with scanning, exploitation validation, web testing, and forensics without risk to real systems.

Professional conduct that matters

  1. Get written authorization before testing real targets.
  2. Stay inside scope and timing restrictions.
  3. Document findings clearly and objectively.
  4. Report weaknesses in a way that supports remediation.
  5. Use responsible disclosure when applicable.

Responsible conduct is not just ethical. It is operationally better. Clear notes, reproducible steps, and concise reporting make it easier for defenders to fix the problem. That is the real value of Kali when it is used correctly: it helps security teams improve outcomes, not just demonstrate technical ability.

Note

Building a lab is the fastest way to learn Kali Linux safely. Isolated networks, snapshots, and controlled targets give you practice without creating legal or business risk.

For legal and disclosure-oriented guidance, use CISA and NIST resources. Those sources are a better guide to professional conduct than random tutorials or outdated command collections.

Conclusion

Kali Linux is a versatile toolbox for ethical hacking, security testing, wireless analysis, application review, and digital forensics. Its value comes from the combination of pre-installed tools, controlled defaults, and a workflow that supports real investigative work.

If you are comparing the best linux for hacking options, Kali remains the standard reference because it is organized around the tasks security professionals actually perform. If you are evaluating parrot os vs kali linux 2026, the practical answer is this: choose the platform that best matches your workflow, hardware, and documentation needs. For many analysts, Kali wins because it is widely recognized, heavily documented, and easy to standardize.

Start in a safe lab. Learn a few tools deeply. Use official documentation. Keep your environment updated. Most important, stay inside authorized boundaries. That is how Kali Linux becomes a long-term platform for building real cybersecurity skill instead of just another installed distro.

Offensive Security, Kali Linux, Nmap, Wireshark, Metasploit, Aircrack-ng, and related trademarks are the property of their respective owners.

, , ,
[ FAQ ]

Frequently Asked Questions.

What is Kali Linux primarily used for?

Kali Linux is primarily used for security testing, penetration testing, and digital forensics. It provides cybersecurity professionals and ethical hackers with a comprehensive toolkit to evaluate the security of systems and networks.

This Linux distribution contains a wide range of pre-installed tools designed for tasks such as vulnerability analysis, network scanning, password cracking, and digital evidence collection. Its purpose is to facilitate in-depth security assessments and identify potential vulnerabilities before malicious actors can exploit them.

Can I use Kali Linux for learning ethical hacking?

Yes, Kali Linux is an excellent platform for learning ethical hacking. It offers a vast array of tools that allow beginners and professionals alike to understand how vulnerabilities are exploited and how to defend against them.

By using Kali Linux in a controlled environment, learners can practice penetration testing techniques legally and ethically. It’s important to remember that all testing should be conducted with proper authorization to avoid legal issues and ensure ethical standards are maintained.

What are some common tools included in Kali Linux?

Kali Linux includes numerous tools categorized for specific security tasks. Some popular ones are Nmap for network scanning, Metasploit Framework for exploitation, Wireshark for packet analysis, John the Ripper for password cracking, and Aircrack-ng for wireless security testing.

Additionally, Kali offers tools for digital forensics like Autopsy and Sleuth Kit, as well as enumeration tools such as Nikto and Burp Suite. The distribution is regularly updated to include the latest security testing tools and features.

Is Kali Linux suitable for beginners in cybersecurity?

Kali Linux can be suitable for beginners, but it is recommended to have a solid understanding of Linux fundamentals and networking principles beforehand. The toolkit is extensive and powerful, which can be overwhelming for newcomers.

To effectively use Kali Linux, beginners should start with foundational cybersecurity knowledge, such as understanding common vulnerabilities, network protocols, and scripting. Many online tutorials and courses can help build these skills, making Kali Linux a valuable resource once ready to explore hands-on security testing.

How does Kali Linux support digital forensics investigations?

Kali Linux is equipped with a suite of digital forensics tools designed to collect, analyze, and preserve electronic evidence. Tools like Autopsy, Sleuth Kit, and Volatility facilitate data recovery, timeline analysis, and memory analysis.

These tools enable forensic investigators to examine compromised systems or digital evidence in a forensically sound manner. Kali Linux’s compatibility with various file systems and its powerful scripting capabilities make it a preferred choice for cybersecurity professionals conducting digital investigations.

Related Articles

Ready to start learning? Individual Plans →Team Plans →
Discover More, Learn More
SELinux for Enhanced Security: A Deep Dive into Mandatory Access Control Discover how SELinux enhances Linux security by enforcing mandatory access controls to… Understand And Prepare for DDoS attacks Learn how DDoS attacks work and gain strategies to protect your business… Embracing Cybersecurity Compliance: A Strategic Imperative for Modern Organizations Discover essential strategies to enhance cybersecurity compliance and protect your organization from… Understanding Network Security and Mitigation of Common Network Attacks Discover essential strategies to strengthen network security, prevent common attacks, and effectively… Navigating the Cyber Threat Landscape: The Role of Network Security Protocols in 2026 Discover how to strengthen your network security protocols in 2026 to protect… Exploring Common Wi-Fi Attacks: A Deep Dive into Wireless Network Vulnerabilities Discover key Wi-Fi security threats and learn how attackers identify vulnerabilities in…