Kali Linux
Pentest distribution: metapackages, Metasploit, recon, exploitation, post-exploit.
Before starting, we run a 1-minute tech check β microphone, ambient noise, connection. If your setup isn't good enough, the test is fully refunded.
Pentest distribution: metapackages, Metasploit, recon, exploitation, post-exploit.
Before starting, we run a 1-minute tech check β microphone, ambient noise, connection. If your setup isn't good enough, the test is fully refunded.
Prove in 15 minutes that your Kali Linux skills are real: recon chains, Metasploit depth, payload crafting and post-exploitation, tested by an AI examiner that won't let you bluff your way through.
The Plume Kali Linux badge certifies your ability to run a full pentest engagement using the industry's go-to offensive security distribution. The AI oral covers the entire attack chain: choosing and deploying the right metapackages (kali-linux-large, kali-tools-wireless, kali-tools-web), customizing your Kali image with live-build or kali-tweaks, chaining recon into exploitation into post-exploitation, managing Meterpreter sessions, and generating custom payloads with msfvenom. This is not a multiple-choice quiz on Kali's documentation. It's a practitioner-to-practitioner conversation where the AI digs into your tool choices, your field mistakes, and how you adapt when defenses push back.
Why does this badge carry weight? Because anyone can check "Kali Linux" on their LinkedIn after running nmap once. The Plume score is built on a 15-minute conversation where you have to explain why you picked Sliver over Metasploit in a given scenario, how you bypassed an AV that was catching your payload, or when you'd actually recommend Parrot OS or BlackArch instead. The AI examiner (OpenAI Realtime) pushes you to justify every decision; Claude Opus then reads the full transcript and produces a verified 0-100 score with a certified proficiency level.
This badge is built for pentesters early in their career who need something tangible to stand out, for experienced consultants who want external proof of their level beyond self-reported experience, and for cybersecurity students preparing for OSCP or similar certifications who want validated practice before the real exam. If you use Kali daily in engagements or in your home lab and want that reflected on your profile, this is the oral you've been looking for.
Here are the concrete dimensions the AI examines during the 15-minute oral.
Selecting the right metapackages for the mission type (kali-linux-large, kali-tools-wireless, kali-tools-web) and customizing the Kali image using live-build, kali-tweaks or NetHunter for mobile engagements.
Full recon chain: OSINT gathering, network enumeration with nmap and masscan, Active Directory mapping with BloodHound, and web fingerprinting with whatweb and nikto to build a solid attack surface.
Advanced use of the Metasploit framework: selecting and tuning exploits, running persistent multi/handler setups, privilege escalation modules, and pivoting across network segments during an engagement.
Building custom payloads with msfvenom across formats (exe, elf, apk, ps1), applying encoders, using basic AV/EDR evasion techniques, and embedding payloads into lightweight stagers for delivery.
Managing Meterpreter sessions, credential harvesting (hashdump, mimikatz), lateral movement across segments, persistence mechanisms, and cleaning up traces within the agreed scope of the engagement.
Integrating Kali with Burp Suite Pro for web testing, Cobalt Strike or Sliver for red team ops, and using HTB/TryHackMe to stay sharp. Knowing how each tool fits and when to hand off from Kali to something else.
Operational resilience: adapting the attack chain when a payload gets caught, a pivot is blocked, or an exploit doesn't produce a stable shell. Knowing your fallback options and being able to explain them under pressure.
Understanding where Kali fits versus Parrot OS, BlackArch, and Commando VM, and staying current on major updates: Kali Purple for defensive tooling, Win-KeX on WSL2, and NetHunter for Android-based engagements.
Final scoring is performed by Claude (Anthropic), which reads back the full transcript and applies this weighted criteria grid.
Ability to describe the concrete, real-world use of Metasploit, msfvenom, nmap, BloodHound and other Kali tools in actual engagement scenarios. The candidate must demonstrate they've handled these tools in the field, not just read about them.
Quality of reasoning when things go wrong: AV/EDR blocking a payload, an unstable shell, an impossible pivot. The evaluator measures the candidate's ability to switch to alternatives and justify each adjustment to the attack chain in real time.
Advanced command of Metasploit (persistent handlers, auxiliary modules, Meterpreter scripting) and post-exploitation techniques: credential harvesting, lateral movement, maintaining access, and cleaning up within scope.
Knowledge of metapackages, live-build, kali-tweaks and Kali variants (NetHunter, Kali Purple, Win-KeX). Ability to tailor the environment to the mission type rather than defaulting to a vanilla install without thought.
Awareness of authorized scope, evidence management, confidentiality requirements, and the legal boundaries of a pentest engagement. The candidate clearly understands what they're permitted to do and what falls outside scope.
A Plume session takes about 20 minutes, from tech check to badge delivery.
The AI confirms your microphone is working and your connection is stable. You verify your identity and accept the exam conditions. No screen sharing required: the entire exam is audio-only.
The AI examiner invites you to introduce yourself briefly and describe your most recent or most memorable Kali Linux pentest engagement: the context, the scope, and what stood out. This sets the tone for the whole conversation.
The AI probes your practice across all core themes: recon-to-exploitation-to-post-exploitation chains, Meterpreter session management, msfvenom payload crafting, bypassing defenses, metapackage selection, and how Kali fits your overall offensive workflow.
The examiner explores your limits and critical thinking: when you'd move away from Kali entirely, how you handle unexpected blockers in the field, and your take on recent Kali evolutions like Kali Purple or Win-KeX on WSL2.
Claude Opus reads the full transcript and produces a 0-100 score with a certified proficiency level (Novice, Proficient, Advanced or Expert). Your shareable digital badge and detailed feedback report land in your dashboard within minutes.
Your score out of 100 translates into a level a recruiter can grasp at a glance.
You've installed Kali and run some tools, mostly following tutorials or HTB/TryHackMe write-ups. You can launch nmap and basic Metasploit modules with guidance, but you haven't run a full pentest engagement independently and you work with the default Kali image without customization.
You use Kali regularly in labs or supervised engagements. You're comfortable with the recon-to-exploitation chain using common tools, you can manage basic Meterpreter sessions, and you have a clear sense of which metapackages to install for a given context. Unexpected field situations still slow you down.
You run full engagements autonomously: structured recon, targeted exploitation, post-exploitation with credential harvesting and network pivoting. You customize your Kali image, craft tailored payloads with msfvenom, and adapt your attack chain when defenses get in the way.
You operate in complex red team engagements, combining Kali with Cobalt Strike, Sliver or custom frameworks, and contributing to your team's TTP development. You have a sharp, critical opinion on Kali Purple, NetHunter and Win-KeX, and you know exactly when to reach for BlackArch, Parrot or a hardened Ubuntu instead.
No degree or years of experience required to take the badge. Here are the profiles it makes the most sense for.
You want to prove your Kali skills go beyond HTB labs and that you're ready for real client engagements. The badge gives recruiters and security firms external, verifiable proof of your hands-on level.
You bill pentest projects but your LinkedIn profile doesn't reflect your actual depth. The Plume badge adds objective validation on top of self-reported experience, useful for winning contracts or negotiating your day rate.
You're working toward OSCP or another offensive cert and want to pressure-test your Kali practice before the real exam. The badge gives you structured feedback on exactly what to sharpen before exam day.
You use Kali as your main platform for bug bounty programs and want to build credibility with companies running private programs. An Advanced or Expert badge signals to triagers that your offensive skills are verified, not just claimed.
You're coming from a SOC or Blue Team background and pivoting into offensive security. The Kali Linux badge lets you demonstrate real offensive tool proficiency to hiring managers who are skeptical of career changers without formal certs.
Where and how your Kali Linux badge will help you day to day.
You're interviewing at a boutique offensive security firm. The hiring manager sees your Advanced-level Kali Linux badge on your profile and can access the exam summary. They immediately know you're fluent in Metasploit, msfvenom and post-exploitation chains, no pre-screening technical test needed.
You're pitching your pentest services to a new client. The badge lets you justify your rate with an objective score. An 85/100 Expert-level result on Kali Linux speaks louder than a CV line that says 'extensive Kali experience.'
You're sitting OSCP in six weeks and want to find the gaps in your Kali practice. The 15-minute oral simulates the pressure of a demanding examiner and the detailed feedback report pinpoints exactly what to work on before exam day.
You hunt on HackerOne and Bugcrowd and want to get invited to private programs. Adding the Kali Linux badge to your public profile signals that your offensive practice is verified and documented, not just self-declared.
You've rooted 30+ machines on HackTheBox and want to know if you're ready for real engagements. The badge gives you structured feedback on the gaps that matter in production environments: pivoting under pressure, defense handling, and scoped reporting.
A CISO is building an internal red team and needs to compare five candidates quickly on their Kali proficiency. They ask each candidate to take the Plume badge. The comparable scores let them rank candidates objectively without running a time-consuming internal CTF.
A few minutes to check you have everything you need.
At the end of your session you don't just get a score β here's everything that awaits you.
Claude Opus analyses your transcript and delivers a precise score out of 100 with a certified level (Novice, Proficient, Advanced or Expert) based on your actual Kali Linux practice, not a multiple-choice quiz.
A structured report highlights your strengths (e.g., Meterpreter fluency, handling unexpected blockers) and growth areas (e.g., live-build customization, AV evasion) so you know exactly what to work on next.
Your oral recording is stored securely and never shared without your explicit consent. You stay in full control of who can access the audio from your session.
A public URL with your score and level, ready to add to your LinkedIn, CV, or HackerOne profile. Recruiters and clients can verify the badge's authenticity in one click.
Discover related skills you can validate with Plume.
A 15-min oral exam with an AI, a shareable badge for your recruiters.
Choose this badge Β· β¬19.99