diff --git a/managing-os/pentesting/kali.md b/managing-os/pentesting/kali.md
index 69a6fb0f..f150456e 100644
--- a/managing-os/pentesting/kali.md
+++ b/managing-os/pentesting/kali.md
@@ -17,14 +17,25 @@ Please keep in mind that using such a VM or VM's based on the template for secur
 How to Create a Kali Linux VM
 =============================
 
-This guide is being created to give guidance on ways in which you could create a [Kali Linux](https://www.kali.org/) penetration testing VM (Qube) in Qubes OS.
+This guide is being created to give guidance on ways in which you could create a [Kali Linux][kali] penetration testing VM (Qube) in Qubes OS.
 
 Kali Linux is the most widely used penetration testing Linux distribution.
 
-There are multiple ways to create a Kali Linux VM. One way is to create a HVM and use the offical ISO to install the system or convert a [Virtual Image](https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/). Another way is to clone the Qubes OS Debian image and turn it into a Kali Linux distribution.
+There are multiple ways to create a Kali Linux VM:
 
-Kali Linux HVM
---------------
+ 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm).
+ 2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin).
+ 3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch'
+    (Debian 9.0) and turn it into a Kali linux template. Explained
+    [here](#debian-upgrade).
+
+## Alternative Options to Kali
+
+- [BlackArch][qubes-blackarch]
+- [PenTester Framework (PTF)][qubes-ptf]
+- [Pentesting][qubes-pentesting]
+
+## Kali Linux HVM <a name="hvm"/>
 
 1. Download the Kali installation DVD
 
@@ -34,8 +45,9 @@ Kali Linux HVM
 
         qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
 
-Create Debian Based Kali Template
----------------------------------
+## Create Debian Based Kali Template <a name="katoolin"/>
+
+Katoolin is a script (written in Python) which helps you to install Kali tools.
 
 1. *(Optional)* Install `debian-8` template (if not already installed)
 
@@ -62,27 +74,7 @@ Create Debian Based Kali Template
         sudo apt-get dist-upgrade
         sudo apt-get autoremove
 
-    **Note:** From now on there are two possible ways either doing everything manually or automatically with [Katoolin](https://github.com/LionSec/katoolin).
-
-    Katoolin is a script (written in Python) which helps you to install Kali tools.
-
-5. *manually* - Add Kali Linux repositories
-
-    1. Add Kali Linux repositories to `/etc/apt/sources.list`
-
-            deb http://http.kali.org/kali kali-rolling main contrib non-free
-            deb http://repo.kali.org/kali kali-bleeding-edge main
-
-    2. Add kali signing key
-
-        - The signing key can be found here [Download Kali Linux Images Securely](https://www.kali.org/downloads/)
-
-                sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6
-                sudo apt-get update
-
-
-
-6. *katoolin* - Install Katoolin and add Kali Linux repositories
+6. Install Katoolin and add Kali Linux repositories
 
     1. Install Katoolin
 
@@ -152,28 +144,7 @@ Create Debian Based Kali Template
 
 9. Start image
 
-10. *manually* - Install tools
-
-    **Warning:** `kali-linux` and `kali-linux-full` does currently not work properly. Please use `Katoolin` or `PTF`.
-
-    1. List available packages
-
-            sudo apt-cache search kali-linux
-
-    2. Select and install tools
-
-        - install base system
-
-                sudo apt-get install kali-linux
-
-        - or install all tools
-
-                sudo apt-get install kali-linux-full
-
-        - or select specific (example):
-
-                sudo apt-get install kali-linux-top10 kali-linux-web
-11. *katoolin* - Install tools
+11. Install tools
 
     1. View Categories
 
@@ -185,7 +156,7 @@ Create Debian Based Kali Template
 
     2. Select the categories/tools you want to install
 
-        - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu](http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/)
+        - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu][katoolin-howto].
 
         - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
 
@@ -193,10 +164,145 @@ Create Debian Based Kali Template
 
     - (Optional) Attach necessary devices
 
+## Installing Kali from a Debian template <a name="debian-upgrade"/>
+
+This section will explain how to create your own [Kali] Linux VM as a VM
+template. The basic idea is to personalize the template with the tools you need
+and then spin up isolated AppVMs based on the template.
+
+This has been tested on Qubes OS 3.2.
+
+The steps can be summarised as:
+
+1. Install Qubes' Debian 8.0 (Jessie) template
+2. Upgrade the template to Debian 9.0 (Stretch)
+3. Install kali through the ``kali-linux-full`` package
+4. Use the template to build appVM so that you can maintain isolation between
+   e.g. pentesting jobs
+
+
+Steps to build a Kali template
+------------------------------
+
+### Get the GPG key
+
+1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll
+   build won't have direct internet connectivity unless you enable it from the
+   firewall:
+
+        # in a dispVM
+        gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
+        gpg --list-keys --with-fingerprint 7D8D0BF6 
+        gpg --export --armor 7D8D0BF6 > kali.asc
+
+2. **DO NOT TURN OFF** the dispVM
+
+3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally,
+   verify the fingerprint through other channels as recommended on that link.
+
+Once you have the key, keep the dispVM on as you'll need to copy the key over
+to the Kali template.
+
+### Customize the template
+
+1. Install [the debian-8 template] if not already installed
+
+2. Clone the debian template and start a terminal in it:
+
+        # in dom0:
+        qvm-clone debian-8 debian-9
+        qvm-run -a debian-9 gnome-terminal
+
+        # in the debian-9 template terminal:
+        # substitute jessie for stretch in
+        sudo -s
+        sensible-editor /etc/apt/sources.list
+        sensible-editor /etc/apt/sources.list.d/qubes-r3.list
+        apt-get update && apt-get dist-upgrade
+        # (hat tip: [the Debian wiki])
+
+    Restart the template when done and make sure you can open a terminal.
+
+3. Prepare the kali template:
+
+        # in dom0:
+        qvm-shutdown debian-9
+        qvm-clone debian-9 kali-tpl
+        qvm-run -a kali-tpl gnome-terminal
+
+3. Add the sources to install Kali linux to the `kali-tpl` template:
+
+        # in kali-tpl:
+        sudo -s
+        echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list
+
+4. Copy the Kali key from the dispVM into the template:
+
+        # in the dispVM:
+        qvm-copy-to-vm kali-tpl kali.asc
+
+        # in kali-tpl:
+        cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
+
+    The last command should return `OK` on a line by itself.
+
+5. Update the system:
+
+        # in kali-tpl:
+        sudo -s
+        apt-get update && apt-get dist-upgrade
+
+6. Shut down the `kali-tpl` template:
+
+        # in dom0:
+        qvm-shutdown kali-tpl
+
+### Install the Kali tools
+
+At this point you should have a working template and you can install the tools you need.
+
+1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb.
+
+1. Install Kali linux:
+
+        # in kali-tpl:
+        sudo apt-get install kali-linux-full
+        
+2. [optional] Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional)
+        
+### Use the template
+
+The template is ready to be used. You can now spin up AppVMs based on the `kali-tpl` template.
+
+
 
 Alternative Options to Kali
----------------------------
+===========================
 
-- [BlackArch](/doc/pentesting/blackarch/)
-- [PenTester Framework (PTF)](/doc/pentesting/ptf/)
-- [Pentesting](/doc/pentesting/)
+ * PenTester Framework: [PTF] ([PTF Qubes OS guide])
+ * Black Arch with [BA Qubes OS guide])
+ * [KATOOLIN]
+
+Notes
+-----
+
+Thanks to the people in [the discussion thread].
+
+[qubes-blackarch]: /doc/pentesting/blackarch/
+[qubes-ptf]: /doc/pentesting/ptf/
+[qubes-pentesting]: /doc/pentesting/
+
+[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
+[kali]: https://www.kali.org/
+[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images.
+[KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ 
+[the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/#install
+[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
+[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/
+[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/
+[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates
+[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981
+[PTF Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/ptf/
+[BA Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/blackarch/
+[katoolin]: https://github.com/LionSec/katoolin
+[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/