Which are the Preferred Operating Systems of Professional Hackers?

ISCN BLOG: Which are the Preferred Operating Systems of Professional Hackers?

# Who are the real hackers?

The term ‘real hackers’ does not refer to white hat hackers and security researchers. Instead, it relates to cybercriminals and hacktivists. They are also called gray hat or black hat hackers since they work against media enterprises, the government and companies as a form of protest or solely for their profit. Since these hackers illegally infiltrate into computer networks and systems, they use operating systems with high technology so that they can avoid being detected or mapped out. Also, the operating system should provide them with the latest hacking tools and features.

# Which OS’s are used by black hat & gray hat hackers?

Search online and you can find numerous blog posts claiming that ‘real hackers’ prefer to use Linux OS for carrying out their black hat hacking operations.

But it has actually been proven otherwise. The reports of high-risk hacking show that some hackers use MS Windows to hide in plain sight. Windows, a target for many hackers, requires them to work with Windows-only environments, including Windows-based malware, .NET framework, Trojans or viruses. Hackers use cheap burner laptops purchased from Craigslist to build a lightweight bootable ghost image, which cannot be mapped back to them. These laptops have special SD card and USB options that are easy to destroy, hide or even swallow, if required.

Many hackers go the extra mile and create second writable space for limited persistent local storage and read-only partitions for the operating system. There are still others, the paranoid types, who further add a hotkey panic button for quick scrubbing of the RAM and running a sysRq-trigger to prevent any kind of tracing.

The bootable OS ghost image, which is smaller, is written out to an encoded SD card. After this, the burner laptop is disassembled and meticulously destroyed. Special attention is paid by the hackers towards the physical destruction of the RAM, hard drive and network card. A sledgehammer or blowtorch is also sometimes used for the destruction of such computers.

Even though some black hat hackers use Windows OS, there are others preferring the following Linux distribution:

1. Live Hacking OS

Based on Linux, Live Hacking OS is a pack of useful hacking tools used in penetration testing or ethical hacking. It consists of the GNOME inbuilt, which is a graphical user interface. A second variation is available, which only has command line. It requires less hardware and is easy to operate.

2. Network Security Toolkit (NST)

This is a bootable live CD based on Fedora Core. It provides the best open source computer security and networking tools and runs on most of the x86 platforms. This toolkit was designed with the main intent of providing a comprehensive set of open source network security tools to network security administrators. It is used for regular networking diagnostic, monitoring and security responsibilities.


DEFT stands for Digital Evidence and Forensic Toolkit and is based on the Ubuntu operating system. It is a collection of computer forensic documents and programs created by thousands of companies, individuals and teams, each of which may come under a different license. The process to be followed in determining which software will be shipped and installed on the DEFT CD by default is outlined by the License Policy.

4. Kali Linux

Designed for penetration testing and digital forensics, Kali Linux is a Debian-based Linux distro. It is one of the most advanced and versatile penetration testing distros. Devon Kearns and Mati Aharoni of Offensive Security Ltd. developed it by rewriting BackTrack. Kali is funded and maintained by Offensive Security. Its tools are frequently updated and it is available for different platforms, such as ARM and VMware.

5. Knoppix STD (Security Tools Distribution)

This is a Live CD Linux distro based on Knoppix and focuses on tools for computer security. GPL licensed tools are included in the below-mentioned categories:

  • Encryption
  • Authentication
  • Forensics
  • Password cracking
  • Firewalls
  • Network utilities
  • Honeypots
  • Penetration
  • Intrusion detection system
  • Wireless networking
  • Packet sniffers
  • Vulnerability assessment
  • Assemblers

On 24th January 2004, version 0.1 of Knoppix STD was published on Knoppix 3.2, after which, due to the lack of updated packages and drivers, the project was brought to a halt. The release date for version 0.2 has not yet been announced. On the official website, a list of tools is available.

6. Cyborg Hawk

A lot of hackers are of the opinion that Cyborg Hawk, a new operating system based on Ubuntu Linux, is the most powerful and cutting-edge penetration testing distribution that has ever been created. It is lined up with the most quintessential collection of tools for cyber-security experts and professional ethical hackers. While Kali has more than 300 tools, Cyborg Hawk has 700+, along with dedicated tools and menu for analysis of malware and mobile security. It is considered to be a better OS than Kali.

7. Samurai Web Testing Framework

The Samurai Web Testing Framework, a live Linux environment, has been pre-configured to operate a web pen-testing environment. The CD comprises of the best of the free tools and open source that pay attention to testing and attacking websites. In developing this environment, the selection of tools has been based on the tools used for security practice. It includes the tools used in all four stages of a web pen-test.

8. Pentoo

Pentoo, a Live USB and Live CD based on Gentoo Linux, is created for security assessment and penetration testing. It is provided as a 32, as well as a 64-bit, installable Live CD. Also, it is available for an existing Gentoo installation as an overlay. Pentoo features GPGPU cracking software, packet injection patched Wi-Fi drivers and a number of tools for security assessment & penetration testing. GRsecurity and PAX hardening is included in the Pentoo kernel, along with extra patches with binaries that are compiled from a hardened toolchain. The most recent nightly versions of some of the tools are also available.

9. Blackbuntu

A Linux distribution by nature, Blackbuntu was developed for penetration testing. It was designed especially for practitioners of information security and security training students. The testing is based on GNOME Desktop Environment. On BackTrack situation, it is used in Ubuntu 10.10.

10. GnackTrack

GnackTrack is an open and free project combining Linux GNOME desktop and penetration testing tools. It is based on Ubuntu and is a Live (and installable) Linux distro created for penetration testing. It comes with multiple tools, such as W3AF, Metasploit and Armitage, helpful for effective penetration testing.

11. NodeZero

An experienced team of testers and developers have put together this distro. It is based on Linux kernel and obtained from Ubuntu. Historically, penetration testing distributions have utilized the concept of the Live system of Linux, which means that they try not to make any permanent effects to a system. Therefore, all changes disappear after reboot and run from media, such as USB drives and discs. However, its usefulness depletes when used for testing regularly. Additionally, it is believed that Live Systems do not scale well in a robust testing environment.

12. Parrot-sec Forensic OS

As a Debian GNU/Linux-based operating system in combination with Kali Linux and Frozenbox OS, it provides the best-in-breed penetration and testing experience. Developed by the Frozenbox Dev Team, it is an operating system for penetration testing and IT security.

13. Weakerth4n

Weakerth4n is developed from Debian Squeeze and is a penetration testing distribution. It uses Fluxbox for the desktop environment. As it consists of a number of Wireless cracking and hacking tools, it is ideal for Wi-Fi hacking. The wireless tools include:

  • SQL hacking
  • Password cracking
  • Wi-Fi attacks
  • Cisco exploitation
  • Bluetooth
  • Social engineering
  • Web hacking
  • Information gathering
  • VoIP hacking
  • Networking and creating shells
  • Fuzzing android hacking

Now, it is clear that most black hat hackers prefer using Linux but also have to use Windows, as their targets are mostly on Windows-run environments. With most financial firms moving to Linux-based servers, the scenario is gradually changing. In addition, Mac OS X is not a very popular target for hacking attempts and malware. This is because it is not as famous a server as Linux, nor as widely used a client as Windows. Therefore, people using this OS are given a false sense of security.

BECOME AN ETHICAL HACKER – SAVE 20% on CEH online training from EC-Council

>> View Offer <<

Do you agree with the thoughts above? Feel free to post comments below.