So which operating system do such black hat or gray hat hackers use?
While there may be thousands of blog posts which say that hackers prefer Linux operating system for their black hat hacking operations, it is proved that it may not be so. Many of the high-risk hacking show that some “real hackers” run MS windows to hide in plain sight. Windows, which is the required but hated target for most hackers, enables hackers to work with Windows-only environments, such as .NET framework, Windows-based malware, virus or trojan. They use cheap burner laptop bought from Craigslist to build a light weight bootable ghost image and which can’t be traced back to them. These type of burner laptops have USB and SD card for memory options. This makes it easier to hide, destroy or even swallow if needed.
Many of them go a step further and create read-only partitions for the OS and second writable space for limited persistent local storage. Some paranoid types add a hotkey panic button for quick RAM scrubbing and running a SysRq-trigger to avoid any trace back to them.
The new smaller bootable ghost OS image is then written out to an encrypted SD card. The burner laptop is dismantled and thoroughly destroyed. Hackers pay special attention to the physical destruction of the hard drive, network card, and RAM. Sometimes they use even use a blowtorch or sledgehammer can do destroy such computers.
While some of the black hat hackers prefer Windows OS, many others opt for following Linux distros :
1. Kali Linux
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni and Devon Kearns of Offensive Security developed it by rewriting BackTrack. Kali Linux is the most versatile and advanced penetration testing distro. Kali updates its tools and it is available for many different platforms like VMware and ARM.
2. Parrot-sec forensic os
Parrot Security is an operating system based on Debian GNU/Linux mixed with Frozenbox OS and Kali Linux in order to provide the best penetration and security testing experience. it is an operating system for IT security and penetration testing developed by the Frozenbox Dev Team. It is a GNU/Linux distribution based on Debian and mixed with Kali.
Deft is Ubuntu customization with a collection of computer forensic programs and documents created by thousands of individuals, teams, and companies. Each of these works might come under a different license. There Licence Policy describe the process that we follow in determining which software we will ship and by default on the DEFT install CD.
4. Live Hacking OS
Live Hacking OS is also based on Linux which has a big package of hacking tools useful for ethical hacking or penetration testing. It includes the graphical user interface GNOME inbuilt. There is a second variation available which has command line only, and it has very fewer hardware requirements.
5. Samurai Web Security Framework
The Samurai Web Testing Framework is a live Linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
8. Network Security Toolkit (NST)
Network Security Toolkit (NST) is a bootable live CD based on Fedora Core. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools.
It is said the necessity is the mother of all inventions, and NodeZero Linux is no different. The NodeZero team consists of testers and developers who have put together this amazing distro. Penetration Testing distributions tend to have historically utilized the “Live” system concept of Linux, which really means that they try not to make any permanent effects to a system. Ergo all changes are gone after reboot and run from media such as discs and USB’s drives. However, all that may come handy for occasional testing, its usefulness can be depleted when you are testing regularly. It is also believed that “Live System’s” just don’t scale well in a robust testing environment.
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64-bit installable live cd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes GRsecurity and PAX hardening and extra patches – with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.
GnackTrack is an open and free project to merge penetration testing tools and the Linux Gnome desktop. GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu.
GnackTrack comes with multiple tools that are really helpful for effective penetration testing, it has Metasploit, Armitage, W3AF and others wonderful tools.
Blackbuntu is a Linux distro specifically for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It’s currently being built using the Ubuntu 10.10 and work on reference Back|Track.
12. Knoppix STD
Knoppix STD (Security Tools Distribution) is a Live CD Linux distribution based on Knoppix that focused on computer security tools. It included GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics, firewalls, honeypots, intrusion detection system, network utilities, penetration, packet sniffers, assemblers, vulnerability assessment and wireless networking. Knoppix STD version 0.1 was published January 24, 2004, on Knoppix 3.2. Thereafter, the project stagnated, lacking updated drivers and packages. A release date for version 0.2 has not yet been announced. A list of tools is available on the official website.
Weakerth4n is a penetration testing distribution which is built from Debian Squeeze. For the desktop environment, it uses Fluxbox.This operating system is ideal for WiFi hacking as it contains plenty of Wireless tools. It has a very well maintained website and a devoted community. Built from Debian Squeeze (Fluxbox within a desktop environment) this operating system is particularly suited for WiFi hacking as it contains plenty of Wireless cracking and hacking tools.
Tools include: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing Android Hacking, Networking and creating Shells.
14. Cyborg Hawk
Many hackers think this is the most advanced, powerful and yet beautiful penetration testing distribution ever created. Lined up with the ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. It has 700 + tools while Kali has 300+ and also dedicated tools for and menu for mobile security and malware analysis . Also, it is easy to compare it with Kali as to make a better OS than Kali . It is a new operating system based on Ubuntu Linux.
It is now clear that black hat hackers mostly use Linux but have to use Windows as their targets are always on Windows run environment. Though that is changing with most financial firms now moving to Linux based servers. Also, Mac OS X is not a popular target for malware and hacking attempts, because it is neither the most famous server (Linux) nor the most famous client (Windows), giving hackers that use it a [false]sense of security.