Can I do hacking using Windows OS? [closed]

Question

I have searched the web a numerous times but haven't found an explicit answer to my question. I've studied (at school and on my own) computer networks for 2 years, doing active programming for 4 years now and am willing to move a step forward.

To make the question short. Can I do efficient network penetration using Windows OS (8,8.1) rather than installing Linux (Ubuntu, Kali ect.)? "Experts" who recommend Linux over Windows for such kind of activities state the following:

• easy OS customization
• Linux OS is more secure
• command line interface (greater functionality) against graphical user interface(less functionality)
• Network nodes running UNIX, etc.

I still don't know how this makes network packet sniffing and penetration better using Linux. Packets sniffers can be installed on Windows(Nmap, Wireshark...), penetration software can be installed (Aircrack, Cain & Abel...).

How does actually Linux beat other OS at hacking?

Answer 1

There is no "best OS" for security work. Any good penetration tester should be at least familiar and moderately skilled with multiple operating systems. Virtual machines are useful for this purpose.

I, personally, use Windows as my base host because I am most comfortable with it. A lot of my more specialist work focuses on auditing Windows binary applications, which running Windows is conducive towards, due to the ease of installing analysis tools and doing research.

That being said, I also spend a lot of time in Kali / BackTrack / Ubuntu / Debian VMs when I'm doing web application assessments and infrastructure work, because the environment is somewhat better suited for it, and there are more native tools for Linux in that domain. I personally find the BackTrack / Kali family of distros very useful, because they come pre-installed and pre-configured with tools designed for penetration testing. This saves some startup time in getting a build together.

Many of my colleagues chose other base systems, such as Ubuntu, Debian, OS X, Arch, Gentoo, FreeBSD, etc. to fit their own preferences. However, they all run VMs so that they can use various other OSes when necessary. It's practically a requirement of the job.

I think the real take-away is that the OS doesn't matter. Your effectiveness as a security consultant should not be heavily swayed by your choice of OS, but rather by the knowledge you have of the system you use, and your experience in analysing the security of target systems during assessments.

Answer 2

I think your short answer is: yes.

Long answer: If you have everything you need to do what you are trying to do in Windows, then by all means use Windows. Windows also has a CLI for network setup and control, (I'm not familiar with it at all...) but I'd imagine it is more than functional for most purposes. If you feel more comfortable using it, then use it. There's nothing wrong with choosing one OS to do your work over another, other than there may be tools developed for a different OS that might be better suited. Learn as you go =)

Answer 3

Windows is very restrictive. It doesn't let you do things like running kernel mode code (without paying to get it signed), use raw sockets, etc. Since many exploits and malicios actions require such low level capabilities, Windows proves an obstacle.
Linux, on the other hand, is a free and open source tool that doesn't restrict the user in any way (so long as they have sufficient privileges on the host machine). This amount of flexibility and accessability is a great asset, and allows you to do much more than you could on a Windows system.