Mati Aharoni is one of the biggest hidden forces in modern computing.
As the creator of Kali Linux, he’s responsible for bringing cybersecurity to the masses. His work has enabled a new generation of penetration testers, digital forensics specialists, and other cybersecurity experts to find their footing in the field.
Amateurs and professionals alike sing the praises of Aharoni’s creation, as do the countless everyday people whose security and privacy have been preserved by Kali Linux. But few know the story behind the OS — and the true impact it’s had on the world.
Mati Aharoni at a Glance
- Enigmatic and highly private, Mati Aharoni released his first OS, Whoppix, in 2004.
- Whoppix was a portable Linux-based OS that could be run from a CD and featured many powerful cybersecurity tools, including network scanners and password crackers.
- Aharoni renamed Whoppix to WHAX in 2005, then merged it with the similar OS Auditor Security Collection to become BackTrack the following year.
- BackTrack featured hundreds of programs and quickly became the go-to penetration testing OS for amateurs, students, and professionals alike.
- Aharoni managed BackTrack through his company, Offensive Security, which also offered cybersecurity consulting and training.
- In 2013, Aharoni and his team rewrote BackTrack from the ground up, releasing it under a new name: Kali Linux.
- Kali Linux became one of the most popular Linux distributions ever, and was even featured in the TV show Mr. Robot.
- Aharoni left Offensive Security and Kali Linux in 2019, though both projects live on and continue to hold high prestige in the world of tech.
The Life of Mati Aharoni
Mati Aharoni’s Early Life
Mati Aharoni, like many cybersecurity experts, is an intensely private person.
Little personal information is available on him, as he prefers to keep the focus on his work rather than himself. And considering the attention his projects draw from cybercriminals, misguided authorities, and rabid fans alike, he’s wise to protect his privacy so fiercely.
What is known about him is simple: the programmer and avid outdoorsman has worked in infosec for over two decades. Under the handle “muts”, he made his first mark on the cybersecurity scene in 2004.
Whoppix and WHAX
On August 30, 2004, a new Linux distribution was announced. And while such an event was hardly uncommon, this new OS was different.
Called Whoppix, it was designed to be booted from a CD or USB drive rather than permanently installed on a hard drive. And rather than coming bundled with games and consumer software, Whoppix was loaded with all kinds of cybersecurity software.
Stay One Step Ahead of Cyber Threats
Its creator was Mati Aharoni, aka muts, whose goal was to collect all of the best security tools and package them together into the ultimate cybersecurity toolkit. Professionals and amateurs alike could have a portable arsenal of software for hacking, penetration testing, data recovery, debugging, network monitoring, and all sorts of security work.
Aharoni based his new OS on a distribution of Linux called Knoppix, a “live OS” that resided on removable media and ran entirely in RAM. He replaced the “Kn” in the name with “Wh”, as in “white hat”, or benevolent, hacking.
A live OS was ideal for Aharoni’s purposes: one could easily run Whoppix on any computer without having to install anything, then simply eject the media and return the computer to its original state.
Once he had the base OS set up, Aharoni began collecting all of the best cybersecurity tools he could find.
He started with several exploit archives — databases of computer vulnerabilities and instructions on how to manipulate and take advantage of them. Then he loaded Whoppix up with software to make use of those archives: network monitors Kismet and Ethereal, man-in-the-middle attack tool Ettercap, and penetration testing framework Metasploit, to name a few.
In 2005, Aharoni redesigned Whoppix, this time basing it on the Slax live Linux distribution. In honor of its new foundation, Aharoni renamed the OS WHAX.
WHAX Becomes BackTrack
As Whoppix and WHAX were being developed, so was another security-focused live OS.
Auditor Security Collection, created in 2004 by Max Moser and based on Knoppix, came on a CD bundled with over 300 security programs. These programs were organized in a user-friendly way based on purpose, such as password cracking, network scanning, and network analysis.
Aharoni and Moser realized that if they combined their efforts, they could create a single penetration testing OS that was more comprehensive and user-friendly than either could create on their own. They merged their projects into one: BackTrack.
BackTrack v1 was released on May 26, 2006, featuring software in just about any category a hacker could want: reverse engineering, forensics, stress testing, exploitation tools, and more.
Highly portable, jam-packed with software, and requiring no registration or personal information from users, BackTrack was an instant hit. Its slogan resonated with many cybersecurity experts: “The quieter you become, the more you are able to hear.”
After the first BackTrack release, Aharoni and his wife, Iris, formed Offensive Security. The company served as the coordinator for the BackTrack project, raising funds for its development through cybersecurity consulting, training, certifications, and pen testing.
In 2010, Offensive Security also launched the Exploit Database and Google Hacking Database, massive indexes of exploits, vulnerabilities, bugs, proofs-of-concept and other data for cybersecurity researchers.
BackTrack Moves Forward
Aharoni and Offensive Security continued releasing new versions of BackTrack through 2012. At that time, the BackTrack team decided to rewrite the OS once again, this time basing it on the Debian Linux distribution.
The new OS was named Kali Linux, after the Hindu goddess of time, power, destruction, and change. It was released on March 13, 2013.
Users immediately approved of the new OS. Its Debian base was stable, reliable, and frequently updated to ensure up-to-date security.
Kali Linux also came with many new tools and features, including hardware hacking tools and a convenient “top 10 security tools” section for newbies.
Offensive Security utilized Kali Linux in its cybersecurity courses, using student feedback to develop Kali Linux 2.0. It arrived in 2015 to considerable fanfare.
By then, version 1.0 had gained a large following and a stellar reputation in the cybersecurity world, and version 2.0 made waves in the larger tech community and beyond. PCWorld magazine covered its release, and the OS made multiple appearances in the TV show Mr. Robot.
Meanwhile, Offensive Security was becoming one of the most prestigious cybersecurity companies. Its OSCP (Offensive Security Certified Professional) certification, which involved an intensive Kali Linux curriculum and a rigorous 24-hour exam, was soon seen as the gold standard for infosec professionals.
Aharoni Leaves Kali
After an intense two decades developing Kali Linux and building Offensive Security, Aharoni stepped down from both projects — and the internet in general — in 2019.
Though he has been vague about his next steps, he implies that he is now working a calmer, more traditional job, as well as spending more time outdoors. He describes himself as a “recovering infosec addict” and, aside from sharing playlists of electronic music, remains as reclusive as ever online.
But Offensive Security and Kali Linux aren’t going anywhere. Offensive Security boasts clients like Wells Fargo, Cisco, and U.S. defense agencies, and the frequently-updated Kali Linux is the 17th most popular Linux distribution in the world.
Mati Aharoni: Cybersecurity’s Secretive Supergenius
For the reclusive and reticent Mati Aharoni, fame and fortune have never been priorities.
From the moment he first conceived of Whoppix to the moment he parted ways with Offensive Security and Kali Linux, his goal has been to give people the tools to become cybersecurity experts.
And millions of downloads, thousands of certifications, and dozens of OS releases later, it’s safe to say that he accomplished just that.
Mati Aharoni at the Security Summit (Video)
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional