top of page

How To Build A PC For Hacking (2026) (Guide)

How To Build A PC For Hacking (2026) (Guide) | Black Hat HQ

Building A PC Made For Hacking (2026)


Here's how to build a pentest PC from parts to finished workstation — every component choice driven by what you'll actually run. This is a guide on how to build a PC for hacking.


What Makes A Hacking PC Different From A Gaming PC


A pentest machine runs completely different workloads. The priorities:


Workload

Hardware Demand

Why It Matters

Parallel scanning (nmap, masscan, ffuf)

CPU cores + threads

Thousands of concurrent connections

Hash cracking (hashcat)

GPU (NVIDIA CUDA cores)

Billions of password guesses/second

Multiple VMs (Windows AD lab, targets)

RAM + disk I/O

3-5 VMs running simultaneously

Wordlist/database searches

Fast NVMe storage

SecLists alone is gigabyte-scale

Packet capture & injection

WiFi chipset support

Monitor mode, injection drivers

Burp Suite / browser tabs / IDEs

RAM

Burp alone eats 4GB+ on large engagements


A gaming GPU handles one high-resolution render pipeline. A pentest GPU handles 64 parallel hash computation streams. Different silicon, different priorities.


Build 1: Desktop Workstation - Maximum Power


This is your primary rig if you work from an office or home. No compromises.


Component Breakdown


CPU: AMD Ryzen 9 7950X (16 cores / 32 threads, ~$550)

Why this over Intel: More threads per dollar, better multi-core efficiency for scanning. nmap -sV -p- on a /24 network scales linearly with core count. 32 threads means you can allocate 8 to scanning, 8 to VMs, and 16 left over for everything else. Intel i9-14900K is a fine alternative if you prefer Intel, but the AMD runs cooler under sustained load.


CPU Cooler: Arctic Liquid Freezer III 360mm or Noctua NH-D15

You'll run 100% CPU for hours during cracking or scanning. An air cooler like the NH-D15 handles this silently with zero failure risk. 360mm AIO if you prefer liquid. Either way, don't cheap out — thermal throttling during a hashcat run kills cracking speed.


Motherboard: B650 or X670 with minimum 4 RAM slots, 2+ M.2 slots

Don't overspend on X670E unless you need PCIe 5.0 for future GPUs.


What matters:


  • 4 DIMM slots (start with 2 sticks, leave room to expand)

  • At least 2 M.2 NVMe slots

  • 2.5Gb Ethernet preferred (not required, but nice for internal network testing)

  • Avoid boards with Killer/weird NICs — stick to Intel or Realtek for driver compatibility


RAM: 64GB DDR5 (2×32GB), minimum


This is the one spec you should not cut. Here's why:


4 VMs × 8GB each (Windows AD lab)    = 32GB
Host OS + Burp Suite + browser        = 12GB
Hashcat runtime buffer                = 8GB
Headroom                              = 12GB
Total                                 = 64GB

If you run a full Active Directory lab (2 DCs, 2 workstations) plus your host tools, 32GB is already stretched. 64GB is comfortable. 128GB if you plan to run large-scale labs or Elasticsearch/Kibana for log analysis.


Spec: DDR5-5600 or faster. 2×32GB sticks, leaving 2 slots open. G.Skill Flare X5 or Corsair Vengeance are reliable.


GPU: NVIDIA RTX 4070 Ti Super (16GB VRAM) — or Used RTX 3090 (24GB VRAM)

This is the single most important pentest-specific choice. Hashcat performance scales with CUDA cores and VRAM bandwidth:


GPU

Hashcat WPA2 (22000)

Hashcat NTLM (1000)

VRAM

RTX 4060 Ti 16GB

~450 kH/s

~35 GH/s

16GB

RTX 4070 Ti Super 16GB

~680 kH/s

~55 GH/s

16GB

RTX 3090 24GB (used)

~730 kH/s

~60 GH/s

24GB

RTX 4090 24GB

~1,100 kH/s

~90 GH/s

24GB


Why VRAM matters: Hashcat rule-based attacks (OneRuleToRuleThemAll, best64) memory-map the entire wordlist. Larger wordlists need more VRAM. 16GB is sufficient for nearly everything. 24GB is future-proof.


NVIDIA over AMD: AMD ROCm has improved but Hashcat on CUDA is still 2-3× faster and better supported. If you're building a password cracker, buy NVIDIA. Period.

If budget is tight, a used RTX 3090 from eBay (~$700) is the best value pentest GPU available — 24GB VRAM at near-4090 hashcat performance.


Storage: 2× NVMe SSDs


Drive 1: Samsung 990 Pro 1TB — OS + tools
  Kali Linux or Parrot OS installed here
  All pentest tools, Burp, Metasploit, etc.
  
Drive 2: Samsung 990 Pro 2TB — VMs + wordlists + loot
  VirtualBox/VMware VM images
  /opt/SecLists, rockyou, custom wordlists
  Engagement data (encrypted containers)

Why separate drives: When a VM is hammering disk I/O (Windows Update, database, log writes), your host OS on a separate drive stays responsive. NVMe over SATA because loading a 50GB Windows VM image from cold to running takes seconds vs. minutes.


Case: Fractal Design Pop Air or Meshify 2


Anything with good airflow and dust filters. You're running this machine at load for hours — thermals matter. ATX mid-tower is the sweet spot.


PSU: 850W 80+ Gold (Corsair RM850x, Seasonic Focus Plus)


Enough headroom for GPU + CPU at full tilt plus drives. 850W covers a 4070 Ti Super comfortably. If you go RTX 4090, bump to 1000W.


Networking: Additional WiFi Adapter


Your motherboard's built-in WiFi probably doesn't support monitor mode or packet injection.


Add one that does:


bash

# Best pentest WiFi adapters (chipset is what matters):
# Alfa AWUS036ACH       — MT7612U, dual-band, reliable
# Alfa AWUS036AXM       — MT7921, WiFi 6, monitor mode support
# Panda PAU09           — RT5572, cheap, 2.4GHz only
# Alfa AWUS036NHA       — AR9271, classic, 2.4GHz only, bulletproof

Keep this adapter dedicated to pentesting — don't use it for your internet connection. That way you can put it in monitor mode without losing connectivity.


Complete Build List


CPU:    AMD Ryzen 9 7950X                    $550
Cooler: Arctic Liquid Freezer III 360         $90
Mobo:   ASRock B650 PG Lightning              $180
RAM:    G.Skill Flare X5 64GB DDR5-6000       $200
GPU:    RTX 4070 Ti Super 16GB                $800
SSD1:   Samsung 990 Pro 1TB NVMe              $90
SSD2:   Samsung 990 Pro 2TB NVMe              $150
Case:   Fractal Design Pop Air                $80
PSU:    Corsair RM850x                        $130
WiFi:   Alfa AWUS036ACH                       $35
-----------------------------------------------
TOTAL:                                        ~$2,305

Build 2: Portable Pentest Laptop


If you go on-site, you need a laptop. Different priorities — battery, portability, integrated WiFi.


Key Laptop-Specific Considerations


  • No desktop GPU. You'll use cloud cracking or a remote desktop for hashcat runs.

  • WiFi must support monitor mode. Most built-in Intel AX200/AX210 cards do NOT. You'll either swap the internal card or use USB.

  • Ethernet port. Dongles fail at the worst times. Native RJ-45 is worth hunting for.

  • RAM must be upgradeable. Many ultrabooks solder RAM. Avoid them. You need 64GB minimum for VMs.


Recommended: Framework Laptop 16 or Lenovo ThinkPad P1 Gen 6


Framework 16: Modular, repairable, you can swap the WiFi card to a Mediatek MT7921K (supports monitor mode). AMD 7040 series. DIY edition saves money. Downside: shipping times.


Lenovo ThinkPad P-series: Workstation-grade, 2× SODIMM slots (not soldered), dual NVMe, native Ethernet on some models. The P1 Gen 6 with i7-13800H + 64GB is excellent. Used P52/P53 from eBay (~$600-800) are great budget options.


If you must buy a mainstream gaming laptop: ASUS ROG Zephyrus G14/G16 or Lenovo Legion. Check that RAM is socketed, not soldered. You'll almost certainly need to swap the WiFi card.


Laptop WiFi Card Swap (to get monitor mode)


Most laptops ship with Intel AX200/AX210. Replace with:


MT7921K (Mediatek)    — WiFi 6E, monitor mode support growing
MT7612U-based USB     — Alfa AWUS036ACH, proven and reliable

The internal swap:

  1. Open laptop bottom panel

  2. Locate M.2 WiFi card (under shielding in some models)

  3. Disconnect antennas (note which goes to MAIN vs AUX)

  4. Swap card, reconnect antennas

  5. Boot, install drivers if needed


If you don't want to open the laptop, USB adapters work fine. The Alfa AWUS036ACH is the gold standard.


Phase 2: OS and Driver Setup


BIOS Configuration Before OS Install


bash

# 1. Update BIOS to latest version
# 2. Disable Secure Boot (some pentest tools/kernel modules won't load with it)
# 3. Enable SVM/AMD-V or VT-x/Intel-VT (virtualization)
# 4. Enable IOMMU (for PCI passthrough to VMs)
# 5. Set RAM to rated XMP/EXPO profile (DDR5-6000, not default 4800)
# 6. Disable Fast Boot (can cause driver issues)

Kali Linux Install


bash

# Download: kali.org/get-kali → Installer Image
# Flash: dd if=kali-linux-2024.X-installer-amd64.iso of=/dev/sdX bs=4M status=progress

# Partitioning:
#   /dev/nvme0n1 (1TB) → / (root) + /home — Encrypted LVM
#   /dev/nvme1n1 (2TB) → /vm — Mount point for VM storage + wordlists

# Post-install:
apt update && apt full-upgrade -y
apt install -y nvidia-driver nvidia-cuda-toolkit nvidia-opencl-icd
apt install -y hashcat

NVIDIA Driver + CUDA + Hashcat Verification


bash

# Verify GPU is recognized
nvidia-smi

# Should show:
# +-----------------------------------------------------------------------------+
# | NVIDIA-SMI 550.XX    Driver Version: 550.XX    CUDA Version: 12.4           |
# | GPU  Name                 Persistence-M | Bus-Id        | Memory-Usage      |
# | Fan  Temp   Perf          Pwr:Usage/Cap |    GPU-Util Compute M.           |
# | 0    RTX 4070 Ti Super     Off  | 00000000:01:00.0  Off | 0%               |
# +-----------------------------------------------------------------------------+

# Verify hashcat sees the GPU
hashcat -I | grep -A 5 "Device #1"

# Benchmark NTLM cracking speed
hashcat -b -m 1000

# Should see >50 GH/s on a 4070 Ti Super. 
# If it says "Device #1: Not a native Intel OpenCL runtime" —
#   apt install intel-opencl-icd (for Intel CPU fallback only)
# If only CPU shows up, reinstall CUDA toolkit and reboot.

WiFi Monitor Mode Verification


bash

# Plug in Alfa adapter
lsusb | grep -i mediatek

# Check supported modes
iw list | grep -A 10 "Supported interface modes"
# Must show: * monitor, * AP

# Test monitor mode
airmon-ng start wlan1
airodump-ng wlan1mon
# Should see nearby networks

# Test packet injection
aireplay-ng --test wlan1mon
# Should show "Injection is working!"

Phase 3: Virtualization Lab Setup


The whole point of the RAM and second SSD is running target VMs:


bash

# Install VirtualBox
apt install -y virtualbox virtualbox-ext-pack

# Set default VM directory to second drive
VBoxManage setproperty machinefolder /vm/virtualbox/

# Create internal network for isolated lab
VBoxManage natnetwork add --netname pentest-lab \
    --network "10.99.0.0/24" --enable --dhcp on

# Download Windows evaluation ISOs:
#   microsoft.com/en-us/evalcenter → Windows Server 2022, Windows 11 Enterprise
# Store in /vm/iso/

# Minimum lab for AD testing:
#   VM1: Windows Server 2022 — Domain Controller (8GB RAM, 4 cores)
#   VM2: Windows 11 Enterprise — Workstation 1 (4GB RAM, 2 cores)
#   VM3: Windows 11 Enterprise — Workstation 2 (4GB RAM, 2 cores)
#   VM4: Kali Linux — Attack machine clone (4GB RAM, 2 cores)

# All VMs on internal network "pentest-lab"
# Your host Kali connects to this network for attacking

Phase 4: Toolchain Installation


Full tool install script is in the previous answer on setting up a PC for pentesting.


Quick reference for this build specifically:


bash

# Must-haves optimized for this hardware:
# Hashcat (already installed with NVIDIA)
# John the Ripper (CPU-based alternative, uses all 32 threads)
apt install -y john

# Metasploit with PostgreSQL backend
apt install -y metasploit-framework postgresql
systemctl enable postgresql --now
msfdb init

# Burp Suite Pro (install manually if you have a license)
# Community edition comes with Kali

# BloodHound + Neo4j
apt install -y bloodhound neo4j

# Docker for quick service deployment
apt install -y docker.io docker-compose
usermod -aG docker $USER

Phase 5: Backup and Disaster Recovery


A pentest machine holds client data. If the drive fails, you need to recover quickly:


bash

# 1. System snapshot (after all tools installed, before first engagement)
#    Use Clonezilla to image the OS drive
#    Store image on the second SSD or external drive

# 2. Engagement data backup
#    Encrypted LUKS container on external drive, synced nightly
rsync -avz --delete ~/pentest/ /mnt/backup/pentest/

# 3. Hashcat rules and wordlists backup
#    Custom rules in /usr/share/hashcat/rules/
#    Custom wordlists — back these up, they represent hours of work

# 4. Keep Kali live USB handy
#    If OS drive fails, you can boot from USB and access encrypted containers

Build Cost Tiers


Tier 1: Entry (~$1,200)


Used Dell/HP workstation (eBay):          $400
  (Z440, T5810 — Xeon E5, 64GB DDR4)
RTX 3060 12GB:                             $300
1TB NVMe + 2TB SATA SSD:                   $150
Alfa AWUS036ACH:                           $35
Leftover for 2nd NVMe, case, PSU:          $315

An old workstation with a Xeon handles VMs perfectly (these things were built for virtualization). Add a budget NVIDIA GPU and you have a capable cracker. Noise is the main downside — these are server-class machines.


Tier 2: Mid-Range (~$2,300) — Recommended Build


As spec'd above. Ryzen 7950X + RTX 4070 Ti Super.

Tier 3: No-Compromise (~$4,500+)


CPU:    AMD Ryzen Threadripper 7960X (24c/48t)  $1,400
RAM:    128GB DDR5 (4×32GB)                      $450
GPU:    RTX 4090 24GB                            $1,800
SSD:    2× Samsung 990 Pro 2TB                   $300
Mobo:   TRX50 chipset                            $600
PSU:    1200W                                     $250
Case:   Full tower                                $200
-----------------------------------------------
TOTAL:                                            ~$5,000

NTLM cracking at ~90 GH/s. Run a 10-VM Active Directory forest without swapping. Overkill for most, but if cracking speed limits your engagements, this pays for itself.


What NOT To Buy


RGB anything. It draws power, adds heat, and the last thing you want during a 3 AM engagement is a light show.


Ultra-fast RAM (DDR5-7200+). Pentest workloads don't benefit from RAM speed. Stability over frequency.


Dual GPUs. Hashcat does not scale linearly across GPUs in a standard desktop. One powerful GPU outperforms two mid-range ones for the price.


Thunderbolt docks as a substitute for native Ethernet. If you're doing network pentesting, the reliability difference between a native Intel NIC and a USB-C dongle is night and day on long scans.


Consumer NAS drives for VM storage. NVMe, not spinning rust. Loading a Windows Server VM from a hard drive takes 2-3 minutes. From NVMe, it's 10 seconds.


Enroll In Online Cybersecurity & Hacking Classes/Courses | Black Hat HQ

Comments


bottom of page